Merge branch 'master' into lsaldanha-4567381-Batch11

2025-05-15 06:47:21 +00:00 · 2020-11-11 06:04:20 -08:00 · 2020-11-11 06:04:20 -08:00 · e9a8c5cf09
commit e9a8c5cf09
parent f36d7d30ce d4acc99d95
15 changed files with 21 additions and 17 deletions
--- a/windows/application-management/docfx.json
+++ b/windows/application-management/docfx.json
@ -32,6 +32,7 @@
    "externalReference": [],
    "globalMetadata": {
      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
      "ms.technology": "windows",
      "audience": "ITPro",
      "ms.topic": "article",
--- a/windows/client-management/docfx.json
+++ b/windows/client-management/docfx.json
@ -32,6 +32,7 @@
    "externalReference": [],
    "globalMetadata": {
      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
      "ms.technology": "windows",
      "audience": "ITPro",
      "ms.topic": "article",
--- a/windows/client-management/mdm/policy-csp-multitasking.md
+++ b/windows/client-management/mdm/policy-csp-multitasking.md
@ -96,7 +96,7 @@ This policy only applies to the Alt+Tab switcher. When the policy is not enabled
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Configure the inclusion of Edge tabs into Alt-Tab*
-   GP name: *MultiTaskingAltTabFilter*
+-   GP name: *BrowserAltTabBlowout*
 -   GP path: *Windows Components/Multitasking*
 -   GP ADMX file name: *Multitasking.admx*

--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@ -32,6 +32,7 @@
    "externalReference": [],
    "globalMetadata": {
      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
      "ms.technology": "windows",
      "audience": "ITPro",
      "ms.topic": "article",
--- a/windows/deployment/docfx.json
+++ b/windows/deployment/docfx.json
@ -35,6 +35,7 @@
    "externalReference": [],
    "globalMetadata": {
      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
      "ms.technology": "windows",
      "audience": "ITPro",
      "ms.topic": "article",
--- a/windows/deployment/planning/windows-10-deprecated-features.md
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@ -28,7 +28,6 @@ The features described below are no longer being actively developed, and might b
 | ----------- | --------------------- | ---- |
 | Microsoft Edge | The legacy version of Microsoft Edge is no longer being developed.| 2004 |
 | Companion Device Framework | The [Companion Device Framework](https://docs.microsoft.com/windows-hardware/design/device-experiences/windows-hello-companion-device-framework) is no longer under active development.| 2004 |
-| Microsoft Edge | The legacy version of Microsoft Edge is no longer being developed.| 2004 |
 | Dynamic Disks | The [Dynamic Disks](https://docs.microsoft.com/windows/win32/fileio/basic-and-dynamic-disks#dynamic-disks) feature is no longer being developed. This feature will be fully replaced by [Storage Spaces](https://docs.microsoft.com/windows-server/storage/storage-spaces/overview) in a future release.| 2004 |
 | Language Community tab in Feedback Hub | The Language Community tab will be removed from the Feedback Hub. The standard feedback process: [Feedback Hub - Feedback](feedback-hub://?newFeedback=true&feedbackType=2) is the recommended way to provide translation feedback. | 1909 |
 | My People / People in the Shell |  My People is no longer being developed. It may be removed in a future update. | 1909 |
--- a/windows/hub/docfx.json
+++ b/windows/hub/docfx.json
@ -36,6 +36,7 @@
    "globalMetadata": {
      "audience": "ITPro",
      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
      "ms.technology": "windows",
      "ms.topic": "article",
      "feedback_system": "GitHub",
--- a/windows/privacy/docfx.json
+++ b/windows/privacy/docfx.json
@ -33,6 +33,7 @@
    "externalReference": [],
    "globalMetadata": {
      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
      "ms.technology": "windows",
      "audience": "ITPro",
      "ms.topic": "article",
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@ -33,6 +33,7 @@
    "externalReference": [],
    "globalMetadata": {
      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
      "ms.topic": "article",
      "manager": "dansimp",
      "audience": "ITPro",
--- a/windows/security/information-protection/secure-the-windows-10-boot-process.md
+++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md
@ -84,7 +84,7 @@ These requirements help protect you from rootkits while allowing you to run any
 -  **Configure UEFI to trust your custom bootloader.** All Certified For Windows 10 PCs allow you to trust a non-certified bootloader by adding a signature to the UEFI database, allowing you to run any operating system, including homemade operating systems.
 -  **Turn off Secure Boot.** All Certified For Windows 10 PCs allow you to turn off Secure Boot so that you can run any software. This does not help protect you from bootkits, however.

-To prevent malware from abusing these options, the user must manually configure the UEFI firmware to trust a non-certified bootloader or to turn off Secure Boot. Software cannot change the Secure Boot settings. For more information about Secure Boot, read the blog, [Protecting the pre-OS environment with UEFI](https://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx).
+To prevent malware from abusing these options, the user must manually configure the UEFI firmware to trust a non-certified bootloader or to turn off Secure Boot. Software cannot change the Secure Boot settings.

 Like most mobile devices, ARM-based Certified For Windows RT devices, such as the Microsoft Surface RT device, are designed to run only Windows 8.1. Therefore, Secure Boot cannot be turned off, and you cannot load a different operating system. Fortunately, there is a large market of ARM devices designed to run other operating systems.

--- a/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-manage.md
@ -2,7 +2,7 @@
 title: Manage indicators
 ms.reviewer: 
 description: Manage indicators for a file hash, IP address, URLs, or domains that define the detection, prevention, and exclusion of entities.
-keywords: import, indicator, list, ioc, csv, manage, allowed, blocked, whitelist, blacklist, block, clean, malicious, file hash, ip address, urls, domain
+keywords: import, indicator, list, ioc, csv, manage, allowed, blocked, block, clean, malicious, file hash, ip address, urls, domain
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@ -65,8 +65,13 @@ expirationTime | DateTimeOffset | The expiration time of the indicator in the fo
 severity | Enum | The severity of the indicator. Possible values are: "Informational", "Low", "Medium" and "High". **Optional**
 recommendedActions | String | TI indicator alert recommended actions. **Optional**
 rbacGroupNames | String | Comma-separated list of RBAC group names the indicator would be applied to. **Optional**
+category | String | Category of the alert. Examples include: Execution and credential access. **Optional**
+mitretechniques| String | MITRE techniques code/id (comma separated). For more information, see [Enterprise tactics](https://attack.mitre.org/tactics/enterprise/). **Optional** It is recommended to add a value in category when a MITRE technique.

-## Related topics
+For more information, see [Microsoft Defender ATP alert categories are now aligned with MITRE ATT&CK!](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-atp-alert-categories-are-now-aligned-with/ba-p/732748).
+
+
+## See also
 - [Create indicators](manage-indicators.md)
 - [Create indicators for files](indicator-file.md)
 - [Create indicators for IPs and URLs/domains](indicator-ip-domain.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-files.md
@ -29,7 +29,6 @@ ms.date: 04/24/2018

 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)

-[!include[Prerelease information](../../includes/prerelease.md)]

 >Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-investigatefiles-abovefoldlink)

--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@ -50,7 +50,6 @@ Whether taken automatically or upon approval, remediation actions following an a
 - Remove a registry key 
 - Kill a process 
 - Stop a service 
- Remove a registry key 
 - Disable a driver 
 - Remove a scheduled task

--- a/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/review-alerts.md
@ -29,9 +29,11 @@ ms.date: 5/1/2020

 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-managealerts-abovefoldlink)

-The new alert page in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) provides full context to the alert, by combining attack signals and alerts related to the selected alert, to construct a detailed alert story.
+The alert page in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) provides full context to the alert, by combining attack signals and alerts related to the selected alert, to construct a detailed alert story.

-Quickly triage, investigate, and take effective action on alerts that affect your organization. Understand why they were triggered, and their impact from one location.
+Quickly triage, investigate, and take effective action on alerts that affect your organization. Understand why they were triggered, and their impact from one location. Learn more in this overview.
+
+> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4yiO5]

 ## Getting started with an alert

@ -90,14 +92,6 @@ If you are experiencing a false alert with a line-of-business application, creat
 > [!TIP]
 > If you're experiencing any issues not described above, use the 🙂 button to provide feedback or open a support ticket.

-## Transitioning to the new alert page
-
-When making the move to the new alert page you will notice that we have centralized information from the alert process tree, the incident graph, and the artifact timeline into the [alert story](#investigate-using-the-alert-story), with some information available through the [affected assets](#review-affected-assets) section. Any additional information has been consolidated into the details pane for the relevant entities.
-
-## Video overview of the new alert page
-
-> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4yiO5]
-
 ## Related topics

 - [View and organize the incidents queue](view-incidents-queue.md)
--- a/windows/whats-new/docfx.json
+++ b/windows/whats-new/docfx.json
@ -32,6 +32,7 @@
    "externalReference": [],
    "globalMetadata": {
      "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
      "ms.technology": "windows",
      "ms.topic": "article",
      "audience": "ITPro",