From 833c3d8748fb102b617431c39d193de2cab0eb35 Mon Sep 17 00:00:00 2001 From: Heike Ritter Date: Tue, 1 Sep 2020 12:57:21 -0700 Subject: [PATCH 1/9] Update service-status.md --- .../threat-protection/microsoft-defender-atp/service-status.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/service-status.md b/windows/security/threat-protection/microsoft-defender-atp/service-status.md index 0caa79489b..a8a4322b55 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/service-status.md +++ b/windows/security/threat-protection/microsoft-defender-atp/service-status.md @@ -26,7 +26,7 @@ ms.topic: article >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-servicestatus-abovefoldlink) -The **Service health** provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. If there are issues, you'll see details related to the issue such as when the issue was detected, what the preliminary root cause is, and the expected resolution time. +The **Service health** provides information on the current status of the Microsoft Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. If there are issues, you'll see details related to the issue such as when the issue was detected, what the preliminary root cause is, and the expected resolution time. You'll also see information on historical issues that have been resolved and details such as the date and time when the issue was resolved. When there are no issues on the service, you'll see a healthy status. From dc0413f922fd3d7a9cb9de774d85bf4e7de84998 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 2 Sep 2020 12:51:24 +0500 Subject: [PATCH 2/9] Update configure-endpoints-vdi.md --- .../configure-endpoints-vdi.md | 24 ++++++++----------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md index 771c2b866b..974c15a4c8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md @@ -63,25 +63,21 @@ The following steps will guide you through onboarding VDI devices and will highl 1. Click **Download package** and save the .zip file. -2. Copy all the extracted files from the .zip into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. You should have a folder called `WindowsDefenderATPOnboardingPackage` containing the file `WindowsDefenderATPOnboardingScript.cmd`. +2. Copy files from the WindowsDefenderATPOnboardingPackage folder extracted from .zip file into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. + 1. If you are not implementing a single entry for each device: copy WindowsDefenderATPOnboardingScript.cmd. + + 1. If you are implementing a single entry for each device: copy both Onboard-NonPersistentMachine.ps1 and WindowsDefenderATPOnboardingScript.cmd. + >[!NOTE] >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer. -3. The following step is only applicable if you're implementing a single entry for each device:
- **For single entry for each device**: - - 1. From the `WindowsDefenderATPOnboardingPackage`, copy the `Onboard-NonPersistentMachine.ps1` and `WindowsDefenderATPOnboardingScript.cmd` file to `golden/master` image to the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`.
- - > [!NOTE] - > If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer. - -4. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**. +3. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**. > [!NOTE] > Domain Group Policy may also be used for onboarding non-persistent VDI devices. -5. Depending on the method you'd like to implement, follow the appropriate steps:
+4. Depending on the method you'd like to implement, follow the appropriate steps:
**For single entry for each device**:
Select the **PowerShell Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to onboarding PowerShell script `Onboard-NonPersistentMachine.ps1`. @@ -90,7 +86,7 @@ The following steps will guide you through onboarding VDI devices and will highl Select the **Scripts** tab, then click **Add** (Windows Explorer will open directly in the path where you copied the onboarding script earlier). Navigate to the onboarding bash script `WindowsDefenderATPOnboardingScript.cmd`. -6. Test your solution: +5. Test your solution: 1. Create a pool with one device. @@ -103,9 +99,9 @@ The following steps will guide you through onboarding VDI devices and will highl 1. **For single entry for each device**: Check only one entry in Microsoft Defender Security Center.
**For multiple entries for each device**: Check multiple entries in Microsoft Defender Security Center. -7. Click **Devices list** on the Navigation pane. +6. Click **Devices list** on the Navigation pane. -8. Use the search function by entering the device name and select **Device** as search type. +7. Use the search function by entering the device name and select **Device** as search type. ## Updating non-persistent virtual desktop infrastructure (VDI) images As a best practice, we recommend using offline servicing tools to patch golden/master images.
From 65ed5e8b585b307be14f0fd6f7d213210ca58e2b Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 2 Sep 2020 14:17:47 +0500 Subject: [PATCH 3/9] Update windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/configure-endpoints-vdi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md index 974c15a4c8..5663fcae92 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md @@ -63,7 +63,7 @@ The following steps will guide you through onboarding VDI devices and will highl 1. Click **Download package** and save the .zip file. -2. Copy files from the WindowsDefenderATPOnboardingPackage folder extracted from .zip file into `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. +2. Copy the files from the WindowsDefenderATPOnboardingPackage folder extracted from the .zip file into the `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. 1. If you are not implementing a single entry for each device: copy WindowsDefenderATPOnboardingScript.cmd. From 08a64bc7bcd32b006b8b033f2714539ab7d4d8c7 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 2 Sep 2020 14:17:55 +0500 Subject: [PATCH 4/9] Update windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/configure-endpoints-vdi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md index 5663fcae92..ea02791b4f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md @@ -65,7 +65,7 @@ The following steps will guide you through onboarding VDI devices and will highl 2. Copy the files from the WindowsDefenderATPOnboardingPackage folder extracted from the .zip file into the `golden/master` image under the path `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup`. - 1. If you are not implementing a single entry for each device: copy WindowsDefenderATPOnboardingScript.cmd. + 1. If you are not implementing a single entry for each device, copy WindowsDefenderATPOnboardingScript.cmd. 1. If you are implementing a single entry for each device: copy both Onboard-NonPersistentMachine.ps1 and WindowsDefenderATPOnboardingScript.cmd. From 7f4cc15eb7d48c4f1b7513ad2f8009d3de16a42d Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 2 Sep 2020 14:18:02 +0500 Subject: [PATCH 5/9] Update windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/configure-endpoints-vdi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md index ea02791b4f..bcb82513f9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md @@ -67,7 +67,7 @@ The following steps will guide you through onboarding VDI devices and will highl 1. If you are not implementing a single entry for each device, copy WindowsDefenderATPOnboardingScript.cmd. - 1. If you are implementing a single entry for each device: copy both Onboard-NonPersistentMachine.ps1 and WindowsDefenderATPOnboardingScript.cmd. + 1. If you are implementing a single entry for each device, copy both Onboard-NonPersistentMachine.ps1 and WindowsDefenderATPOnboardingScript.cmd. >[!NOTE] >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer. From d54c5355c0bb19c019ff4d825df82fee4853f237 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 2 Sep 2020 14:18:10 +0500 Subject: [PATCH 6/9] Update windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/configure-endpoints-vdi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md index bcb82513f9..f9b4d99f69 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md @@ -69,7 +69,7 @@ The following steps will guide you through onboarding VDI devices and will highl 1. If you are implementing a single entry for each device, copy both Onboard-NonPersistentMachine.ps1 and WindowsDefenderATPOnboardingScript.cmd. - >[!NOTE] + > [!NOTE] >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer. 3. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**. From 780bd24f2722510d9720b071971dec29dad5afe7 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 2 Sep 2020 14:18:20 +0500 Subject: [PATCH 7/9] Update windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/configure-endpoints-vdi.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md index f9b4d99f69..07ede3efae 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md @@ -70,7 +70,7 @@ The following steps will guide you through onboarding VDI devices and will highl 1. If you are implementing a single entry for each device, copy both Onboard-NonPersistentMachine.ps1 and WindowsDefenderATPOnboardingScript.cmd. > [!NOTE] - >If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from file explorer. + > If you don't see the `C:\WINDOWS\System32\GroupPolicy\Machine\Scripts\Startup` folder, it might be hidden. You'll need to choose the **Show hidden files and folders** option from File Explorer. 3. Open a Local Group Policy Editor window and navigate to **Computer Configuration** > **Windows Settings** > **Scripts** > **Startup**. From 68c4b2d9870cdc38827d2e45dddc0c9ff3242ef8 Mon Sep 17 00:00:00 2001 From: Paul Huijbregts <30799281+pahuijbr@users.noreply.github.com> Date: Fri, 4 Sep 2020 19:55:37 +0200 Subject: [PATCH 8/9] Update manage-updates-baselines-microsoft-defender-antivirus.md Please check my markdown! --- ...-baselines-microsoft-defender-antivirus.md | 42 ++++++++++++++++++- 1 file changed, 40 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 6f73b79b2b..576aafd9bf 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -57,6 +57,44 @@ All our updates contain: * serviceability improvements * integration improvements (Cloud, MTP)
+
+ August-2020 (Platform: 4.18.2008.3 | Engine: 1.1.17400.5) + + Security intelligence update version: **1.323.9.0** + Released: **August 27, 2020** + Platform: **4.18.2008.3** + Engine: **1.1.17400.5** + Support phase: **Security and Critical Updates** + +### What's new +* Add more telemetry events +* Improved scan event telemetry +* Improved behavior monitoring for memory scans +* Improved macro streams scanning + +### Known Issues +No known issues +
+
+ +
+ July-2020 (Platform: 4.18.2007.8 | Engine: 1.1.17300.4) + + Security intelligence update version: **1.321.30.0** + Released: **July 28, 2020** + Platform: **4.18.2007.8** + Engine: **1.1.17300.4** + Support phase: **Security and Critical Updates** + +### What's new +* Improved telemetry for BITS +* Improved Authenticode code signing certificate validation + +### Known Issues +No known issues +
+
+
June-2020 (Platform: 4.18.2006.10 | Engine: 1.1.17200.2) @@ -86,7 +124,7 @@ No known issues  Released: **May 26, 2020**  Platform: **4.18.2005.4**  Engine: **1.1.17100.2** - Support phase: **Security and Critical Updates** + Support phase: **Technical upgrade Support (Only)** ### What's new * Improved logging for scan events @@ -108,7 +146,7 @@ No known issues  Released: **April 30, 2020**  Platform: **4.18.2004.6**  Engine: **1.1.17000.2** - Support phase: **Security and Critical Updates** + Support phase: **Technical upgrade Support (Only)** ### What's new * WDfilter improvements From 3cc24e0aa4f5dce32976884056716f7f643a7ab6 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Fri, 4 Sep 2020 11:07:29 -0700 Subject: [PATCH 9/9] Update manage-updates-baselines-microsoft-defender-antivirus.md --- .../manage-updates-baselines-microsoft-defender-antivirus.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 576aafd9bf..c8bcc9a9ad 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -13,6 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: manager: dansimp +ms.date: 09/04/2020 --- # Manage Microsoft Defender Antivirus updates and apply baselines