deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-17 19:33:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/rs2' into jdrs2icd

Browse Source
This commit is contained in:
jdeckerMS
2017-03-23 08:28:33 -07:00
parent d55ceba018 2fee460601
commit e06fdfbf94
52 changed files with 570 additions and 247 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/deploy/images/ur-arch-diagram.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 86 KiB

BIN
windows/deploy/images/ur-settings.PNG Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 76 KiB

3
windows/deploy/mbr-to-gpt.md
View File

@ -378,7 +378,6 @@ In this example, Disk 0 is formatted with the MBR partition style, and Disk 1 is
## Related topics
[Using MBR2GPT with Configuration Manager OSD](https://miketerrill.net/tag/mbr2gpt/)
<BR>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx)
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx)
<BR>[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
<BR>[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)

12
windows/deploy/resolve-windows-10-upgrade-errors.md
View File

@ -1,6 +1,6 @@
---
title: Resolve Windows 10 upgrade errors
description: Resolve Windows 10 upgrade errors
title: Resolve Windows 10 upgrade errors - Windows IT Pro
description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors.
ms.assetid: DFEFE22C-4FEF-4FD9-BFC4-9B419C339502
keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback
ms.prod: w10
@ -11,7 +11,7 @@ author: greg-lindsay
localizationpriority: high
---
# Resolve Windows 10 upgrade errors
# Resolve Windows 10 upgrade errors : Technical information for IT Pros
**Applies to**
- Windows 10
@ -251,13 +251,15 @@ See the following example:
### Analyze log files
>The following instructions are meant for IT professionals. Also see the [Upgrade error codes](#upgrade-error-codes) section in this guide to familiarize yourself with [result codes](#result-codes) and [extend codes](#extend-codes).
<P>To analyze Windows Setup log files:
<OL>
<LI>Determine the Windows Setup error code.
<LI>Determine the Windows Setup error code. This code should be returned by Windows Setup if it is not successful with the upgrade process.
<LI>Based on the [extend code](#extend-codes) portion of the error code, determine the type and location of a [log files](#log-files) to investigate.
<LI>Open the log file in a text editor, such as notepad.
<LI>Using the result code portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below.
<LI>Using the [result code](#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below.
<LI>To find the last occurrence of the result code:
<OL type="a">
<LI>Scroll to the bottom of the file and click after the last character.

2
windows/deploy/troubleshoot-upgrade-readiness.md
View File

@ -11,7 +11,7 @@ If youre having issues seeing data in Upgrade Readiness after running the Upg
If you still dont see data in Upgrade Readiness, follow these steps:
1. Download and extract UpgradeAnalytics.zip. Ensure the “Diagnostics” folder is included.
1. Download and extract the [Upgrade Readiness Deployment Script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409). Ensure the “Pilot/Diagnostics” folder is included .
2. Edit the script as described in [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md).

2
windows/deploy/upgrade-readiness-architecture.md
View File

@ -13,7 +13,7 @@ Microsoft analyzes system, application, and driver telemetry data to help you de
<img src="media/image1.png" width="624" height="401" />
-->
![Upgrade Readiness architecture](images/upgrade-analytics-architecture.png)
![Upgrade Readiness architecture](images/ur-arch-diagram.png)
After you enable Windows telemetry on user computers and install the compatibility update KB (1), user computers send computer, application and driver telemetry data to a secure Microsoft data center through the Microsoft Data Management Service (2). After you configure Upgrade Readiness, telemetry data is analyzed by the Upgrade Readiness Service (3) and pushed to your OMS workspace (4). You can then use the Upgrade Readiness solution (5) to plan and manage Windows upgrades.

2
windows/deploy/upgrade-readiness-deployment-script.md
View File

@ -31,7 +31,7 @@ The Upgrade Readiness deployment script does the following:
To run the Upgrade Readiness deployment script:
1. Download the [Upgrade Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract UpgradeAnalytics.zip. Inside, there are two folders: Pilot and Deployment. The Pilot folder contains advanced logging that can help troubleshoot issues and is intended to be run from an elevated command prompt. The Deployment folder offers a lightweight script intended for broad deployment through ConfigMgr or other software deployment system. We recommend manually running the Pilot version of the script on 5-10 machines to verify that everything is configured correctly. Once you have confirmed that data is flowing successfully, proceed to run the Deployment version throughout your organization.
1. Download the [Upgrade Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract the .zip file. Inside, there are two folders: **Pilot** and **Deployment**. The **Pilot** folder contains advanced logging that can help troubleshoot issues and is intended to be run from an elevated command prompt. The **Deployment** folder offers a lightweight script intended for broad deployment through ConfigMgr or other software deployment system. We recommend manually running the Pilot version of the script on 5-10 machines to verify that everything is configured correctly. Once you have confirmed that data is flowing successfully, proceed to run the Deployment version throughout your organization.
2. Edit the following parameters in RunConfig.bat:

2
windows/deploy/upgrade-readiness-resolve-issues.md
View File

@ -53,7 +53,7 @@ For applications assessed as **Attention needed**, review the table below for de
| Upgrade Assessment | Action required prior to upgrade? | Issue | What it means | Guidance |
|--------------------|-----------------------------------|-----------|-----------------|------------|
| Attention needed | No | Application is removed during upgrade | Compatibility issues were detected and the application will not migrate to the new operating system. <br> | No action is required for the upgrade to proceed. |
| Attention needed | Yes | Blocking upgrade | Blocking issues were detected and Upgrade Analytics is not able to remove the application during upgrade. <br><br>The application may work on the new operating system.<br> | Remove the application before upgrading, and reinstall and test on new operating system. |
| Attention needed | Yes | Blocking upgrade | Blocking issues were detected and Upgrade Readiness is not able to remove the application during upgrade. <br><br>The application may work on the new operating system.<br> | Remove the application before upgrading, and reinstall and test on new operating system. |
| Attention needed | No | Evaluate application on new OS | The application will migrate, but issues were detected that may impact its performance on the new operating system. | No action is required for the upgrade to proceed, but be sure to test the application on the new operating system.<br> |
| Attention needed | No | Does not work with new OS, but wont block upgrade | The application is not compatible with the new operating system, but wont block the upgrade. | No action is required for the upgrade to proceed, however, youll have to install a compatible version of the application on the new operating system.<br> |
| Attention needed | Yes | Does not work with new OS, and will block upgrade | The application is not compatible with the new operating system and will block the upgrade. | Remove the application before upgrading. <br><br>A compatible version of the application may be available.<br> |

2
windows/deploy/use-upgrade-readiness-to-manage-windows-upgrades.md
View File

@ -51,4 +51,4 @@ To change the target version setting, click on **Solutions Settings**, which app
On the **Upgrade Readiness Settings** page, choose one of the options in the drop down box and click **Save**. The changes in the target version setting are reflected in evaluations when a new snapshot is uploaded to your workspace.
![Target version](images/ua-cg-09.png)
![Target version](images/ur-settings.png)

3
windows/keep-secure/TOC.md
View File

@ -3,7 +3,6 @@
## [Windows Hello for Business](hello-identity-verification.md)
### [How Windows Hello for Business works](hello-how-it-works.md)
### [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
### [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
### [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
### [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
### [Windows Hello and password changes](hello-and-password-changes.md)
@ -790,7 +789,7 @@
###### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines)
#### [Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md)
##### [Update general settings](general-settings-windows-defender-advanced-threat-protection.md)
##### [Turn on advanced features](advanced-features-windows-defender-advacned-threat-protection.md)
##### [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
##### [Turn on preview experience](preview-settings-windows-defender-advanced-threat-protection.md)
##### [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
#### [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md)

0
windows/keep-secure/advanced-features-windows-defender-advacned-threat-protection.md → windows/keep-secure/advanced-features-windows-defender-advanced-threat-protection.md
View File

7
windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md
View File

@ -71,3 +71,10 @@ Portal label | SIEM field name | Description
![Image of machine timeline with numbers](images/atp-remediated-alert.png)
![Image of file details](images/atp-file-details.png)
## Related topics
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)

14
windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
View File

@ -68,8 +68,9 @@ The following steps assume that you have completed all the required steps in [Be
- WDATP-connector.properties: C:\\*folder_location*\current\user\agent\flexagent\
>[!NOTE]
>You must put the configuration files in this location, where *folder_location* represents the location where you installed the tool.
NOTE:
You must put the configuration files in this location, where *folder_location* represents the location where you installed the tool.
4. After the installation of the core connector completes, the Connector Setup window opens. In the Connector Setup window, select **Add a Connector**.
5. Select Type: **ArcSight FlexConnector REST** and click **Next**.
@ -174,10 +175,11 @@ Windows Defender ATP alerts will appear as discrete events, with "Microsoft” a
A browser window appears. Allow it to run, it should disappear, and the connector should now be running.
> [!NOTE]
> Verify that the connector is running by stopping the process again. Then start the connector again, and no browser window should appear.
> [!NOTE]
> Verify that the connector is running by stopping the process again. Then start the connector again, and no browser window should appear.
## Related topics
- [Configure security information and events management (SIEM) tools to pull alerts](configure-siem-windows-defender-advanced-threat-protection.md)
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
- [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)

2
windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md
View File

@ -64,5 +64,5 @@ This section lists various issues that you may encounter when using email notifi
## Related topics
- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advacned-threat-protection.md)
- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)

15
windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
View File

@ -42,14 +42,16 @@ You'll need to configure Splunk so that it can pull Windows Defender ATP alerts.
2. Click **Search & Reporting**, then **Settings** > **Data inputs**.
3. Click **REST** under **Local inputs**.
> [!NOTE]
> This input will only appear after you install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/).
NOTE:
This input will only appear after you install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/).
4. Click **New**.
5. Type the following values in the required fields, then click **Save**:
> [!NOTE]
>All other values in the form are optional and can be left blank.
NOTE:
All other values in the form are optional and can be left blank.
<table>
<tbody style="vertical-align:top;">
@ -132,6 +134,7 @@ Use the solution explorer to view alerts in Splunk.
## Related topics
- [Configure security information and events management (SIEM) tools to pull alerts](configure-siem-windows-defender-advanced-threat-protection.md)
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
- [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)

6
windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
View File

@ -55,14 +55,14 @@ This tile shows you a list of machines with the highest number of active alerts.
Click the name of the machine to see details about that machine. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md).
You can also click **Machines view** at the top of the tile to go directly to the **Machines view**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md).
You can also click **Machines list** at the top of the tile to go directly to the **Machines view**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md).
## Users at risk
The tile shows you a list of user accounts with the most active alerts. The total number of alerts for each user is shown in a circle next to the user account, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to see its label).
![User accounts at risk tile shows a list of user accounts with the highest number of alerts and a breakdown of the severity of the alerts](images/atp-users-at-risk.png)
Click the user account to see details about the user account. For more information see [Investigate a user entity in Windows Defender Advanced Threat Protection]
Click the user account to see details about the user account. For more information see [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md).
## Machines with active malware detections
The **Machines with active malware detections** tile will only appear if your endpoints are using Windows Defender.
@ -97,7 +97,7 @@ There are two status indicators that provide information on the number of machin
- **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service for more than seven days in the past month.
- **Misconfigured** These machines might partially be reporting telemetry to the Windows Defender ATP service and might have configuration errors that need to be corrected.
When you click any of the groups, youll be directed to machines view, filtered according to your choice. For more information, see [Check sensor health state](check-sensor-status-windows-defender-advanced-threat-protection.md) and [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md).
When you click any of the groups, youll be directed to machines list, filtered according to your choice. For more information, see [Check sensor health state](check-sensor-status-windows-defender-advanced-threat-protection.md) and [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md).
## Service health
The **Service health** tile informs you if the service is active or if there are issues.

6
windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md
View File

@ -31,9 +31,9 @@ Before you can create custom threat intelligence (TI) using REST API, you'll nee
3. Copy the individual values or select **Save details to file** to download a file that contains all the values.
>[!WARNING]
>The client secret is only displayed once. Make sure you keep a copy of it in a safe place.
>For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret).
WARNING:<br>
The client secret is only displayed once. Make sure you keep a copy of it in a safe place. <br>
For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret).
4. Select **Generate tokens** to get an access and refresh token.

24
windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md
View File

@ -29,16 +29,18 @@ Enable security information and event management (SIEM) integration so you can p
2. Select **Enable SIEM integration**. This activates the **SIEM connector access details** section with pre-populated values and an application is created under you Azure Active Directory (AAD) tenant.
>[!WARNING]
>The client secret is only displayed once. Make sure you keep a copy of it in a safe place.
>For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret).
WARNING:<br>
The client secret is only displayed once. Make sure you keep a copy of it in a safe place.<br>
For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret).
3. Choose the SIEM type you use in your organization.
>[!NOTE]
>If you select HP ArcSight, you'll need to save these two configuration files:
> - WDATP-connector.jsonparser.properties
> - WDATP-connector.properties
> If you want to connect directly to the alerts REST API through programmatic access, choose **Generic API**.
NOTE:<br>
If you select HP ArcSight, you'll need to save these two configuration files:<br>
- WDATP-connector.jsonparser.properties
- WDATP-connector.properties <br>
If you want to connect directly to the alerts REST API through programmatic access, choose **Generic API**.
4. Copy the individual values or select **Save details to file** to download a file that contains all the values.
@ -47,5 +49,7 @@ Enable security information and event management (SIEM) integration so you can p
You can now proceed with configuring your SIEM solution or connecting to the alerts REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive alerts from the Windows Defender ATP portal.
## Related topics
- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
- [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)

2
windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
View File

@ -25,7 +25,7 @@ localizationpriority: high
You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual endpoints.
For example, if endpoints are not appearing in the **Machines view** list, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps.
For example, if endpoints are not appearing in the **Machines list** list, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps.
> [!NOTE]
> It can take several days for endpoints to begin reporting to the Windows Defender ATP service.

2
windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
View File

@ -36,7 +36,7 @@ If the machine has not been in use for more than 7 days for any reason, it will
A reinstalled or renamed machine will generate a new machine entity in Windows Defender ATP portal. The previous machine entity will remain with an Inactive status in the portal. If you reinstalled a machine and deployed the Windows Defender ATP package, search for the new machine name to verify that the machine is reporting normally.
**Machine was offboarded**</br>
If the machine was offboarded it will still appear in machines view. After 7 days, the machine health state should change to inactive.
If the machine was offboarded it will still appear in machines list. After 7 days, the machine health state should change to inactive.
Do you expect a machine to be in Active status? [Open a CSS ticket](https://support.microsoft.com/en-us/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561).

8
windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md
View File

@ -23,14 +23,16 @@ localizationpriority: high
During the onboarding process, a wizard takes you through the general settings of Windows Defender ATP. After onboarding, you might want to update some settings which you'll be able to do through the **Preferences setup** menu.
1. In the navigation pane, select **Preferences setup** > **General**.
2. Modify settings such as data retention policy or the industry that best describes your organization.
>[!NOTE]
>Other settings are not editable.
> [!NOTE]
> Other settings are not editable.
3. Click **Save preferences**.
## Related topics
- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advacned-threat-protection.md)
- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
- [Turn on the preview experience in Windows Defender ATP ](preview-settings-windows-defender-advanced-threat-protection.md)
- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)

1
windows/keep-secure/hello-and-password-changes.md
View File

@ -41,7 +41,6 @@ Suppose instead that you sign in on **Device B** and change your password for yo
- [Windows Hello for Business](hello-identity-verification.md)
- [How Windows Hello for Business works](hello-how-it-works.md)
- [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
- [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
- [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
- [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)

1
windows/keep-secure/hello-biometrics-in-enterprise.md
View File

@ -79,7 +79,6 @@ To allow facial recognition, you must have devices with integrated special infra
- [Windows Hello for Business](hello-identity-verification.md)
- [How Windows Hello for Business works](hello-how-it-works.md)
- [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
- [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
- [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
- [Windows Hello and password changes](hello-and-password-changes.md)

84
windows/keep-secure/hello-enable-phone-signin.md
View File

@ -1,84 +0,0 @@
---
title: Enable phone sign-in to PC or VPN (Windows 10)
description: You can set policies to allow your users to sign in to a PC or VPN using their Windows 10 phone.
keywords: ["identity", "PIN", "biometric", "Hello"]
ms.prod: W10
ms.mktglfcycl: deploy
ms.sitesec: library
author: DaniHalfin
localizationpriority: high
---
# Enable phone sign-in to PC or VPN
**Applies to**
- Windows 10
- Windows 10 Mobile
In Windows 10, version 1607, your network users can use Windows Phone with Windows Hello to sign in to a PC, connect to VPN, and sign in to Office 365 in a browser. Phone sign-in uses Bluetooth, which means no need to wait for a phone call -- just unlock the phone and tap the app.
![Sign in to a device](images/phone-signin-menu.png)
> [!NOTE]
> Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.
You can create a Group Policy or mobile device management (MDM) policy that will allow users to sign in to a work PC or their company's VPN using the credentials stored on their Windows 10 phone.
## Prerequisites
- Both phone and PC must be running Windows 10, version 1607.
- The PC must be running Windows 10 Pro, Enterprise, or Education
- Both phone and PC must have Bluetooth.
- The **Microsoft Authenticator** app must be installed on the phone.
- The PC must be joined to an Active Directory domain that is connected to an Azure Active Directory (Azure AD) domain, or the PC must be joined to Azure AD.
- The phone must be joined to Azure AD or have a work account added.
- The VPN configuration profile must use certificate-based authentication.
## Set policies
To enable phone sign-in, you must enable the following policies using Group Policy or MDM.
- Group Policy: **Computer Configuration** or **User Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **Windows Hello for Business**
- Enable **Use Windows Hello for Business**
- Enable **Phone Sign-in**
- MDM:
- Set **UsePassportForWork** to **True**
- Set **Remote\UseRemotePassport** to **True**
## Configure VPN
To enable phone sign-in to VPN, you must enable the [policy](#set-policies) for phone sign-in and ensure that VPN is configured as follows:
- For inbox VPN, set up the VPN profile with Extensible Authentication Protocol (EAP) with the **Smart card or other certificate (TLS)** EAP type, also known as EAP-Transport Level Security (EAP-TLS). To exclusively access the VPN certificates on the phone, in the EAP filtering XML, add either **EKU** or **Issuer** (or both) filtering to make sure it picks only the Remote NGC certificate.
- For a Universal Windows Platform (UWP) VPN plug-in, add filtering criteria based on the 3rd party mechanism for the Remote NGC Certificate.
## Get the app
If you want to distribute the **Microsoft Authenticator** app, your organization must have set up Windows Store for Business, with Microsoft added as a [Line of Business (LOB) publisher](../manage/working-with-line-of-business-apps.md).
[Tell people how to sign in using their phone.](hello-prepare-people-to-use.md#bmk-remote)
## Related topics
- [Windows Hello for Business](hello-identity-verification.md)
- [How Windows Hello for Business works](hello-how-it-works.md)
- [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
- [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
- [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
- [Windows Hello and password changes](hello-and-password-changes.md)
- [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)
- [Event ID 300 - Windows Hello successfully created](hello-event-300.md)
- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md)
 
 

1
windows/keep-secure/hello-errors-during-pin-creation.md
View File

@ -225,7 +225,6 @@ For errors listed in this table, contact Microsoft Support for assistance.
- [Windows Hello for Business](hello-identity-verification.md)
- [How Windows Hello for Business works](hello-how-it-works.md)
- [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
- [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
- [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
- [Windows Hello and password changes](hello-and-password-changes.md)

1
windows/keep-secure/hello-event-300.md
View File

@ -37,7 +37,6 @@ This is a normal condition. No further action is required.
- [Windows Hello for Business](hello-identity-verification.md)
- [How Windows Hello for Business works](hello-how-it-works.md)
- [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
- [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
- [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
- [Windows Hello and password changes](hello-and-password-changes.md)

1
windows/keep-secure/hello-how-it-works.md
View File

@ -112,7 +112,6 @@ Windows Hello depends on having compatible IDPs available to it. As of this writ
- [Windows Hello for Business](hello-identity-verification.md)
- [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
- [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
- [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
- [Windows Hello and password changes](hello-and-password-changes.md)

5
windows/keep-secure/hello-identity-verification.md
View File

@ -72,10 +72,6 @@ Imagine that someone is looking over your shoulder as you get money from an ATM
Windows Hello helps protect user identities and user credentials. Because the user doesn't enter a password (except during provisioning), it helps circumvent phishing and brute force attacks. It also helps prevent server breaches because Windows Hello credentials are an asymmetric key pair, which helps prevent replay attacks when these keys are protected by TPMs.
For customers using a hybrid Active Directory and Azure Active Directory environment, Windows Hello also enables Windows 10 Mobile devices to be used as [a remote credential](hello-prepare-people-to-use.md#bmk-remote) when signing into Windows 10 PCs. During the sign-in process, the Windows 10 PC can connect using Bluetooth to access Windows Hello on the users Windows 10 Mobile device. Because users carry their phone with them, Windows Hello makes implementing two-factor authentication across the enterprise less costly and complex than other solutions.
> [!NOTE]
>  Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.
 
## How Windows Hello for Business works: key points
@ -119,7 +115,6 @@ Windows Hello for Business can use either keys (hardware or software) or certifi
- [How Windows Hello for Business works](hello-how-it-works.md)
- [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
- [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
- [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
- [Windows Hello and password changes](hello-and-password-changes.md)

14
windows/keep-secure/hello-manage-in-organization.md
View File

@ -131,16 +131,12 @@ The following table lists the Group Policy settings that you can configure for W
</td>
</tr>
<tr>
<td><a href="hello-prepare-people-to-use.md#bmk-remote">Phone Sign-in</a></td>
<td>>Phone Sign-in</td>
<td>
<p>Use Phone Sign-in</p>
<div class="alert"><b>Note</b>  Applies to desktop only. Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.</div>
<div> </div>
</td>
<td>
<p><b>Not configured</b>: Phone sign-in is disabled.</p>
<p><b>Enabled</b>: Users can use a portable, registered device as a companion device for desktop authentication.</p>
<p><b>Disabled</b>: Phone sign-in is disabled.</p>
<p>Not currently supported.</p>
</td>
</tr>
</table>
@ -283,14 +279,11 @@ The following table lists the MDM policy settings that you can configure for Win
<td>Remote</td>
<td>
<p>UseRemotePassport</p>
<div class="alert"><b>Note</b>  Applies to desktop only. Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.</div>
<div> </div>
</td>
<td>Device or user</td>
<td>False</td>
<td>
<p>True: <a href="hello-prepare-people-to-use.md#bmk-remote">Phone sign-in</a> is enabled.</p>
<p>False: <a href="hello-prepare-people-to-use.md#bmk-remote">Phone sign-in</a> is disabled.</p>
<p>Not currently supported.</p>
</td>
</tr>
</table>
@ -381,7 +374,6 @@ If you want to use Windows Hello for Business with certificates, youll need a
- [Windows Hello for Business](hello-identity-verification.md)
- [How Windows Hello for Business works](hello-how-it-works.md)
- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
- [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
- [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
- [Windows Hello and password changes](hello-and-password-changes.md)

43
windows/keep-secure/hello-prepare-people-to-use.md
View File

@ -51,56 +51,13 @@ If your policy allows it, people can use biometrics (fingerprint, iris, and faci
![sign in to windows, apps, and services using fingerprint or face](images/hellosettings.png)
## <a href="" id="bmk-remote"></a>Use a phone to sign in to a PC or VPN
If your enterprise enables phone sign-in, users can pair a phone running Windows 10 Mobile to a PC running Windows 10 and then use an app on the phone to sign in to the PC using their Windows Hello credentials.
> [!NOTE]
> Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.
 
**Prerequisites:**
- Both phone and PC must be running Windows 10, version 1607.
- The PC must be running Windows 10 Pro, Enterprise, or Education
- Both phone and PC must have Bluetooth.
- The **Microsoft Authenticator** app must be installed on the phone.
- The PC must be joined to an Active Directory domain that is connected to an Azure Active Directory (Azure AD) domain, or the PC must be joined to Azure AD.
- The phone must be joined to Azure AD or have a work account added.
- The VPN configuration profile must use certificate-based authentication.
**Pair the PC and phone**
1. On the PC, go to **Settings** &gt; **Devices** &gt; **Bluetooth**. Tap the name of the phone and then tap **Pair** to begin pairing.
![bluetooth pairing](images/btpair.png)
2. On the phone, go to **Settings** &gt; **Devices** &gt; **Bluetooth**, and verify that the passcode for **Pairing accessory** on the phone matches the passcode displayed on the PC, and then tap **ok**.
![bluetooth pairing passcode](images/bt-passcode.png)
3. On the PC, tap **Yes**.
**Sign in to PC using the phone**
1. Open the **Microsoft Authenticator** app, choose your account, and tap the name of the PC to sign in to.
> **Note: **  The first time that you run the **Microsoft Authenticator** app, you must add an account.
![select a device](images/phone-signin-device-select.png)
 
2. Enter the work PIN that you set up when you joined the phone to the cloud domain or added a work account.
**Connect to VPN**
You simply connect to VPN as you normally would. If the phone's certificates are being used, a notification will be pushed to the phone asking if you approve. If you click **allow** in the notification, you will be prompted for your PIN. After you enter your PIN, the VPN session will connect.
## Related topics
- [Windows Hello for Business](hello-identity-verification.md)
- [How Windows Hello for Business works](hello-how-it-works.md)
- [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
- [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md)
- [Windows Hello and password changes](hello-and-password-changes.md)
- [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)

1
windows/keep-secure/hello-why-pin-is-better-than-password.md
View File

@ -75,7 +75,6 @@ If you only had a biometric sign-in configured and, for any reason, were unable
- [Windows Hello for Business](hello-identity-verification.md)
- [How Windows Hello for Business works](hello-how-it-works.md)
- [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
- [Enable phone sign-in to PC or VPN](hello-enable-phone-signin.md)
- [Prepare people to use Windows Hello](hello-prepare-people-to-use.md)
- [Windows Hello and password changes](hello-and-password-changes.md)
- [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md)

BIN
windows/keep-secure/images/atp-machines-at-risk.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 34 KiB

After

Width:  |  Height:  |  Size: 38 KiB

BIN
windows/keep-secure/images/rules-legend.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 104 KiB

After

Width:  |  Height:  |  Size: 75 KiB

20
windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md
View File

@ -1,6 +1,6 @@
---
title: View and organize the Windows Defender ATP machines view
description: Learn about the available features that you can use from the Machines view such as sorting, filtering, and exporting the machine list which can enhance investigations.
title: View and organize the Windows Defender ATP machines list
description: Learn about the available features that you can use from the Machines list such as sorting, filtering, and exporting the machine list which can enhance investigations.
keywords: sort, filter, export, csv, machine name, domain, last seen, internal IP, health state, active alerts, active malware detections, threat category, review alerts, network, connection, malware, type, password stealer, ransomware, exploit, threat, general malware, unwanted software
search.product: eADQiWindows 10XVcnh
ms.prod: w10
@ -11,7 +11,7 @@ author: mjcaparas
localizationpriority: high
---
# View and organize the Windows Defender ATP Machines view
# View and organize the Windows Defender ATP Machines list
**Applies to:**
@ -21,23 +21,23 @@ localizationpriority: high
- Windows 10 Pro Education
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
The **Machines view** shows a list of the machines in your network, the domain of each machine, when it last reported and the local IP Address it reported on, its **Health state**, the number of active alerts on each machine categorized by alert severity level, and the number of active malware detections. This view allows viewing machines ranked by risk or sensor health state, and keeping track of all machines that are reporting sensor data in your network.
The **Machines list** shows a list of the machines in your network, the domain of each machine, when it last reported and the local IP Address it reported on, its **Health state**, the number of active alerts on each machine categorized by alert severity level, and the number of active malware detections. This view allows viewing machines ranked by risk or sensor health state, and keeping track of all machines that are reporting sensor data in your network.
Use the Machines view in these main scenarios:
- **During onboarding**</br>
During the onboarding process, the **Machines view** is gradually populated with endpoints as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online. Sort and filter by time of last report, **Active malware category**, or **Sensor health state**, or download the complete endpoint list as a CSV file for offline analysis.
During the onboarding process, the **Machines list** is gradually populated with endpoints as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online. Sort and filter by time of last report, **Active malware category**, or **Sensor health state**, or download the complete endpoint list as a CSV file for offline analysis.
- **Day-to-day work**
The **Machines view** enables easy identification of machines most at risk in a glance. High-risk machines have the greatest number and highest-severity alerts; **Sensor health state** provides another dimension to rank machines. Sorting machines by **Active alerts**, and then by **Sensor health state** helps identify the most vulnerable machines and take action on them.
The **Machines list** enables easy identification of machines most at risk in a glance. High-risk machines have the greatest number and highest-severity alerts; **Sensor health state** provides another dimension to rank machines. Sorting machines by **Active alerts**, and then by **Sensor health state** helps identify the most vulnerable machines and take action on them.
## Sort, filter, and download the list of machines from the Machines view
You can sort the **Machines view** by clicking on any column header to sort the view in ascending or descending order.
You can sort the **Machines list** by clicking on any column header to sort the view in ascending or descending order.
Filter the **Machines view** by time period, **Active malware categories**, or **Sensor health state** to focus on certain sets of machines, according to the desired criteria.
Filter the **Machines list** by time period, **Active malware categories**, or **Sensor health state** to focus on certain sets of machines, according to the desired criteria.
You can also download the entire list in CSV format using the **Export to CSV** feature.
![Image of machines view with list of machines](images/atp-machines-view-list.png)
![Image of machines list with list of machines](images/atp-machines-view-list.png)
You can use the following filters to limit the list of machines displayed during an investigation:
@ -71,7 +71,7 @@ You can download a full list of all the machines in your organization, in CSV f
Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself.
## Sort the Machines view
You can sort the **Machines view** by the following columns:
You can sort the **Machines list** by the following columns:
- **Machine name** - Name or GUID of the machine
- **Last seen** - Date and time when the machine last reported sensor data

23
windows/keep-secure/overview-of-threat-mitigations-in-windows-10.md
View File

@ -1,4 +1,15 @@
# Mitigate threats by using Windows 10 security features
---
title: Mitigate threats by using Windows 10 security features (Windows 10)
description: This topic provides an overview of software and firmware threats faced in the current security landscape, and the mitigations that Windows 10 offers in response to these threats.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
localizationpriority: high
author: justinha
---
# Mitigate threats by using Windows 10 security features
**Applies to:**
- Windows 10
@ -44,7 +55,7 @@ Windows 10 mitigations that you can configure are listed in the following two ta
|---|---|
| **Windows Defender SmartScreen**,<br>which helps prevent<br>malicious applications<br>from being downloaded | Windows Defender SmartScreen can check the reputation of a downloaded application by using a service that Microsoft maintains. The first time a user runs an app that originates from the Internet (even if the user copied it from another PC), SmartScreen checks to see if the app lacks a reputation or is known to be malicious, and responds accordingly.<br><br>**More information**: [Windows Defender SmartScreen](#windows-defender-smartscreen), later in this topic |
| **Credential Guard**,<br>which helps keep attackers<br>from gaining access through<br>Pass-the-Hash or<br>Pass-the-Ticket attacks | Credential Guard uses virtualization-based security to isolate secrets, such as NTLM password hashes and Kerberos Ticket Granting Tickets, so that only privileged system software can access them.<br>Credential Guard is included in Windows 10 Enterprise and Windows Server 2016.<br><br>**More information**: [Protect derived domain credentials with Credential Guard](credential-guard.md) |
| **Enterprise certificate pinning**,<br>which helps keep users<br>from being deceived by<br>man-in-the-middle attacks<br>that leverage PKI | With enterprise certificate pinning, you can “pin” (associate) an X.509 certificate and its public key to its legitimate Certification Authority, either root or leaf. This helps protect your enterprises intranet sites (not external Internet sites) by providing validation for digitally signed certificates (SSL certificates) used while browsing. This feature mitigates man-in the-middle attacks that involve these certificates.<br><br>**More information**: ENTERPRISE_CERTIFICATE_PINNING_LINK |
| **Enterprise certificate pinning**,<br>which helps keep users<br>from being deceived by<br>man-in-the-middle attacks<br>that leverage PKI | Enterprise certificate pinning enables you to protect your internal domain names from chaining to unwanted certificates or to fraudulently issued certificates. With enterprise certificate pinning, you can “pin” (associate) an X.509 certificate and its public key to its legitimate Certification Authority, either root or leaf. <br><br>**More information**: [Enterprise Certificate Pinning](enterprise-certificate-pinning.md) |
| **Device Guard**,<br>which helps keep a device<br>from running malware or<br>other untrusted apps | Device Guard includes Code Integrity policies, a whitelist you create of trusted apps—the only apps allowed to run in your organization. Device Guard also includes a powerful system mitigation called hypervisor-protected code integrity (HVCI), which leverages virtualization-based security (VBS) to protect Windows kernel-mode code integrity validation process. HVCI has specific hardware requirements, and works with Code Integrity policies to help stop attacks even if they gain entrance to the kernel.<br>Device Guard is included in Windows 10 Enterprise and Windows Server 2016.<br><br>**More information**: [Introduction to Device Guard](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md) |
| **Windows Defender Antivirus**,<br>which helps keep devices<br>free of viruses and other<br>known software threats | Windows 10 includes Windows Defender Antivirus, a robust inbox antimalware solution. Windows Defender Antivirus has been significantly improved since it was introduced in Windows 8.<br><br>**More information**: [Windows Defender Antivirus](#windows-defender-antivirus), later in this topic |
| **Blocking of untrusted fonts**,<br>which helps prevent fonts<br>from being used in<br>elevation-of-privilege attacks | The Block Untrusted Fonts setting allows you to prevent users from loading untrusted fonts onto your network, which can mitigate elevation-of-privilege attacks associated with the parsing of font files. However, as of Windows 10, version 1703, this mitigation is less important, because font parsing is isolated in an [AppContainer sandbox](https://msdn.microsoft.com/library/windows/desktop/mt595898(v=vs.85).aspx) (for a list describing this and other kernel pool protections, see [Kernel pool protections](#kernel-pool-protections), later in this topic).<br><br>**More information**: [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md) |
@ -73,9 +84,7 @@ Starting with Windows Internet Explorer 8, the SmartScreen Filter has helped pro
For Windows 10, Microsoft further developed SmartScreen, now called Windows Defender SmartScreen, by integrating its app reputation abilities into the operating system itself, which allows SmartScreen to check the reputation of files downloaded from the Internet and warn users when theyre about to run a high-risk downloaded file. The first time a user runs an app that originates from the Internet, SmartScreen checks the reputation of the application by using digital signatures and other factors against a service that Microsoft maintains. If the app lacks a reputation or is known to be malicious, SmartScreen warns the user or blocks execution entirely, depending on how the administrator has configured Microsoft Intune or Group Policy settings.
<!-- Next sentence needs a link to the main SmartScreen topic, whatever it's called. -->
For more information, see Windows Defender SmartScreen overview.
For more information, see [Windows Defender SmartScreen overview](windows-defender-smartscreen-overview.md).
### Windows Defender Antivirus
@ -202,7 +211,7 @@ With Protected Processes, Windows 10 prevents untrusted processes from interacti
### Universal Windows apps protections
When users download Universal Windows apps or even Windows Classic applications (Win32) from the Windows Store, its highly unlikely that they will encounter malware, because all apps go through a careful screening process before being made available in the store. Apps that organizations build and distribute through sideloading processes will need to be reviewed internally to ensure that they meet organizational security requirements.
When users download Universal Windows apps or even Windows Classic applications (Win32) from the Windows Store, its unlikely that they will encounter malware because all apps go through a careful screening process before being made available in the store. Apps that organizations build and distribute through sideloading processes will need to be reviewed internally to ensure that they meet organizational security requirements.
Regardless of how users acquire Universal Windows apps, they can use them with increased confidence. Unlike Windows Classic applications, which can run with elevated privileges and have potentially sweeping access to the system and data, Universal Windows apps run in an AppContainer sandbox with limited privileges and capabilities. For example, Universal Windows apps have no system-level access, have tightly controlled interactions with other apps, and have no access to data unless the user explicitly grants the application permission.
@ -366,7 +375,7 @@ The Converter feature is currently available as a Windows PowerShell cmdlet, **S
- **Converting Attack Surface Reduction (ASR) settings to a Code Integrity policy file**: If the input file contains any settings for EMETs Attack Surface Reduction (ASR) mitigation, the converter will also create a Code Integrity policy file. In this case, you can complete the merging, auditing, and deployment process for the Code Integrity policy, as described in [Deploy Device Guard: deploy code integrity policies](deploy-device-guard-deploy-code-integrity-policies.md). This will enable protections on Windows 10 equivalent to EMETs ASR protections.
- **Converting Certificate Trust settings to enterprise certificate pinning rules**: If you have an EMET “Certificate Trust” XML file (pinning rules file), you can also use **Set-ProcessMitigations -Convert** to convert the pinning rules file into an enterprise certificate pinning rules file. Then you can finish enabling that file as described in the Enterprise_certificate_pinning_documentation.
- **Converting Certificate Trust settings to enterprise certificate pinning rules**: If you have an EMET “Certificate Trust” XML file (pinning rules file), you can also use **Set-ProcessMitigations -Convert** to convert the pinning rules file into an enterprise certificate pinning rules file. Then you can finish enabling that file as described in [Enterprise Certificate Pinning](enterprise-certificate-pinning.md).
#### EMET-related products

2
windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
View File

@ -1,7 +1,7 @@
---
title: Windows Defender Advanced Threat Protection portal overview
description: Use the Windows Defender ATP portal to monitor your enterprise network and assist in responding to alerts to potential advanced persistent threat (APT) activity or data breaches.
keywords: Windows Defender ATP portal, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines view, preferences setup, endpoint management, advanced attacks
keywords: Windows Defender ATP portal, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines list, preferences setup, endpoint management, advanced attacks
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy

2
windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md
View File

@ -27,6 +27,6 @@ Use the **Preferences setup** menu to modify general settings, advanced features
Topic | Description
:---|:---
[Update general settings](general-settings-windows-defender-advanced-threat-protection.md) | Modify your general settings that were previously defined as part of the onboarding process.
[Enable advanced features](advanced-features-windows-defender-advacned-threat-protection.md)| Enable features such as **Block file** and other features that require integration with other products.
[Enable advanced features](advanced-features-windows-defender-advanced-threat-protection.md)| Enable features such as **Block file** and other features that require integration with other products.
[Enable the preview experience](preview-settings-windows-defender-advanced-threat-protection.md) | Allows you to turn on preview features so you can try upcoming features.
[Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) | Enables you to configure and identify a group of individuals who will immediately be informed of new alerts through email notifications.

2
windows/keep-secure/preview-settings-windows-defender-advanced-threat-protection.md
View File

@ -27,5 +27,5 @@ Turn on the preview experience setting to be among the first to try upcoming fea
## Related topics
- [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advacned-threat-protection.md)
- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
- [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)

6
windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
View File

@ -187,3 +187,9 @@ HTTP error code | Description
401 | Malformed request or invalid token.
403 | Unauthorized exception - any of the domains is not managed by the tenant administrator or tenant state is deleted.
500 | Error in the service.
## Related topics
- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)
- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)
- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)

4
windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md
View File

@ -130,7 +130,7 @@ For prevalent files in the organization, a warning is shown before an action is
1. Select the file you want to remove from the blocked list. You can select a file from any of the following views or use the Search box:
**Alerts** - Click the file links from the Description or Details in the Alert timeline
**Machines view** - Click the file links in the Description or Details columns in the Observed on machine section
**Machines list** - Click the file links in the Description or Details columns in the Observed on machine section
**Search box** - Select File from the dropdown menu and enter the file name
2. Open the **Actions** menu and select **Remove file from blocked list**.
@ -175,7 +175,7 @@ When the sample is collected, Windows Defender ATP runs the file in is a secure
1. Select the file that you want to submit for deep analysis. You can select or search a file from any of the following views:
Alerts - click the file links from the **Description** or **Details** in the Alert timeline
**Machines View** - click the file links from the **Description** or **Details** in the **Machine in organization** section
**Machines list** - click the file links from the **Description** or **Details** in the **Machine in organization** section
Search box - select **File** from the dropdown menu and enter the file name
2. In the **Deep analysis** section of the file view, click **Submit**.

4
windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md
View File

@ -40,7 +40,7 @@ This machine isolation feature disconnects the compromised machine from the netw
- **Dashboard** - Select the machine name from the Top machines with active alerts section.
- **Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
- **Machines view** - Select the machine name from the list of machines.
- **Machines list** - Select the machine name from the list of machines.
- **Search box** - Select Machine from the drop-down menu and enter the machine name.
2. Open the **Actions** menu and select **Isolate machine**.
@ -102,7 +102,7 @@ CollectionSummaryReport.xls | This file is a summary of the investigation packag
- **Dashboard** - Select the machine name from the Top machines with active alerts section.
- **Alerts queue** - Select the machine name beside the machine icon from the alerts queue.
- **Machines view** - Select the heading of the machine name from the machines view.
- **Machines list** - Select the heading of the machine name from the machines list.
- **Search box** - Select Machine from the drop-down menu and enter the machine name.
2. Open the **Actions** menu and select **Collect investigation package**.

4
windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
View File

@ -45,7 +45,7 @@ Deployment with the above-mentioned versions of System Center Configuration Mana
If the deployment fails, you can check the output of the script on the endpoints. For more information, see [Troubleshoot onboarding when deploying with a script on the endpoint](#troubleshoot-onboarding-when-deploying-with-a-script-on-the-endpoint).
If the onboarding completed successfully but the endpoints are not showing up in the **Machines view** after an hour, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur.
If the onboarding completed successfully but the endpoints are not showing up in the **Machines list** after an hour, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur.
## Troubleshoot onboarding when deploying with a script on the endpoint
@ -119,7 +119,7 @@ ID | Severity | Event description | Troubleshooting steps
1819 | Error | Windows Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Download the [Cumulative Update for Windows 10, 1607](https://go.microsoft.com/fwlink/?linkid=829760).
## Troubleshoot onboarding issues on the endpoint
If the deployment tools used does not indicate an error in the onboarding process, but endpoints are still not appearing in the machines view an hour, go through the following verification topics to check if an error occurred with the Windows Defender ATP agent:
If the deployment tools used does not indicate an error in the onboarding process, but endpoints are still not appearing in the machines list in an hour, go through the following verification topics to check if an error occurred with the Windows Defender ATP agent:
- [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log)
- [Ensure the telemetry and diagnostics service is enabled](#ensure-the-telemetry-and-diagnostics-service-is-enabled)
- [Ensure the service is set to start](#ensure-the-service-is-set-to-start)

2
windows/keep-secure/use-windows-defender-advanced-threat-protection.md
View File

@ -45,7 +45,7 @@ Topic | Description
[Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) | Examine possible communication between your machines and external Internet protocol (IP) addresses.
[Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) | Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain.
[View and organize the Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)| You can sort, filter, and exporting the machine list.
[Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) | The **Machines view** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, as well as the number of threats.
[Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) | The **Machines list** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, as well as the number of threats.
[Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)| Investigate user accounts with the most active alerts.
[Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) | The **Manage Alert** menu on every alert lets you change an alert's status, resolve it, suppress it, or contribute comments about the alert.
[Take response actions](response-actions-windows-defender-advanced-threat-protection.md)| Take action on a machine or file to quickly respond to detected attacks.

1
windows/update/waas-optimize-windows-10-updates.md
View File

@ -49,6 +49,7 @@ Two methods of peer-to-peer content distribution are available in Windows 10.
Windows 10 update downloads can be large because every package contains all previously released fixes to ensure consistency and simplicity. Windows has been able to reduce the size of Windows Update downloads with a feature called Express.
### How Microsoft supports Express
- **Express on System Center Configuration Manager** starting with version 1702 of Configuration Manager.
- **Express on WSUS Standalone**
Express update delivery is available on [all support versions of WSUS](https://technet.microsoft.com/library/cc708456(v=ws.10).aspx).

37
windows/whats-new/whats-new-windows-10-version-1703.md
View File

@ -1,5 +1,5 @@
---
title: What's new in Windows 10, version 1607 (Windows 10)
title: What's new in Windows 10, version 1703 (Windows 10)
description: This topic lists new and updated topics in the What's new in Windows 10 documentation for Windows 10 and Windows 10 Mobile.
keywords: ["What's new in Windows 10", "Windows 10", "creators update"]
ms.prod: w10
@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
author: TrudyHa
localizationpriority: high
ms.assetid: dca7c655-c4f6-45f8-aa02-64187b202617
---
# What's new in Windows 10, version 1703
@ -20,7 +21,7 @@ Below is a list of some of the new and updated features in Windows 10, version 1
### Windows Configuration Designer
Previously known as *Windows Imaging and Configuration Designer (ICD)*, the tool for creating provisioning packages is renamed **Windows Configuration Designer**. The new Windows Configuration Designer is available in Windows Store as an app. To run Windows Configuration Designer on earlier versions of Windows, you can still install Windows Configuration Designer from the Windows Assessment and Deployment Kit (ADK).
Previously known as *Windows Imaging and Configuration Designer (ICD)*, the tool for creating provisioning packages is renamed **Windows Configuration Designer**. The new Windows Configuration Designer is available in [Windows Store as an app](https://www.microsoft.com/store/apps/9nblggh4tx22). To run Windows Configuration Designer on earlier versions of Windows, you can still install Windows Configuration Designer from the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
Windows Configuration Designer in Windows 10, version 1703, includes several new wizards to make it easier to create provisioning packages.
@ -41,13 +42,13 @@ The following new Group Policy and mobile device management (MDM) settings are a
### Start and taskbar layout
Enterprises can apply a customized Start and tasbkar layout to devices running Windows 10 Pro, version 1703.
Enterprises can apply a customized Start and taskbar layout to devices running Windows 10 Pro, version 1703.
Additional MDM policy settings are available for Start and taskbar layout. For details, see [Manage Windows 10 Start and taskbar layout](../configure/windows-10-start-layout-options-and-policies.md).
Previously, the customized taskbar could only be deployed using Group Policy or provisioning packages. Windows 10, version 1703, adds support for customized taskbars to [MDM](../configure/customize-windows-10-start-screens-by-using-mobile-device-management.md).
### Lockdown Designer app
### Lockdown Designer for Windows 10 Mobile lockdown files
The Lockdown Designer app helps you configure and create a lockdown XML file to apply to devices running Windows 10 Mobile, and includes a remote simulation to help you determine the layout for tiles on the Start screen. Using Lockdown Designer is easier than [manually creating a lockdown XML file](../configure/lockdown-xml.md).
@ -57,11 +58,6 @@ The Lockdown Designer app helps you configure and create a lockdown XML file to
### Kiosk mode for Windows 10 Mobile
In Windows 10 Mobile, version 1703, [Apps Corner](https://support.microsoft.com/instantanswers/7959c547-aa80-5ff1-9097-1784b6894845/set-up-apps-corner) is removed. Enterprises can use [Enterprise Assigned Access to configure kiosk experiences](../configure/set-up-a-kiosk-for-windows-10-for-mobile-edition.md) on devices running Windows 10 Mobile.
## Deployment
@ -69,7 +65,9 @@ In Windows 10 Mobile, version 1703, [Apps Corner](https://support.microsoft.com/
MBR2GPT.EXE is a new command-line tool available in Windows 10 version 1703 and later versions. MBR2GPT converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS).
The GPT partition format is newer and enables the use of larger and more disk partitions. It also provides added data reliability and supports additional partition types. If you convert the system disk on a computer from MBR to GPT, you must also configure the computer to boot in UEFI mode, so make sure that your device supports UEFI before attempting to convert the system disk.
The GPT partition format is newer and enables the use of larger and more disk partitions. It also provides added data reliability, supports additional partition types, and enables faster boot and shutdown speeds. If you convert the system disk on a computer from MBR to GPT, you must also configure the computer to boot in UEFI mode, so make sure that your device supports UEFI before attempting to convert the system disk.
Additional security features of Windows 10 that are enabled when you boot in UEFI mode include: Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, Device Guard, Credential Guard, and BitLocker Network Unlock.
For details, see [MBR2GPT.EXE](../deploy/mbr-to-gpt.md).
@ -81,7 +79,9 @@ Using Azure AD also means that you can remove an employees profile (for examp
## Security
### Windows Defender Advanced Threat Protection (Windows Defender ATP)
### Windows Defender Advanced Threat Protection
New features in Windows Defender Advanced Threat Protection (ATP) for Windows 10, version 1703 include:
- **Detection**<br>
Enhancements to the detection capabilities include:
- [Use the threat intelligence API to create custom alerts](../keep-secure/use-custom-ti-windows-defender-advanced-threat-protection.md) - Understand threat intelligence concepts, enable the threat intel application, and create custom threat intelligence alerts for your organization.
@ -108,8 +108,8 @@ Using Azure AD also means that you can remove an employees profile (for examp
### Windows Defender Antivirus (Windows Defender AV)
New features for Windows Defender AV in Windows 10, version 1703 include:
### Windows Defender Antivirus
New features for Windows Defender Antivirus (AV) in Windows 10, version 1703 include:
- [Updates to how the Block at First Sight feature can be configured](../keep-secure/configure-block-at-first-sight-windows-defender-antivirus.md)
- [The ability to specify the level of cloud-protection](../keep-secure/specify-cloud-protection-level-windows-defender-antivirus.md)
@ -146,7 +146,9 @@ The pause feature has been changed, and now requires a start date to set up. Use
You are now able to defer feature update installation by up to 365 days. In settings, users are able to select their branch readiness level and update deferal periods. See [Configure devices for Current Branch (CB) or Current Branch for Business (CBB)](../update/waas-configure-wufb.md#configure-devices-for-current-branch-or-current-branch-for-business), [Configure when devices receive Feature Updates](../update/waas-configure-wufb.md#configure-when-devices-receive-feature-updates) and [Configure when devices receive Quality Updates](../update/waas-configure-wufb.md#configure-when-devices-receive-quality-updates) for details.
### Delivery Optimization
### Optimize update delivery
[Express updates](../update/waas-optimize-windows-10-updates.md#express-update-delivery) are now supported on System Center Configuration Manager, starting with version 1702 of Configuration Manager, in addition to current Express support on Windows Update, Windows Update for Business and WSUS.
Delivery Optimization policies now enable you to configure additional restrictions to have more control in various scenarios.
@ -159,6 +161,9 @@ Added policies include:
To check out all the details, see [Configure Delivery Optimization for Windows 10 updates](../update/waas-delivery-optimization.md)
## Learn more
## Related topics
- [Windows 10 release information](https://technet.microsoft.com/en-us/windows/release-info)
- [Features that are removed or deprecated in Windows 10 Creators Update](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update)
- [Windows 10 release information](https://technet.microsoft.com/windows/release-info)
- [What's new in MDM in Windows 10, version 1703](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/new-in-windows-mdm-enrollment-management#whatsnew10)
- [Manage Windows upgrades with Upgrade Readiness](../deploy/manage-windows-upgrades-with-upgrade-readiness.md)