diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 11bad4b893..7fbbafce4f 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -2531,9 +2531,9 @@ "redirect_document_id": true }, { - "source_path": "windows/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md", + "source_path": "windows/security/threat-protection/wannacrypt-ransomware-worm-targets-out-of-date-systems-wdsi.md", "redirect_url": "https://www.microsoft.com/security/blog/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/", - "redirect_document_id": true + "redirect_document_id": false }, { "source_path": "windows/threat-protection/windows-defender-application-control.md", diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index fb69460ed8..0cd97100aa 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -9,7 +9,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 06/03/2020 +ms.date: 09/18/2020 --- # Configuration service provider reference @@ -1108,7 +1108,8 @@ Additional lists: Mobile Enterprise - check mark + check mark +Only for mobile application management (MAM) check mark check mark @@ -2747,7 +2748,6 @@ The following list shows the CSPs supported in HoloLens devices: - [Accounts CSP](accounts-csp.md)9 **Note:** Support in Surface Hub is limited to **Domain\ComputerName**. - [AccountManagement CSP](accountmanagement-csp.md) - [APPLICATION CSP](application-csp.md) -- [Bitlocker-CSP](bitlocker-csp.md)9 - [CertificateStore CSP](certificatestore-csp.md) - [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) - [Defender CSP](defender-csp.md) diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml index b558969815..f0c84c9b9b 100644 --- a/windows/deployment/TOC.yml +++ b/windows/deployment/TOC.yml @@ -67,7 +67,9 @@ - name: Prepare to deploy Windows 10 updates href: update/prepare-deploy-windows.md - name: Evaluate and update infrastructure - href: update/update-policies.md + href: update/update-policies.md + - name: Update Baseline + href: update/update-baseline.md - name: Set up Delivery Optimization for Windows 10 updates href: update/waas-delivery-optimization-setup.md - name: Configure BranchCache for Windows 10 updates @@ -137,6 +139,8 @@ href: update/waas-wufb-group-policy.md - name: Update Windows 10 media with Dynamic Update href: update/media-dynamic-update.md + - name: Migrating and acquiring optional Windows content + href: update/optional-content.md - name: Manage the Windows 10 update experience items: - name: Manage device restarts after updates diff --git a/windows/deployment/update/optional-content.md b/windows/deployment/update/optional-content.md new file mode 100644 index 0000000000..607c9114e4 --- /dev/null +++ b/windows/deployment/update/optional-content.md @@ -0,0 +1,859 @@ +--- +title: Migrating and acquiring optional Windows content +description: Keep language resources and Features on Demand during operating system updates +ms.prod: w10 +ms.mktglfcycl: manage +audience: itpro +itproauthor: jaimeo +author: jaimeo +ms.localizationpriority: medium +ms.author: jaimeo +manager: laurawi +ms.collection: M365-modern-desktop +ms.topic: article +--- + +# Migrating and acquiring optional Windows content during updates + +This article provides some background on the problem of keeping language resources and Features on Demand during operating system updates and offers guidance to help you move forward in the short term and prepare for the long term. + +When you update the operating system, it’s critical to keep language resources and Features on Demand (FODs). Many commercial organizations use Configuration Manager or other management tools to distribute and orchestrate Windows 10 setup using a local Windows image or WIM file (a “media-based” or “task-sequence-based” update). Others do in-place updates using an approved Windows 10 feature update by using Windows Server Update Services (WSUS), Configuration Manager, or equivalent tools (a "servicing-based” update). + +Neither approach contains the full set of Windows optional features that a user’s device might need, so those features are not migrated to the new operating system. Further, those features are not available in Configuration Manager or WSUS for on-premises acquisition after a feature update + +## What is optional content? + +Optional content includes the following items: + +- General Features on Demand also referred to as FODs (for example, Windows Mixed Reality) +- Language-based and regional FODs (for example, Language.Basic~~~ja-jp~0.0.1.0) +- Local Experience Packs + +Optional content isn’t included by default in the Windows image file that is part of the operating system media available in the Volume Licensing Service Center (VLSC). Instead, it’s released as an additional ISO file on VLSC. Shipping these features out of the operating system media and shipping them separately reduces the disk footprint of Windows. This provides more space for user’s data. It also reduces the time needed to service the operating system, whether installing a monthly quality update or upgrading to a newer version. A smaller default Windows image also means less data to transmit over the network. + +## Why is acquiring optional content challenging? + +The challenges surrounding optional content typically fall into two groups: + +### Incomplete operating system updates + +The first challenge is related to content migration during a feature update. When Windows Setup performs an in-place update, the new operating is written to the user’s disk alongside the old version. This is a temporary folder, where a second clean operating system is installed and prepared for the user to "move into." When this happens, Windows Setup enumerates optional content installed already in the current version and plans to install the new version of this content in the new operating system. + +Windows Setup needs access to the optional content to do this. Since optional content is not in the Windows image by default, Windows Setup must look elsewhere to get the Windows packages, stage them, and then install them in the new operating system. When the content can’t be found, the result is an update that is missing features on the device, a frustrated end user, and likely a help desk call. This pain point is sometimes referred to "failure to migrate optional content during update." For media-based updates, Windows will automatically try again once the new operating system boots. We call this “latent acquisition.” + +### User-initiated feature acquisition failure + +The second challenge involves a failure to acquire features when a user requests them. Imagine a user running a device with a new version of Windows 10, either by using a clean installation or an in-place update. The user visits Settings, and attempts to install a second language, additional language experience features, or other optional content. Again, since these features are not in the operating system, the packages need to be acquired. For a typical user with internet access, Windows will acquire the features from a nearby Microsoft content delivery network, and everything works as designed. For commercial users, some might not have internet access or have policies to prevent acquisition over the internet. In these situations, Windows must acquire the content from an alternative location. When the content can’t be found, users are frustrated and another help desk call could result. This pain point is sometimes referred to as "failure to acquire optional content.” + +## Options for acquiring optional content + +Most commercial organizations understand the pain points outlined above, and discussions typically start with them asking what plans are available to address these challenges. The following table includes multiple options for consideration, depending on how you are currently deploying Windows 10. In this table, + +- Migration means it supports optional content migration during an update. +- Acquisition means it supports optional content acquisition (that is, initiated by the user). +- Media means it's applicable with media-based deployments. +- Servicing means applicable with servicing-based deployments. + + +|Method |Migration |Acquisition |Media | Servicing | +|---------|---------|---------|---------|--------------| +|Option 1: Use Windows Update | Yes | Yes | No | Yes | +|Option 2: Enable Dynamic Update | Yes | No | Yes |Yes | +|Option 3: Customize the Windows image before deployment | Yes | No | Yes |No | +|Option 4: Install language features during deployment | Partial | No | Yes | No | +|Option 5: Install optional content after deployment | Yes | No |Yes | Yes | +|Option 6: Configure alternative source for Features on Demand | No | Partial | Yes | Yes | + + + +### Option 1: Use Windows Update + +Windows Update for Business solves the optional content problem. Optional content is published and available for acquisition by Windows Setup from a nearby Microsoft content delivery network and acquired using the Unified Update Platform. Optional content migration and acquisition scenarios "just work" when the device is connected to an update service that uses the Unified Update Platform, such as Windows Update or Windows Update for Business. If for some reason a language pack fails to install during the update, the update will automatically roll back. + +Starting with Windows 10, version 1709, we introduced the [Unified Update Platform](https://blogs.windows.com/windowsexperience/2016/11/03/introducing-unified-update-platform-uup/). The Unified Update Platform is an improvement in the underlying Windows update technology that results in smaller download sizes and a more efficient protocol for checking for updates, acquiring and installing the packages needed, and getting current in one update step. The technology is "unified" because it brings together the update stack for Windows 10, Windows Server, and other products, such as HoloLens. The Unified Update Platform is not currently integrated with WSUS. + +You should consider moving to Windows Update for Business. Not only will the optional content scenario work seamlessly (as it does for consumer devices today), but you also get the full benefits of smaller download sizes also known as Express Updates. Further, devices that use devices are immune to the challenge of upgrading a Windows 10 device where the operating system installation language is inadvertently changed to a new language. Otherwise, any future media-based feature updates can fail when the installation media has a different installation language. See [Upgrading Windows 10 devices with installation media different than the original OS install language](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/upgrading-windows-10-devices-with-installation-media-different/ba-p/746126) for more details, as well as our [Ignite 2019 theater session THR4002](https://medius.studios.ms/video/asset/HIGHMP4/IG19-THR4002) on this topic. + +### Option 2: Enable Dynamic Update + +If you’re not ready to move to Windows Update, another option is to enable Dynamic Update during a feature update. As soon as a Windows 10 feature update starts, whether via a media-based update or a WSUS-based feature update, Dynamic Update is one of the first steps invoked. Windows 10 Setup connects to an internet-facing URL hosted by Microsoft to fetch Dynamic Update content, and then applies those updates to the operating system installation media. The content acquired includes the following: + +- Setup updates: Fixes to Setup.exe binaries or any files that Setup uses for feature updates. +- Safe OS updates: Fixes for the "safe OS" that are used to update Windows recovery environment (WinRE). +- Servicing stack updates: Fixes that are necessary to address the Windows 10 servicing stack issue and thus required to complete the feature update. +- Latest cumulative update: Installs the latest cumulative quality update. +- Driver updates: Latest version of applicable drivers that have already been published by manufacturers into Windows Update and meant specifically for Dynamic Update. + +In addition to these updates for the new operating system, Dynamic Update will acquire optional content during the update process to ensure that the device has this content present when the update completes. So, although the device is not connected to Windows Update, it will fetch content from a nearby Microsoft content download network (CDN). This addresses the first pain point with optional content, but not user-initiated acquisition. By default, [Dynamic Update](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options#dynamicupdate) is enabled by Windows 10 Setup. You can enable or disable Dynamic Update by using the /DynamicUpdate option in Windows Setup. If you use the servicing-based approach, you can set this with setupconfig.ini. See [Windows Setup Automation Overview](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-automation-overview) for details. + +Starting in Windows 10, version 2004, Dynamic Update can be configured with additional options. For example, you might want to have the benefits of optional content migration without automatically acquiring the latest quality update. You can do that with the /DynamicUpdate NoLCU option of Windows Setup. Afterward, you would separately follow your existing process for testing and approving monthly updates. The downside of this approach is the device will go through an additional reboot for the latest cumulative update since it was not available during the feature update. + +One additional consideration when using Dynamic Update is the impact to your network. One of the top blockers for this approach is the concern that each device will separately fetch this content from Microsoft. Windows 10, version 2004 setup now downloads Dynamic Update content using Delivery Optimization when available. + For devices that aren’t connected to the internet, a subset of the Dynamic Update content is available by using WSUS and the Microsoft catalog. + +### Option 3: Customize the Windows Image before deployment + + For many organizations, the deployment workflow involves a Configuration Manager task sequence that performs a media-based update. Some customers either don’t have internet connectivity, or the connectivity is poor and so they can’t enable Dynamic Update. In these cases, we recommend installing optional content prior to deployment. This is sometimes referred to as customizing the installation media. + +You can customize the Windows image in these ways: + +- Applying a cumulative (quality) update +- Applying updates to the servicing stack +- Applying updates to Setup.exe binaries or other files that Setup uses for feature updates +- Applying updates for the "safe operating system" (SafeOS) that is used for the Windows recovery environment +- Adding or removing languages +- Adding or removing Features on Demand + +The benefit of this option is that the Windows image can include those additional languages, language experience features, and other Features on Demand through one-time updates to the image. Then you can use them in an existing task sequence or custom deployment where Setup.exe is involved. The downside of this approach is that it requires some preparation of the image in advance, including scripting with DISM to install the additional packages. It also means the image is the same for all devices that consume it and might contain more features than some users need. For more information on customizing your media, see [Updating Windows 10 media with Dynamic Update packages](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/updating-windows-10-media-with-dynamic-update-packages/ba-p/982477) and our [Ignite 2019 theater session THR3073](https://medius.studios.ms/video/asset/HIGHMP4/IG19-THR3073). Also like Option 2, you still have a solution for migration of optional content, but not supporting user-initiated optional content acquisition. Also, there is a variation of this option in which media is updated *on the device* just before installation. This allows for device-specific image customization based on what's currently installed. + + +### Option 4: Install language features during deployment + +A partial solution to address the first pain point of failing to migrate optional content during upgrade is to inject a subset of optional content during the upgrade process. This approach uses the Windows 10 Setup option [/InstallLangPacks](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options#installlangpacks) to add Language Packs and language capabilities such as text-to-speech recognition from a folder that contains the packages. This approach lets an IT pro take a subset of optional content and stage them within their network. If you use the servicing-based approach, you can configure InstallLangPacks using setupconfig.ini. See [Windows Setup Automation Overview](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-automation-overview) for details. + +When Setup runs, it will inject these packages into the new operating system during installation. This means it can be an alternative to enabling Dynamic Update or customizing the operating system image before deployment. You must take care with this approach, because the packages cannot be renamed. Further, the content is coming from two separate release media ISOs. The key is to copy both the FOD packages and the FOD metadata .cab from the FOD ISO into the folder, as well as the architecture-specific Language Pack .cabs from the LPLIP ISO. Also, starting with Windows 10, version 1903, the behavior changed. In Windows 10, version 1809 and earlier, failure to install the packages wasn’t a fatal error. Starting with Windows 10, version 1903, we treat InstallLangPacks failures as fatal, and roll back the entire upgrade. The idea is to not leave the user in a bad state since media-based upgrades don’t migrate FOD and languages (unless Dynamic Update is enabled). + +This approach has some interesting benefits. The original Windows image doesn’t need to be modified, possibly saving time and scripting. For some commercial customers, this is implemented as their primary pain point has to do with language support immediately after the update. + +### Option 5: Install optional content after deployment + +This option is like Option 3 in that you customize the operating system image with additional optional content after it’s deployed. IT pros can extend the behavior of Windows Setup by running their own custom action scripts during and after a feature update. See [Run custom actions during feature update](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions) for details. With this approach, you can create a device-specific migration of optional content by capturing the optional content that is installed in the operating system, and then saving this list to install the same optional content in the new operating system. Like Option 4, you would internally host a network share that contains the source of the optional content packages. Then, during the execution of Setup on the device, capture the list of installed optional content from the source operating system and save. Later, after Setup completes, you use the list to install the optional content, which leaves the user’s device without loss of functionality. + +### Option 6: Configure an alternative source for optional content + +Several of the options address ways to address optional content migration issues during an in-place update. To address the second pain point of easily acquiring optional content in the user-initiated case, you can configure each device by using the Specify settings for optional component installation and component repair Group Policy. This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabling optional features that have had their payload files removed. This approach has the disadvantage of additional content to be hosted within your network (additional to the operating system image you might be still deploying to some clients) but has the advantage of acquiring content within your network. Some reminders about this policy: + +- The file path to the alternate source must be a fully qualified path; multiple locations can be separated by a semicolon. +- This setting does not support installing language packs from Alternate source file path, only Features on Demand. If the policy is configured to acquire content from Windows Update, language packs will be acquired. +- If this setting is not configured or disabled, files will be downloaded from the default Windows Update location, for example Windows Update for Business or WSUS). + +See [Configure a Windows Repair Source](https://docs.microsoft.com/windows-hardware/manufacture/desktop/configure-a-windows-repair-source) for more information. + + +## Learn more + +For more information about the Unified Update Platform and the approaches outlined in this article, see the following resources: + +- [/InstallLangPacks](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options#installlangpacks) +- [/DynamicUpdate](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-command-line-options#dynamicupdate) +- [Configure a Windows Repair Source](https://docs.microsoft.com/windows-hardware/manufacture/desktop/configure-a-windows-repair-source) +- [Ignite 2019 theater session THR3073](https://medius.studios.ms/video/asset/HIGHMP4/IG19-THR3073) +- [Ignite 2019 theater session THR4002](https://medius.studios.ms/video/asset/HIGHMP4/IG19-THR4002) +- [Run custom actions during feature update](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-enable-custom-actions) +- [Unified Update Platform](https://blogs.windows.com/windowsexperience/2016/11/03/introducing-unified-update-platform-uup/) +- [Updating Windows 10 media with Dynamic Update packages](media-dynamic-update.md) +- [Windows Setup Automation Overview](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-setup-automation-overview) + + +## Sample scripts + +Options 3 and 5 involve the most scripting. Sample scripts for Option 3 already exist, so we’ll look at sample scripts for [Option 5](#option-5-install-optional-content-after-deployment): Install Optional Content after Deployment. + +### Creating an optional content repository + +To get started, we’ll build a repository of optional content and host on a network share. This content is a subset of content from the FOD and language pack ISOs that ship with each release. We’ll configure this repository or repo with only those FODs our organization needs, using DISM /Export. For example, a superset based on taking inventory of optional features installed on existing devices. In this case, we exclude the Windows Mixed Reality feature. In addition, we copy all language packs to the root of the repository. + + + +```powershell +# Declare media for FOD and LPs +$LP_ISO_PATH = "C:\_IMAGE\2004_ISO\CLIENTLANGPACKDVD_OEM_MULTI.iso" +$FOD_ISO_PATH = "C:\_IMAGE\2004_ISO\FOD-PACKAGES_OEM_PT1_amd64fre_MULTI.iso" + +# Declare folders +$WORKING_PATH = "C:\_IMAGE\BuildRepo" +$MEDIA_PATH = "C:\_IMAGE\2004_SETUP" + +$MAIN_OS_MOUNT = $WORKING_PATH + "\MainOSMount" +$REPO_PATH = $WORKING_PATH + "\Repo" + +# Create folders for mounting image optional content repository +if (Test-Path $MAIN_OS_MOUNT) { + Remove-Item -Path $MAIN_OS_MOUNT -Force -Recurse -ErrorAction stop| Out-Null +} + +if (Test-Path $REPO_PATH) { + Remove-Item -Path $REPO_PATH -Force -Recurse -ErrorAction stop| Out-Null +} + +New-Item -ItemType Directory -Force -Path $MAIN_OS_MOUNT -ErrorAction stop| Out-Null +New-Item -ItemType Directory -Force -Path $REPO_PATH -ErrorAction stop| Out-Null + +# Mount the main OS, I'll use this throughout the script +Write-Host "Mounting main OS" +Mount-WindowsImage -ImagePath $MEDIA_PATH"\sources\install.wim" -Index 1 -Path $MAIN_OS_MOUNT -ErrorAction stop| Out-Null + +# Mount the LP ISO +Write-Host "Mounting LP ISO" +$LP_ISO_DRIVE_LETTER = (Mount-DiskImage -ImagePath $LP_ISO_PATH -ErrorAction stop | Get-Volume).DriveLetter + +# Declare language related cabs +$OS_LP_PATH = $LP_ISO_DRIVE_LETTER + ":\x64\langpacks\" + "*.cab" + +# Mount the FOD ISO +Write-Host "Mounting FOD ISO" +$FOD_ISO_DRIVE_LETTER = (Mount-DiskImage -ImagePath $FOD_ISO_PATH -ErrorAction stop | Get-Volume).DriveLetter +$FOD_PATH = $FOD_ISO_DRIVE_LETTER + ":\" + +# Export the FODs from the ISO that we are interested in +Write-Host "Exporting FODs to Repo" +DISM /image:$MAIN_OS_MOUNT /export-source /source:$FOD_PATH /target:$REPO_PATH ` + /capabilityname:Accessibility.Braille~~~~0.0.1.0 ` + /capabilityname:App.StepsRecorder~~~~0.0.1.0 ` + /capabilityname:App.WirelessDisplay.Connect~~~~0.0.1.0 ` + /capabilityname:Browser.InternetExplorer~~~~0.0.11.0 ` + /capabilityname:DirectX.Configuration.Database~~~~0.0.1.0 ` + /capabilityname:Language.Basic~~~af-za~0.0.1.0 ` + /capabilityname:Language.Basic~~~ar-sa~0.0.1.0 ` + /capabilityname:Language.Basic~~~as-in~0.0.1.0 ` + /capabilityname:Language.Basic~~~az-latn-az~0.0.1.0 ` + /capabilityname:Language.Basic~~~ba-ru~0.0.1.0 ` + /capabilityname:Language.Basic~~~be-by~0.0.1.0 ` + /capabilityname:Language.Basic~~~bg-bg~0.0.1.0 ` + /capabilityname:Language.Basic~~~bn-bd~0.0.1.0 ` + /capabilityname:Language.Basic~~~bn-in~0.0.1.0 ` + /capabilityname:Language.Basic~~~bs-latn-ba~0.0.1.0 ` + /capabilityname:Language.Basic~~~ca-es~0.0.1.0 ` + /capabilityname:Language.Basic~~~cs-cz~0.0.1.0 ` + /capabilityname:Language.Basic~~~cy-gb~0.0.1.0 ` + /capabilityname:Language.Basic~~~da-dk~0.0.1.0 ` + /capabilityname:Language.Basic~~~de-ch~0.0.1.0 ` + /capabilityname:Language.Basic~~~de-de~0.0.1.0 ` + /capabilityname:Language.Basic~~~el-gr~0.0.1.0 ` + /capabilityname:Language.Basic~~~en-au~0.0.1.0 ` + /capabilityname:Language.Basic~~~en-ca~0.0.1.0 ` + /capabilityname:Language.Basic~~~en-gb~0.0.1.0 ` + /capabilityname:Language.Basic~~~en-in~0.0.1.0 ` + /capabilityname:Language.Basic~~~en-us~0.0.1.0 ` + /capabilityname:Language.Basic~~~es-es~0.0.1.0 ` + /capabilityname:Language.Basic~~~es-mx~0.0.1.0 ` + /capabilityname:Language.Basic~~~es-us~0.0.1.0 ` + /capabilityname:Language.Basic~~~et-ee~0.0.1.0 ` + /capabilityname:Language.Basic~~~eu-es~0.0.1.0 ` + /capabilityname:Language.Basic~~~fa-ir~0.0.1.0 ` + /capabilityname:Language.Basic~~~fi-fi~0.0.1.0 ` + /capabilityname:Language.Basic~~~fil-ph~0.0.1.0 ` + /capabilityname:Language.Basic~~~fr-be~0.0.1.0 ` + /capabilityname:Language.Basic~~~fr-ca~0.0.1.0 ` + /capabilityname:Language.Basic~~~fr-ch~0.0.1.0 ` + /capabilityname:Language.Basic~~~fr-fr~0.0.1.0 ` + /capabilityname:Language.Basic~~~ga-ie~0.0.1.0 ` + /capabilityname:Language.Basic~~~gd-gb~0.0.1.0 ` + /capabilityname:Language.Basic~~~gl-es~0.0.1.0 ` + /capabilityname:Language.Basic~~~gu-in~0.0.1.0 ` + /capabilityname:Language.Basic~~~ha-latn-ng~0.0.1.0 ` + /capabilityname:Language.Basic~~~haw-us~0.0.1.0 ` + /capabilityname:Language.Basic~~~he-il~0.0.1.0 ` + /capabilityname:Language.Basic~~~hi-in~0.0.1.0 ` + /capabilityname:Language.Basic~~~hr-hr~0.0.1.0 ` + /capabilityname:Language.Basic~~~hu-hu~0.0.1.0 ` + /capabilityname:Language.Basic~~~hy-am~0.0.1.0 ` + /capabilityname:Language.Basic~~~id-id~0.0.1.0 ` + /capabilityname:Language.Basic~~~ig-ng~0.0.1.0 ` + /capabilityname:Language.Basic~~~is-is~0.0.1.0 ` + /capabilityname:Language.Basic~~~it-it~0.0.1.0 ` + /capabilityname:Language.Basic~~~ja-jp~0.0.1.0 ` + /capabilityname:Language.Basic~~~ka-ge~0.0.1.0 ` + /capabilityname:Language.Basic~~~kk-kz~0.0.1.0 ` + /capabilityname:Language.Basic~~~kl-gl~0.0.1.0 ` + /capabilityname:Language.Basic~~~kn-in~0.0.1.0 ` + /capabilityname:Language.Basic~~~kok-deva-in~0.0.1.0 ` + /capabilityname:Language.Basic~~~ko-kr~0.0.1.0 ` + /capabilityname:Language.Basic~~~ky-kg~0.0.1.0 ` + /capabilityname:Language.Basic~~~lb-lu~0.0.1.0 ` + /capabilityname:Language.Basic~~~lt-lt~0.0.1.0 ` + /capabilityname:Language.Basic~~~lv-lv~0.0.1.0 ` + /capabilityname:Language.Basic~~~mi-nz~0.0.1.0 ` + /capabilityname:Language.Basic~~~mk-mk~0.0.1.0 ` + /capabilityname:Language.Basic~~~ml-in~0.0.1.0 ` + /capabilityname:Language.Basic~~~mn-mn~0.0.1.0 ` + /capabilityname:Language.Basic~~~mr-in~0.0.1.0 ` + /capabilityname:Language.Basic~~~ms-bn~0.0.1.0 ` + /capabilityname:Language.Basic~~~ms-my~0.0.1.0 ` + /capabilityname:Language.Basic~~~mt-mt~0.0.1.0 ` + /capabilityname:Language.Basic~~~nb-no~0.0.1.0 ` + /capabilityname:Language.Basic~~~ne-np~0.0.1.0 ` + /capabilityname:Language.Basic~~~nl-nl~0.0.1.0 ` + /capabilityname:Language.Basic~~~nn-no~0.0.1.0 ` + /capabilityname:Language.Basic~~~nso-za~0.0.1.0 ` + /capabilityname:Language.Basic~~~or-in~0.0.1.0 ` + /capabilityname:Language.Basic~~~pa-in~0.0.1.0 ` + /capabilityname:Language.Basic~~~pl-pl~0.0.1.0 ` + /capabilityname:Language.Basic~~~ps-af~0.0.1.0 ` + /capabilityname:Language.Basic~~~pt-br~0.0.1.0 ` + /capabilityname:Language.Basic~~~pt-pt~0.0.1.0 ` + /capabilityname:Language.Basic~~~rm-ch~0.0.1.0 ` + /capabilityname:Language.Basic~~~ro-ro~0.0.1.0 ` + /capabilityname:Language.Basic~~~ru-ru~0.0.1.0 ` + /capabilityname:Language.Basic~~~rw-rw~0.0.1.0 ` + /capabilityname:Language.Basic~~~sah-ru~0.0.1.0 ` + /capabilityname:Language.Basic~~~si-lk~0.0.1.0 ` + /capabilityname:Language.Basic~~~sk-sk~0.0.1.0 ` + /capabilityname:Language.Basic~~~sl-si~0.0.1.0 ` + /capabilityname:Language.Basic~~~sq-al~0.0.1.0 ` + /capabilityname:Language.Basic~~~sr-cyrl-rs~0.0.1.0 ` + /capabilityname:Language.Basic~~~sr-latn-rs~0.0.1.0 ` + /capabilityname:Language.Basic~~~sv-se~0.0.1.0 ` + /capabilityname:Language.Basic~~~sw-ke~0.0.1.0 ` + /capabilityname:Language.Basic~~~ta-in~0.0.1.0 ` + /capabilityname:Language.Basic~~~te-in~0.0.1.0 ` + /capabilityname:Language.Basic~~~tg-cyrl-tj~0.0.1.0 ` + /capabilityname:Language.Basic~~~th-th~0.0.1.0 ` + /capabilityname:Language.Basic~~~tk-tm~0.0.1.0 ` + /capabilityname:Language.Basic~~~tn-za~0.0.1.0 ` + /capabilityname:Language.Basic~~~tr-tr~0.0.1.0 ` + /capabilityname:Language.Basic~~~tt-ru~0.0.1.0 ` + /capabilityname:Language.Basic~~~ug-cn~0.0.1.0 ` + /capabilityname:Language.Basic~~~uk-ua~0.0.1.0 ` + /capabilityname:Language.Basic~~~ur-pk~0.0.1.0 ` + /capabilityname:Language.Basic~~~uz-latn-uz~0.0.1.0 ` + /capabilityname:Language.Basic~~~vi-vn~0.0.1.0 ` + /capabilityname:Language.Basic~~~wo-sn~0.0.1.0 ` + /capabilityname:Language.Basic~~~xh-za~0.0.1.0 ` + /capabilityname:Language.Basic~~~yo-ng~0.0.1.0 ` + /capabilityname:Language.Basic~~~zh-cn~0.0.1.0 ` + /capabilityname:Language.Basic~~~zh-hk~0.0.1.0 ` + /capabilityname:Language.Basic~~~zh-tw~0.0.1.0 ` + /capabilityname:Language.Basic~~~zu-za~0.0.1.0 ` + /capabilityname:Language.Fonts.Arab~~~und-Arab~0.0.1.0 ` + /capabilityname:Language.Fonts.Beng~~~und-Beng~0.0.1.0 ` + /capabilityname:Language.Fonts.Cans~~~und-Cans~0.0.1.0 ` + /capabilityname:Language.Fonts.Cher~~~und-Cher~0.0.1.0 ` + /capabilityname:Language.Fonts.Deva~~~und-Deva~0.0.1.0 ` + /capabilityname:Language.Fonts.Ethi~~~und-Ethi~0.0.1.0 ` + /capabilityname:Language.Fonts.Gujr~~~und-Gujr~0.0.1.0 ` + /capabilityname:Language.Fonts.Guru~~~und-Guru~0.0.1.0 ` + /capabilityname:Language.Fonts.Hans~~~und-Hans~0.0.1.0 ` + /capabilityname:Language.Fonts.Hant~~~und-Hant~0.0.1.0 ` + /capabilityname:Language.Fonts.Hebr~~~und-Hebr~0.0.1.0 ` + /capabilityname:Language.Fonts.Jpan~~~und-Jpan~0.0.1.0 ` + /capabilityname:Language.Fonts.Khmr~~~und-Khmr~0.0.1.0 ` + /capabilityname:Language.Fonts.Knda~~~und-Knda~0.0.1.0 ` + /capabilityname:Language.Fonts.Kore~~~und-Kore~0.0.1.0 ` + /capabilityname:Language.Fonts.Laoo~~~und-Laoo~0.0.1.0 ` + /capabilityname:Language.Fonts.Mlym~~~und-Mlym~0.0.1.0 ` + /capabilityname:Language.Fonts.Orya~~~und-Orya~0.0.1.0 ` + /capabilityname:Language.Fonts.PanEuropeanSupplementalFonts~~~0.0.1.0 ` + /capabilityname:Language.Fonts.Sinh~~~und-Sinh~0.0.1.0 ` + /capabilityname:Language.Fonts.Syrc~~~und-Syrc~0.0.1.0 ` + /capabilityname:Language.Fonts.Taml~~~und-Taml~0.0.1.0 ` + /capabilityname:Language.Fonts.Telu~~~und-Telu~0.0.1.0 ` + /capabilityname:Language.Fonts.Thai~~~und-Thai~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~af-za~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~bs-latn-ba~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~ca-es~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~cs-cz~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~cy-gb~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~da-dk~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~de-de~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~el-gr~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~en-gb~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~en-us~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~es-es~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~es-mx~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~eu-es~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~fi-fi~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~fr-fr~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~ga-ie~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~gd-gb~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~gl-es~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~hi-in~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~hr-hr~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~id-id~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~it-it~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~ja-jp~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~ko-kr~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~lb-lu~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~mi-nz~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~ms-bn~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~ms-my~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~nb-no~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~nl-nl~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~nn-no~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~nso-za~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~pl-pl~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~pt-br~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~pt-pt~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~rm-ch~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~ro-ro~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~ru-ru~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~rw-rw~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~sk-sk~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~sl-si~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~sq-al~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~sr-cyrl-rs~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~sr-latn-rs~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~sv-se~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~sw-ke~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~tn-za~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~tr-tr~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~wo-sn~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~xh-za~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~zh-cn~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~zh-hk~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~zh-tw~0.0.1.0 ` + /capabilityname:Language.Handwriting~~~zu-za~0.0.1.0 ` + /capabilityname:Language.LocaleData~~~zh-tw~0.0.1.0 ` + /capabilityname:Language.OCR~~~ar-sa~0.0.1.0 ` + /capabilityname:Language.OCR~~~bg-bg~0.0.1.0 ` + /capabilityname:Language.OCR~~~bs-latn-ba~0.0.1.0 ` + /capabilityname:Language.OCR~~~cs-cz~0.0.1.0 ` + /capabilityname:Language.OCR~~~da-dk~0.0.1.0 ` + /capabilityname:Language.OCR~~~de-de~0.0.1.0 ` + /capabilityname:Language.OCR~~~el-gr~0.0.1.0 ` + /capabilityname:Language.OCR~~~en-gb~0.0.1.0 ` + /capabilityname:Language.OCR~~~en-us~0.0.1.0 ` + /capabilityname:Language.OCR~~~es-es~0.0.1.0 ` + /capabilityname:Language.OCR~~~es-mx~0.0.1.0 ` + /capabilityname:Language.OCR~~~fi-fi~0.0.1.0 ` + /capabilityname:Language.OCR~~~fr-ca~0.0.1.0 ` + /capabilityname:Language.OCR~~~fr-fr~0.0.1.0 ` + /capabilityname:Language.OCR~~~hr-hr~0.0.1.0 ` + /capabilityname:Language.OCR~~~hu-hu~0.0.1.0 ` + /capabilityname:Language.OCR~~~it-it~0.0.1.0 ` + /capabilityname:Language.OCR~~~ja-jp~0.0.1.0 ` + /capabilityname:Language.OCR~~~ko-kr~0.0.1.0 ` + /capabilityname:Language.OCR~~~nb-no~0.0.1.0 ` + /capabilityname:Language.OCR~~~nl-nl~0.0.1.0 ` + /capabilityname:Language.OCR~~~pl-pl~0.0.1.0 ` + /capabilityname:Language.OCR~~~pt-br~0.0.1.0 ` + /capabilityname:Language.OCR~~~pt-pt~0.0.1.0 ` + /capabilityname:Language.OCR~~~ro-ro~0.0.1.0 ` + /capabilityname:Language.OCR~~~ru-ru~0.0.1.0 ` + /capabilityname:Language.OCR~~~sk-sk~0.0.1.0 ` + /capabilityname:Language.OCR~~~sl-si~0.0.1.0 ` + /capabilityname:Language.OCR~~~sr-cyrl-rs~0.0.1.0 ` + /capabilityname:Language.OCR~~~sr-latn-rs~0.0.1.0 ` + /capabilityname:Language.OCR~~~sv-se~0.0.1.0 ` + /capabilityname:Language.OCR~~~tr-tr~0.0.1.0 ` + /capabilityname:Language.OCR~~~zh-cn~0.0.1.0 ` + /capabilityname:Language.OCR~~~zh-hk~0.0.1.0 ` + /capabilityname:Language.OCR~~~zh-tw~0.0.1.0 ` + /capabilityname:Language.Speech~~~da-dk~0.0.1.0 ` + /capabilityname:Language.Speech~~~de-de~0.0.1.0 ` + /capabilityname:Language.Speech~~~en-au~0.0.1.0 ` + /capabilityname:Language.Speech~~~en-ca~0.0.1.0 ` + /capabilityname:Language.Speech~~~en-gb~0.0.1.0 ` + /capabilityname:Language.Speech~~~en-in~0.0.1.0 ` + /capabilityname:Language.Speech~~~en-us~0.0.1.0 ` + /capabilityname:Language.Speech~~~es-es~0.0.1.0 ` + /capabilityname:Language.Speech~~~es-mx~0.0.1.0 ` + /capabilityname:Language.Speech~~~fr-ca~0.0.1.0 ` + /capabilityname:Language.Speech~~~fr-fr~0.0.1.0 ` + /capabilityname:Language.Speech~~~it-it~0.0.1.0 ` + /capabilityname:Language.Speech~~~ja-jp~0.0.1.0 ` + /capabilityname:Language.Speech~~~pt-br~0.0.1.0 ` + /capabilityname:Language.Speech~~~zh-cn~0.0.1.0 ` + /capabilityname:Language.Speech~~~zh-hk~0.0.1.0 ` + /capabilityname:Language.Speech~~~zh-tw~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~ar-eg~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~ar-sa~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~bg-bg~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~ca-es~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~cs-cz~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~da-dk~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~de-at~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~de-ch~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~de-de~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~el-gr~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~en-au~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~en-ca~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~en-gb~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~en-ie~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~en-in~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~en-us~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~es-es~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~es-mx~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~fi-fi~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~fr-ca~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~fr-ch~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~fr-fr~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~he-il~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~hi-in~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~hr-hr~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~hu-hu~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~id-id~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~it-it~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~ja-jp~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~ko-kr~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~ms-my~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~nb-no~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~nl-be~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~nl-nl~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~pl-pl~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~pt-br~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~pt-pt~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~ro-ro~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~ru-ru~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~sk-sk~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~sl-si~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~sv-se~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~ta-in~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~th-th~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~tr-tr~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~vi-vn~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~zh-cn~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~zh-hk~0.0.1.0 ` + /capabilityname:Language.TextToSpeech~~~zh-tw~0.0.1.0 ` + /capabilityname:MathRecognizer~~~~0.0.1.0 ` + /capabilityname:Microsoft.Onecore.StorageManagement~~~~0.0.1.0 ` + /capabilityname:Microsoft.WebDriver~~~~0.0.1.0 ` + /capabilityname:Microsoft.Windows.MSPaint~~~~0.0.1.0 ` + /capabilityname:Microsoft.Windows.Notepad~~~~0.0.1.0 ` + /capabilityname:Microsoft.Windows.PowerShell.ISE~~~~0.0.1.0 ` + /capabilityname:Microsoft.Windows.StorageManagement~~~~0.0.1.0 ` + /capabilityname:Microsoft.Windows.WordPad~~~~0.0.1.0 ` + /capabilityname:Msix.PackagingTool.Driver~~~~0.0.1.0 ` + /capabilityname:NetFX3~~ ` + /capabilityname:Network.Irda~~~~0.0.1.0 ` + /capabilityname:OneCoreUAP.OneSync~~~~0.0.1.0 ` + /capabilityname:OpenSSH.Client~~~~0.0.1.0 ` + /capabilityname:OpenSSH.Server~~~~0.0.1.0 ` + /capabilityname:Print.EnterpriseCloudPrint~~~~0.0.1.0 ` + /capabilityname:Print.Fax.Scan~~~~0.0.1.0 ` + /capabilityname:Print.Management.Console~~~~0.0.1.0 ` + /capabilityname:Print.MopriaCloudService~~~~0.0.1.0 ` + /capabilityname:RasCMAK.Client~~~~0.0.1.0 ` + /capabilityname:RIP.Listener~~~~0.0.1.0 ` + /capabilityname:Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.BitLocker.Recovery.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.CertificateServices.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.DHCP.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.Dns.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.FailoverCluster.Management.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.FileServices.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.GroupPolicy.Management.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.IPAM.Client.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.LLDP.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.NetworkController.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.NetworkLoadBalancing.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.RemoteAccess.Management.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.RemoteDesktop.Services.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.ServerManager.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.Shielded.VM.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.StorageMigrationService.Management.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.StorageReplica.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.SystemInsights.Management.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.VolumeActivation.Tools~~~~0.0.1.0 ` + /capabilityname:Rsat.WSUS.Tools~~~~0.0.1.0 ` + /capabilityname:ServerCore.AppCompatibility~~~~0.0.1.0 ` + /capabilityname:SNMP.Client~~~~0.0.1.0 ` + /capabilityname:Tools.DeveloperMode.Core~~~~0.0.1.0 ` + /capabilityname:Tools.Graphics.DirectX~~~~0.0.1.0 ` + /capabilityname:Windows.Client.ShellComponents~~~~0.0.1.0 ` + /capabilityname:Windows.Desktop.EMS-SAC.Tools~~~~0.0.1.0 ` + /capabilityname:WMI-SNMP-Provider.Client~~~~0.0.1.0 ` + /capabilityname:XPS.Viewer~~~~0.0.1.0 + + # This one is large, lets skip for now + #/capabilityname:Analog.Holographic.Desktop~~~~0.0.1.0 ` + + +# Copy language caps to the repo +Copy-Item -Path $OS_LP_PATH -Destination $REPO_PATH -Force -ErrorAction stop | Out-Null + +# Dismount OS image +Dismount-WindowsImage -Path $MAIN_OS_MOUNT -Discard -ErrorAction ignore | Out-Null + +# Dismount ISO images +Write-Host "Dismounting ISO images" +Dismount-DiskImage -ImagePath $LP_ISO_PATH -ErrorAction ignore | Out-Null +Dismount-DiskImage -ImagePath $FOD_ISO_PATH -ErrorAction ignore | Out-Null + +``` + +### Saving optional content in the source operating system + +To save optional content state in the source operating system, we create a custom action script to run before the operating system installs. In this script, we save optional features and language resources to a file. We also make a local copy of the repo with only those files needed based on the languages installed on the source operating system. This will limit the files to copy. + + +```powershell +$OUTPUT_PATH = "C:\TEMP\" +$LOG_PATH = $OUTPUT_PATH + "log.txt" +$OUTPUT_PATH = "C:\TEMP\" +$LOG_PATH = $OUTPUT_PATH + "log.txt" +$LANG_PATH = $OUTPUT_PATH + "sourceLang.txt" +$CAP_PATH = $OUTPUT_PATH + "sourceCapability.txt" +$OSVERSION_PATH = $OUTPUT_PATH + "sourceVersion.txt" +$REPO_PATH = "Z:\Repo\" +$LOCAL_REPO_PATH = $OUTPUT_PATH + "Local_Repo\" + +Function Get-TS { return "{0:HH:mm:ss}" -f (Get-Date) } + +Function Log +{ + param ( + [Parameter(Mandatory=$True)] + [string]$MESSAGE + ) + + $M = "$(Get-TS): PreInstall: $MESSAGE" + Write-Host $M + Add-Content -Path $LOG_PATH -Value $M + + } + +Function IsLangFile +{ + param ( + [Parameter(Mandatory=$True)] + [string]$PATH + ) + + if (($PATH -match '[-_~]ar[-_~]') -or ($PATH -match '[-_~]bg[-_~]') -or ($PATH -match '[-_~]cs[-_~]') -or ` + ($PATH -match '[-_~]da[-_~]') -or ($PATH -match '[-_~]de[-_~]') -or ($PATH -match '[-_~]el[-_~]') -or ` + ($PATH -match '[-_~]en[-_~]') -or ($PATH -match '[-_~]es[-_~]') -or ($PATH -match '[-_~]et[-_~]') -or ` + ($PATH -match '[-_~]fi[-_~]') -or ($PATH -match '[-_~]fr[-_~]') -or ($PATH -match '[-_~]he[-_~]') -or ` + ($PATH -match '[-_~]hr[-_~]') -or ($PATH -match '[-_~]hu[-_~]') -or ($PATH -match '[-_~]it[-_~]') -or ` + ($PATH -match '[-_~]ja[-_~]') -or ($PATH -match '[-_~]ko[-_~]') -or ($PATH -match '[-_~]lt[-_~]') -or ` + ($PATH -match '[-_~]lv[-_~]') -or ($PATH -match '[-_~]nb[-_~]') -or ($PATH -match '[-_~]nl[-_~]') -or ` + ($PATH -match '[-_~]pl[-_~]') -or ($PATH -match '[-_~]pt[-_~]') -or ($PATH -match '[-_~]ro[-_~]') -or ` + ($PATH -match '[-_~]ru[-_~]') -or ($PATH -match '[-_~]sk[-_~]') -or ($PATH -match '[-_~]sl[-_~]') -or ` + ($PATH -match '[-_~]sv[-_~]') -or ($PATH -match '[-_~]th[-_~]') -or ($PATH -match '[-_~]tr[-_~]') -or ` + ($PATH -match '[-_~]uk[-_~]') -or ($PATH -match '[-_~]zh[-_~]') -or ($PATH -match '[-_~]sr[-_~]')) { + return $True + } + else { + return $False + } + } + +# Remove the log +Remove-Item -Path $LOG_PATH -Force -ErrorAction ignore | Out-Null +Log "Starting" + +# Remove state files, keep repo if it exists +Remove-Item -Path $LANG_PATH -Force -ErrorAction ignore | Out-Null +Remove-Item -Path $CAP_PATH -Force -ErrorAction ignore | Out-Null +Remove-Item -Path $OSVERSION_PATH -Force -ErrorAction ignore | Out-Null + +# Get OS version, to use later for detecting compat scans versus OS installation +$OSINFO = Get-CimInstance Win32_OperatingSystem +Log "OS Version: $($OSINFO.Version)" +Add-Content -Path $OSVERSION_PATH -Value $OSINFO.Version + +# Get installed languages from international settings +$INTL = DISM.exe /Online /Get-Intl /English + +# Save only output lines with installed languages +$LANGUAGES = $INTL | Select-String -SimpleMatch 'Installed language(s)' + +# Replace with null so we have a simple list of language codes +$LANGUAGES = $LANGUAGES | ForEach-Object {$_.Line.Replace("Installed language(s): ","")} + +# Save System Language, save only output line with default system language +$SYSLANG = $INTL | Select-String -SimpleMatch 'Default system UI language' + +# Replace with null so we have the language code +$SYSLANG = $SYSLANG | ForEach-Object {$_.Line.Replace("Default system UI language : ","")} + +# Save these languages +Log "Default system UI language on source OS: $($SYSLANG)" +ForEach ($ITEM in $LANGUAGES) { + Log "Installed language on source OS: $($ITEM)" + Add-Content -Path $LANG_PATH -Value $ITEM +} + +# Get and save installed packages, we'll use this for debugging +$PACKAGES = Get-WindowsPackage -Online +ForEach ($ITEM in $PACKAGES) { + if($ITEM.PackageState -eq "Installed") { + Log "Package $($ITEM.PackageName) is installed" + } +} + +# Get and save capabilities +$CAPABILITIES = Get-WindowsCapability -Online +ForEach ($ITEM in $CAPABILITIES) { + if($ITEM.State -eq "Installed") { + Log "Capability $($ITEM.Name) is installed" + Add-Content -Path $CAP_PATH -Value $ITEM.Name + } +} + +# Copy a subset of the Repo files locally, all neutral files and the languages needed +$REPO_FILES = Get-ChildItem $REPO_PATH -file -Recurse +ForEach ($FILE in $REPO_FILES) { + $PATH = ($FILE.DirectoryName + "\") -Replace [Regex]::Escape($REPO_PATH), $LOCAL_REPO_PATH + If (!(Test-Path $Path)) { + New-Item -ItemType Directory -Path $PATH -Force | Out-Null + } + If ((IsLangFile $FILE.Name)) { + + # Only copy those files where we need the primary languages from the source OS + ForEach ($ITEM in $LANGUAGES) { + if ($FILE.Name -match $Item) { + + If (!(Test-Path (Join-Path $Path $File.Name))) { + Copy-Item $FILE.FullName -Destination $PATH -Force + Log "Copied file $($FILE.FullName) to local repository" + } + else { + Log "File $($FILE.Name) already exists in local repository" + } + } + } + } Else { + + # Copy all 'neutral files' and those language specific that are not in the core 38 + If (!(Test-Path (Join-Path $Path $File.Name))) { + Copy-Item $FILE.FullName -Destination $PATH -Force + Log "Copied file $($FILE.FullName) to local repository" + } + else { + Log "File $($FILE.Name) already exists in local repository" + } + } +} + +Log ("Exiting") + +``` + +### Adding optional content in the target operating system + +After setup has completed successfully, we use success.cmd to retrieve the optional content state from the source operating system and install in the new operating system only if that’s missing. Then, apply the latest monthly update as a final step. + + +```powershell +$OUTPUT_PATH = "C:\TEMP\" +$LOG_PATH = $OUTPUT_PATH + "log.txt" +$LANG_PATH = $OUTPUT_PATH + "sourceLang.txt" +$CAP_PATH = $OUTPUT_PATH + "sourceCapability.txt" +$OSVERSION_PATH = $OUTPUT_PATH + "sourceVersion.txt" +$LOCAL_REPO_PATH = $OUTPUT_PATH + "Local_Repo\" +$LCU_PATH = $OUTPUT_PATH + "Windows10.0-KB4565503-x64_PSFX.cab" +$PENDING = $false + +Function Get-TS { return "{0:HH:mm:ss}" -f (Get-Date) } + +Function Log +{ + param ( + [Parameter(Mandatory=$True)] + [string]$MESSAGE + ) + + $M = "$(Get-TS): PostInstall: $MESSAGE" + Write-Host $M + Add-Content -Path $LOG_PATH -Value $M + + } + +Log "Starting" + +# Get OS version +$OSINFO = Get-CimInstance Win32_OperatingSystem +Log "OS Version: $($OSINFO.Version)" + +# Check for source OS state, just to be sure +if (!(Test-Path $LANG_PATH) -or !(Test-Path $CAP_PATH) -or !(Test-Path $OSVERSION_PATH) ) { + Log "Source OS state is missing." +} + +# If this script is executing and the OS version hasn't changed, let's exit out. +else { + + # Retrive OS version from source OS + $SOURCE_OSVERSION = Get-Content -Path $OSVERSION_PATH + if ($OSINFO.Version -eq $SOURCE_OSVERSION) { + Log "OS Version hasn't changed." + } + + else { + + # Retrive language list from source OS + $SOURCE_LANGUAGES = Get-Content -Path $LANG_PATH + + # Get installed languages from International Settings + $INTL = DISM.exe /Online /Get-Intl /English + + # Save System Language, save only output line with default system language + $SYS_LANG = $INTL | Select-String -SimpleMatch 'Default system UI language' + + # Replace with null so we have the language code + $SYS_LANG = $SYS_LANG | ForEach-Object {$_.Line.Replace("Default system UI language : ","")} + + # Get and save installed packages, we'll use this for debugging + $PACKAGES = Get-WindowsPackage -Online + ForEach ($ITEM in $PACKAGES) { + if($ITEM.PackageState -eq "Installed") { + Log "Package $($ITEM.PackageName) is installed" + } + } + + # Loop through source OS languages, and install if missing on target OS + ForEach ($SOURCE_ITEM in $SOURCE_LANGUAGES) { + if ($SOURCE_ITEM -ne $SYS_LANG) { + + # add missing languages except the system language + Log "Adding language Microsoft-Windows-Client-Language-Pack_x64_$($SOURCE_ITEM).cab" + try { + Add-WindowsPackage -Online -PackagePath "$($LOCAL_REPO_PATH)\Microsoft-Windows-Client-Language-Pack_x64_$($SOURCE_ITEM).cab" -ErrorAction stop | Out-Null + } + catch { + Log $_.Exception.Message + } + } + } + + # Retrieve capabilities from source OS and target OS + $SOURCE_CAPABILITIES = Get-Content -Path $CAP_PATH + $CAPABILITIES = Get-WindowsCapability -Online + + # Loop through source OS capabilities, and install if missing on target OS + ForEach ($SOURCE_ITEM in $SOURCE_CAPABILITIES) { + $INSTALLED = $false + ForEach ($ITEM in $CAPABILITIES) { + if ($ITEM.Name -eq $($SOURCE_ITEM)) { + if ($ITEM.State -eq "Installed") { + $INSTALLED = $true + break + } + } + } + + # Add if not already installed + if (!($INSTALLED)) { + Log "Adding capability $SOURCE_ITEM" + try { + Add-WindowsCapability -Online -Name $SOURCE_ITEM -Source $LOCAL_REPO_PATH -ErrorAction stop | Out-Null + } + catch { + Log $_.Exception.Message + } + } + else { + Log "Capability $SOURCE_ITEM is already installed" + } + } + + # Add LCU, this is required after adding FODs and languages + Log ("Adding LCU") + Add-WindowsPackage -Online -PackagePath $LCU_PATH -NoRestart + + # Get packages, we'll use this for debugging and to see if we need to restart to install + $PACKAGES = Get-WindowsPackage -Online + ForEach ($ITEM in $PACKAGES) { + Log "Package $($ITEM.PackageName) is $($ITEM.PackageState)" + if ($ITEM.PackageState -eq "InstallPending") { + $PENDING = $true + } + } + } +} + +# Remove local repository and state files +Remove-Item -Path $LANG_PATH -Force -ErrorAction ignore | Out-Null +Remove-Item -Path $CAP_PATH -Force -ErrorAction ignore | Out-Null +Remove-Item -Path $OSVERSION_PATH -Force -ErrorAction ignore | Out-Null +Remove-Item -Path $LOCAL_REPO_PATH -Force -Recurse -ErrorAction ignore | Out-Null + +# Restarting the computer to let setup process to exit cleanly +if ($PENDING) { + Log ("Install pending packages exists, restarting in 10 seconds") + Start-Process -FilePath cmd -ArgumentList "/C shutdown /r /t 10 /f" +} + +Log ("Exiting") +``` \ No newline at end of file diff --git a/windows/deployment/update/update-baseline.md b/windows/deployment/update/update-baseline.md new file mode 100644 index 0000000000..45452dd15a --- /dev/null +++ b/windows/deployment/update/update-baseline.md @@ -0,0 +1,47 @@ +--- +title: Update baseline +description: Use an update baseline to optimize user experience and meet monthly update goals +keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, tools, group policy +ms.prod: w10 +ms.mktglfcycl: manage +author: jaimeo +ms.localizationpriority: medium +ms.author: jaimeo +manager: laurawi +ms.topic: article +--- + +# Update baseline + +**Applies to:** Windows 10 + +With the large number of different policies offered for Windows 10, Update Baseline provides a clear list of recommended Windows Update policy settings for IT administrators who want the best user experience while also meeting their monthly update compliance goals. See [Policies included in the Update Baseline](#policies-included-in-the-update-baseline) for the full list of policy configurations. + +## Why is Update Baseline needed? + +Update Baseline is an industry-tested solution that improves update adoption rates while also maintaining a high-quality user experience. Whether you are just starting out, or you have been configuring policies for years, Update Baseline can help get you to a known good state with an excellent user experience. Applying the baseline is especially helpful for organizations that have many years of policy configurations to clear out lingering misconfigurations. + +## You can use Update Baseline to: + +- Ensure that user and device configuration settings are compliant with the baseline. +- Set configuration settings. You can use Group Policy to configure a device with the setting values specified in the baseline. + +Update Baseline doesn't affect your offering policies, whether you’re using deferrals or target version to manage which updates are offered to your devices and when. + +## Policies included in the Update Baseline + +The Update Baseline configures settings in these Group Policy areas: + +- System/Power Management +- Windows Components/Delivery Optimization +- Windows Components/Windows Update + +For the complete detailed list of all settings and their values, see the MSFT Windows Update.htm file in the [Update Baseline toolkit](https://www.microsoft.com/download/details.aspx?id=101056) at the Download Center + +## How do I get started? + +The Update Baseline toolkit makes it easy by providing a single command for IT Admins to load the baseline settings into Group Policy Management Console. You can get the [Update Baseline toolkit](https://www.microsoft.com/download/details.aspx?id=101056) from the Download Center. + +Today, the Update Baseline toolkit is currently only available for use with Group Policy. + + diff --git a/windows/deployment/update/update-compliance-need-attention.md b/windows/deployment/update/update-compliance-need-attention.md index 78b60d2c7a..3032c95790 100644 --- a/windows/deployment/update/update-compliance-need-attention.md +++ b/windows/deployment/update/update-compliance-need-attention.md @@ -1,6 +1,5 @@ --- title: Update Compliance - Need Attention! report -ms.reviewer: manager: laurawi description: Learn how the Needs attention! section provides a breakdown of all Windows 10 device and update issues detected by Update Compliance. ms.mktglfcycl: deploy @@ -11,6 +10,7 @@ author: jaimeo ms.author: jaimeo ms.collection: M365-analytics ms.topic: article +ms.prod: w10 --- # Needs attention! diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 867d8a103e..02fb58ec4b 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -9,6 +9,7 @@ ### [Overview of Microsoft Defender Security Center](microsoft-defender-atp/use.md) ### [Portal overview](microsoft-defender-atp/portal-overview.md) ### [Microsoft Defender ATP for US Government Community Cloud High customers](microsoft-defender-atp/commercial-gov.md) +### [Microsoft Defender ATP for non-Windows platforms](microsoft-defender-atp/non-windows.md) ## [Evaluate capabilities](microsoft-defender-atp/evaluation-lab.md) @@ -223,7 +224,13 @@ #### [Deploy]() ##### [Microsoft Intune-based deployment](microsoft-defender-atp/mac-install-with-intune.md) -##### [JAMF-based deployment](microsoft-defender-atp/mac-install-with-jamf.md) +##### [JAMF Pro-based deployment]() +###### [Deploying Microsoft Defender ATP for macOS using Jamf Pro](microsoft-defender-atp/mac-install-with-jamf.md) +###### [Login to Jamf Pro](microsoft-defender-atp/mac-install-jamfpro-login.md) +###### [Set up device groups](microsoft-defender-atp/mac-jamfpro-device-groups.md) +###### [Set up policies](microsoft-defender-atp/mac-jamfpro-policies.md) +###### [Enroll devices](microsoft-defender-atp/mac-jamfpro-enroll-devices.md) + ##### [Deployment with a different Mobile Device Management (MDM) system](microsoft-defender-atp/mac-install-with-other-mdm.md) ##### [Manual deployment](microsoft-defender-atp/mac-install-manually.md) #### [Update](microsoft-defender-atp/mac-updates.md) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md index 8b91ba2fde..956266b212 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-event-based-updates-microsoft-defender-antivirus.md @@ -11,8 +11,8 @@ ms.localizationpriority: medium author: denisebmsft ms.author: deniseb ms.custom: nextgen -ms.date: 09/03/2018 -ms.reviewer: +ms.date: 09/17/2018 +ms.reviewer: pahuijbr manager: dansimp --- @@ -82,7 +82,7 @@ You can use Group Policy to force Microsoft Defender Antivirus to check and down 3. Click **Policies** then **Administrative templates**. -4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Signature Updates**. +4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Security Intelligence Updates**. 5. Double-click **Check for the latest virus and spyware definitions on startup** and set the option to **Enabled**. @@ -140,16 +140,16 @@ If you have enabled cloud-delivered protection, Microsoft Defender AV will send 3. Click **Policies** then **Administrative templates**. -4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Signature Updates**. +4. Expand the tree to **Windows components** > **Microsoft Defender Antivirus** > **Security Intelligence Updates**. 5. Double-click **Allow real-time security intelligence updates based on reports to Microsoft MAPS** and set the option to **Enabled**. Then click **OK**. 6. **Allow notifications to disable definitions-based reports to Microsoft MAPS** and set the option to **Enabled**. Then click **OK**. > [!NOTE] -> "Allow notifications to disable definitions based reports" enables Microsoft MAPS to disable those definitions known to cause false-positive reports. You must configure your computer to join Microsoft MAPS for this function to work. +> **Allow notifications to disable definitions based reports** enables Microsoft MAPS to disable those definitions known to cause false-positive reports. You must configure your computer to join Microsoft MAPS for this function to work. -## Related articles +## See also - [Deploy Microsoft Defender Antivirus](deploy-manage-report-microsoft-defender-antivirus.md) - [Manage Microsoft Defender Antivirus updates and apply baselines](manage-updates-baselines-microsoft-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/04245db47e1456f22d473980089ca69e.png b/windows/security/threat-protection/microsoft-defender-atp/images/04245db47e1456f22d473980089ca69e.png new file mode 100644 index 0000000000..9a854aad6a Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/04245db47e1456f22d473980089ca69e.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/099eb1b3e2d9a4fed03e9b7ef1de9765.png b/windows/security/threat-protection/microsoft-defender-atp/images/099eb1b3e2d9a4fed03e9b7ef1de9765.png new file mode 100644 index 0000000000..33da3dde26 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/099eb1b3e2d9a4fed03e9b7ef1de9765.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/09a275e321268e5e3ac0c0865d3e2db5.png b/windows/security/threat-protection/microsoft-defender-atp/images/09a275e321268e5e3ac0c0865d3e2db5.png new file mode 100644 index 0000000000..b033d8f6b8 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/09a275e321268e5e3ac0c0865d3e2db5.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/0adb21c13206861ba9b30a879ade93d3.png b/windows/security/threat-protection/microsoft-defender-atp/images/0adb21c13206861ba9b30a879ade93d3.png new file mode 100644 index 0000000000..b4a524f421 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/0adb21c13206861ba9b30a879ade93d3.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/0add8019b85a453b47fa5c402c72761b.png b/windows/security/threat-protection/microsoft-defender-atp/images/0add8019b85a453b47fa5c402c72761b.png new file mode 100644 index 0000000000..2e663efc76 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/0add8019b85a453b47fa5c402c72761b.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/0dde8a4c41110dbc398c485433a81359.png b/windows/security/threat-protection/microsoft-defender-atp/images/0dde8a4c41110dbc398c485433a81359.png new file mode 100644 index 0000000000..1933fdec00 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/0dde8a4c41110dbc398c485433a81359.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/0df36fc308ba569db204ee32db3fb40a.png b/windows/security/threat-protection/microsoft-defender-atp/images/0df36fc308ba569db204ee32db3fb40a.png new file mode 100644 index 0000000000..cb2c5784fd Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/0df36fc308ba569db204ee32db3fb40a.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/10ab98358b2d602f3f67618735fa82fb.png b/windows/security/threat-protection/microsoft-defender-atp/images/10ab98358b2d602f3f67618735fa82fb.png new file mode 100644 index 0000000000..30b0d05525 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/10ab98358b2d602f3f67618735fa82fb.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1213872db5833aa8be535da57653219f.png b/windows/security/threat-protection/microsoft-defender-atp/images/1213872db5833aa8be535da57653219f.png new file mode 100644 index 0000000000..211267d73d Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1213872db5833aa8be535da57653219f.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1359fbfdd8bd9ee74c3bb487a05b956c.png b/windows/security/threat-protection/microsoft-defender-atp/images/1359fbfdd8bd9ee74c3bb487a05b956c.png new file mode 100644 index 0000000000..ebba81f9c4 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1359fbfdd8bd9ee74c3bb487a05b956c.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1626d138e6309c6e87bfaab64f5ccf7b.png b/windows/security/threat-protection/microsoft-defender-atp/images/1626d138e6309c6e87bfaab64f5ccf7b.png new file mode 100644 index 0000000000..e9ad710109 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1626d138e6309c6e87bfaab64f5ccf7b.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1aa5aaa0a387f4e16ce55b66facc77d1.png b/windows/security/threat-protection/microsoft-defender-atp/images/1aa5aaa0a387f4e16ce55b66facc77d1.png new file mode 100644 index 0000000000..b0fb764d52 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1aa5aaa0a387f4e16ce55b66facc77d1.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1b6b5a4edcb42d97f1e70a6a0fa48e3a.png b/windows/security/threat-protection/microsoft-defender-atp/images/1b6b5a4edcb42d97f1e70a6a0fa48e3a.png new file mode 100644 index 0000000000..2da3d1c9ca Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1b6b5a4edcb42d97f1e70a6a0fa48e3a.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1c08d097829863778d562c10c5f92b67.png b/windows/security/threat-protection/microsoft-defender-atp/images/1c08d097829863778d562c10c5f92b67.png new file mode 100644 index 0000000000..9604e5fc29 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1c08d097829863778d562c10c5f92b67.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1c9bd3f68db20b80193dac18f33c22d0.png b/windows/security/threat-protection/microsoft-defender-atp/images/1c9bd3f68db20b80193dac18f33c22d0.png new file mode 100644 index 0000000000..00a6103e30 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1c9bd3f68db20b80193dac18f33c22d0.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/1f72e9c15eaafcabf1504397e99be311.png b/windows/security/threat-protection/microsoft-defender-atp/images/1f72e9c15eaafcabf1504397e99be311.png new file mode 100644 index 0000000000..a4a5bb1008 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/1f72e9c15eaafcabf1504397e99be311.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/20e33b98eb54447881dc6c89e58b890f.png b/windows/security/threat-protection/microsoft-defender-atp/images/20e33b98eb54447881dc6c89e58b890f.png new file mode 100644 index 0000000000..c8722ddd31 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/20e33b98eb54447881dc6c89e58b890f.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/216253cbfb6ae738b9f13496b9c799fd.png b/windows/security/threat-protection/microsoft-defender-atp/images/216253cbfb6ae738b9f13496b9c799fd.png new file mode 100644 index 0000000000..35f0fdcd33 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/216253cbfb6ae738b9f13496b9c799fd.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/219bef7e5ebfdd0e2078f4a27535296a.png b/windows/security/threat-protection/microsoft-defender-atp/images/219bef7e5ebfdd0e2078f4a27535296a.png new file mode 100644 index 0000000000..ae40584eb5 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/219bef7e5ebfdd0e2078f4a27535296a.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/21de3658bf58b1b767a17358a3f06341.png b/windows/security/threat-protection/microsoft-defender-atp/images/21de3658bf58b1b767a17358a3f06341.png new file mode 100644 index 0000000000..f50308e890 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/21de3658bf58b1b767a17358a3f06341.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/22cb439de958101c0a12f3038f905b27.png b/windows/security/threat-protection/microsoft-defender-atp/images/22cb439de958101c0a12f3038f905b27.png new file mode 100644 index 0000000000..0ee45bfe4d Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/22cb439de958101c0a12f3038f905b27.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/24e290f5fc309932cf41f3a280d22c14.png b/windows/security/threat-protection/microsoft-defender-atp/images/24e290f5fc309932cf41f3a280d22c14.png new file mode 100644 index 0000000000..38c794c2e4 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/24e290f5fc309932cf41f3a280d22c14.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/253274b33e74f3f5b8d475cf8692ce4e.png b/windows/security/threat-protection/microsoft-defender-atp/images/253274b33e74f3f5b8d475cf8692ce4e.png new file mode 100644 index 0000000000..940d23f8e7 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/253274b33e74f3f5b8d475cf8692ce4e.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/264493cd01e62c7085659d6fdc26dc91.png b/windows/security/threat-protection/microsoft-defender-atp/images/264493cd01e62c7085659d6fdc26dc91.png new file mode 100644 index 0000000000..f5e8adcd57 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/264493cd01e62c7085659d6fdc26dc91.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/26f0f7a5f3a6d95aa32a9e3d6d1a38a4.png b/windows/security/threat-protection/microsoft-defender-atp/images/26f0f7a5f3a6d95aa32a9e3d6d1a38a4.png new file mode 100644 index 0000000000..e887ffeb72 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/26f0f7a5f3a6d95aa32a9e3d6d1a38a4.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/2bda9244ec25d1526811da4ea91b1c86.png b/windows/security/threat-protection/microsoft-defender-atp/images/2bda9244ec25d1526811da4ea91b1c86.png new file mode 100644 index 0000000000..ef1fa51714 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/2bda9244ec25d1526811da4ea91b1c86.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/2c49b16cd112729b3719724f581e6882.png b/windows/security/threat-protection/microsoft-defender-atp/images/2c49b16cd112729b3719724f581e6882.png new file mode 100644 index 0000000000..4b2410ad5e Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/2c49b16cd112729b3719724f581e6882.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/30be88b63abc5e8dde11b73f1b1ade6a.png b/windows/security/threat-protection/microsoft-defender-atp/images/30be88b63abc5e8dde11b73f1b1ade6a.png new file mode 100644 index 0000000000..af749f43cc Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/30be88b63abc5e8dde11b73f1b1ade6a.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/3160906404bc5a2edf84d1d015894e3b.png b/windows/security/threat-protection/microsoft-defender-atp/images/3160906404bc5a2edf84d1d015894e3b.png new file mode 100644 index 0000000000..b7ab38e50d Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/3160906404bc5a2edf84d1d015894e3b.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/321ba245f14743c1d5d51c15e99deecc.png b/windows/security/threat-protection/microsoft-defender-atp/images/321ba245f14743c1d5d51c15e99deecc.png new file mode 100644 index 0000000000..14d3cfb8dd Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/321ba245f14743c1d5d51c15e99deecc.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/335aff58950ce62d1dabc289ecdce9ed.png b/windows/security/threat-protection/microsoft-defender-atp/images/335aff58950ce62d1dabc289ecdce9ed.png new file mode 100644 index 0000000000..b536944e24 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/335aff58950ce62d1dabc289ecdce9ed.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/33e2b2a1611fdddf6b5b79e54496e3bb.png b/windows/security/threat-protection/microsoft-defender-atp/images/33e2b2a1611fdddf6b5b79e54496e3bb.png new file mode 100644 index 0000000000..1a95f07037 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/33e2b2a1611fdddf6b5b79e54496e3bb.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/33f1ecdc7d4872555418bbc3efe4b7a3.png b/windows/security/threat-protection/microsoft-defender-atp/images/33f1ecdc7d4872555418bbc3efe4b7a3.png new file mode 100644 index 0000000000..06aed3038e Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/33f1ecdc7d4872555418bbc3efe4b7a3.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/368d35b3d6179af92ffdbfd93b226b69.png b/windows/security/threat-protection/microsoft-defender-atp/images/368d35b3d6179af92ffdbfd93b226b69.png new file mode 100644 index 0000000000..dea45e1206 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/368d35b3d6179af92ffdbfd93b226b69.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/38c67ee1905c4747c3b26c8eba57726b.png b/windows/security/threat-protection/microsoft-defender-atp/images/38c67ee1905c4747c3b26c8eba57726b.png new file mode 100644 index 0000000000..fbb8656f8b Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/38c67ee1905c4747c3b26c8eba57726b.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/39cf120d3ac3652292d8d1b6d057bd60.png b/windows/security/threat-protection/microsoft-defender-atp/images/39cf120d3ac3652292d8d1b6d057bd60.png new file mode 100644 index 0000000000..6d201f5e90 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/39cf120d3ac3652292d8d1b6d057bd60.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/3c0a231f83cfb5a256d99ae575400d9b.png b/windows/security/threat-protection/microsoft-defender-atp/images/3c0a231f83cfb5a256d99ae575400d9b.png new file mode 100644 index 0000000000..ebe69e0005 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/3c0a231f83cfb5a256d99ae575400d9b.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/3ced5383a6be788486d89d407d042f28.png b/windows/security/threat-protection/microsoft-defender-atp/images/3ced5383a6be788486d89d407d042f28.png new file mode 100644 index 0000000000..4ff3e0fb7c Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/3ced5383a6be788486d89d407d042f28.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/4139848399185472abaa0ce2f34a883a.png b/windows/security/threat-protection/microsoft-defender-atp/images/4139848399185472abaa0ce2f34a883a.png new file mode 100644 index 0000000000..de3cbeb5bb Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/4139848399185472abaa0ce2f34a883a.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/4239ca0528efb0734e4ca0b490bfb22d.png b/windows/security/threat-protection/microsoft-defender-atp/images/4239ca0528efb0734e4ca0b490bfb22d.png new file mode 100644 index 0000000000..8bd862cd66 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/4239ca0528efb0734e4ca0b490bfb22d.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/441aa2ecd36abadcdd8aed03556080b5.png b/windows/security/threat-protection/microsoft-defender-atp/images/441aa2ecd36abadcdd8aed03556080b5.png new file mode 100644 index 0000000000..9d1b985470 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/441aa2ecd36abadcdd8aed03556080b5.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/45156aa74077fc82cd4223f3dcb8cd76.png b/windows/security/threat-protection/microsoft-defender-atp/images/45156aa74077fc82cd4223f3dcb8cd76.png new file mode 100644 index 0000000000..041e7d946c Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/45156aa74077fc82cd4223f3dcb8cd76.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/4922c0fcdde4c7f73242b13bf5e35c19.png b/windows/security/threat-protection/microsoft-defender-atp/images/4922c0fcdde4c7f73242b13bf5e35c19.png new file mode 100644 index 0000000000..3e31d5e244 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/4922c0fcdde4c7f73242b13bf5e35c19.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/4bac6ce277aedfb4a674f2d9fcb2599a.png b/windows/security/threat-protection/microsoft-defender-atp/images/4bac6ce277aedfb4a674f2d9fcb2599a.png new file mode 100644 index 0000000000..15c5639231 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/4bac6ce277aedfb4a674f2d9fcb2599a.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/4cc3cfc683ae36ff906562a61908d132.png b/windows/security/threat-protection/microsoft-defender-atp/images/4cc3cfc683ae36ff906562a61908d132.png new file mode 100644 index 0000000000..6aee2fb1b1 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/4cc3cfc683ae36ff906562a61908d132.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/4d2d1d4ee13d3f840f425924c3df0d51.png b/windows/security/threat-protection/microsoft-defender-atp/images/4d2d1d4ee13d3f840f425924c3df0d51.png new file mode 100644 index 0000000000..83ef8509be Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/4d2d1d4ee13d3f840f425924c3df0d51.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/4ec20e72c8aed9a4c16912e01692436a.png b/windows/security/threat-protection/microsoft-defender-atp/images/4ec20e72c8aed9a4c16912e01692436a.png new file mode 100644 index 0000000000..e3d3692c75 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/4ec20e72c8aed9a4c16912e01692436a.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/526b83fbdbb31265b3d0c1e5fbbdc33a.png b/windows/security/threat-protection/microsoft-defender-atp/images/526b83fbdbb31265b3d0c1e5fbbdc33a.png new file mode 100644 index 0000000000..6b4bd29da7 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/526b83fbdbb31265b3d0c1e5fbbdc33a.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/526e978761fc571cca06907da7b01fd6.png b/windows/security/threat-protection/microsoft-defender-atp/images/526e978761fc571cca06907da7b01fd6.png new file mode 100644 index 0000000000..2ee505158e Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/526e978761fc571cca06907da7b01fd6.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/54be9c6ed5b24cebe628dc3cd9ca4089.png b/windows/security/threat-protection/microsoft-defender-atp/images/54be9c6ed5b24cebe628dc3cd9ca4089.png new file mode 100644 index 0000000000..b809759dcb Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/54be9c6ed5b24cebe628dc3cd9ca4089.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/56dac54634d13b2d3948ab50e8d3ef21.png b/windows/security/threat-protection/microsoft-defender-atp/images/56dac54634d13b2d3948ab50e8d3ef21.png new file mode 100644 index 0000000000..23770e3a97 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/56dac54634d13b2d3948ab50e8d3ef21.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/56e6f6259b9ce3c1706ed8d666ae4947.png b/windows/security/threat-protection/microsoft-defender-atp/images/56e6f6259b9ce3c1706ed8d666ae4947.png new file mode 100644 index 0000000000..163da50934 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/56e6f6259b9ce3c1706ed8d666ae4947.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/57aa4d21e2ccc65466bf284701d4e961.png b/windows/security/threat-protection/microsoft-defender-atp/images/57aa4d21e2ccc65466bf284701d4e961.png new file mode 100644 index 0000000000..d2c3a2f2e5 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/57aa4d21e2ccc65466bf284701d4e961.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/57cef926d1b9260fb74a5f460cee887a.png b/windows/security/threat-protection/microsoft-defender-atp/images/57cef926d1b9260fb74a5f460cee887a.png new file mode 100644 index 0000000000..e3897c4cbe Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/57cef926d1b9260fb74a5f460cee887a.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/5856b765a6ce677caacb130ca36b1a62.png b/windows/security/threat-protection/microsoft-defender-atp/images/5856b765a6ce677caacb130ca36b1a62.png new file mode 100644 index 0000000000..2e85b376b2 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/5856b765a6ce677caacb130ca36b1a62.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/625ba6d19e8597f05e4907298a454d28.png b/windows/security/threat-protection/microsoft-defender-atp/images/625ba6d19e8597f05e4907298a454d28.png new file mode 100644 index 0000000000..b63b06e529 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/625ba6d19e8597f05e4907298a454d28.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/632aaab79ae18d0d2b8e0c16b6ba39e2.png b/windows/security/threat-protection/microsoft-defender-atp/images/632aaab79ae18d0d2b8e0c16b6ba39e2.png new file mode 100644 index 0000000000..8d43285b82 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/632aaab79ae18d0d2b8e0c16b6ba39e2.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/633ad26b8bf24ec683c98b2feb884bdf.png b/windows/security/threat-protection/microsoft-defender-atp/images/633ad26b8bf24ec683c98b2feb884bdf.png new file mode 100644 index 0000000000..e71d428536 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/633ad26b8bf24ec683c98b2feb884bdf.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/644e0f3af40c29e80ca1443535b2fe32.png b/windows/security/threat-protection/microsoft-defender-atp/images/644e0f3af40c29e80ca1443535b2fe32.png new file mode 100644 index 0000000000..b37ef7c8b5 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/644e0f3af40c29e80ca1443535b2fe32.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/68bdbc5754dfc80aa1a024dde0fce7b0.png b/windows/security/threat-protection/microsoft-defender-atp/images/68bdbc5754dfc80aa1a024dde0fce7b0.png new file mode 100644 index 0000000000..774f727137 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/68bdbc5754dfc80aa1a024dde0fce7b0.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/6c8b406ee224335a8c65d06953dc756e.png b/windows/security/threat-protection/microsoft-defender-atp/images/6c8b406ee224335a8c65d06953dc756e.png new file mode 100644 index 0000000000..65870c57ee Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/6c8b406ee224335a8c65d06953dc756e.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/6de50b4a897408ddc6ded56a09c09fe2.png b/windows/security/threat-protection/microsoft-defender-atp/images/6de50b4a897408ddc6ded56a09c09fe2.png new file mode 100644 index 0000000000..4251c7b374 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/6de50b4a897408ddc6ded56a09c09fe2.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/6eda18a64a660fa149575454e54e7156.png b/windows/security/threat-protection/microsoft-defender-atp/images/6eda18a64a660fa149575454e54e7156.png new file mode 100644 index 0000000000..edf5e96a06 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/6eda18a64a660fa149575454e54e7156.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/6f093e42856753a3955cab7ee14f12d9.png b/windows/security/threat-protection/microsoft-defender-atp/images/6f093e42856753a3955cab7ee14f12d9.png new file mode 100644 index 0000000000..8bb38c4958 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/6f093e42856753a3955cab7ee14f12d9.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/6f85269276b2278eca4bce84f935f87b.png b/windows/security/threat-protection/microsoft-defender-atp/images/6f85269276b2278eca4bce84f935f87b.png new file mode 100644 index 0000000000..11d8c78bcf Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/6f85269276b2278eca4bce84f935f87b.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/6fd0cb2bbb0e60a623829c91fd0826ab.png b/windows/security/threat-protection/microsoft-defender-atp/images/6fd0cb2bbb0e60a623829c91fd0826ab.png new file mode 100644 index 0000000000..32d1b991bd Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/6fd0cb2bbb0e60a623829c91fd0826ab.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/715ae7ec8d6a262c489f94d14e1e51bb.png b/windows/security/threat-protection/microsoft-defender-atp/images/715ae7ec8d6a262c489f94d14e1e51bb.png new file mode 100644 index 0000000000..bfe95454d9 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/715ae7ec8d6a262c489f94d14e1e51bb.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/718b9d609f9f77c8b13ba88c4c0abe5d.png b/windows/security/threat-protection/microsoft-defender-atp/images/718b9d609f9f77c8b13ba88c4c0abe5d.png new file mode 100644 index 0000000000..46b0e010bd Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/718b9d609f9f77c8b13ba88c4c0abe5d.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/7697c33b9fd376ae5a8023d01f9d3857.png b/windows/security/threat-protection/microsoft-defender-atp/images/7697c33b9fd376ae5a8023d01f9d3857.png new file mode 100644 index 0000000000..a037ed737b Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/7697c33b9fd376ae5a8023d01f9d3857.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/770827925b3f572fc027e7d50dcc415d.png b/windows/security/threat-protection/microsoft-defender-atp/images/770827925b3f572fc027e7d50dcc415d.png new file mode 100644 index 0000000000..82bd4898af Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/770827925b3f572fc027e7d50dcc415d.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/77d14ea36bea97c4607af0f70c88b812.png b/windows/security/threat-protection/microsoft-defender-atp/images/77d14ea36bea97c4607af0f70c88b812.png new file mode 100644 index 0000000000..a3ce68e15e Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/77d14ea36bea97c4607af0f70c88b812.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/7acc1b24846d3388d3b29c1d7a2dd141.png b/windows/security/threat-protection/microsoft-defender-atp/images/7acc1b24846d3388d3b29c1d7a2dd141.png new file mode 100644 index 0000000000..4ef3ad1831 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/7acc1b24846d3388d3b29c1d7a2dd141.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/7f9138053dbcbf928e5182ee7b295ebe.png b/windows/security/threat-protection/microsoft-defender-atp/images/7f9138053dbcbf928e5182ee7b295ebe.png new file mode 100644 index 0000000000..474e281699 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/7f9138053dbcbf928e5182ee7b295ebe.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/809cef630281b64b8f07f20913b0039b.png b/windows/security/threat-protection/microsoft-defender-atp/images/809cef630281b64b8f07f20913b0039b.png new file mode 100644 index 0000000000..b31c48693d Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/809cef630281b64b8f07f20913b0039b.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/846ca6a7a4be5be7111744091d539cba.png b/windows/security/threat-protection/microsoft-defender-atp/images/846ca6a7a4be5be7111744091d539cba.png new file mode 100644 index 0000000000..b0dd1554ef Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/846ca6a7a4be5be7111744091d539cba.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/847b70e54ed04787e415f5180414b310.png b/windows/security/threat-protection/microsoft-defender-atp/images/847b70e54ed04787e415f5180414b310.png new file mode 100644 index 0000000000..884a5e815e Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/847b70e54ed04787e415f5180414b310.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/8c3bdc3924488542295f29c93af3881f.png b/windows/security/threat-protection/microsoft-defender-atp/images/8c3bdc3924488542295f29c93af3881f.png new file mode 100644 index 0000000000..f0b6205a1f Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/8c3bdc3924488542295f29c93af3881f.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/8d80fe378a31143db9be0bacf7ddc5a3.png b/windows/security/threat-protection/microsoft-defender-atp/images/8d80fe378a31143db9be0bacf7ddc5a3.png new file mode 100644 index 0000000000..943ede3988 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/8d80fe378a31143db9be0bacf7ddc5a3.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/8dde76b5463047423f8637c86b05c29d.png b/windows/security/threat-protection/microsoft-defender-atp/images/8dde76b5463047423f8637c86b05c29d.png new file mode 100644 index 0000000000..b15631e21b Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/8dde76b5463047423f8637c86b05c29d.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/8e69f867664668796a3b2904896f0436.png b/windows/security/threat-protection/microsoft-defender-atp/images/8e69f867664668796a3b2904896f0436.png new file mode 100644 index 0000000000..aba654cde9 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/8e69f867664668796a3b2904896f0436.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/8fb4cc03721e1efb4a15867d5241ebfb.png b/windows/security/threat-protection/microsoft-defender-atp/images/8fb4cc03721e1efb4a15867d5241ebfb.png new file mode 100644 index 0000000000..df6134c572 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/8fb4cc03721e1efb4a15867d5241ebfb.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/95313facfdd5e1ea361981e0a2478fec.png b/windows/security/threat-protection/microsoft-defender-atp/images/95313facfdd5e1ea361981e0a2478fec.png new file mode 100644 index 0000000000..d4638f0643 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/95313facfdd5e1ea361981e0a2478fec.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/98acea3750113b8dbab334296e833003.png b/windows/security/threat-protection/microsoft-defender-atp/images/98acea3750113b8dbab334296e833003.png new file mode 100644 index 0000000000..12867aecde Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/98acea3750113b8dbab334296e833003.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/990742cd9a15ca9fdd37c9f695d1b9f4.png b/windows/security/threat-protection/microsoft-defender-atp/images/990742cd9a15ca9fdd37c9f695d1b9f4.png new file mode 100644 index 0000000000..0de20fa301 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/990742cd9a15ca9fdd37c9f695d1b9f4.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/99679a7835b0d27d0a222bc3fdaf7f3b.png b/windows/security/threat-protection/microsoft-defender-atp/images/99679a7835b0d27d0a222bc3fdaf7f3b.png new file mode 100644 index 0000000000..fd2706aa68 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/99679a7835b0d27d0a222bc3fdaf7f3b.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/9970046795448057693973a976da3d1d.png b/windows/security/threat-protection/microsoft-defender-atp/images/9970046795448057693973a976da3d1d.png new file mode 100644 index 0000000000..b4e92a0f51 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/9970046795448057693973a976da3d1d.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/9d6e5386e652e00715ff348af72671c6.png b/windows/security/threat-protection/microsoft-defender-atp/images/9d6e5386e652e00715ff348af72671c6.png new file mode 100644 index 0000000000..7c4bf5f298 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/9d6e5386e652e00715ff348af72671c6.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/9e31ba00bcdd0bd8c1d1e53808581a2d.png b/windows/security/threat-protection/microsoft-defender-atp/images/9e31ba00bcdd0bd8c1d1e53808581a2d.png new file mode 100644 index 0000000000..a604180a07 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/9e31ba00bcdd0bd8c1d1e53808581a2d.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/9f09cc4cd841559dd389fba7dc57e5e0.png b/windows/security/threat-protection/microsoft-defender-atp/images/9f09cc4cd841559dd389fba7dc57e5e0.png new file mode 100644 index 0000000000..c636679f40 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/9f09cc4cd841559dd389fba7dc57e5e0.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/9fc17529e5577eefd773c658ec576a7d.png b/windows/security/threat-protection/microsoft-defender-atp/images/9fc17529e5577eefd773c658ec576a7d.png new file mode 100644 index 0000000000..f352977ac3 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/9fc17529e5577eefd773c658ec576a7d.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/a26bd4967cd54bb113a2c8d32894c3de.png b/windows/security/threat-protection/microsoft-defender-atp/images/a26bd4967cd54bb113a2c8d32894c3de.png new file mode 100644 index 0000000000..4ec19ffeb2 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/a26bd4967cd54bb113a2c8d32894c3de.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/a347307458d6a9bbfa88df7dbe15398f.png b/windows/security/threat-protection/microsoft-defender-atp/images/a347307458d6a9bbfa88df7dbe15398f.png new file mode 100644 index 0000000000..bfcfa8f717 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/a347307458d6a9bbfa88df7dbe15398f.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/a422e57fe8d45689227e784443e51bd1.png b/windows/security/threat-protection/microsoft-defender-atp/images/a422e57fe8d45689227e784443e51bd1.png new file mode 100644 index 0000000000..c734a1763a Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/a422e57fe8d45689227e784443e51bd1.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/a43bdc97f961de41946baca0e7405138.png b/windows/security/threat-protection/microsoft-defender-atp/images/a43bdc97f961de41946baca0e7405138.png new file mode 100644 index 0000000000..1c78719148 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/a43bdc97f961de41946baca0e7405138.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/a657018ab7c25284f0a631e83fc63c20.png b/windows/security/threat-protection/microsoft-defender-atp/images/a657018ab7c25284f0a631e83fc63c20.png new file mode 100644 index 0000000000..3aea41c5e9 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/a657018ab7c25284f0a631e83fc63c20.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/a790e02892e09857213331be078b9c28.png b/windows/security/threat-protection/microsoft-defender-atp/images/a790e02892e09857213331be078b9c28.png new file mode 100644 index 0000000000..6221e07cb5 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/a790e02892e09857213331be078b9c28.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/aa9f8f0f5772b7032e0f5606a9094c79.png b/windows/security/threat-protection/microsoft-defender-atp/images/aa9f8f0f5772b7032e0f5606a9094c79.png new file mode 100644 index 0000000000..ef720de702 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/aa9f8f0f5772b7032e0f5606a9094c79.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/abccba0b620cec06b03d219832667fe1.png b/windows/security/threat-protection/microsoft-defender-atp/images/abccba0b620cec06b03d219832667fe1.png new file mode 100644 index 0000000000..d7d0f281c2 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/abccba0b620cec06b03d219832667fe1.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ae3597247b6bc7c5347cf56ab1e820c0.png b/windows/security/threat-protection/microsoft-defender-atp/images/ae3597247b6bc7c5347cf56ab1e820c0.png new file mode 100644 index 0000000000..0dab513560 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ae3597247b6bc7c5347cf56ab1e820c0.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/b334974590d1a1fa4bc034b6190663ea.png b/windows/security/threat-protection/microsoft-defender-atp/images/b334974590d1a1fa4bc034b6190663ea.png new file mode 100644 index 0000000000..778c97d70a Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/b334974590d1a1fa4bc034b6190663ea.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/b64986618ecc9eec016a7e4c504d9d27.png b/windows/security/threat-protection/microsoft-defender-atp/images/b64986618ecc9eec016a7e4c504d9d27.png new file mode 100644 index 0000000000..55aced9e5e Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/b64986618ecc9eec016a7e4c504d9d27.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/b6c7ad56d50f497c38fc14c1e315456c.png b/windows/security/threat-protection/microsoft-defender-atp/images/b6c7ad56d50f497c38fc14c1e315456c.png new file mode 100644 index 0000000000..cb1009d9ab Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/b6c7ad56d50f497c38fc14c1e315456c.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/b6d671b2f18b89d96c1c8e2ea1991242.png b/windows/security/threat-protection/microsoft-defender-atp/images/b6d671b2f18b89d96c1c8e2ea1991242.png new file mode 100644 index 0000000000..168b4103a5 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/b6d671b2f18b89d96c1c8e2ea1991242.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/b7b677c6b06dfa9a00223ec6c58685d6.png b/windows/security/threat-protection/microsoft-defender-atp/images/b7b677c6b06dfa9a00223ec6c58685d6.png new file mode 100644 index 0000000000..f889ed6a06 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/b7b677c6b06dfa9a00223ec6c58685d6.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ba3d40399e1a6d09214ecbb2b341923f.png b/windows/security/threat-protection/microsoft-defender-atp/images/ba3d40399e1a6d09214ecbb2b341923f.png new file mode 100644 index 0000000000..3effc79498 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ba3d40399e1a6d09214ecbb2b341923f.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ba44cdb77e4781aa8b940fb83e3c21f7.png b/windows/security/threat-protection/microsoft-defender-atp/images/ba44cdb77e4781aa8b940fb83e3c21f7.png new file mode 100644 index 0000000000..9d9988e39f Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ba44cdb77e4781aa8b940fb83e3c21f7.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/bcd4920afadbc158f8d7de88c11096fb.png b/windows/security/threat-protection/microsoft-defender-atp/images/bcd4920afadbc158f8d7de88c11096fb.png new file mode 100644 index 0000000000..cdf08c8f7b Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/bcd4920afadbc158f8d7de88c11096fb.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/bd93e78b74c2660a0541af4690dd9485.png b/windows/security/threat-protection/microsoft-defender-atp/images/bd93e78b74c2660a0541af4690dd9485.png new file mode 100644 index 0000000000..b30f65c374 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/bd93e78b74c2660a0541af4690dd9485.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/bf187f62ea1ae024d87a933cf97a00d3.png b/windows/security/threat-protection/microsoft-defender-atp/images/bf187f62ea1ae024d87a933cf97a00d3.png new file mode 100644 index 0000000000..2bd24757a9 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/bf187f62ea1ae024d87a933cf97a00d3.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/c1022b886c359a2969b9a3fea4bcc6ed.png b/windows/security/threat-protection/microsoft-defender-atp/images/c1022b886c359a2969b9a3fea4bcc6ed.png new file mode 100644 index 0000000000..e0c1d3c59c Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/c1022b886c359a2969b9a3fea4bcc6ed.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/c254c437d5bdb4c28df8b25ba0a5e4a2.png b/windows/security/threat-protection/microsoft-defender-atp/images/c254c437d5bdb4c28df8b25ba0a5e4a2.png new file mode 100644 index 0000000000..f973186aa0 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/c254c437d5bdb4c28df8b25ba0a5e4a2.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/c9820a5ff84aaf21635c04a23a97ca93.png b/windows/security/threat-protection/microsoft-defender-atp/images/c9820a5ff84aaf21635c04a23a97ca93.png new file mode 100644 index 0000000000..a33cc304f5 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/c9820a5ff84aaf21635c04a23a97ca93.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/c9f85bba3e96d627fe00fc5a8363b83a.png b/windows/security/threat-protection/microsoft-defender-atp/images/c9f85bba3e96d627fe00fc5a8363b83a.png new file mode 100644 index 0000000000..d01d4b01da Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/c9f85bba3e96d627fe00fc5a8363b83a.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/ce580aec080512d44a37ff8e82e5c2ac.png b/windows/security/threat-protection/microsoft-defender-atp/images/ce580aec080512d44a37ff8e82e5c2ac.png new file mode 100644 index 0000000000..1b3179853c Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/ce580aec080512d44a37ff8e82e5c2ac.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/cf30438b5512ac89af1d11cbf35219a6.png b/windows/security/threat-protection/microsoft-defender-atp/images/cf30438b5512ac89af1d11cbf35219a6.png new file mode 100644 index 0000000000..ac3ffa8237 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/cf30438b5512ac89af1d11cbf35219a6.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/contoso-machine-group.png b/windows/security/threat-protection/microsoft-defender-atp/images/contoso-machine-group.png new file mode 100644 index 0000000000..954724e574 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/contoso-machine-group.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/d0e0bee1e23464ab729191bbea5c2604.png b/windows/security/threat-protection/microsoft-defender-atp/images/d0e0bee1e23464ab729191bbea5c2604.png new file mode 100644 index 0000000000..2f8b727669 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/d0e0bee1e23464ab729191bbea5c2604.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/d8254adf4bd30290f9a8a0c131830a1f.png b/windows/security/threat-protection/microsoft-defender-atp/images/d8254adf4bd30290f9a8a0c131830a1f.png new file mode 100644 index 0000000000..82131ac913 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/d8254adf4bd30290f9a8a0c131830a1f.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/db15f147dd959e872a044184711d7d46.png b/windows/security/threat-protection/microsoft-defender-atp/images/db15f147dd959e872a044184711d7d46.png new file mode 100644 index 0000000000..a8cd37acf4 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/db15f147dd959e872a044184711d7d46.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/dc9f016cf649f8baaa89eaa0511ebb85.png b/windows/security/threat-protection/microsoft-defender-atp/images/dc9f016cf649f8baaa89eaa0511ebb85.png new file mode 100644 index 0000000000..dd86cc8585 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/dc9f016cf649f8baaa89eaa0511ebb85.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/dd55405106da0dfc2f50f8d4525b01c8.png b/windows/security/threat-protection/microsoft-defender-atp/images/dd55405106da0dfc2f50f8d4525b01c8.png new file mode 100644 index 0000000000..6e5f3fa9dc Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/dd55405106da0dfc2f50f8d4525b01c8.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/de180771f31278a2a6225857f73caf0d.png b/windows/security/threat-protection/microsoft-defender-atp/images/de180771f31278a2a6225857f73caf0d.png new file mode 100644 index 0000000000..89a9591408 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/de180771f31278a2a6225857f73caf0d.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/e1cc1e48ec9d5d688087b4d771e668d2.png b/windows/security/threat-protection/microsoft-defender-atp/images/e1cc1e48ec9d5d688087b4d771e668d2.png new file mode 100644 index 0000000000..d730bb042b Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/e1cc1e48ec9d5d688087b4d771e668d2.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/e925142786fa5c0e9309fafc128a5ef7.png b/windows/security/threat-protection/microsoft-defender-atp/images/e925142786fa5c0e9309fafc128a5ef7.png new file mode 100644 index 0000000000..f47188ab2e Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/e925142786fa5c0e9309fafc128a5ef7.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/eaba2a23dd34f73bf59e826217ba6f15.png b/windows/security/threat-protection/microsoft-defender-atp/images/eaba2a23dd34f73bf59e826217ba6f15.png new file mode 100644 index 0000000000..790aae6d4d Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/eaba2a23dd34f73bf59e826217ba6f15.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/f504b2ae0a28a10778b0fa70378c355c.png b/windows/security/threat-protection/microsoft-defender-atp/images/f504b2ae0a28a10778b0fa70378c355c.png new file mode 100644 index 0000000000..b4da9a44be Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/f504b2ae0a28a10778b0fa70378c355c.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/f624de59b3cc86e3e2d32ae5de093e02.png b/windows/security/threat-protection/microsoft-defender-atp/images/f624de59b3cc86e3e2d32ae5de093e02.png new file mode 100644 index 0000000000..314479f578 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/f624de59b3cc86e3e2d32ae5de093e02.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/f878f8efa5ebc92d069f4b8f79f62c7f.png b/windows/security/threat-protection/microsoft-defender-atp/images/f878f8efa5ebc92d069f4b8f79f62c7f.png new file mode 100644 index 0000000000..7bf897ae75 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/f878f8efa5ebc92d069f4b8f79f62c7f.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/fb2220fed3a530f4b3ef36f600da0c27.png b/windows/security/threat-protection/microsoft-defender-atp/images/fb2220fed3a530f4b3ef36f600da0c27.png new file mode 100644 index 0000000000..b16f4b9326 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/fb2220fed3a530f4b3ef36f600da0c27.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamf-login1.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-login1.png new file mode 100644 index 0000000000..4668be81df Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-login1.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-configure-profile.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-configure-profile.png new file mode 100644 index 0000000000..879ecf9575 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-configure-profile.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-dashboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-dashboard.png new file mode 100644 index 0000000000..c54729166f Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-dashboard.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-portal1.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-portal1.png new file mode 100644 index 0000000000..a3f59fcea3 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-portal1.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-static-group.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-static-group.png new file mode 100644 index 0000000000..062a297f8c Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamf-pro-static-group.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-ca-certificate.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-ca-certificate.png new file mode 100644 index 0000000000..89a3a9fa29 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-ca-certificate.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-configuration-policies.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-configuration-policies.png new file mode 100644 index 0000000000..0c14cc2d3a Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-configuration-policies.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-deployment-target.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-deployment-target.png new file mode 100644 index 0000000000..c533d9000c Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-deployment-target.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-download.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-download.png new file mode 100644 index 0000000000..a3c7524472 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-download.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-install-mdm-profile.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-install-mdm-profile.png new file mode 100644 index 0000000000..b543f8a02a Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-install-mdm-profile.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-install-mdm.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-install-mdm.png new file mode 100644 index 0000000000..4377bc50e3 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-install-mdm.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mac-profile.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mac-profile.png new file mode 100644 index 0000000000..ea36ebff47 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mac-profile.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-machine-group.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-machine-group.png new file mode 100644 index 0000000000..eaea373077 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-machine-group.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mdm-profile.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mdm-profile.png new file mode 100644 index 0000000000..bf5017bdbd Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mdm-profile.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mdm-unverified.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mdm-unverified.png new file mode 100644 index 0000000000..0900e110f6 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-mdm-unverified.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-file-onboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-file-onboard.png new file mode 100644 index 0000000000..76b784f0fa Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-file-onboard.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-file.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-file.png new file mode 100644 index 0000000000..b3e820638e Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-file.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-upload.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-upload.png new file mode 100644 index 0000000000..62422eaa2d Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist-upload.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist.png new file mode 100644 index 0000000000..53fd89f311 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-plist.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-policies.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-policies.png new file mode 100644 index 0000000000..bf7d34f9d9 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-policies.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-scope-tab.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-scope-tab.png new file mode 100644 index 0000000000..5850b5fc1f Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-scope-tab.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-settings.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-settings.png new file mode 100644 index 0000000000..8c390217ba Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-settings.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-computer.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-computer.png new file mode 100644 index 0000000000..0f85e9a99d Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-computer.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-group.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-group.png new file mode 100644 index 0000000000..6073a576d5 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-group.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-selected.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-selected.png new file mode 100644 index 0000000000..6bedad674d Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-target-selected.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-targets.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-targets.png new file mode 100644 index 0000000000..75eb399e74 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-targets.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-upload-plist.png b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-upload-plist.png new file mode 100644 index 0000000000..b8c139d6f7 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/jamfpro-upload-plist.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/onboarding-macos.png b/windows/security/threat-protection/microsoft-defender-atp/images/onboarding-macos.png new file mode 100644 index 0000000000..e0cbad4ba1 Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/onboarding-macos.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/plist-onboarding-file.png b/windows/security/threat-protection/microsoft-defender-atp/images/plist-onboarding-file.png new file mode 100644 index 0000000000..6c87d56c5f Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/plist-onboarding-file.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md new file mode 100644 index 0000000000..a997600a11 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-jamfpro-login.md @@ -0,0 +1,41 @@ +--- +title: Log in to Jamf Pro +description: Log in to Jamf Pro +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, mojave, high sierra +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Log in to Jamf Pro + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) + +1. Enter your credentials. + + ![Image of Jamf Pro dashboard](images/jamf-pro-portal1.png) + +2. Select **Computers**. + + ![Image of Jamf Pro dashboard](images/jamf-pro-dashboard.png) + +3. You will see the settings that are available. + + ![Image of Jamf Pro dashboard](images/jamfpro-settings.png) + + +## Next step +[Setup the device groups in Jamf Pro](mac-jamfpro-device-groups.md) + diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md index efdb013295..931ca38827 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md @@ -1,7 +1,7 @@ --- -title: JAMF-based deployment for Microsoft Defender ATP for Mac -description: Learn about all the steps needed to deploy Microsoft Defender Advanced Threat Protection for Mac through JAMF. -keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamf, macos, catalina, mojave, high sierra +title: Deploying Microsoft Defender ATP for macOS with Jamf Pro +description: Deploying Microsoft Defender ATP for macOS with Jamf Pro +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, mojave, high sierra search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -15,361 +15,24 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/10/2020 --- -# JAMF-based deployment for Microsoft Defender ATP for Mac +# Deploying Microsoft Defender ATP for macOS with Jamf Pro **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) -This article describes how to deploy Microsoft Defender ATP for Mac through JAMF. A successful deployment requires the completion of all of the following steps: +Learn how to deploy Microsoft Defender ATP for macOS with Jamf Pro. -1. [Download installation and onboarding packages](#download-installation-and-onboarding-packages) -1. [Create JAMF policies](#create-jamf-policies) -1. [Client device setup](#client-device-setup) -1. [Deployment](#deployment) -1. [Check onboarding status](#check-onboarding-status) +This is a multi step process. You'll need to complete all of the following steps: -## Prerequisites and system requirements +- [Login to the Jamf Portal](mac-install-jamfpro-login.md) +- [Setup the Microsoft Defender ATP for macOS device groups in Jamf Pro](mac-jamfpro-device-groups.md) +- [Setup the Microsoft Defender ATP for macOS policies in Jamf Pro](mac-jamfpro-policies.md) +- [Enroll the Microsoft Defender ATP for macOS devices into Jamf Pro](mac-jamfpro-enroll-devices.md) -Before you get started, see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version. -In addition, for JAMF deployment, you need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes having a properly configured distribution point. JAMF has many ways to complete the same task. These instructions provide an example for most common processes. Your organization might use a different workflow. -## Overview -The following table summarizes the steps you would need to take to deploy and manage Microsoft Defender ATP for Macs, via JAMF. More detailed steps are available below. -| Step | Sample file names | BundleIdentifier | -|-|-|-| -| [Download installation and onboarding packages](#download-installation-and-onboarding-packages) | WindowsDefenderATPOnboarding__MDATP_wdav.atp.xml | com.microsoft.wdav.atp | -| [Microsoft Defender ATP configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#property-list-for-jamf-configuration-profile-1)

**Note:** If you are planning to run a third party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.plist | com.microsoft.wdav | -| [Configure Microsoft Defender ATP and MS AutoUpdate (MAU) notifications](#notification-settings) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.wdav.tray | -| [Configure Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-updates#jamf) | MDATP_Microsoft_AutoUpdate.mobileconfig | com.microsoft.autoupdate2 | -| [Grant Full Disk Access to Microsoft Defender ATP](#privacy-preferences-policy-control) | Note: If there was one, MDATP_tcc_Catalina_or_newer.plist | com.microsoft.wdav.tcc | -| [Approve Kernel Extension for Microsoft Defender ATP](#approved-kernel-extension) | Note: If there was one, MDATP_KExt.plist | N/A | - -## Download installation and onboarding packages - -Download the installation and onboarding packages from Microsoft Defender Security Center: - -1. In Microsoft Defender Security Center, go to **Settings > Device management > Onboarding**. -2. Set the operating system to **macOS** and the deployment method to **Mobile Device Management / Microsoft Intune**. - ![Onboarding settings screenshot](images/atp-mac-install.png) - - > [!NOTE] - > Jamf falls under **Mobile Device Management**. - -3. Select **Download installation package**. Save it as _wdav.pkg_ to a local directory. -4. Select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory. -5. From the command prompt, verify that you have the two files. - - ```bash - ls -l - ``` - ```Output - total 721160 - -rw-r--r-- 1 test staff 11821 Mar 15 09:23 WindowsDefenderATPOnboardingPackage.zip - -rw-r--r-- 1 test staff 354531845 Mar 13 08:57 wdav.pkg - ``` -6. Extract the contents of the .zip files like so: - - ```bash - unzip WindowsDefenderATPOnboardingPackage.zip - ``` - ```Output - Archive: WindowsDefenderATPOnboardingPackage.zip - warning: WindowsDefenderATPOnboardingPackage.zip appears to use backslashes as path separators - inflating: intune/kext.xml - inflating: intune/WindowsDefenderATPOnboarding.xml - inflating: jamf/WindowsDefenderATPOnboarding.plist - ``` - -## Create JAMF policies - -You need to create a configuration profile and a policy to start deploying Microsoft Defender ATP for Mac to client devices. - -### Configuration Profile - -The configuration profile contains a custom settings payload that includes the following: - -- Microsoft Defender ATP for Mac onboarding information -- Approved Kernel Extensions payload to enable running the Microsoft kernel driver - -To set the onboarding information, add a property list file that is named **jamf/WindowsDefenderATPOnboarding.plist** as a custom setting. To do this, select **Computers** > **Configuration Profiles** > **New**, and then select **Application & Custom Settings** > **Configure**. From there, you can upload the property list. - - - >[!IMPORTANT] - > You have to set the **Preference Domain** to **com.microsoft.wdav.atp**. There are some changes to the Custom Payloads and also to the Jamf Pro user interface in version 10.18 and later versions. For more information about the changes, see [Configuration Profile Payload Settings Specific to Jamf Pro](https://www.jamf.com/jamf-nation/articles/217/configuration-profile-payload-settings-specific-to-jamf-pro). - -![Configuration profile screenshot](./images/msdefender-mac-config-profile.png) - -### Approved Kernel Extension - -To approve the kernel extension: - -1. In **Computers > Configuration Profiles** select **Options > Approved Kernel Extensions**. -2. Use **UBF8T346G9** for Team Id. - - ![Approved kernel extensions screenshot](../microsoft-defender-antivirus/images/MDATP-17-approvedKernelExtensions.png) - -### Privacy Preferences Policy Control - -> [!CAUTION] -> macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender ATP is not able to fully protect your device. -> -> If you previously configured Microsoft Defender ATP through JAMF, we recommend applying the following configuration. - -Add the following JAMF policy to grant Full Disk Access to Microsoft Defender ATP. - -1. Select **Options > Privacy Preferences Policy Control**. -2. Use any identifier and identifier type = Bundle. -3. Set Code Requirement to `identifier "com.microsoft.wdav" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9`. -4. Set app or service to SystemPolicyAllFiles and access to Allow. - - ![Privacy Preferences Policy Control](../microsoft-defender-antivirus/images/MDATP-35-JAMF-PrivacyPreferences.png) - -#### Configuration Profile's Scope - -Configure the appropriate scope to specify the devices that will receive the configuration profile. - -Open **Computers** > **Configuration Profiles**, and select **Scope > Targets**. From there, select the devices you want to target. - -![Configuration profile scope screenshot](../microsoft-defender-antivirus/images/MDATP-18-ConfigurationProfilesScope.png) - -Save the **Configuration Profile**. - -Use the **Logs** tab to monitor deployment status for each enrolled device. - -### Notification settings - -Starting in macOS 10.15 (Catalina) a user must manually allow to display notifications in UI. To auto-enable notifications from Defender and Auto Update, you can import the .mobileconfig below into a separate configuration profile and assign it to all devices with Defender: - - ```xml - - - - PayloadContent - - - NotificationSettings - - - AlertType - 2 - BadgesEnabled - - BundleIdentifier - com.microsoft.autoupdate2 - CriticalAlertEnabled - GroupingType - 0 - NotificationsEnabled - - ShowInLockScreen - - ShowInNotificationCenter - - SoundsEnabled - - - - AlertType - 2BadgesEnabled - BundleIdentifier - com.microsoft.wdav.tray - CriticalAlertEnabled - GroupingType - 0 - NotificationsEnabled - ShowInLockScreen - ShowInNotificationCenter - SoundsEnabled - - - - PayloadDescription - PayloadDisplayName - notifications - PayloadEnabled - PayloadIdentifier - BB977315-E4CB-4915-90C7-8334C75A7C64 - PayloadOrganization - Microsoft - PayloadType - com.apple.notificationsettings - PayloadUUID - BB977315-E4CB-4915-90C7-8334C75A7C64 - PayloadVersion - 1 - - - PayloadDescription - PayloadDisplayName - mdatp - allow notifications - PayloadEnabled - PayloadIdentifier - 85F6805B-0106-4D23-9101-7F1DFD5EA6D6 - PayloadOrganization - Microsoft - PayloadRemovalDisallowed - PayloadScope - System - PayloadType - Configuration - PayloadUUID - 85F6805B-0106-4D23-9101-7F1DFD5EA6D6 - PayloadVersion - 1 - - - ``` - -### Package - -1. Create a package in **Settings > Computer Management > Packages**. - - ![Computer management packages screenshot](../microsoft-defender-antivirus/images/MDATP-19-MicrosoftDefenderWDAVPKG.png) - -2. Upload the package to the Distribution Point. -3. In the **filename** field, enter the name of the package. For example, _wdav.pkg_. - -### Policy - -Your policy should contain a single package for Microsoft Defender. - -![Microsoft Defender packages screenshot](../microsoft-defender-antivirus/images/MDATP-20-MicrosoftDefenderPackages.png) - -Configure the appropriate scope to specify the computers that will receive this policy. - -After you save the Configuration Profile, you can use the Logs tab to monitor the deployment status for each enrolled device. - -## Client device setup - -You'll need no special provisioning for a macOS computer, beyond the standard JAMF Enrollment. - -> [!NOTE] -> After a computer is enrolled, it will show up in the Computers inventory (All Computers). - - - Open **Device Profiles**, from the **General** tab, and make sure that **User Approved MDM** is set to **Yes**. If it's currently set to No, the user needs to open **System Preferences > Profiles** and select **Approve** on the MDM Profile. - - ![MDM approve button screenshot](../microsoft-defender-antivirus/images/MDATP-21-MDMProfile1.png)
- ![MDM screenshot](../microsoft-defender-antivirus/images/MDATP-22-MDMProfileApproved.png) - - After a moment, the device's User Approved MDM status will change to **Yes**. - - ![MDM status screenshot](../microsoft-defender-antivirus/images/MDATP-23-MDMStatus.png) - - You may now enroll additional devices. You may also enroll them later, after you have finished provisioning system configuration and application packages. - -## Deployment - -Enrolled client devices periodically poll the JAMF Server, and install new configuration profiles and policies as soon as they are detected. - -### Status on the server - -You can monitor deployment status in the **Logs** tab: - -- **Pending** means that the deployment is scheduled but has not yet happened -- **Completed** means that the deployment succeeded and is no longer scheduled - -![Status on server screenshot](../microsoft-defender-antivirus/images/MDATP-24-StatusOnServer.png) - -### Status on client device - -After the Configuration Profile is deployed, you'll see the profile for the device in **System Preferences** > **Profiles >**. - -![Status on client screenshot](../microsoft-defender-antivirus/images/MDATP-25-StatusOnClient.png) - -Once the policy is applied, you'll see the Microsoft Defender ATP icon in the macOS status bar in the top-right corner. - -![Microsoft Defender icon in status bar screenshot](../microsoft-defender-antivirus/images/MDATP-Icon-Bar.png) - -You can monitor policy installation on a device by following the JAMF log file: - -```bash - tail -f /var/log/jamf.log -``` - -```Output - Thu Feb 21 11:11:41 mavel-mojave jamf[7960]: No patch policies were found. - Thu Feb 21 11:16:41 mavel-mojave jamf[8051]: Checking for policies triggered by "recurring check-in" for user "testuser"... - Thu Feb 21 11:16:43 mavel-mojave jamf[8051]: Executing Policy WDAV - Thu Feb 21 11:17:02 mavel-mojave jamf[8051]: Installing Microsoft Defender... - Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Successfully installed Microsoft Defender. - Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: Checking for patches... - Thu Feb 21 11:17:23 mavel-mojave jamf[8051]: No patch policies were found. -``` - -You can also check the onboarding status: - -```bash -mdatp --health -``` - -```Output -... -licensed : true -orgId : "4751b7d4-ea75-4e8f-a1f5-6d640c65bc45" -... -``` - -- **licensed**: This confirms that the device has an ATP license. - -- **orgid**: Your Microsoft Defender ATP org id; it will be the same for your organization. - -## Check onboarding status - -You can check that devices have been correctly onboarded by creating a script. For example, the following script checks enrolled devices for onboarding status: - -```bash -mdatp --health healthy -``` - -The above command prints "1" if the product is onboarded and functioning as expected. - -If the product is not healthy, the exit code (which can be checked through `echo $?`) indicates the problem: - -- 0 if the device is not yet onboarded -- 3 if the connection to the daemon cannot be established—for example, if the daemon is not running - -## Logging installation issues - -See [Logging installation issues](mac-resources.md#logging-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. - -## Uninstallation - -This method is based on the script described in [Uninstalling](mac-resources.md#uninstalling). - -### Script - -Create a script in **Settings > Computer Management > Scripts**. - -This script removes Microsoft Defender ATP from the /Applications directory: - -```bash - #!/bin/bash - - echo "Is WDAV installed?" - ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null - - echo "Uninstalling WDAV..." - rm -rf '/Applications/Microsoft Defender ATP.app' - - echo "Is WDAV still installed?" - ls -ld '/Applications/Microsoft Defender ATP.app' 2>/dev/null - - echo "Done!" -``` - -![Microsoft Defender uninstall screenshot](../microsoft-defender-antivirus/images/MDATP-26-Uninstall.png) - -### Policy - -Your policy should contain a single script: - -![Microsoft Defender uninstall script screenshot](../microsoft-defender-antivirus/images/MDATP-27-UninstallScript.png) - -Configure the appropriate scope in the **Scope** tab to specify the devices that will receive this policy. diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md index 29dbf4fa14..41b9fea3dd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-other-mdm.md @@ -53,17 +53,17 @@ Most MDM solutions use the same model for managing macOS devices, with similar t ### Package -Configure deployment of a [required application package](mac-install-with-jamf.md#package), -with the installation package (wdav.pkg) downloaded from [Microsoft Defender Security Center](mac-install-with-jamf.md#download-installation-and-onboarding-packages). +Configure deployment of a [required application package](mac-install-with-jamf.md), +with the installation package (wdav.pkg) downloaded from [Microsoft Defender Security Center](mac-install-with-jamf.md). In order to deploy the package to your enterprise, use the instructions associated with your MDM solution. ### License settings -Set up [a system configuration profile](mac-install-with-jamf.md#configuration-profile). +Set up [a system configuration profile](mac-install-with-jamf.md). Your MDM solution may call it something like "Custom Settings Profile", as Microsoft Defender ATP for Mac is not part of macOS. -Use the property list, jamf/WindowsDefenderATPOnboarding.plist, which can be extracted from an onboarding package downloaded from [Microsoft Defender Security Center](mac-install-with-jamf.md#download-installation-and-onboarding-packages). +Use the property list, jamf/WindowsDefenderATPOnboarding.plist, which can be extracted from an onboarding package downloaded from [Microsoft Defender Security Center](mac-install-with-jamf.md). Your system may support an arbitrary property list in XML format. You can upload the jamf/WindowsDefenderATPOnboarding.plist file as-is in that case. Alternatively, it may require you to convert the property list to a different format first. @@ -76,4 +76,4 @@ Set up a KEXT or kernel extension policy. Use team identifier **UBF8T346G9** to ## Check installation status -Run [mdatp](mac-install-with-jamf.md#check-onboarding-status) on a client device to check the onboarding status. +Run [mdatp](mac-install-with-jamf.md) on a client device to check the onboarding status. diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md new file mode 100644 index 0000000000..0ca541fd88 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-device-groups.md @@ -0,0 +1,43 @@ +--- +title: Set up device groups in Jamf Pro +description: Learn how to set up device groups in Jamf Pro for Microsoft Defender ATP for macOS +keywords: device, group, microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, mojave, high sierra +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Set up Microsoft Defender ATP for macOS device groups in Jamf Pro + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) + +Set up the device groups similar to Group policy organizational unite (OUs), Microsoft Endpoint Configuration Manager's device collection, and Intune's device groups. + +1. Navigate to **Static Computer Groups**. + +2. Select **New**. + + ![Image of Jamf Pro](images/jamf-pro-static-group.png) + +3. Provide a display name and select **Save**. + + ![Image of Jamf Pro](images/jamfpro-machine-group.png) + +4. Now you will see the **Contoso's Machine Group** under **Static Computer Groups**. + + ![Image of Jamf Pro](images/contoso-machine-group.png) + +## Next step +- [Set up Microsoft Defender ATP for macOS policies in Jamf Pro](mac-jamfpro-policies.md) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md new file mode 100644 index 0000000000..58f9b6e536 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-enroll-devices.md @@ -0,0 +1,100 @@ +--- +title: Enroll Microsoft Defender ATP for macOS devices into Jamf Pro +description: Enroll Microsoft Defender ATP for macOS devices into Jamf Pro +keywords: microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, mojave, high sierra +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Enroll Microsoft Defender ATP for macOS devices into Jamf Pro + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) + +## Enroll macOS devices + +There are multiple methods of getting enrolled to JamF. + +This article will guide you on two methods: + +- [Method 1: Enrollment Invitations](#enrollment-method-1-enrollment-invitations) +- [Method 2: Prestage Enrollments](#enrollment-method-2-prestage-enrollments) + +For a complete list, see [About Computer Enrollment](https://docs.jamf.com/9.9/casper-suite/administrator-guide/About_Computer_Enrollment.html). + + +## Enrollment Method 1: Enrollment Invitations + +1. In the Jamf Pro dashboard, navigate to **Enrollment invitations**. + + ![Image of configuration settings](images/a347307458d6a9bbfa88df7dbe15398f.png) + +2. Select **+ New**. + + ![A close up of a logo Description automatically generated](images/b6c7ad56d50f497c38fc14c1e315456c.png) + +3. In **Specify Recipients for the Invitation** > under **Email Addresses** enter the e-mail address(es) of the recipients. + + ![Image of configuration settings](images/718b9d609f9f77c8b13ba88c4c0abe5d.png) + + ![Image of configuration settings](images/ae3597247b6bc7c5347cf56ab1e820c0.png) + + For example: janedoe@contoso.com + + ![Image of configuration settings](images/4922c0fcdde4c7f73242b13bf5e35c19.png) + +4. Configure the message for the invitation. + + ![Image of configuration settings](images/ce580aec080512d44a37ff8e82e5c2ac.png) + + ![Image of configuration settings](images/5856b765a6ce677caacb130ca36b1a62.png) + + ![Image of configuration settings](images/3ced5383a6be788486d89d407d042f28.png) + + ![Image of configuration settings](images/54be9c6ed5b24cebe628dc3cd9ca4089.png) + +## Enrollment Method 2: Prestage Enrollments + +1. In the Jamf Pro dashboard, navigate to **Prestage enrollments**. + + ![Image of configuration settings](images/6fd0cb2bbb0e60a623829c91fd0826ab.png) + +2. Follow the instructions in [Computer PreStage Enrollments](https://docs.jamf.com/9.9/casper-suite/administrator-guide/Computer_PreStage_Enrollments.html). + +## Enroll macOS device + +1. Select **Continue** and install the CA certificate from a **System Preferences** window. + + ![Image of Jamf Pro enrollment](images/jamfpro-ca-certificate.png) + +2. Once CA certificate is installed, return to the browser window and select **Continue** and install the MDM profile. + + ![Image of Jamf Pro enrollment](images/jamfpro-install-mdm-profile.png) + +3. Select **Allow** to downloads from JAMF. + + ![Image of Jamf Pro enrollment](images/jamfpro-download.png) + +4. Select **Continue** to proceed with the MDM Profile installation. + + ![Image of Jamf Pro enrollment](images/jamfpro-install-mdm.png) + +5. Select **Continue** to install the MDM Profile. + + ![Image of Jamf Pro enrollment](images/jamfpro-mdm-unverified.png) + +6. Select **Continue** to complete the configuration. + + ![Image of Jamf Pro enrollment](images/jamfpro-mdm-profile.png) \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md new file mode 100644 index 0000000000..12fa6f22ca --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md @@ -0,0 +1,791 @@ +--- +title: Set up the Microsoft Defender ATP for macOS policies in Jamf Pro +description: Learn how to set up the Microsoft Defender ATP for macOS policies in Jamf Pro +keywords: policies, microsoft, defender, atp, mac, installation, deploy, uninstallation, intune, jamfpro, macos, catalina, mojave, high sierra +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Set up the Microsoft Defender ATP for macOS policies in Jamf Pro + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) + +This page will guide you through the steps you need to take to set up macOS policies in Jamf Pro. + +You'll need to take the following steps: + +1. [Get the Microsoft Defender ATP onboarding package](#step-1-get-the-microsoft-defender-atp-onboarding-package) + +2. [Create a configuration profile in Jamf Pro using the onboarding package](#step-2-create-a-configuration-profile-in-jamf-pro-using-the-onboarding-package) + +3. [Configure Microsoft Defender ATP settings](#step-3-configure-microsoft-defender-atp-settings) + +4. [Configure Microsoft Defender ATP notification settings](#step-4-configure-notifications-settings) + +5. [Configure Microsoft AutoUpdate (MAU)](#step-5-configure-microsoft-autoupdate-mau) + +6. [Grant full disk access to Microsoft Defender ATP](#step-6-grant-full-disk-access-to-microsoft-defender-atp) + +7. [Approve Kernel extension for Microsoft Defender ATP](#step-7-approve-kernel-extension-for-microsoft-defender-atp) + +8. [Schedule scans with Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp) + +9. [Deploy Microsoft Defender ATP for macOS](#step-9-deploy-microsoft-defender-atp-for-macos) + + +## Step 1: Get the Microsoft Defender ATP onboarding package + +1. In [Microsoft Defender Security Center](https://securitycenter.microsoft.com ), navigate to **Settings > Onboarding**. + +2. Select macOS as the operating system and Mobile Device Management / Microsoft Intune as the deployment method. + + ![Image of Microsoft Defender Security Center](images/onboarding-macos.png) + +3. Select **Download onboarding package** (WindowsDefenderATPOnboardingPackage.zip). + +4. Extract `WindowsDefenderATPOnboardingPackage.zip`. + +5. Copy the file to your preferred location. For example, `C:\Users\JaneDoe_or_JohnDoe.contoso\Downloads\WindowsDefenderATPOnboardingPackage_macOS_MDM_contoso\jamf\WindowsDefenderATPOnboarding.plist`. + + +## Step 2: Create a configuration profile in Jamf Pro using the onboarding package + +1. Locate the file `WindowsDefenderATPOnboarding.plist` from the previous section. + + ![Image of file](images/plist-onboarding-file.png) + + +2. In the Jamf Pro dashboard, select **New**. + + ![Image of Jamf Pro dashboard](images/jamf-pro-configure-profile.png) + +3. Enter the following details: + + **General** + - Name: MDATP onboarding for macOS + - Description: MDATP EDR onboarding for macOS + - Category: None + - Distribution Method: Install Automatically + - Level: Computer Level + +4. In **Application & Custom Settings** select **Configure**. + + ![Image of configuration profile](images/jamfpro-mac-profile.png) + +5. Select **Upload File (PLIST file)** then in **Preference Domain** enter: `com.microsoft.wdav.atp`. + + ![Image of upload file](images/jamfpro-plist-upload.png) + + ![Image of upload file](images/jamfpro-plist-file.png) + +7. Select **Open** and select the onboarding file. + + ![Image of onboarding file](images/jamfpro-plist-file-onboard.png) + +8. Select **Upload**. + + ![Image of uploading plist file](images/jamfpro-upload-plist.png) + + +9. Select the **Scope** tab. + + ![Image of scope tab](images/jamfpro-scope-tab.png) + +10. Select the target computers. + + ![Image of target computers](images/jamfpro-target-computer.png) + + ![Image of target computers](images/jamfpro-targets.png) + +11. Select **Save**. + + ![Image of target computers](images/jamfpro-deployment-target.png) + + ![Image of target computers selected](images/jamfpro-target-selected.png) + +12. Select **Done**. + + ![Image of target computers](images/jamfpro-target-group.png) + + ![List of configuration profiles](images/jamfpro-configuration-policies.png) + +## Step 3: Configure Microsoft Defender ATP settings + +1. Use the following Microsoft Defender ATP configuration settings: + + - enableRealTimeProtection + - passiveMode + + >[!NOTE] + >Not turned on by default, if you are planning to run a third-party AV for macOS, set it to `true`. + + - exclusions + - excludedPath + - excludedFileExtension + - excludedFileName + - exclusionsMergePolicy + - allowedThreats + + >[!NOTE] + >EICAR is on the sample, if you are going through a proof-of-concept, remove it especially if you are testing EICAR. + + - disallowedThreatActions + - potentially_unwanted_application + - archive_bomb + - cloudService + - automaticSampleSubmission + - tags + - hideStatusMenuIcon + + For information, see [Property list for Jamf configuration profile](mac-preferences.md#property-list-for-jamf-configuration-profile). + +```XML + + + + + antivirusEngine + + enableRealTimeProtection + + passiveMode + + exclusions + + + $type + excludedPath + isDirectory + + path + /var/log/system.log + + + $type + excludedPath + isDirectory + + path + /home + + + $type + excludedFileExtension + extension + pdf + + + $type + excludedFileName + name + cat + + + exclusionsMergePolicy + merge + allowedThreats + + EICAR-Test-File (not a virus) + + disallowedThreatActions + + allow + restore + + threatTypeSettings + + + key + potentially_unwanted_application + value + block + + + key + archive_bomb + value + audit + + + threatTypeSettingsMergePolicy + merge + + cloudService + + enabled + + diagnosticLevel + optional + automaticSampleSubmission + + + edr + + tags + + + key + GROUP + value + ExampleTag + + + + userInterface + + hideStatusMenuIcon + + + + +``` + +2. Save the file as `MDATP_MDAV_configuration_settings.plist`. + + +3. In the Jamf Pro dashboard, select **General**. + + ![Image of Jamf Pro dashboard](images/644e0f3af40c29e80ca1443535b2fe32.png) + +4. Enter the following details: + + **General** + - Name: MDATP MDAV configuration settings + - Description:\ + - Category: None (default) + - Distribution Method: Install Automatically(default) + - Level: Computer Level(default) + + ![Image of configuration settings](images/3160906404bc5a2edf84d1d015894e3b.png) + +5. In **Application & Custom Settings** select **Configure**. + + ![Image of configuration settings](images/e1cc1e48ec9d5d688087b4d771e668d2.png) + +6. Select **Upload File (PLIST file)**. + + ![Image of configuration settings](images/6f85269276b2278eca4bce84f935f87b.png) + +7. In **Preferences Domain**, enter `com.microsoft.wdav`, then select **Upload PLIST File**. + + ![Image of configuration settings](images/db15f147dd959e872a044184711d7d46.png) + +8. Select **Choose File**. + + ![Image of configuration settings](images/526e978761fc571cca06907da7b01fd6.png) + +9. Select the **MDATP_MDAV_configuration_settings.plist**, then select **Open**. + + ![Image of configuration settings](images/98acea3750113b8dbab334296e833003.png) + +10. Select **Upload**. + + ![Image of configuration settings](images/0adb21c13206861ba9b30a879ade93d3.png) + + ![Image of configuration settings](images/f624de59b3cc86e3e2d32ae5de093e02.png) + + >[!NOTE] + >If you happen to upload the Intune file, you'll get the following error:
+ >![Image of configuration settings](images/8e69f867664668796a3b2904896f0436.png) + + +11. Select **Save**. + + ![Image of configuration settings](images/1b6b5a4edcb42d97f1e70a6a0fa48e3a.png) + +12. The file is uploaded. + + ![Image of configuration settings](images/33e2b2a1611fdddf6b5b79e54496e3bb.png) + + ![Image of configuration settings](images/a422e57fe8d45689227e784443e51bd1.png) + +13. Select the **Scope** tab. + + ![Image of configuration settings](images/9fc17529e5577eefd773c658ec576a7d.png) + +14. Select **Contoso's Machine Group**. + +15. Select **Add**, then select **Save**. + + ![Image of configuration settings](images/cf30438b5512ac89af1d11cbf35219a6.png) + + ![Image of configuration settings](images/6f093e42856753a3955cab7ee14f12d9.png) + +16. Select **Done**. You'll see the new **Configuration profile**. + + ![Image of configuration settings](images/dd55405106da0dfc2f50f8d4525b01c8.png) + + +## Step 4: Configure notifications settings + +These steps are applicable of macOS 10.15 (Catalina) or newer. + +1. Use the following Microsoft Defender ATP notification configuration settings: + +```xml + + + + PayloadContent + + + NotificationSettings + + + AlertType + 2 + BadgesEnabled + + BundleIdentifier + com.microsoft.autoupdate2 + CriticalAlertEnabled + GroupingType + 0 + NotificationsEnabled + + ShowInLockScreen + + ShowInNotificationCenter + + SoundsEnabled + + + + AlertType + 2BadgesEnabled + BundleIdentifier + com.microsoft.wdav.tray + CriticalAlertEnabled + GroupingType + 0 + NotificationsEnabled + ShowInLockScreen + ShowInNotificationCenter + SoundsEnabled + + + + PayloadDescription + PayloadDisplayName + notifications + PayloadEnabled + PayloadIdentifier + BB977315-E4CB-4915-90C7-8334C75A7C64 + PayloadOrganization + Microsoft + PayloadType + com.apple.notificationsettings + PayloadUUID + BB977315-E4CB-4915-90C7-8334C75A7C64 + PayloadVersion + 1 + + + PayloadDescription + PayloadDisplayName + mdatp - allow notifications + PayloadEnabled + PayloadIdentifier + 85F6805B-0106-4D23-9101-7F1DFD5EA6D6 + PayloadOrganization + Microsoft + PayloadRemovalDisallowed + PayloadScope + System + PayloadType + Configuration + PayloadUUID + 85F6805B-0106-4D23-9101-7F1DFD5EA6D6 + PayloadVersion + 1 + + + ``` + +2. Save it as `MDATP_MDAV_notification_settings.plist`. + +3. In the Jamf Pro dashboard, select **General**. + +4. Enter the following details: + + **General** + - Name: MDATP MDAV Notification settings + - Description: macOS 10.15 (Catalina) or newer + - Category: None (default) + - Distribution Method: Install Automatically(default) + - Level: Computer Level(default) + + ![Image of configuration settings](images/c9820a5ff84aaf21635c04a23a97ca93.png) + + +5. Select **Upload File (PLIST file)**. + + ![Image of configuration settings](images/7f9138053dbcbf928e5182ee7b295ebe.png) + + +6. Select **Choose File** > **MDATP_MDAV_Notification_Settings.plist**. + + + ![Image of configuration settings](images/4bac6ce277aedfb4a674f2d9fcb2599a.png) + + + ![Image of configuration settings](images/20e33b98eb54447881dc6c89e58b890f.png) + +7. Select **Open** > **Upload**. + + ![Image of configuration settings](images/7697c33b9fd376ae5a8023d01f9d3857.png) + + + ![Image of configuration settings](images/2bda9244ec25d1526811da4ea91b1c86.png) + +8. Select the **Scope** tab, then select **Add**. + + ![Image of configuration settings](images/441aa2ecd36abadcdd8aed03556080b5.png) + + +9. Select **Contoso's Machine Group**. + +10. Select **Add**, then select **Save**. + + ![Image of configuration settings](images/09a275e321268e5e3ac0c0865d3e2db5.png) + + + ![Image of configuration settings](images/4d2d1d4ee13d3f840f425924c3df0d51.png) + +11. Select **Done**. You'll see the new **Configuration profile**. + ![Image of configuration setting](images/633ad26b8bf24ec683c98b2feb884bdf.png) + +## Step 5: Configure Microsoft AutoUpdate (MAU) + +1. Use the following Microsoft Defender ATP configuration settings: + +```XML + + + + + ChannelName + Production + HowToCheck + AutomaticDownload + EnableCheckForUpdatesButton + + DisableInsiderCheckbox + + SendAllTelemetryEnabled + + + +``` + +2. Save it as `MDATP_MDAV_MAU_settings.plist`. + +3. In the Jamf Pro dashboard, select **General**. + + ![Image of configuration setting](images/eaba2a23dd34f73bf59e826217ba6f15.png) + +4. Enter the following details: + + **General** + - Name: MDATP MDAV MAU settings + - Description: Microsoft AutoUpdate settings for MDATP for macOS + - Category: None (default) + - Distribution Method: Install Automatically(default) + - Level: Computer Level(default) + +5. In **Application & Custom Settings** select **Configure**. + + ![Image of configuration setting](images/1f72e9c15eaafcabf1504397e99be311.png) + +6. Select **Upload File (PLIST file)**. + + ![Image of configuration setting](images/1213872db5833aa8be535da57653219f.png) + +7. In **Preference Domain** enter: `com.microsoft.autoupdate2`, then select **Upload PLIST File**. + + ![Image of configuration setting](images/1213872db5833aa8be535da57653219f.png) + +8. Select **Choose File**. + + ![Image of configuration setting](images/335aff58950ce62d1dabc289ecdce9ed.png) + +9. Select **MDATP_MDAV_MAU_settings.plist**. + + ![Image of configuration setting](images/a26bd4967cd54bb113a2c8d32894c3de.png) + +10. Select **Upload**. + ![Image of configuration setting](images/4239ca0528efb0734e4ca0b490bfb22d.png) + + ![Image of configuration setting](images/4ec20e72c8aed9a4c16912e01692436a.png) + +11. Select **Save**. + + ![Image of configuration setting](images/253274b33e74f3f5b8d475cf8692ce4e.png) + +12. Select the **Scope** tab. + + ![Image of configuration setting](images/10ab98358b2d602f3f67618735fa82fb.png) + +13. Select **Add**. + + ![Image of configuration setting](images/56e6f6259b9ce3c1706ed8d666ae4947.png) + + ![Image of configuration setting](images/38c67ee1905c4747c3b26c8eba57726b.png) + + ![Image of configuration setting](images/321ba245f14743c1d5d51c15e99deecc.png) + +14. Select **Done**. + + ![Image of configuration setting](images/ba44cdb77e4781aa8b940fb83e3c21f7.png) + +## Step 6: Grant full disk access to Microsoft Defender ATP + +1. In the Jamf Pro dashboard, select **Configuration Profiles**. + + ![Image of configuration setting](images/264493cd01e62c7085659d6fdc26dc91.png) + +2. Select **+ New**. + +3. Enter the following details: + + **General** + - Name: MDATP MDAV - grant Full Disk Access to EDR and AV + - Description: On macOS Catalina or newer, the new Privacy Preferences Policy Control + - Category: None + - Distribution method: Install Automatically + - Level: Computer level + + + ![Image of configuration setting](images/ba3d40399e1a6d09214ecbb2b341923f.png) + +4. In **Configure Privacy Preferences Policy Control** select **Configure**. + + ![Image of configuration setting](images/715ae7ec8d6a262c489f94d14e1e51bb.png) + +5. In **Privacy Preferences Policy Control**, enter the following details: + + - Identifier: `com.microsoft.wdav` + - Identifier Type: Bundle ID + - Code Requirement: identifier `com.microsoft.wdav` and anchor apple generic and +certificate 1[field.1.2.840.113635.100.6.2.6] /\* exists \*/ and certificate +leaf[field.1.2.840.113635.100.6.1.13] /\* exists \*/ and certificate +leaf[subject.OU] = UBF8T346G9 + + + ![Image of configuration setting](images/22cb439de958101c0a12f3038f905b27.png) + +6. Select **+ Add**. + + ![Image of configuration setting](images/bd93e78b74c2660a0541af4690dd9485.png) + + + - Under App or service: Set to **SystemPolicyAllFiles** + + - Under "access": Set to **Allow** + +7. Select **Save** (not the one at the bottom right). + + ![Image of configuration setting](images/6de50b4a897408ddc6ded56a09c09fe2.png) + +8. Select the **Scope** tab. + + ![Image of configuration setting](images/2c49b16cd112729b3719724f581e6882.png) + + 9. Select **+ Add**. + + ![Image of configuration setting](images/57cef926d1b9260fb74a5f460cee887a.png) + +10. Select **Computer Groups** > under **Group Name** > select **Contoso's MachineGroup**. + + ![Image of configuration setting](images/368d35b3d6179af92ffdbfd93b226b69.png) + +11. Select **Add**. + +12. Select **Save**. + +13. Select **Done**. + + ![Image of configuration setting](images/809cef630281b64b8f07f20913b0039b.png) + + ![Image of configuration setting](images/6c8b406ee224335a8c65d06953dc756e.png) + + +## Step 7: Approve Kernel extension for Microsoft Defender ATP + +1. In the **Configuration Profiles**, select **+ New**. + + ![A screenshot of a social media post Description automatically generated](images/6c8b406ee224335a8c65d06953dc756e.png) + +2. Enter the following details: + + **General** + - Name: MDATP MDAV Kernel Extension + - Description: MDATP kernel extension (kext) + - Category: None + - Distribution Method: Install Automatically + - Level: Computer Level + + ![Image of configuration settings](images/24e290f5fc309932cf41f3a280d22c14.png) + +3. In **Configure Approved Kernel Extensions** select **Configure**. + + ![Image of configuration settings](images/30be88b63abc5e8dde11b73f1b1ade6a.png) + + + +4. In **Approved Kernel Extensions** Enter the following details: + + - Display Name: Microsoft Corp. + - Team ID: UBF8T346G9 + + ![Image of configuration settings](images/39cf120d3ac3652292d8d1b6d057bd60.png) + +5. Select the **Scope** tab. + + ![Image of configuration settings](images/0df36fc308ba569db204ee32db3fb40a.png) + +6. Select **+ Add**. + +7. Select **Computer Groups** > under **Group Name** > select **Contoso's Machine Group**. + +8. Select **+ Add**. + + ![Image of configuration settings](images/0dde8a4c41110dbc398c485433a81359.png) + +9. Select **Save**. + + ![Image of configuration settings](images/0add8019b85a453b47fa5c402c72761b.png) + +10. Select **Done**. + + ![Image of configuration settings](images/1c9bd3f68db20b80193dac18f33c22d0.png) + + +## Step 8: Schedule scans with Microsoft Defender ATP for Mac +Follow the instructions on [Schedule scans with Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-schedule-scan-atp). + +## Step 9: Deploy Microsoft Defender ATP for macOS + +1. Navigate to where you saved `wdav.pkg`. + + ![Image of file explorer](images/8dde76b5463047423f8637c86b05c29d.png) + +2. Rename it to `wdav_MDM_Contoso_200329.pkg`. + + ![Image of file explorer](images/fb2220fed3a530f4b3ef36f600da0c27.png) + +3. Open the Jamf Pro dashboard. + + ![Image of configuration settings](images/990742cd9a15ca9fdd37c9f695d1b9f4.png) + +4. Navigate to **Advanced Computer Searches**. + + ![A screenshot of a social media post Description automatically generated](images/95313facfdd5e1ea361981e0a2478fec.png) + +5. Select **Computer Management**. + + ![Image of configuration settings](images/b6d671b2f18b89d96c1c8e2ea1991242.png) + +6. In **Packages**, select **+ New**. + ![A picture containing bird Description automatically generated](images/57aa4d21e2ccc65466bf284701d4e961.png) + +7. In **New Package** Enter the following details: + + **General tab** + - Display Name: Leave it blank for now. Because it will be reset when you choose your pkg. + - Category: None (default) + - Filename: Choose File + + ![Image of configuration settings](images/21de3658bf58b1b767a17358a3f06341.png) + + Open the file and point it to `wdav.pkg` or `wdav_MDM_Contoso_200329.pkg`. + + ![A screenshot of a computer screen Description automatically generated](images/1aa5aaa0a387f4e16ce55b66facc77d1.png) + +8. Select **Open**. Set the **Display Name** to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**. + + - Manifest File: Select **Upload Manifest File**. + + **Options tab**
Keep default values. + + **Limitations tab**
Keep default values. + + ![Image of configuration settings](images/56dac54634d13b2d3948ab50e8d3ef21.png) + +9. Select **Save**. The package is uploaded to Jamf Pro. + ![Image of configuration settings](images/33f1ecdc7d4872555418bbc3efe4b7a3.png) + + It can take a few minutes for the package to be available for deployment. + ![Image of configuration settings](images/1626d138e6309c6e87bfaab64f5ccf7b.png) + +10. Navigate to the **Policies** page. + + ![Image of configuration settings](images/f878f8efa5ebc92d069f4b8f79f62c7f.png) + +11. Select **+ New** to create a new policy. + + ![Image of configuration settings](images/847b70e54ed04787e415f5180414b310.png) + + +12. In **General** Enter the following details: + + - Display name: MDATP Onboarding Contoso 200329 v100.86.92 or later + + ![Image of configuration settings](images/625ba6d19e8597f05e4907298a454d28.png) + +13. Select **Recurring Check-in**. + + ![Image of configuration settings](images/68bdbc5754dfc80aa1a024dde0fce7b0.png) + + +14. Select **Save**. + +15. Select **Packages > Configure**. + + ![Image of configuration settings](images/8fb4cc03721e1efb4a15867d5241ebfb.png) + +16. Select the **Add** button next to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**. + + ![Image of configuration settings](images/526b83fbdbb31265b3d0c1e5fbbdc33a.png) + +17. Select **Save**. + ![Image of configuration settings](images/9d6e5386e652e00715ff348af72671c6.png) + +18. Select the **Scope** tab. + ![Image of configuration settings](images/8d80fe378a31143db9be0bacf7ddc5a3.png) + +19. Select the target computers. + + ![Image of configuration settings](images/6eda18a64a660fa149575454e54e7156.png) + + **Scope**
+ Select **Add**. + ![Image of configuration settings](images/1c08d097829863778d562c10c5f92b67.png) + + ![Image of configuration settings](images/216253cbfb6ae738b9f13496b9c799fd.png) + + **Self-Service**
+ ![Image of configuration settings](images/c9f85bba3e96d627fe00fc5a8363b83a.png) + +20. Select **Done**. + ![Image of configuration settings](images/99679a7835b0d27d0a222bc3fdaf7f3b.png) + + ![Image of configuration settings](images/632aaab79ae18d0d2b8e0c16b6ba39e2.png) + + + + + diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md index e8edd981e3..fa1d4aa4bf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-support-kext.md @@ -49,7 +49,7 @@ The following sections provide guidance on how to address this issue, depending See the instructions corresponding to the management tool that you used to deploy the product: -- [JAMF-based deployment](mac-install-with-jamf.md#configuration-profile) +- [JAMF-based deployment](mac-install-with-jamf.md) - [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) ## Manual deployment diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md index 869b785877..a7ef7409a9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md @@ -157,6 +157,6 @@ ms.topic: conceptual > The mechanism for granting this consent depends on how you deployed Microsoft Defender ATP: > > - For manual deployments, see the updated instructions in the [Manual deployment](mac-install-manually.md#how-to-allow-full-disk-access) topic. - > - For managed deployments, see the updated instructions in the [JAMF-based deployment](mac-install-with-jamf.md#privacy-preferences-policy-control) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics. + > - For managed deployments, see the updated instructions in the [JAMF-based deployment](mac-install-with-jamf.md) and [Microsoft Intune-based deployment](mac-install-with-intune.md#create-system-configuration-profiles) topics. - Performance improvements & bug fixes diff --git a/windows/security/threat-protection/microsoft-defender-atp/non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md new file mode 100644 index 0000000000..e7fa908f28 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/non-windows.md @@ -0,0 +1,107 @@ +--- +title: Microsoft Defender ATP for non-Windows platforms +description: Learn about Microsoft Defender ATP capabilities for non-Windows platforms +keywords: non windows, mac, macos, linux, android +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: +- M365-security-compliance +- m365solution-evalutatemtp +ms.topic: article +--- + +# Microsoft Defender ATP for non-Windows platforms +**Applies to:** +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + + +Microsoft has been on a journey to extend its industry leading endpoint security +capabilities beyond Windows and Windows Server to macOS, Linux, Android, and +soon iOS. + +Organizations face threats across a variety of platforms and devices. Our teams +have committed to building security solutions not just *for* Microsoft, but also +*from* Microsoft to enable our customers to protect and secure their +heterogenous environments. We're listening to customer feedback and partnering +closely with our customers to build solutions that meet their needs. + +With Microsoft Defender ATP, customers benefit from a unified view of all +threats and alerts in the Microsoft Defender Security Center, across Windows and +non-Windows platforms, enabling them to get a full picture of what's happening +in their environment, which empowers them to more quickly assess and respond to +threats. + +## Microsoft Defender ATP for Mac + +Microsoft Defender ATP for Mac offers AV and EDR capabilities for the three +latest released versions of macOS. Customers can deploy and manage the solution +through Microsoft Endpoint Manager and Jamf. Just like with Microsoft Office +applications on macOS, Microsoft Auto Update is used to manage Microsoft +Defender ATP for Mac updates. For information about the key features and +benefits, read our +[announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/macOS). + +For more details on how to get started, visit the Microsoft Defender ATP for Mac +[documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac). + +## Microsoft Defender ATP for Linux + +Microsoft Defender ATP for Linux offers preventative (AV) capabilities for Linux +servers. This includes a full command line experience to configure and manage +the agent, initiate scans, and manage threats. We support recent versions of the +six most common Linux Server distributions: RHEL 7.2+, CentOS Linux 7.2+, Ubuntu +16 LTS, or higher LTS, SLES 12+, Debian 9+, and Oracle Linux 7.2. Microsoft +Defender ATP for Linux can be deployed and configured using Puppet, Ansible, or +using your existing Linux configuration management tool. For information about +the key features and benefits, read our +[announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/Linux). + +For more details on how to get started, visit the Microsoft Defender ATP for +Linux +[documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux). + +## Microsoft Defender ATP for Android + +Microsoft Defender ATP for Android is our mobile threat defense solution for +devices running Android 6.0 and higher. Both Android Enterprise (Work Profile) +and Device Administrator modes are supported. On Android, we offer web +protection, which includes anti-phishing, blocking of unsafe connections, and +setting of custom indicators. The solution scans for malware and potentially +unwanted applications (PUA) and offers additional breach prevention capabilities +through integration with Microsoft Endpoint Manager and Conditional Access. For +information about the key features and benefits, read our +[announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/Android). + +For more details on how to get started, visit the Microsoft Defender ATP for +Android +[documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android). + + + +## Licensing requirements + +Eligible Licensed Users may use Microsoft Defender ATP on up to five concurrent +devices. Microsoft Defender ATP is also available for purchase from a Cloud +Solution Provider (CSP). + +Customers can obtain Microsoft Defender ATP for Mac through a standalone +Microsoft Defender ATP license, as part of Microsoft 365 A5/E5, or Microsoft 365 +Security. + +Recently announced capabilities of Microsoft Defender ATP for Android and soon +iOS are included in the above mentioned offers as part of the five qualified +devices for eligible licensed users. + +Microsoft Defender ATP for Linux is available through the Microsoft Defender ATP +for Server SKU that is available for both commercial and education customers. + +Please contact your account team or CSP for pricing and additional eligibility +requirements. \ No newline at end of file diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md index 9fef84e4b2..14f67ae3d2 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md @@ -83,6 +83,8 @@ Set this policy to *Disabled* or don't configure this security policy for domain If you don't set or you disable this policy, the PKU2U protocol won't be used to authenticate between peer devices, which forces users to follow domain-defined access control policies. If you enable this policy, you allow your users to authenticate by using local certificates between systems that aren't part of a domain that uses PKU2U. This configuration allows users to share resources between devices. +Please be aware that some roles/features (such as Failover Clustering) do not utilize a domain account for its PKU2U authentication and will cease to function properly when disabling this policy. + ## Related topics - [Security options](security-options.md)