From ee91df6b077e6ea54ac391fa3e948052eec9ebf1 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 17 Nov 2021 18:55:28 +0530 Subject: [PATCH 1/8] added link with adjustments, as per user report #10119, so i adjusted links with symbols and arranged the top[ics in ascending order for easy understanding. I need help from @JohanFreelancer9. --- windows/security/threat-protection/index.md | 23 +++++++++++---------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 7baa36b1a0..c95857ed71 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -29,23 +29,24 @@ In Windows client, hardware and software work together to help protect you from See the following articles to learn more about the different areas of Windows threat protection: -- [Microsoft Defender Application Guard](\windows\security\threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md) -- [Virtualization-based protection of code integrity](\windows\security\threat-protection\device-guard\enable-virtualization-based-protection-of-code-integrity.md) -- [Application control](/windows-defender-application-control/windows-defender-application-control.md) +- [Application Control](/windows-defender-application-control/windows-defender-application-control.md) +- [Attack Surface Reduction Rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) +- [Controlled Folder Access](/microsoft-365/security/defender-endpoint/controlled-folders) +- [Exploit Protection](/microsoft-365/security/defender-endpoint/exploit-protection) +- [Microsoft Defender Application Guard](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md) - [Microsoft Defender Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) -- [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection) -- [Network protection](/microsoft-365/security/defender-endpoint/network-protection), [web protection](/microsoft-365/security/defender-endpoint/web-protection-overview) -- [Microsoft Defender SmartScreen](\windows\security\threat-protection\microsoft-defender-smartscreen\microsoft-defender-smartscreen-overview.md) -- [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders) -- [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md) -- [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction) -- [Windows Sandbox](\windows\security\threat-protection\windows-sandbox\windows-sandbox-overview.md) +- [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) +- [Network Protection](/microsoft-365/security/defender-endpoint/network-protection)- +- [Virtualization-Based Protection of Code Integrity](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md) +- [Web Protection](/microsoft-365/security/defender-endpoint/web-protection-overview) +- [Windows Firewall](windows-firewall/windows-firewall-with-advanced-security.md) +- [Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md) ### Next-generation protection Next-generation protection is designed to identify and block new and emerging threats. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time. +- [Automated sandbox service](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus) - [Behavior monitoring](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus) - [Cloud-based protection](/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus) - [Machine learning](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus) - [URL Protection](/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus) -- [Automated sandbox service](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus) \ No newline at end of file From 229abdc68bcd3ee47952dd970f73ca7fa82ba17a Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 18 Nov 2021 11:40:51 +0530 Subject: [PATCH 2/8] Update windows/security/threat-protection/index.md Accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/security/threat-protection/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index c95857ed71..7cf2f166da 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -36,7 +36,7 @@ See the following articles to learn more about the different areas of Windows th - [Microsoft Defender Application Guard](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md) - [Microsoft Defender Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) - [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) -- [Network Protection](/microsoft-365/security/defender-endpoint/network-protection)- +- [Network Protection](/microsoft-365/security/defender-endpoint/network-protection) - [Virtualization-Based Protection of Code Integrity](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md) - [Web Protection](/microsoft-365/security/defender-endpoint/web-protection-overview) - [Windows Firewall](windows-firewall/windows-firewall-with-advanced-security.md) From 01e1b3a238bad02e0a5f8c9bf1cb8f17617b0bdb Mon Sep 17 00:00:00 2001 From: Rafael Ortiz Date: Fri, 19 Nov 2021 09:24:46 -0500 Subject: [PATCH 3/8] Update basic-audit-logon-events.md --- .../threat-protection/auditing/basic-audit-logon-events.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md index 01b1068234..c0be497365 100644 --- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md @@ -45,7 +45,7 @@ You can configure this security setting by opening the appropriate policy under | 4779 | A user disconnected a terminal server session without logging off. | -When event 528 is logged, a logon type is also listed in the event log. The following table describes each logon type. +When event 4624 (Legacy Windows Event ID 528) is logged, a logon type is also listed in the event log. The following table describes each logon type. | Logon type | Logon title | Description | | - | - | - | From 7c3ce18588fb1ae7314390c48283b70c23157d00 Mon Sep 17 00:00:00 2001 From: sravanigannavarapu <95500630+sravanigannavarapu@users.noreply.github.com> Date: Fri, 3 Dec 2021 11:34:50 -0800 Subject: [PATCH 4/8] Update audit-registry.md Add remarks about expected events for subkey creation --- .../security/threat-protection/auditing/audit-registry.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index 3c6407d9f5..4b2ee345d7 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -44,4 +44,8 @@ If success auditing is enabled, an audit entry is generated each time any accoun - [5039](event-5039.md)(-): A registry key was virtualized. -- [4670](event-4670.md)(S): Permissions on an object were changed. \ No newline at end of file +- [4670](event-4670.md)(S): Permissions on an object were changed. + +**Remarks:** +On creating a subkey for a parent, the expectation is to see a 4656 event for the newly created subkey. We see this event only when "Audit Object Access" is enabled under Local Policies > Audit Policy in Local Security Policy. This event is not generated while using advanced audit policy configurations for registry specific events, such as, using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". While using regedit.exe for creating subkeys we see additional 4663 event because we perform NtEnumerateKeys on the newly created subkey. We can additionally see a 4663 event on the newly created key, if we try to rename the subkey. While using reg.exe for creating subkeys we see additional 4663 event because we perform NtSetValueKey on the newly created subkey. It is advised not to rely on 4663 events for subkey creation as they are dependent on type of permissions enabled on the parent and are not consistent across regedit.exe and reg.exe. + From 02e0ba81213ed3930b12130181bc6ce7fc5e7d2d Mon Sep 17 00:00:00 2001 From: Office Content Publishing <34616516+officedocspr@users.noreply.github.com> Date: Sat, 4 Dec 2021 23:33:32 -0800 Subject: [PATCH 5/8] Uploaded file: education-content-updates.md - 2021-12-04 23:33:32.2948 --- .../includes/education-content-updates.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md index 227cfc8a46..ba848193c2 100644 --- a/education/includes/education-content-updates.md +++ b/education/includes/education-content-updates.md @@ -2,6 +2,15 @@ +## Week of November 29, 2021 + + +| Published On |Topic title | Change | +|------|------------|--------| +| 11/29/2021 | [What is Windows 11 SE](/education/windows/windows-11-se-overview) | added | +| 11/29/2021 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | added | + + ## Week of November 15, 2021 @@ -12,13 +21,3 @@ | 11/18/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified | | 11/18/2021 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified | | 11/18/2021 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified | - - -## Week of October 25, 2021 - - -| Published On |Topic title | Change | -|------|------------|--------| -| 10/28/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified | -| 10/28/2021 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified | -| 10/28/2021 | [Windows 10 for Education (Windows 10)](/education/windows/index) | modified | From c023916f728e6e7ff71e6b2a82e2bc91b5a4cb9a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 6 Dec 2021 09:37:12 -0800 Subject: [PATCH 6/8] Update windows/security/threat-protection/auditing/audit-registry.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/security/threat-protection/auditing/audit-registry.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index 4b2ee345d7..6ab435279c 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -46,6 +46,6 @@ If success auditing is enabled, an audit entry is generated each time any accoun - [4670](event-4670.md)(S): Permissions on an object were changed. -**Remarks:** -On creating a subkey for a parent, the expectation is to see a 4656 event for the newly created subkey. We see this event only when "Audit Object Access" is enabled under Local Policies > Audit Policy in Local Security Policy. This event is not generated while using advanced audit policy configurations for registry specific events, such as, using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". While using regedit.exe for creating subkeys we see additional 4663 event because we perform NtEnumerateKeys on the newly created subkey. We can additionally see a 4663 event on the newly created key, if we try to rename the subkey. While using reg.exe for creating subkeys we see additional 4663 event because we perform NtSetValueKey on the newly created subkey. It is advised not to rely on 4663 events for subkey creation as they are dependent on type of permissions enabled on the parent and are not consistent across regedit.exe and reg.exe. +> [!NOTE] +> On creating a subkey for a parent, the expectation is to see a 4656 event for the newly created subkey. You will see this event only when "Audit Object Access" is enabled under **Local Policies** > **Audit Policy** in Local Security Policy. This event is not generated while using advanced audit policy configurations for registry specific events, such as using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". While using regedit.exe for creating subkeys you will see an additional 4663 event because you perform NtEnumerateKeys on the newly created subkey. You might additionally see a 4663 event on the newly created key if you try to rename the subkey. While using reg.exe for creating subkeys you'll see an additional 4663 event because you perform NtSetValueKey on the newly created subkey. We recommend not relying on 4663 events for subkey creation as they are dependent on the type of permissions enabled on the parent and are not consistent across regedit.exe and reg.exe. From 4ab91e7fdaaf6cb509048d0288d69d8ca9ff7400 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Mon, 6 Dec 2021 11:23:47 -0700 Subject: [PATCH 7/8] Update faq-for-it-pros-ie11.yml --- browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml index b025aa3409..6af2d17f62 100644 --- a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml +++ b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml @@ -26,7 +26,6 @@ sections: questions: - question: | Frequently Asked Questions - answer: | - question: | What operating system does IE11 run on? answer: | @@ -250,4 +249,4 @@ additionalContent: | - [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/) - [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md) - - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md) \ No newline at end of file + - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md) From 81f5e9cbb672d8a61c13a70deb4e057fcd1b8cd5 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Mon, 6 Dec 2021 11:29:34 -0700 Subject: [PATCH 8/8] Update faq-for-it-pros-ie11.yml --- browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml index 6af2d17f62..4f545f92d9 100644 --- a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml +++ b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml @@ -24,8 +24,6 @@ summary: | sections: - name: Ignored questions: - - question: | - Frequently Asked Questions - question: | What operating system does IE11 run on? answer: |