deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 04:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into App-v-revision

Browse Source
This commit is contained in:
Heidi Lohr
2018-03-28 14:24:48 -07:00
parent 3ff2adc5c6 543c1a07e8
commit eb50181279
42 changed files with 630 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/client-management/mdm/TOC.md
View File

@ -68,6 +68,8 @@
### [ICSPValidate](icspvalidate.md)
### [Samples for writing a custom configuration service provider](samples-for-writing-a-custom-configuration-service-provider.md)
## [Configuration service provider reference](configuration-service-provider-reference.md)
### [AccountManagement CSP](accountmanagement-csp.md)
#### [AccountManagement DDF file](accountmanagement-ddf.md)
### [ActiveSync CSP](activesync-csp.md)
#### [ActiveSync DDF file](activesync-ddf-file.md)
### [AllJoynManagement CSP](alljoynmanagement-csp.md)

62
windows/client-management/mdm/accountmanagement-csp.md Normal file
View File

@ -0,0 +1,62 @@
---
title: AccountManagement CSP
description: Used to configure settings in the Account Manager service
ms.author: maricia
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 03/23/2018
---
# AccountManagement CSP
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
AccountManagement CSP is used to configure setting in the Account Manager service in Windows Holographic for Business edition. Added in Windows 10, version 1803.
> [!Note]
> The AccountManagement CSP is only supported in Windows Holographic for Business edition.
The following diagram shows the AccountManagement configuration service provider in tree format.
![accountmanagement csp](images/provisioning-csp-accountmanagement.png)
<a href="" id="accountmanagement"></a>**./Vendor/MSFT/AccountManagement**
Root node for the AccountManagement configuration service provider.
<a href="" id="accountmanagement-userprofilemanagemen-enableprofilemanager"></a>**UserProfileManagement**
Interior node.
<a href="" id="accountmanagement-userprofilemanagement-deletionpolicy"></a>**UserProfileManagement/EnableProfileManager**
Enable profile lifetime mangement for shared or communal device scenarios. Default value is false.
Supported operations are Add, Get,Replace, and Delete. Value type is bool.
<a href="" id="accountmanagement-userprofilemanagement-storagecapacitystartdeletion"></a>**UserProfileManagement/DeletionPolicy**
Configures when profiles will be deleted. Default value is 1.
Valid values:
- 0 - delete immediately when the device returns to a state with no currently active users
- 1 - delete at storage capacity threshold
- 2 - delete at both storage capacity threshold and profile inactivity threshold
Supported operations are Add, Get,Replace, and Delete. Value type is integer.
<a href="" id="accountmanagement-userprofilemanagement-storagecapacitystopdeletion"></a>**UserProfileManagement/StorageCapacityStartDeletion**
Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first. Default value is 25.
Supported operations are Add, Get,Replace, and Delete. Value type is integer.
<a href="" id="accountmanagement-userprofilemanagement-storagecapacitystopdeletion"></a>**UserProfileManagement/StorageCapacityStopDeletion**
Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles. Default value is 50.
Supported operations are Add, Get,Replace, and Delete. Value type is integer.
<a href="" id="accountmanagement-userprofilemanagement-profileinactivitythreshold"></a>**UserProfileManagement/ProfileInactivityThreshold**
Start deleting profiles when they have not been logged on during the specified period, given as number of days. Default value is 30.
Supported operations are Add, Get,Replace, and Delete. Value type is integer.

201
windows/client-management/mdm/accountmanagement-ddf.md Normal file
View File

@ -0,0 +1,201 @@
---
title: AccountManagement DDF file
description: Used to configure settings in the Account Manager service
ms.author: maricia
ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 03/23/2018
---
# AccountManagement DDF file
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic shows the OMA DM device description framework (DDF) for the **AccountManagement** configuration service provider.
The XML below is for Windows 10, version 1803.
``` syntax
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
<VerDTD>1.2</VerDTD>
<Node>
<NodeName>AccountManagement</NodeName>
<Path>./Device/Vendor/MSFT</Path>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>com.microsoft/1.0/MDM/AccountManagement</MIME>
</DFType>
</DFProperties>
<Node>
<NodeName>UserProfileManagement</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>EnableProfileManager</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DefaultValue>false</DefaultValue>
<Description>Enable profile lifetime mangement for shared or communal device scenarios.</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Enable profile manager</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>DeletionPolicy</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DefaultValue>1</DefaultValue>
<Description>Configures when profiles will be deleted. Allowed values: 0 (delete immediately upon device returning to a state with no currently active users); 1 (delete at storage capacity threshold); 2 (delete at both storage capacity threshold and profile inactivity threshold).</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Profile deletion policy</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>StorageCapacityStartDeletion</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DefaultValue>25</DefaultValue>
<Description>Start deleting profiles when available storage capacity falls below this threshold, given as percent of total storage available for profiles. Profiles that have been inactive the longest will be deleted first.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Storage capacity threshold to start profile deletion</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>StorageCapacityStopDeletion</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DefaultValue>50</DefaultValue>
<Description>Stop deleting profiles when available storage capacity is brought up to this threshold, given as percent of total storage available for profiles.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Storage capacity threshold to stop profile deletion</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ProfileInactivityThreshold</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DefaultValue>30</DefaultValue>
<Description>Start deleting profiles when they have not been logged on during the specified period, given as number of days.</Description>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Profile inactive threshold</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
</MgmtTree>
```

74
windows/client-management/mdm/configuration-service-provider-reference.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 03/12/2018
ms.date: 03/23/2018
---
# Configuration service provider reference
@ -29,6 +29,7 @@ Footnotes:
- 1 - Added in Windows 10, version 1607
- 2 - Added in Windows 10, version 1703
- 3 - Added in Windows 10, version 1709
- 4 - Added in Windows 10, version 1803
<!--StartCSPs-->
<hr/>
@ -36,7 +37,7 @@ Footnotes:
## CSP support
<!--StartCSP-->
[APPLICATION CSP](application-csp.md)
[AccountManagement CSP](accountmanagement-csp.md)
<!--StartSKU-->
<table>
@ -50,13 +51,13 @@ Footnotes:
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
@ -119,6 +120,34 @@ Footnotes:
<!--EndSKU-->
<!--EndCSP-->
<!--StartCSP-->
[APPLICATION CSP](application-csp.md)
<!--StartSKU-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
<th>Mobile Enterprise</th>
</tr>
<tr>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
</table>
<!--EndSKU-->
<!--EndCSP-->
<!--StartCSP-->
[AppLocker CSP](applocker-csp.md)
@ -2509,7 +2538,8 @@ Footnotes:
 Footnotes:
- 1 - Added in Windows 10, version 1607
- 2 - Added in Windows 10, version 1703
- 3 - Added in Windows 10, version 1803
- 3 - Added in Windows 10, version 1709
- 4 - Added in Windows 10, version 1803
## CSP DDF files download
@ -2527,6 +2557,7 @@ The following list shows the configuration service providers supported in Window
| Configuration service provider | Windows Holographic edition | Windows Holographic for Business edition |
|--------|--------|------------|
| [AccountManagement CSP](accountmanagement-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)3 |
| [Application CSP](application-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) |
| [AppLocker CSP](applocker-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) |
| [CertificateStore CSP](certificatestore-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png)|
@ -2549,30 +2580,11 @@ The following list shows the configuration service providers supported in Window
Footnotes:
- 2 - Added in Windows 10, version 1703
## <a href="" id="newcsps"></a>New CSPs added in Windows 10, version 1703
- [BitLocker CSP](bitlocker-csp.md)
- [CleanPC CSP](cleanpc-csp.md)
- [DeveloperSetup CSP](developersetup-csp.md)
- [DynamicManagement CSP](dynamicmanagement-csp.md)
- [EnterpriseAppVManagement CSP](enterpriseappvmanagement-csp.md)
- [Messaging CSP](messaging-csp.md)
- [NetworkProxy CSP](networkproxy-csp.md)
- [NetworkQoSPolicy CSP](networkqospolicy-csp.md)
- [Office CSP](office-csp.md)
- [Personalization CSP](personalization-csp.md)
## <a href="" id="newcsps"></a>New CSPs added in Windows 10, version 1511
- [AllJoynManagement CSP](alljoynmanagement-csp.md)
- [Maps CSP](maps-csp.md)
- [Reporting CSP](reporting-csp.md)
- [SurfaceHub CSP](surfacehub-csp.md)
- [WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md)
- 3 - Added in Windows 10, version 1803
## <a href="" id="surfacehubcspsupport"></a>CSPs supported in Microsoft Surface Hub
- [AccountManagement CSP](accountmanagement-csp.md)
- [APPLICATION CSP](application-csp.md)
- [CertificateStore CSP](certificatestore-csp.md)
- [ClientCertificateInstall CSP](clientcertificateinstall-csp.md)

BIN
windows/client-management/mdm/images/provisioning-csp-accountmanagement.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

11
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -10,7 +10,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 03/15/2018
ms.date: 03/23/2018
---
# What's new in MDM enrollment and management
@ -1329,11 +1329,16 @@ For details about Microsoft mobile device management protocols for Windows 10 s
</ul>
</td></tr>
<tr>
<<<<<<< HEAD
<td style="vertical-align:top">[AccountManagement CSP](accountmanagement-csp.md)</td>
<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
=======
<td style="vertical-align:top">[RootCATrustedCertificates CSP](rootcacertificates-csp.md)</td>
<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
<ul>
<li>UntrustedCertificates</li>
</ul>
>>>>>>> 2aa0839b99c52229c7cf43d58f467019b1284a6a
</td></tr>
</tbody>
</table>
@ -1640,6 +1645,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
</ul>
</td></tr>
<tr>
<td style="vertical-align:top">[AccountManagement CSP](accountmanagement-csp.md)</td>
<td style="vertical-align:top"><p>Added a new CSP in Windows 10, version 1803.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[RootCATrustedCertificates CSP](rootcacertificates-csp.md)</td>
<td style="vertical-align:top"><p>Added the following node in Windows 10, version 1803:</p>
<ul>

3
windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -77,14 +77,13 @@ Here's a list of changes that were made to this article for Windows 10, version
## <a href="" id="bkmk-othersettings"></a>Management options for each setting
The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all of these connections.
If you're running Windows 10, they will be included in the next update for the Long Term Servicing Branch.
### Settings for Windows 10 Enterprise edition
See the following table for a summary of the management settings for Windows 10 Enterprise, version 1709 and Windows 10 Enterprise, version 1703.
The following table lists management options for each setting, beginning with Windows 10 Enterprise version 1703.
| Setting | UI | Group Policy | MDM policy | Registry | Command line |
| - | :-: | :-: | :-: | :-: | :-: |

1
windows/deployment/TOC.md
View File

@ -248,6 +248,7 @@
##### [Security Update Status report](update/update-compliance-security-update-status.md)
##### [Feature Update Status report](update/update-compliance-feature-update-status.md)
##### [Windows Defender AV Status report](update/update-compliance-wd-av-status.md)
##### [Delivery Optimization in Update Compliance](update/update-compliance-delivery-optimization.md)
##### [Update Compliance Perspectives](update/update-compliance-perspectives.md)
### [Device Health](update/device-health-monitor.md)
#### [Get started with Device Health](update/device-health-get-started.md)

138
windows/deployment/update/device-health-using.md
View File

@ -4,7 +4,7 @@ description: Explains how to begin usihg Device Health.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.date: 10/10/2017
ms.date: 03/21/20178
ms.pagetype: deploy
author: jaimeo
---
@ -90,6 +90,142 @@ Clicking a listed driver on the Driver-Induced OS Crashes blade opens a driver p
The driver version table can help you determine whether deploying a newer version of the driver might help you reduce the crash rate. In the example shown above, the most commonly installed driver version (19.15.1.5) has a crash rate of about one-half of one percent--this is low, so this driver is probably fine. However, driver version 19.40.0.3 has a crash rate of almost 20%. If that driver had been widely deployed, updating it would substantially reduce the overal number of crashes in your organization.
## App Reliability
The App Reliability report shows you useful data on app usage and behavior so that you can identify apps that are misbehaving and then take steps to resolve the problem.
### App reliability events
The default view includes the **Devices with events** count, which shows the number of devices in your organization that have logged a reliability event for a given app over the last 14 days. A "reliability event" occurs when an app either exits unexpectedly or stops responding. The table also includes a **Devices with Usage** count. This enables you to see how widely used the app was over the same period to put the Devices with Events count into perspective.
![Main App Reliability view](images/app-reliability-main.png)
When you click a particular app, the detailed **App reliability** view opens. The first element in the view is the App Information summary:
![App reliability view with columns for app name, publisher, devices with usage, devices with events, percentage of devices with events logged for that app, and percentage of devices with events as a "commercial average"](images/app-reliability-app-detail.png)
This table contains:
- App name
- Publisher
- Devices with usage: the number of unique devices that logged any usage of the app
- Devices with events: the number of unique devices that logged any reliability event for the app
- % with events: the ratio of "devices with events" to "devices with usage"
- % with events (commercial average): the ratio of "devices with events" to "devices with usage" in data collected from deployments with a mix of operating system versions and device models that is similar to yours. This can help you decide if a given app is having problems specifically in your environment or more generally in many environments.
#### Trend section
Following the App Information summary is the trend section:
![Trend view](images/app-reliability-trend-view.png)
With these trend graphs you can more easily detect if an issue is growing, shrinking, or steady. The trend graph on the left shows the number of devices that logged any reliability event for the app. The trend graph on the right shows the ratio of "devices with events" to "devices with usage."
Each graph displays two lines:
- Trailing window: in this line, each days value reflects reliability events that occurred in the 14 days leading up to that day. This is useful for gauging the long-term trend with reduced volatility due to weekends and small populations.
- Single day: Each days value reflects reliability events that occurred in a single day. This is useful if an issue is quickly emerging (or being resolved).
#### App and OS versions table
The next element in the view is the App and OS versions table:
![App/OS version view](images/app-reliability-app-OS-version.png)
This table breaks out the metrics by combinations of App and OS version. This enables you to identify patterns in that might indicate devices needing an update or configuration change.
For example, if the table shows that a later version of an app is more reliable than an earlier version in your environment, then prioritizing deployment of the later version is likely the best path forward. If you are already running the latest version of the app, but reliability events are increasing, then you might need to do some troubleshooting, or seek support from Microsoft or the app vendor.
By default the table is limited to the most-used version combinations in your environment. To see all version combinations click anywhere in the table.
#### Reliability event history table
The next element in the view is the reliability event history table:
![event history view](images/app-reliability-event-history.png)
This table shows the most detailed information. Although Device Health is not a debugging tool, the details available in this table can help with troubleshooting by providing the specific devices, versions, and dates of the reliability events.
This view also includes the **Diagnostic Signature** column. This value can be helpful when you are working with product support or troubleshooting on your own. The value (also known as Failure ID or Failure Name) is the same identifier used to summarize crash statistics for Microsoft and partner developers.
The Diagnostic Signature value contains the type of reliability event, error code, DLL name, and function name involved. You can use this information to narrow the scope of troubleshooting. For example, a value like *APPLICATION_HANG_ThreadHang_Contoso-Add-In.dll!GetRegistryValue()* implies that the app stopped responding when Contoso-Add-In was trying to read a registry value. In this case you might prioritize updating or disabling the add-in, or using Process Monitor to identify the registry value it was trying to read, which could lead to a resolution through antivirus exclusions, fixing missing keys, or similar remedies.
By default the table is limited to a few recent rows. To see all rows click anywhere in the table.
### FAQs and limitations
#### Why does a particular app not appear in the views?
When we allow reliability events from all processes, the list of apps fills with noisy processes which don't feel like meaningful end-user apps (for example, taskhost.exe or odd-test-thing.exe). In order to draw focus to the apps which matter most to users, App Reliability uses a series of filters to limit what appears in the list. The filter criteria include the following:
- Filter out background processes which have no detected user interaction.
- Filter out operating system processes which, despite having user interaction, do not feel like apps (for example, Logonui.exe, Winlogon.exe). **Known limitation:** Some processes which may feel like apps are not currently detected as such (and are therefore filtered out as OS processes). These include Explorer.exe, Iexplore.exe, Microsoftedge.exe, and several others.
- Remove apps which are not widely used in your environment. **Known limitation:** This might result in an app that you consider important being filtered out when that app is not among the 30 most widely used in your environment.
We welcome your suggestions and feedback on this filtering process at the [Device Health Tech Community](https://aka.ms/community/DeviceHealth).
#### Why are there multiple names and entries for the same app?
For example, you might see *Skype for Business*, *skype for business*, and *Lync* listed separately, but you only use *Skype for Business*. Or you might see *MyApp Pro* and *MyApp Professional* listed separately, even though they feel like the same thing.
#### Clicking an app in the App Reliability Events blade sometimes results a List view of records instead of the App Reliability view
To work around this, click the **App Reliability** tab above the results to see the expected view.
![Click app reliability tab](images/app-reliability-tab.png)
#### Clicking "See all…" from the App Reliability Events blade followed by clicking an app from the expanded list results in raw records instead of the App Reliability view
To work around this, replace all of the text in the Log Search query box with the following:
*DHAppReliability | where AppFileDisplayName == "<Name of app as it appeared in the list>"*
For example:
*DHAppReliability | where AppFileDisplayName == "Microsoft Outlook"*
## Login Health
Login Health provides reports on Windows login attempts in your environment, including metrics on the login methods being used (such as Windows Hello, face recognition, fingerprint recognition, PIN, or password), the rates and patterns of login success and failure, and the specific reasons logins have failed.
The Login Health blades appear in the Device Health dashboard:
![Main Login health view](images/login-health.png)
### Login Errors
The **Login errors** blade displays data on the frequency and type of errors, with statistics on specific errors. They are generally categorized into user-generated (caused by bad input) or non-user-generated (might need IT intervention) errors. Click any individual error to see all instances of the error's occurence for the specified time period.
### Login Metrics by Type
The **Login metrics by type** blade shows the success rate for your devices, as well as the success rate for other environments with a mix of operating system versions and device models similar to yours (the **Commercial average success rate**).
In the table (by type) you can gauge how broadly each login type is attempted, the number of devices that prefer the type (most used), and the success rate. If migration from passwords to an alternative such as Hello: PIN is going well, you would see high usage and high success rates for the new type.
Click any of the login types to see detailed login health data for that type:
![Login type detail](images/login-health-detail.png)
This view shows trends over time of usage, preferred credentials, and success rate along with the most frequent errors and frequently failing devices for that login type.
Click a specific login error in this view to see a list of all instances for that error and login type within the specified time range:
![Login error detail](images/login-health-detail-failure.png)
Included in this view are device attributes and error attributes such as the following:
- LogonStatus/LogonSubStatus: Status code for the login attempt
- SignInFailureReason: Known failure reasons evaluated from status or sub-status
- SuggestedSignInRemediation: Suggested remediation that was presented to the user at the time of error
The filters in the left pane allow you to filter errors to a particular operating system, device model, or other parameters. Alternatively, clicking the most frequently failing models from the Login Health perspective will take you to a list of error instances filtered to the login type and specified device model within the specified time range.
>[!NOTE]
> Windows Hello: Face authentication errors are not currently included in the login health reports.

BIN
windows/deployment/update/images/app-reliability-app-OS-version.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
windows/deployment/update/images/app-reliability-app-detail.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.5 KiB

BIN
windows/deployment/update/images/app-reliability-event-history.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 28 KiB

BIN
windows/deployment/update/images/app-reliability-main.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 61 KiB

BIN
windows/deployment/update/images/app-reliability-tab.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 52 KiB

BIN
windows/deployment/update/images/app-reliability-trend-view.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
windows/deployment/update/images/login-health-detail-failure.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 103 KiB

BIN
windows/deployment/update/images/login-health-detail.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 66 KiB

After

Width:  |  Height:  |  Size: 104 KiB

BIN
windows/deployment/update/images/login-health.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 81 KiB

After

Width:  |  Height:  |  Size: 57 KiB

9
windows/deployment/update/update-compliance-delivery-optimization.md
View File

@ -1,5 +1,5 @@
---
title: DO in Update Compliance (Windows 10)
title: Delivery Optimization in Update Compliance (Windows 10)
description: new Delivery Optimization data displayed in Update Compliance
ms.prod: w10
ms.mktglfcycl: deploy
@ -7,14 +7,15 @@ ms.sitesec: library
ms.pagetype: deploy
author: jaimeo
ms.author: jaimeo
ms.date: 03/23/2018
ms.date: 03/27/2018
---
# DO in Update Compliance
# Delivery Optimization in Update Compliance
The Update Compliance solution of Windows Analytics provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer distribution over the past 28 days.
## Delivery Optimization Status
The Delivery Optimization Status section provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer distribution over the past 28 days. There are three blades in the Delivery Optimization Status:
The Delivery Optimization Status section includes three blades:
- The **Device Configuration** blade shows a breakdown of download configuration for each device
- The **Content Distribution (%)** blade shows the percentage of bandwidth savings for each category

10
windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
View File

@ -6,10 +6,10 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, mobile
author: DaniHalfin
ms.localizationpriority: high
ms.author: daniha
ms.date: 09/08/2017
author: mikestephens-MS
ms.author: mstephen
localizationpriority: high
ms.date: 03/26/2018
---
# Prepare and Deploy Windows Server 2016 Active Directory Federation Services
@ -36,7 +36,7 @@ Prepare the Active Directory Federation Services deployment by installing and up
Sign-in the federation server with _local admin_ equivalent credentials.
1. Ensure Windows Server 2016 is current by running **Windows Update** from **Settings**. Continue this process until no further updates are needed. If youre not using Windows Update for updates, please advise the [Windows Server 2016 update history page](https://support.microsoft.com/help/4000825/windows-10-windows-server-2016-update-history) to make sure you have the latest updates available installed.
2. Ensure the latest server updates to the federation server includes [KB4034658 (14393.1593)](https://support.microsoft.com/en-us/help/4034658).
2. Ensure the latest server updates to the federation server includes [KB4088889 (14393.2155)](https://support.microsoft.com/en-us/help/4088889).
>[!IMPORTANT]
>The above referenced updates are mandatory for Windows Hello for Business all on-premises deployment and hybrid certificate trust deployments for domain joined computers.

4
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
View File

@ -9,7 +9,7 @@ ms.pagetype: security, mobile
author: mikestephens-MS
ms.author: mstephen
localizationpriority: high
ms.date: 02/23/2018
ms.date: 03/26/2018
---
# Configure Device Registration for Hybrid Windows Hello for Business
@ -88,7 +88,7 @@ Once you have your AD FS design ready, review [Deploying a Federation Server far
> [!IMPORTANT]
> During your AD FS deployment, skip the **Configure a federation server with Device Registration Service** and the **Configure Corporate DNS for the Federation Service and DRS** procedures.
The AD FS farm used with Windows Hello for Business must be Windows Server 2016 with minimum update of [KB4034658 (14393.1593)](https://support.microsoft.com/en-us/help/4034658), which is automatically downloaded and installed through Windows Update. If your AD FS farm is not running the AD FS role with updates from Windows Server 2016, then read [Upgrading to AD FS in Windows Server 2016](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016)
The AD FS farm used with Windows Hello for Business must be Windows Server 2016 with minimum update of [KB4088889 (14393.2155)](https://support.microsoft.com/en-us/help/4088889). If your AD FS farm is not running the AD FS role with updates from Windows Server 2016, then read [Upgrading to AD FS in Windows Server 2016](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016)
#### ADFS Web Proxy ###
Federation server proxies are computers that run AD FS software that have been configured manually to act in the proxy role. You can use federation server proxies in your organization to provide intermediary services between an Internet client and a federation server that is behind a firewall on your corporate network.

6
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
View File

@ -9,7 +9,7 @@ ms.pagetype: security, mobile
author: mikestephens-MS
ms.author: mstephen
localizationpriority: high
ms.date: 11/08/2017
ms.date: 03/26/2018
---
# Hybrid Windows Hello for Business Prerequisites
@ -80,12 +80,12 @@ Organizations using older directory synchronization technology, such as DirSync
## Federation ##
Federating your on-premises Active Directory with Azure Active Directory ensures all identities have access to all resources regardless if they reside in cloud or on-premises. Windows Hello for Business hybrid certificate trust needs Windows Server 2016 Active Directory Federation Services. All nodes in the AD FS farm must run the same version of AD FS. Additionally, you need to configure your AD FS farm to support Azure registered devices.
The AD FS farm used with Windows Hello for Business must be Windows Server 2016 with minimum update of [KB4034658 (14393.1593)](https://support.microsoft.com/en-us/help/4034658), which is automatically downloaded and installed through Windows Update. If your AD FS farm is not running the AD FS role with updates from Windows Server 2016, then read [Upgrading to AD FS in Windows Server 2016](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016)
The AD FS farm used with Windows Hello for Business must be Windows Server 2016 with minimum update of [KB4088889 (14393.2155)](https://support.microsoft.com/en-us/help/4088889). If your AD FS farm is not running the AD FS role with updates from Windows Server 2016, then read [Upgrading to AD FS in Windows Server 2016](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016)
### Section Review ###
> [!div class="checklist"]
> * Windows Server 2016 Active Directory Federation Services
> * Minimum update of [KB4034658 (14393.1593)](https://support.microsoft.com/en-us/help/4034658)
> * Minimum update of [KB4088889 (14393.2155)](https://support.microsoft.com/en-us/help/4088889)
<br>

8
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
View File

@ -9,7 +9,7 @@ ms.pagetype: security, mobile
author: mikestephens-MS
ms.author: mstephen
localizationpriority: high
ms.date: 10/23/2017
ms.date: 03/26/2018
---
# Hybrid Windows Hello for Business Provisioning
@ -48,12 +48,14 @@ The provisioning flow has all the information it needs to complete the Windows H
The remainder of the provisioning includes Windows Hello for Business requesting an asymmetric key pair for the user, preferably from the TPM (or required if explicitly set through policy). Once the key pair is acquired, Windows communicates with Azure Active Directory to register the public key. AAD Connect syncrhonizes the user's key to the on-prem Active Directory.
> [!IMPORTANT]
> The minimum time needed to syncrhonize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval.
> The following is the enrollment behavior prior to Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/en-us/help/4088889).
> The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval.
> **This synchronization latency delays the the user's ability to authenticate and use on-premises resouces until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
> Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
> [!NOTE]
> Microsoft is actively investigating ways to reduce the syncrhonization latency and delays in certificate enrollment with the goal to make certificate enrollment occur real-time.
> Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/en-us/help/4088889) provides synchronous certificate enrollment during hybrid certificate trust provisioning. With this update, users no longer need to wait for Azure AD Connect to sync their public key on-premises. Users enroll their certificate during provisioning and can use the certificate for sign-in immediately after completeling the provisioning.
After a successful key registration, Windows creates a certificate request using the same key pair to request a certificate. Windows send the certificate request to the AD FS server for certificate enrollment.

7
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
View File

@ -9,7 +9,7 @@ ms.pagetype: security, mobile
localizationpriority: high
author: mikestephens-MS
ms.author: mstephen
ms.date: 10/23/2017
ms.date: 03/26/2018
---
# Configure Windows Hello for Business: Active Directory Federation Services
@ -36,11 +36,6 @@ Sign-in the AD FS server with *Domain Admin* equivalent credentials.
```
The `Set-AdfsCertificateAuthority` cmdlet should show the following warning:
>WARNING: PS0343: Issuing Windows Hello certificates requires enabling a permitted strong authentication provider, but no usable providers are currently configured. These authentication providers are not supported for Windows Hello certificates: CertificateAuthentication,MicrosoftPassportAuthentication. Windows Hello certificates will not be issued until a permitted strong authentication provider is configured.
This warning indicates that you have not configured multi-factor authentication in AD FS and until it is configured, the AD FS server will not issue Windows Hello certificates. Windows 10, version 1703 clients check this configuration during prerequisite checks. If detected, the prerequisite check will not succeed and the user will not provision Windows Hello for Business on sign-in.
>[!NOTE]
> If you gave your Windows Hello for Business Enrollment Agent and Windows Hello for Business Authentication certificate templates different names, then replace **WHFBEnrollmentAgent** and WHFBAuthentication in the above command with the name of your certificate templates. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the **Certificate Template** management console (certtmpl.msc). Or, you can view the template name using the **Get-CATemplate** ADCS Administration Windows PowerShell cmdlet on a Windows Server 2012 or later certificate authority.

4
windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
View File

@ -9,7 +9,7 @@ ms.pagetype: security, mobile
author: mikestephens-MS
ms.author: mstephen
localizationpriority: high
ms.date: 10/20/2017
ms.date: 03/26/2018
---
# Windows Hello for Business Key Trust New Installation
@ -70,7 +70,7 @@ Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 o
## Configure a Production Public Key Infrastructure
If you do have an existing public key infrastructure, please review [Certification Authority Guidance](https://technet.microsoft.com/library/hh831574.aspx) from Microsoft TechNet to properly design your infrastructure. Then, consult the [Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy](https://technet.microsoft.com/library/hh831348.aspx) for instructions on how to configure your public key infrastructure using the information from your design session.
If you do not have an existing public key infrastructure, please review [Certification Authority Guidance](https://technet.microsoft.com/library/hh831574.aspx) from Microsoft TechNet to properly design your infrastructure. Then, consult the [Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy](https://technet.microsoft.com/library/hh831348.aspx) for instructions on how to configure your public key infrastructure using the information from your design session.
> [!IMPORTANT]
> For Azure AD joined device to authenticate to and use on-premises resources, ensure you:

8
windows/security/identity-protection/hello-for-business/hello-identity-verification.md
View File

@ -10,7 +10,7 @@ ms.pagetype: security, mobile
author: mikestephens-MS
ms.author: mstephen
localizationpriority: high
ms.date: 12/04/2017
ms.date: 03/26/2018
---
# Windows Hello for Business
@ -43,12 +43,12 @@ The table shows the minimum requirements for each deployment.
| Key trust</br>Group Policy managed | Certificate trust</br>Mixed managed | Key trust</br>Modern managed | Certificate trust</br>Modern managed |
| --- | --- | --- | --- |
| Windows 10, version 1511 or later| Windows 10, version 1703 or later (domain joined)</br>Windows 10, version 1511 or later (cloud joined) | Windows 10, version 1511 or later | Windows 10, version 1511 or later |
| Windows 10, version 1511 or later| **Hybrid Azure AD Joined:**<br> *Minimum:* Windows 10, version 1703<br> *Best experience:* Windows 10, version 1709 or later (supports synchronous certificate enrollment).</br>**Azure AD Joined:**<br> Windows 10, version 1511 or later| Windows 10, version 1511 or later | Windows 10, version 1511 or later |
| Windows Server 2016 Schema | Windows Server 2016 Schema | Windows Server 2016 Schema | Windows Server 2016 Schema |
| Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level| Windows Server 2008 R2 Domain/Forest functional level |Windows Server 2008 R2 Domain/Forest functional level |
| Windows Server 2016 Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | Windows Server 2016 Domain Controllers | Windows Server 2008 R2 or later Domain Controllers |
| Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority |
| N/A | Windows Server 2016 AD FS with KB4022723 update (domain joined), and</br>Windows Server 2012 or later Network Device Enrollment Service (cloud joined) | N/A | Windows Server 2012 or later Network Device Enrollment Service |
| N/A | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/en-us/help/4088889) (hybrid Azure AD joined clients),<br> and</br>Windows Server 2012 or later Network Device Enrollment Service (Azure AD joined) | N/A | Windows Server 2012 or later Network Device Enrollment Service |
| Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter| Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or</br>AD FS w/Azure MFA adapter, or</br>AD FS w/Azure MFA Server adapter, or</br>AD FS w/3rd Party MFA Adapter |
| Azure Account | Azure Account | Azure Account | Azure Account |
| Azure Active Directory | Azure Active Directory | Azure Active Directory | Azure Active Directory |
@ -65,7 +65,7 @@ The table shows the minimum requirements for each deployment.
| Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level |
| Windows Server 2016 Domain Controllers | Windows Server 2008 R2 or later Domain Controllers |
| Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority |
| Windows Server 2016 AD FS with [KB4022723 update](https://support.microsoft.com/en-us/help/4022723) | Windows Server 2016 AD FS with [KB4022723 update](https://support.microsoft.com/en-us/help/4022723) |
| Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/en-us/help/4088889) | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/en-us/help/4088889) |
| AD FS with Azure MFA Server, or</br>AD FS with 3rd Party MFA Adapter | AD FS with Azure MFA Server, or</br>AD FS with 3rd Party MFA Adapter |
| Azure Account, optional for Azure MFA billing | Azure Account, optional for Azure MFA billing |

4
windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
View File

@ -9,7 +9,7 @@ ms.pagetype: security, mobile
author: mikestephens-MS
ms.author: mstephen
localizationpriority: high
ms.date: 10/10/2017
ms.date: 03/26/2018
---
# Prepare and Deploy Windows Server 2016 Active Directory Federation Services
@ -36,7 +36,7 @@ Prepare the Active Directory Federation Services deployment by installing and up
Sign-in the federation server with _local admin_ equivalent credentials.
1. Ensure Windows Server 2016 is current by running **Windows Update** from **Settings**. Continue this process until no further updates are needed. If youre not using Windows Update for updates, please review the [Windows Server 2016 update history page](https://support.microsoft.com/help/4000825/windows-10-windows-server-2016-update-history) to make sure you have the latest updates available installed.
2. Ensure the latest server updates to the federation server includes [KB4034658 (14393.1593)](https://support.microsoft.com/en-us/help/4034658).
2. Ensure the latest server updates to the federation server includes [KB4088889 (14393.2155)](https://support.microsoft.com/en-us/help/4088889).
>[!IMPORTANT]
>The above referenced updates are mandatory for Windows Hello for Business all on-premises deployment and hybrid certificate trust deployments for domain joined computers.

7
windows/security/identity-protection/hello-for-business/hello-planning-guide.md
View File

@ -9,13 +9,12 @@ ms.pagetype: security, mobile
author: mikestephens-MS
ms.author: mstephen
localizationpriority: high
ms.date: 10/20/2017
ms.date: 03/26/2018
---
# Planning a Windows Hello for Business Deployment
**Applies to**
- Windows 10
- Windows 10 Mobile
> This guide only applies to Windows 10, version 1511 or higher.
@ -176,7 +175,7 @@ A successful Windows Hello for Business requires all devices to register with th
If box **1a** on your planning worksheet reads **cloud only** or **hybrid**, write **Azure** in box **1c** on your planning worksheet.
If box **1a** on your planning worksheet reads **on-premises**, write **AF FS** in box **1c** on your planning worksheet.
If box **1a** on your planning worksheet reads **on-premises**, write **AD FS** in box **1c** on your planning worksheet.
### Key Registration
@ -184,7 +183,7 @@ All users provisioning Windows Hello for Business have their public key register
If box **1a** on your planning worksheet reads **cloud only** or **hybrid**, write **Azure** in box **1d** on your planning worksheet.
If box **1a** on your planning worksheet reads **on-premises**, write **AF FS** in box **1d** on your planning worksheet.
If box **1a** on your planning worksheet reads **on-premises**, write **AD FS** in box **1d** on your planning worksheet.
### Directory Synchronization

2
windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md
View File

@ -84,7 +84,7 @@ Configure the **Maximum lifetime for user ticket renewal** setting to 7 days.
### Potential impact
None. This is the default configuration.
Seven (7) days is the default configuration. Changing the default configuration is a tradeoff between user convenience and security. A shorter time period requires users to authenticate with a DC more often, but remote users who authenticate with a DC infrequently can be locked out of services until they reauthenticate.
## Related topics

60
windows/security/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
View File

@ -117,6 +117,66 @@ Configuration for onboarded machines: diagnostic data reporting frequency | ./De
>[!TIP]
> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
### Using the Azure Intune Portal to deploy Windows Defender Advanced Threat Protection policies on Windows 10 1607 and higher
1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
a. Select **Endpoint management** > **Clients** on the **Navigation pane**.
b. Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file.
![Endpoint onboarding](images/atp-mdm-onboarding-package.png)
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP.onboarding*.
3. Login to the [Microsoft Azure portal](https://portal.azure.com).
4. From the Intune blade, choose **Device configuration**.
![Image of device configuration menu in Microsoft Azure](images/atp-azure-intune-device-config.png)
5. Under **Manage**, choose **Profiles** and click **Create Profile**.
![Image of policy creation in Azure](images/atp-azure-intune-create-profile.png)
6. Type a name, description and choose **Windows 10 and later** as the Platform and **Custom** as the Profile type.
![Image of naming a policy](images/atp-intune-custom.png)
7. Click **Settings** > **Configure**.
![Image of settings](images/atp-intune-configure.png)
8. Under Custom OMA-URI Settings, click **Add**.
![Image of configuration settings](images/atp-custom-oma-uri.png)
9. Enter the following values, then click **OK**.
![Image of profile creation](images/atp-oma-uri-values.png)
- **Name**: Type a name for the setting.
- **Description**: Type a description for the setting.
- **OMA-URI**: _./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Onboarding_
- **Value**: Copy and paste the contents of the WindowsDefenderATP.onboarding file you downloaded.
10. Save the settings by clicking **OK**.
11. Click **Create**.
![Image of the policy being created](images/atp-intune-create-policy.png)
12. To deploy the Profile, click **Assignments**.
![Image of groups](images/atp-intune-assignments.png)
13. Search for and select the Group you want to apply the Configuration Profile to, then click **Select**.
![Image of groups](images/atp-intune-group.png)
14. Click **Save** to finish deploying the Configuration Profile.
![Image of deployment](images/atp-intune-save-deployment.png)
### Offboard and monitor endpoints

17
windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md
View File

@ -10,7 +10,7 @@ ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.date: 10/16/2017
ms.date: 03/27/2018
---
# Create custom alerts using the threat intelligence (TI) application program interface (API)
@ -184,6 +184,21 @@ Content-Type: application/json;
```
If successful, you should get a 201 CREATED response containing the representation of the newly created indicators of compromise in the payload.
The API currently supports the following IOC types:
- Sha1
- Sha256
- Md5
- FileName
- IpAddress
- DomainName
And the following operators:
- Equals
- StartWith
- EndWith
- Contains
## Bulk upload of alert definitions and IOCs
Bulk upload of multiple entities can be done by sending an HTTP POST request to `/{resource}/Actions.BulkUpload`. </br>