diff --git a/browsers/internet-explorer/ie11-deploy-guide/images/configmgrhardwareinventory.png b/browsers/internet-explorer/ie11-deploy-guide/images/configmgrhardwareinventory.png index d2508016be..7626296e87 100644 Binary files a/browsers/internet-explorer/ie11-deploy-guide/images/configmgrhardwareinventory.png and b/browsers/internet-explorer/ie11-deploy-guide/images/configmgrhardwareinventory.png differ diff --git a/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md b/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md index 0031c6792e..7adcb24c17 100644 --- a/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md +++ b/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md @@ -9,7 +9,7 @@ ms.reviewer: ramakoni, DEV_Triage ms.prod: internet-explorer ms.technology: ms.topic: kb-support -ms.custom: CI=111020 +ms.custom: CI=111026 ms.localizationpriority: Normal # localization_priority: medium # ms.translationtype: MT @@ -71,10 +71,18 @@ The batch file offers the following options: **Contents of the batch file** -```console +```dos @echo off -:: AxelR Test Batch -:: tested on Windows 8 + IE10, Windows7 + IE9 +# This sample script is not supported under any Microsoft standard support program or service. +# The sample script is provided AS IS without warranty of any kind. Microsoft further disclaims +# all implied warranties including, without limitation, any implied warranties of merchantability +# or of fitness for a particular purpose. The entire risk arising out of the use or performance of +# the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, +# or anyone else involved in the creation, production, or delivery of the scripts be liable for any +# damages whatsoever (including, without limitation, damages for loss of business profits, business +# interruption, loss of business information, or other pecuniary loss) arising out of the use of or +# inability to use the sample scripts or documentation, even if Microsoft has been advised of the +# possibility of such damages :home cls @@ -83,55 +91,33 @@ echo Delete IE History echo Please select the task you wish to run. echo Pick one: echo. -echo 1. Delete Non-trusted web History(low level hidden clean up) -echo 2. Delete History -echo 3. Delete Cookies -echo 4. Delete Temporary Internet Files -echo 5. Delete Form Data -echo 6. Delete Stored Passwords -echo 7. Delete All -echo 8. Delete All "Also delete files and settings stored by add-ons" -echo 9. Delete IE10 and 9 Temporary Internet Files -echo 10. Reset IE Settings -echo 77. EXIT +echo 1. Delete History +echo 2. Delete Cookies +echo 3. Delete Temporary Internet Files +echo 4. Delete Form Data +echo 5. Delete Stored Passwords +echo 6. Delete All +echo 7. Delete All "Also delete files and settings stored by add-ons" +echo 8. Delete IE10 and 9 Temporary Internet Files +echo 9. Reset IE Settings +echo 00. EXIT :choice Echo Hit a number [1-10] and press enter. set /P CH=[1-10] -if "%CH%"=="1" set x=del /s /q C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah -if "%CH%"=="2" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1 -if "%CH%"=="3" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2 -if "%CH%"=="4" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8 -if "%CH%"=="5" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16 -if "%CH%"=="6" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32 -if "%CH%"=="7" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255 -if "%CH%"=="8" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351 -if "%CH%"=="9" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 9 -if "%CH%"=="10" set x=rundll32.exe inetcpl.cpl ResetIEtoDefaults -if "%CH%"=="77" goto quit +if "%CH%"=="1" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1 +if "%CH%"=="2" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2 +if "%CH%"=="3" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8 +if "%CH%"=="4" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16 +if "%CH%"=="5" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32 +if "%CH%"=="6" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255 +if "%CH%"=="7" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351 +if "%CH%"=="8" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 9 +if "%CH%"=="9" set x=rundll32.exe inetcpl.cpl ResetIEtoDefaults +if "%CH%"=="00" goto quit %x% -goto Home - -::Temporary Internet Files > Delete files - To delete copies of web pages, images, and media -::that are saved for faster viewing. -::Cookies > Delete cookies - To delete cookies, which are files that are stored on your computer by -::websites to save preferences such as login information. -::History > Delete history - To delete the history of the websites you have visited. -::Form data > Delete forms - To delete all the saved information that you have typed into -::forms. -::Passwords > Delete passwords - To delete all the passwords that are automatically filled in -::when you log on to a website that you've previously visited. -::Delete all - To delete all of these listed items in one operation. - -::enter below in search/run to see Low history dir if exists -::C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low - -::Delete all low (untrusted history) very hidden -::this will clean any unlocked files under the dir and not delete the dir structure -::del /s /q low\* /ah ::del /s /q C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah - goto Home :quit ``` diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index 4decd51404..330bc3286e 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -65,7 +65,9 @@ ## [Frequently asked security questions](hololens-faq-security.md) ## [Status of the HoloLens services](hololens-status.md) ## [Get support](https://support.microsoft.com/supportforbusiness/productselection?sapid=3ec35c62-022f-466b-3a1e-dbbb7b9a55fb) -## [SCEP whitepaper](scep-whitepaper.md) + +# Resources +## [Windows Autopilot for HoloLens 2 evaluation guide](hololens2-autopilot.md) # [HoloLens release notes](hololens-release-notes.md) # [Give us feedback](hololens-feedback.md) diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md index 4b3449e838..9a1b48b3eb 100644 --- a/devices/hololens/change-history-hololens.md +++ b/devices/hololens/change-history-hololens.md @@ -1,7 +1,7 @@ --- title: Change history for Microsoft HoloLens documentation ms.reviewer: -manager: dansimp +manager: laurawi description: This topic lists new and updated topics for HoloLens. keywords: change history ms.prod: hololens diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md index a19c9d48cf..89a01c0628 100644 --- a/devices/hololens/hololens-cortana.md +++ b/devices/hololens/hololens-cortana.md @@ -30,7 +30,7 @@ This article teaches you how to control HoloLens and your holographic world with ## Built-in voice commands -Get around HoloLens faster with these basic commands. In order to use these you need to enable Speech during first run of the device or in **Settings** > **Privacy** > **Speech**. You can always check whether speech is enabled by looking at the status at the top of Start menu. +Get around HoloLens faster with these basic commands. In order to use these, you need to enable Speech during the first run of the device or in **Settings** > **Privacy** > **Speech**. You can always check whether speech is enabled by looking at the status at the top of the Start menu. For the best speech recognition results, HoloLens 2 uses the Microsoft cloud-based services. However, you can use Settings to disable this feature. To do this, in Settings, turn off **Online speech recognition**. After you change this setting, HoloLens 2 will only process voice data locally to recognize commands and dictation, and Cortana will not be available. ### General speech commands diff --git a/devices/hololens/hololens-encryption.md b/devices/hololens/hololens-encryption.md index af44d41fb3..6b2cfb74bc 100644 --- a/devices/hololens/hololens-encryption.md +++ b/devices/hololens/hololens-encryption.md @@ -10,7 +10,7 @@ ms.topic: article ms.localizationpriority: medium ms.date: 01/26/2019 ms.reviewer: -manager: dansimp +manager: laurawi appliesto: - HoloLens (1st gen) --- diff --git a/devices/hololens/hololens-enroll-mdm.md b/devices/hololens/hololens-enroll-mdm.md index c8b54ac1f2..bce3d27644 100644 --- a/devices/hololens/hololens-enroll-mdm.md +++ b/devices/hololens/hololens-enroll-mdm.md @@ -10,7 +10,7 @@ ms.topic: article ms.localizationpriority: medium ms.date: 07/15/2019 ms.reviewer: -manager: dansimp +manager: laurawi appliesto: - HoloLens (1st gen) - HoloLens 2 diff --git a/devices/hololens/hololens-faq-security.md b/devices/hololens/hololens-faq-security.md index 78dacbb581..85f66c8318 100644 --- a/devices/hololens/hololens-faq-security.md +++ b/devices/hololens/hololens-faq-security.md @@ -73,8 +73,6 @@ appliesto: 1. **When a PKI cert is being generated for trusted communication, we want the cert to be generated on the device so that we know it's only on that device, unique to that device, and can't be exported or used to impersonate the device. Is this true on HoloLens? If not is there a potential mitigation?** 1. CSR for SCEP is generated on the device itself. Intune and the on premise SCEP connector help secure the requests themselves by adding and verifying a challenge string that's sent to the client. 1. Since HoloLens (1st Gen and 2nd Gen) have a TPM module, these certs would be stored in the TPM module, and are unable to be extracted. Additionally, even if it could be extracted, the challenge strings couldn't be verified on a different device, rendering the certs/key unusable on different devices. -1. **SCEP is vulnerable. How does Microsoft mitigate the known vulnerabilities of SCEP?** - 1. This [SCEP Whitepaper](scep-whitepaper.md) addresses how Microsoft mitigates SCEP vulnerabilities. ## HoloLens 2nd Gen Security Questions @@ -125,5 +123,3 @@ appliesto: 1. **When a PKI cert is being generated for trusted communication, we want the cert to be generated on the device so that we know it's only on that device, unique to that device, and can't be exported or used to impersonate the device. Is this true on HoloLens? If not is there a potential mitigation?** 1. CSR for SCEP is generated on the device itself. Intune and the on premise SCEP connector help secure the requests themselves by adding and verifying a challenge string that's sent to the client. 1. Since HoloLens (1st Gen and 2nd Gen) have a TPM module, these certs would be stored in the TPM module, and are unable to be extracted. Additionally, even if it could be extracted, the challenge strings couldn't be verified on a different device, rendering the certs/key unusable on different devices. -1. **SCEP is vulnerable. How does Microsoft mitigate the known vulnerabilities of SCEP?** - 1. This [SCEP Whitepaper](scep-whitepaper.md) addresses how Microsoft mitigates SCEP vulnerabilities. diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md index 68262afb5b..c4d1cee1a2 100644 --- a/devices/hololens/hololens-insider.md +++ b/devices/hololens/hololens-insider.md @@ -11,9 +11,9 @@ ms.custom: - CSSTroubleshooting ms.localizationpriority: medium audience: ITPro -ms.date: 1/6/2020 +ms.date: 4/14/2020 ms.reviewer: -manager: dansimp +manager: laurawi appliesto: - HoloLens 2 --- @@ -64,7 +64,7 @@ Here's a quick summary of what's new: - Support for FIDO2 Security Keys to enable secure and easy authentication for shared devices - Seamlessly apply a provisioning package from a USB drive to your HoloLens - Use a provisioning packages to enroll your HoloLens to your Mobile Device Management system -- Use Windows AutoPilot to set up and pre-configure new devices, quickly getting them ready for productive use. Send a note to hlappreview@microsoft.com to join the preview. +- Use Windows Autopilot to set up and pre-configure new devices, quickly getting them ready for productive use. To participate in the program you'll need to meet a few requirements. While the program is in preview mode you'll need to be using Microsoft Intune. You'll need to use a tenant that is flighted for HoloLens. Lastly you'll need to have installed an insider preview buildon your HoloLens 2. To praticipate in the preview of this new program send a note to hlappreview@microsoft.com to join the preview. - Dark Mode - HoloLens customers can now choose the default mode for apps that support both color schemes! Based on customer feedback, with this update we are setting the default app mode to "dark," but you can easily change this setting at any time. - Support for additional system voice commands - An updated Cortana app with a focus on productivity @@ -120,6 +120,19 @@ Here are some of the in-box apps that support Dark mode! - 3D Viewer - Movies & TV +### Windows Autopilot for HoloLens 2 + +This Autopilot program supports Autopilot self-deploying mode to provision HoloLens 2 devices as shared devices under your tenant. Self-deploying mode leverages the device's preinstalled OEM image and drivers during the provisioning process. A user can provision the device without putting the device on and going through the Out-of-the-box Experience (OOBE). + +When a user starts the Autopilot self-deploying process, the process completes the following steps: +1. Join the device to Azure Active Directory (Azure AD). +2. Use Azure AD to enroll the device in Microsoft Intune (or another MDM service). +3. Download the device-targeted policies, certificates, and networking profiles. +4. Provision the device. +5. Present the sign-in screen to the user. + +For full information about Autopilot, see [Windows Autopilot for HoloLens 2 evaluation guide](hololens2-autopilot.md). + ### FFU download and flash directions To test with a flight signed ffu, you first have to flight unlock your device prior to flashing the flight signed ffu. 1. On PC diff --git a/devices/hololens/hololens-kiosk.md b/devices/hololens/hololens-kiosk.md index aab93e1b8a..2043128011 100644 --- a/devices/hololens/hololens-kiosk.md +++ b/devices/hololens/hololens-kiosk.md @@ -12,7 +12,7 @@ ms.custom: - CI 111456 - CSSTroubleshooting ms.reviewer: -manager: dansimp +manager: laurawi appliesto: - HoloLens (1st gen) - HoloLens 2 diff --git a/devices/hololens/hololens-multiple-users.md b/devices/hololens/hololens-multiple-users.md index 4bd8b317ef..d65929d676 100644 --- a/devices/hololens/hololens-multiple-users.md +++ b/devices/hololens/hololens-multiple-users.md @@ -9,7 +9,7 @@ ms.topic: article ms.localizationpriority: medium ms.date: 09/16/2019 ms.reviewer: -manager: dansimp +manager: laurawi appliesto: - HoloLens (1st gen) - HoloLens 2 diff --git a/devices/hololens/hololens-provisioning.md b/devices/hololens/hololens-provisioning.md index 70edc38d5e..5eea91fcbe 100644 --- a/devices/hololens/hololens-provisioning.md +++ b/devices/hololens/hololens-provisioning.md @@ -16,7 +16,7 @@ ms.custom: ms.localizationpriority: medium ms.date: 03/10/2020 ms.reviewer: Teresa-Motiv -manager: dansimp +manager: laurawi appliesto: - HoloLens (1st gen) - HoloLens 2 diff --git a/devices/hololens/hololens-release-notes.md b/devices/hololens/hololens-release-notes.md index 79c2e77dc1..b289b56df1 100644 --- a/devices/hololens/hololens-release-notes.md +++ b/devices/hololens/hololens-release-notes.md @@ -3,7 +3,7 @@ title: HoloLens release notes description: Learn about updates in each new HoloLens release. author: scooley ms.author: scooley -manager: dansimp +manager: laurawi ms.prod: hololens ms.sitesec: library ms.topic: article @@ -26,7 +26,7 @@ appliesto: > [!Note] > HoloLens Emulator Release Notes can be found [here](https://docs.microsoft.com/windows/mixed-reality/hololens-emulator-archive). -### Coming Soon +### April Update - build 18362.1059 **Dark mode for supported apps** diff --git a/devices/hololens/hololens2-autopilot.md b/devices/hololens/hololens2-autopilot.md new file mode 100644 index 0000000000..1d2c68e80e --- /dev/null +++ b/devices/hololens/hololens2-autopilot.md @@ -0,0 +1,249 @@ +--- +title: Windows Autopilot for HoloLens 2 evaluation guide +description: +author: Teresa-Motiv +ms.author: v-tea +ms.date: 4/10/2020 +ms.prod: hololens +ms.topic: article +ms.custom: +- CI 116283 +- CSSTroubleshooting +audience: ITPro +ms.localizationpriority: high +keywords: autopilot +manager: jarrettr +appliesto: +- HoloLens 2 +--- + +# Windows Autopilot for HoloLens 2 evaluation guide + +When you set up HoloLens 2 devices for the Windows Autopilot program, your users can follow a simple process to provision the devices from the cloud. + +This Autopilot program supports Autopilot self-deploying mode to provision HoloLens 2 devices as shared devices under your tenant. Self-deploying mode leverages the device's preinstalled OEM image and drivers during the provisioning process. A user can provision the device without putting the device on and going through the Out-of-the-box Experience (OOBE). + +![The Autopilot self-deploying process configures shared devices in "headless" mode by using a network connection.](./images/hololens-ap-intro.png) + +When a user starts the Autopilot self-deploying process, the process completes the following steps: + +1. Join the device to Azure Active Directory (Azure AD). + > [!NOTE] + > Autopilot for HoloLens does not support Active Directory join or Hybrid Azure AD join. +1. Use Azure AD to enroll the device in Microsoft Intune (or another MDM service). +1. Download the device-targeted policies, certificates, and networking profiles. +1. Provision the device. +1. Present the sign-in screen to the user. + +## Windows Autopilot for HoloLens 2: Get started + +The following steps summarize the process of setting up your environment for the Windows Autopilot for HoloLens 2. The rest of this section provides the details of these steps. + +1. Enroll in the Windows Autopilot for HoloLens 2 program. +1. Make sure that you meet the requirements for Windows Autopilot for HoloLens. +1. Verify that your tenant is flighted (enrolled to participate in the program). +1. Register devices in Windows Autopilot. +1. Create a device group. +1. Create a deployment profile. +1. Verify the ESP configuration. +1. Configure a custom configuration profile for HoloLens devices (known issue). +1. Verify the profile status of the HoloLens devices. + +### 1. Enroll in the Windows Autopilot for HoloLens 2 program + +To participate in the program, you have to use a tenant that is flighted for HoloLens. To do this, go to [Windows Autopilot for HoloLens Private Preview request](https://aka.ms/APHoloLensTAP) or use the following QR code to submit a request. + +![Autopilot QR code](./images/hololens-ap-qrcode.png) + +In this request, provide the following information: + +- Tenant domain +- Tenant ID +- Number of HoloLens 2 devices that are participating in this evaluation +- Number of HoloLens 2 devices that you plan to deploy by using Autopilot self-deploying mode + +### 2. Make sure that you meet the requirements for Windows Autopilot for HoloLens + +For the latest information about how to participate in the program, review [Windows Insider Release Notes](hololens-insider.md#windows-insider-release-notes). + +Review the following sections of the Windows Autopilot requirements article: + +- [Network requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements#networking-requirements) +- [Licensing requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements#licensing-requirements) +- [Configuration requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements#configuration-requirements) + > [!IMPORTANT] + > For information about how to register devices and configure profiles, see [4. Register devices in Windows Autopilot](#4-register-devices-in-windows-autopilot) and [6. Create a deployment profile](#6-create-a-deployment-profile) in this article. These sections provide steps that are specific to HoloLens. + +> [!IMPORTANT] +> Unlike other Windows Autopilot programs, Windows Autopilot for HoloLens 2 has specific operating system requirements. + +Review the "[Requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/self-deploying#requirements)" section of the Windows Autopilot Self-Deploying mode article. Your environment has to meet these requirements as well as the standard Windows Autopilot requirements. + +> [!NOTE] +> You do not have to review the "Step by step" and "Validation" sections of the article. The procedures later in this article provide corresponding steps that are specific to HoloLens. + +Before you start the OOBE and provisioning process, make sure that the HoloLens devices meet the following requirements: + +- The devices are not already members of Azure AD, and are not enrolled in Intune (or another MDM system). The Autopilot self-deploying process completes these steps. To make sure that all the device-related information is cleaned up, check the **Devices** pages in both Azure AD and Intune. +- Every device can connect to the internet. You can use a wired or wireless connection. +- Every device can connect to a computer by using a USB-C cable, and that computer has the following available: + - Advanced Recovery Companion (ARC) + - The latest Windows update: Windows 10, version 19041.1002.200107-0909 or a later version) + +To configure and manage the Autopilot self-deploying mode profiles, make sure that you have access to [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com). + +### 3. Verify that your tenant is flighted + +To verify that your tenant is flighted for the Autopilot program after you submit your request, follow these steps: + +1. Sign in to [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com). +1. Select **Devices** > **Windows** > **Windows enrollment** > **Windows Autopilot deployment profiles** > **Create profile**. + + ![Create profile dropdown includes a HoloLens item.](./images/hololens-ap-enrollment-profiles.png) + You should see a list that includes **HoloLens**. If this option is not present, use one of the [Feedback](#feedback) options to contact us. + +### 4. Register devices in Windows Autopilot + +To register a HoloLens device in the Windows Autopilot program, you have to obtain the hardware hash of the device (also known as the hardware ID). The device can record its hardware hash in a CSV file during the OOBE process, or later when a device owner starts the diagnostic log collection process (described in the following procedure). Typically, the device owner is the first user to sign in to the device. + +**Retrieve a device hardware hash** + +1. Start the HoloLens 2 device, and make sure that you sign in by using an account that is the device owner. +1. On the device, press the Power and Volume Down buttons at the same time and then release them. The device collects diagnostic logs and the hardware hash, and stores them in a set of .zip files. +1. Use a USB-C cable to connect the device to a computer. +1. On the computer, open File Explorer. Open **This PC\\\<*HoloLens device name*>\\Internal Storage\\Documents**, and locate the AutopilotDiagnostics.zip file. + + > [!NOTE] + > The .zip file may not immediately be available. If the file is not ready yet you may see a HoloLensDiagnostics.temp file in the Documents folder. To update the list of files, refresh the window. + +1. Extract the contents of the AutopilotDiagnostics.zip file. +1. In the extracted files, locate the CSV file that has a file name prefix of "DeviceHash." Copy that file to a drive on the computer where you can access it later. + > [!IMPORTANT] + > The data in the CSV file should use the following header and line format: + > ``` + > Device Serial Number,Windows Product ID,Hardware Hash,Group Tag,Assigned User ,,,, + >``` + +**Register the device in Windows Autopilot** + +1. In Microsoft Endpoint Manager Admin Center, select **Devices** > **Windows** > **Windows enrollment**, and then select **Devices** > **Import** under **Windows Autopilot Deployment Program**. + +1. Under **Add Windows Autopilot devices**, select the DeviceHash CSV file, select **Open**, and then select **Import**. + + ![Use the Import command to import the hardware hash.](./images/hololens-ap-hash-import.png) +1. After the import finishes, select **Devices** > **Windows** > **Windows enrollment** > **Devices** > **Sync**. The process might take a few minutes to complete, depending on how many devices are being synchronized. To see the registered device, select **Refresh**. + + ![Use the Sync and Refresh commands to view the device list.](./images/hololens-ap-devices-sync.png) + +### 5. Create a device group + +1. In Microsoft Endpoint Manager admin center, select **Groups** > **New group**. +1. For **Group type**, select **Security**, and then enter a group name and description. +1. For **Membership type**, select either **Assigned** or **Dynamic Device**. +1. Do one of the following: + + - If you selected **Assigned** for **Membership type** in the previous step, select **Members**, and then add Autopilot devices to the group. Autopilot devices that aren't yet enrolled are listed by using the device serial number as the device name. + - If you selected **Dynamic Devices** for **Membership type** in the previous step, select **Dynamic device members**, and then enter code in **Advanced rule** that resembles the following: + - If you want to create a group that includes all of your Autopilot devices, type: `(device.devicePhysicalIDs -any _ -contains "[ZTDId]")` + - Intune's group tag field maps to the **OrderID** attribute on Azure AD devices. If you want to create a group that includes all of your Autopilot devices that have a specific group tag (the Azure AD device OrderID), you must type: `(device.devicePhysicalIds -any _ -eq "[OrderID]:179887111881")` + - If you want to create a group that includes all your Autopilot devices that have a specific Purchase Order ID, type: `(device.devicePhysicalIds -any _ -eq "[PurchaseOrderId]:76222342342")` + + > [!NOTE] + > These rules target attributes that are unique to Autopilot devices. +1. Select **Save**, and then select **Create**. + +### 6. Create a deployment profile + +1. In Microsoft Endpoint Manager admin center, select **Devices** > **Windows** > **Windows enrollment** > **Windows Autopilot deployment profiles** > **Create profile** > **HoloLens**. +1. Enter a profile name and description, and then select **Next**. + + ![Add a profile name and description](./images/hololens-ap-profile-name.png) +1. On the **Out-of-box experience (OOBE)** page, most of the settings are pre-configured to streamline OOBE for this evaluation. Optionally, you can configure the following settings: + + - **Language (Region)**: Select the language for OOBE. We recommend that you select a language from the list of [supported languages for HoloLens 2](hololens2-language-support.md). + - **Automatically configure keyboard**: To make sure that the keyboard matches the selected language, select **Yes**. + - **Apply device name template**: To automatically set the device name during OOBE, select **Yes** and then enter the template phrase and placeholders in **Enter a name** For example, enter a prefix and `%RAND:4%`—a placeholder for a four-digit random number. + > [!NOTE] + > If you use a device name template, the OOBE process restarts the device one additional time after it applies the device name and before it joins the device to Azure AD. This restart enables the new name to take effect. + + ![Configure OOBE settings](./images/hololens-ap-profile-oobe.png) +1. After you configure the settings, select **Next**. +1. On the **Scope tags** page, optionally add the scope tags that you want to apply to this profile. For more information about scope tags, see [Use role-based access control and scope tags for distributed IT](https://docs.microsoft.com/mem/intune/fundamentals/scope-tags.md). When finished, select **Next**. +1. On the **Assignments** page, select **Selected groups** for **Assign to**. +1. Under **SELECTED GROUPS**, select **+ Select groups to include**. +1. In the **Select groups to include** list, select the device group that you created for the Autopilot HoloLens devices, and then select **Next**. + + If you want to exclude any groups, select **Select groups to exclude**, and select the groups that you want to exclude. + + ![Assigning a device group to the profile.](./images/hololens-ap-profile-assign-devicegroup.png) +1. On the **Review + Create** page, review the settings and then select **Create** to create the profile. + + ![Review + create](./images/hololens-ap-profile-summ.png) + +### 7. Verify the ESP configuration + +The Enrollment Status Page (ESP) displays the status of the complete device configuration process that runs when an MDM managed user signs into a device for the first time. Make sure that your ESP configuration resembles the following, and verify that the assignments are correct. + +![ESP configuration](./images/hololens-ap-profile-settings.png) + +### 8. Configure a custom configuration profile for HoloLens devices (known issue) + +1. In [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com), select **Devices** > **Configuration profiles** > **Create profile**. +1. For **Platform**, specify **Windows 10 and later**, and for **Profile**, select **Custom**. +1. Select **Create**. +1. Enter a name for the profile, and then select **Settings** > **Configure**. + + ![Settings for the custom configuration profile.](./images/hololens-ap-profile-settings-oma.png) +1. Select **Add**, and then specify the following information: + + - **Name**: SidecarPath + - **OMA-URI**: ./images/Device/Vendor/MSFT/EnrollmentStatusTracking/DevicePreparation/PolicyProviders/Sidecar/InstallationState + - **Data type**: Integer + - **Value**: 2 +1. Select **OK** two times, and then select **Create** to create the profile. +1. After Intune creates the configuration profile, assign the configuration profile to the device group for the HoloLens devices. + +### 9. Verify the profile status of the HoloLens devices + +1. In Microsoft Endpoint Manager Admin Center, select **Devices** > **Windows** > **Windows enrollment** > **Devices**. +1. Verify that the HoloLens devices are listed, and that their profile status is **Assigned**. + > [!NOTE] + > It may take a few minutes for the profile to be assigned to the device. + + ![Device and profile assignments.](./images/hololens-ap-devices-assignments.png) + +## Windows Autopilot for HoloLens 2 User Experience + +Your HoloLens users can follow these steps to provision HoloLens devices. + +1. Use the USB-C cable to connect the HoloLens device to a computer that has Advanced Recovery Companion (ARC) installed and has the appropriate Windows update downloaded. +1. Use ARC to flash the appropriate version of Windows on to the device. +1. Connect the device to the network, and then restart the device. + > [!IMPORTANT] + > You must connect the device to the network before the Out-of-the-Box-Experience (OOBE) starts. The device determines whether it is provisioning as an Autopilot device while on the first OOBE screen. If the device cannot connect to the network, or if you choose not to provision the device as an Autopilot device, you cannot change to Autopilot provisioning at a later time. Instead, you would have to start this procedure over in order to provision the device as an Autopilot device. + + The device should automatically start OOBE. Do not interact with OOBE. Instead sit, back and relax! Let HoloLens 2 detect network connectivity and allow it complete OOBE automatically. The device may restart during OOBE. The OOBE screens should resemble the following. + + ![OOBE step 1](./images/hololens-ap-uex-1.png) + ![OOBE step 2](./images/hololens-ap-uex-2.png) + ![OOBE step 3](./images/hololens-ap-uex-3.png) + ![OOBE step 4](./images/hololens-ap-uex-4.png) + +At the end of OOBE, you can sign in to the device by using your user name and password. + + ![OOBE step 5](./images/hololens-ap-uex-5.png) + +## Known Issues + +- The list of supported languages for Autopilot deployment profiles includes languages that HoloLens does not support. Select a language that [HoloLens supports](hololens2-language-support.md). + +## Feedback + +To provide feedback or report issues, use one of the following methods: + +- Use the Feedback Hub app. You can find this app on a HoloLens-connected computer. In Feedback Hub, select the **Enterprise Management** > **Device** category. + + When you provide feedback or report an issue, provide a detailed description. If applicable, include screenshots and logs. +- Send an email message to [hlappreview@microsoft.com](mailto:hlappreview@microsoft.com). For the email subject, enter **\<*Tenant*> Autopilot for HoloLens 2 evaluation feedback** (where \<*Tenant*> is the name of your Intune tenant). + + Provide a detailed description in your message. However, unless Support personnel specifically request it, do not include data such as screenshots or logs. Such data might include private or personally identifiable information (PII). diff --git a/devices/hololens/hololens2-maintenance.md b/devices/hololens/hololens2-maintenance.md index 1faaca4425..845e36cba1 100644 --- a/devices/hololens/hololens2-maintenance.md +++ b/devices/hololens/hololens2-maintenance.md @@ -3,7 +3,7 @@ title: HoloLens 2 device care and cleaning FAQ description: author: Teresa-Motiv ms.author: v-tea -ms.date: 3/26/2020 +ms.date: 4/14/2020 ms.prod: hololens ms.topic: article ms.custom: @@ -69,10 +69,10 @@ To clean the brow pad, wipe it by using a cloth that's moistened by using water ## Can I use ultraviolet (UV) light to sanitize the device? -UV germicidal irradiation has not been tested on HoloLens 2. +UV-C germicidal irradiation has not been tested on HoloLens 2. > [!CAUTION] -> High levels of UV exposure can degrade the display quality of the device and damage the visor coating. Over-exposure to UV radiation has the following effects, in order of the duration and intensity of exposure: +> High levels of UV-A and UV-B exposure can degrade the display quality of the device and damage the visor coating. Over-exposure to UV-A and UV-B radiation has the following effects, in order of the duration and intensity of exposure: > > 1. The brow pad and device closures become discolored. > 1. Defects appear in the anti-reflective (AR) coating on the visor and on the sensor windows. diff --git a/devices/hololens/images/hololens-ap-devices-assignments.png b/devices/hololens/images/hololens-ap-devices-assignments.png new file mode 100644 index 0000000000..f99eaa367d Binary files /dev/null and b/devices/hololens/images/hololens-ap-devices-assignments.png differ diff --git a/devices/hololens/images/hololens-ap-devices-sync.png b/devices/hololens/images/hololens-ap-devices-sync.png new file mode 100644 index 0000000000..fe970f7983 Binary files /dev/null and b/devices/hololens/images/hololens-ap-devices-sync.png differ diff --git a/devices/hololens/images/hololens-ap-enrollment-profiles.png b/devices/hololens/images/hololens-ap-enrollment-profiles.png new file mode 100644 index 0000000000..1e3e8dfaa4 Binary files /dev/null and b/devices/hololens/images/hololens-ap-enrollment-profiles.png differ diff --git a/devices/hololens/images/hololens-ap-hash-import.png b/devices/hololens/images/hololens-ap-hash-import.png new file mode 100644 index 0000000000..078e73d78c Binary files /dev/null and b/devices/hololens/images/hololens-ap-hash-import.png differ diff --git a/devices/hololens/images/hololens-ap-intro.png b/devices/hololens/images/hololens-ap-intro.png new file mode 100644 index 0000000000..8095114167 Binary files /dev/null and b/devices/hololens/images/hololens-ap-intro.png differ diff --git a/devices/hololens/images/hololens-ap-profile-assign-devicegroup.png b/devices/hololens/images/hololens-ap-profile-assign-devicegroup.png new file mode 100644 index 0000000000..9e6dc92a3c Binary files /dev/null and b/devices/hololens/images/hololens-ap-profile-assign-devicegroup.png differ diff --git a/devices/hololens/images/hololens-ap-profile-name.png b/devices/hololens/images/hololens-ap-profile-name.png new file mode 100644 index 0000000000..a427b437b8 Binary files /dev/null and b/devices/hololens/images/hololens-ap-profile-name.png differ diff --git a/devices/hololens/images/hololens-ap-profile-oobe.png b/devices/hololens/images/hololens-ap-profile-oobe.png new file mode 100644 index 0000000000..e14226d7ad Binary files /dev/null and b/devices/hololens/images/hololens-ap-profile-oobe.png differ diff --git a/devices/hololens/images/hololens-ap-profile-settings-oma.png b/devices/hololens/images/hololens-ap-profile-settings-oma.png new file mode 100644 index 0000000000..7528f55292 Binary files /dev/null and b/devices/hololens/images/hololens-ap-profile-settings-oma.png differ diff --git a/devices/hololens/images/hololens-ap-profile-settings.png b/devices/hololens/images/hololens-ap-profile-settings.png new file mode 100644 index 0000000000..5753814e1b Binary files /dev/null and b/devices/hololens/images/hololens-ap-profile-settings.png differ diff --git a/devices/hololens/images/hololens-ap-profile-summ.png b/devices/hololens/images/hololens-ap-profile-summ.png new file mode 100644 index 0000000000..4fb955bbdf Binary files /dev/null and b/devices/hololens/images/hololens-ap-profile-summ.png differ diff --git a/devices/hololens/images/hololens-ap-qrcode.png b/devices/hololens/images/hololens-ap-qrcode.png new file mode 100644 index 0000000000..c5296e3e91 Binary files /dev/null and b/devices/hololens/images/hololens-ap-qrcode.png differ diff --git a/devices/hololens/images/hololens-ap-uex-1.png b/devices/hololens/images/hololens-ap-uex-1.png new file mode 100644 index 0000000000..f89faa366a Binary files /dev/null and b/devices/hololens/images/hololens-ap-uex-1.png differ diff --git a/devices/hololens/images/hololens-ap-uex-2.png b/devices/hololens/images/hololens-ap-uex-2.png new file mode 100644 index 0000000000..5bf1beb3f0 Binary files /dev/null and b/devices/hololens/images/hololens-ap-uex-2.png differ diff --git a/devices/hololens/images/hololens-ap-uex-3.png b/devices/hololens/images/hololens-ap-uex-3.png new file mode 100644 index 0000000000..59a7362269 Binary files /dev/null and b/devices/hololens/images/hololens-ap-uex-3.png differ diff --git a/devices/hololens/images/hololens-ap-uex-4.png b/devices/hololens/images/hololens-ap-uex-4.png new file mode 100644 index 0000000000..f17557b5c4 Binary files /dev/null and b/devices/hololens/images/hololens-ap-uex-4.png differ diff --git a/devices/hololens/images/hololens-ap-uex-5.png b/devices/hololens/images/hololens-ap-uex-5.png new file mode 100644 index 0000000000..0bd23da48e Binary files /dev/null and b/devices/hololens/images/hololens-ap-uex-5.png differ diff --git a/devices/hololens/scep-whitepaper.md b/devices/hololens/scep-whitepaper.md deleted file mode 100644 index ee0915b54b..0000000000 --- a/devices/hololens/scep-whitepaper.md +++ /dev/null @@ -1,80 +0,0 @@ ---- -title: SCEP Whitepaper -description: A whitepaper that describes how Microsoft mitigates the vulnerabilities of SCEP. -ms.assetid: bd55ecd1-697a-4b09-8274-48d1499fcb0b -author: pawinfie -ms.author: pawinfie -ms.date: 02/12/2020 -keywords: hololens, Windows Mixed Reality, security -ms.prod: hololens -ms.sitesec: library -ms.topic: article -audience: ITPro -ms.localizationpriority: high -ms.custom: -- CI 111456 -- CSSTroubleshooting -appliesto: -- HoloLens 1 (1st gen) -- HoloLens 2 ---- - -# SCEP whitepaper - -## High Level - -### How the SCEP Challenge PW is secured - -We work around the weakness of the SCEP protocol by generating custom challenges in Intune itself. The challenge string we create is signed/encrypted, and contains the information we've configured in Intune for certificate issuance into the challenge blob. This means the blob used as the challenge string contains the expected CSR information like the Subject Name, Subject Alternative Name, and other attributes. - -We then pass that to the device and then the device generates it's CSR and passes it, and the blob to the SCEP URL it received in the MDM profile. On NDES servers running the Intune SCEP module we perform a custom challenge validation that validates the signature on the blob, decrypts the challenge blob itself, compare it to the CSR received, and then determine if we should issue the cert. If any portion of this check fails then the certificate request is rejected. - -## Behind the scenes - -### Intune Connector has a number of responsibilities - -1. The connector is SCEP policy module which contains a "Certification Registration Point" component which interacts with the Intune service, and is responsible for validating, and securing the SCEP request coming into the NDES server. - -1. The connector will install an App Pool on the NDES IIS server > Microsoft Intune CRP service Pool, and a CertificateRegistrationSvc under the "Default Web Site" on IIS. - -1. **When the Intune NDES connector is first configured/setup on the NDES server, a certificate is issued from the Intune cloud service to the NDES server. This cert is used to securely communicate with the Intune cloud service - customer tenant. The cert is unique to the customers NDES server. Can be viewed in Certlm.msc issued by SC_Online_Issuing. This certs Public key is used by Intune in the cloud to encrypt the challenge blob. In addition, when the connector is configured, Intune's public key is sent to the NDES server.** - >[!NOTE] - >The connector communication with Intune is strictly outbound traffic. - -1. The Intune cloud service combined with the Intune connector/policy module addresses the SCEP protocol challenge password weakness (in the SCEP protocol) by generating a custom challenge. The challenge is generated in Intune itself. - - 1. In the challenge blob, Intune puts information that we expect in the cert request (CSR - Certificate Signing Request) coming from a mobile device like the following: what we expect the Subject and SAN (validated against AAD attributes/properties of the user/device) to be, and specifics contained in the Intune SCEP profile that is created by an Intune admin, i.e., Request Handling, EKU, Renewal, validity period, key size, renewal period. - >[!NOTE] - >The Challenge blob is Encrypted with the Connectors Public Key, and Signed with Intune's (cloud service) Private Key. The device cannot decrypt the challenge - - 1. When an Intune admin creates a SCEP profile in their tenant, Intune will send the SCEP profile payload along with the Encrypted and Signed Challenge to the targeted device. The device generates a CSR, and reaches out to NDES URL (contained in the SCEP profile). The device cert request payload contains the CSR, and the encrypted, signed challenge blob. - - 1. When the device reaches out to the NDES server (via the NDES/SCEP URL provided in the SCEP Profile payload), the SCEP cert request validation is performed by the policy module running on the NDES server. The challenge signature is verified using Intune's public key (which is on the NDES server, when the connector was installed and configured) and decrypted using the connectors private key. The policy module compares the CSR details against the decrypted challenge and determines if a cert should be issued. If the CSR passes validation, the NDES server requests a certificate from the CA on behalf of the user/device. - >[!NOTE] - >The above process takes place on the NDES server running the Policy Module. No interaction with the Intune cloud service takes place. - - 1. The NDES connector notification/reporting of cert delivery takes place after NDES sends the issued cert to the device. This is performed as a separate operation outside the cert request flow. Meaning that once NDES sends the cert to the device via the AAD app proxy (or other publishing firewall/proxy, a log is written with the cert delivery details on the NDES server by the connector (file location \Program Files\Microsoft Intune\CertificateRequestStatus\Succeed\ folder. The connector will look here, and send updates to Intune. - - 1. The mobile device must be enrolled in Intune. If not, we reject the request as well - - 1. The Intune connector disables the standard NDES challenge password request URL on the NDES server. - - 1. The NDES server SCEP URI in most customer deployments is made available to the internet via Azure App Proxy, or an on-prem reverse proxy, i.e. F5. - >[!NOTE] - >The Azure App Proxy is an outbound-only connection over Port 443, from the customers onprem network where the App Proxy connector is running on a server. The AAD app proxy can also be hosted on the NDES server. No inbound ports required when using Azure App Proxy. - - 1. The mobile device talks only to the NDES URI - - 1. Side note: AAD app proxy's role is to make onprem resources (like NDES and other customer onprem web services) securely available to the internet. - - 1. The Intune connector must communicate with the Intune cloud service. The connector communication will not go through the Azure App Proxy. The connector will talk with the Intune cloud service via whatever mechanism a customer has onprem to allow outbound traffic to the internet, i.e. Internal proxy service. - >[!NOTE] - > if a proxy is used by the customer, no SSL packet inspection can take place for the NDES/Connector server going out. - -1. Connector traffic with Intune cloud service consists of the following operations: - - 1. 1st time configuration of the connector: Authentication to AAD during the initial connector setup. - - 1. Connector checks in with Intune, and will process and any cert revocation transactions (i.e, if the Intune tenant admin issues a remote wipe – full or partial, also If a user unenrolls their device from Intune), reporting on issued certs, renewing the connectors' SC_Online_Issuing certificate from Intune. Also note: the NDES Intune connector has shared PKCS cert functionality (if you decide to issue PKCS/PFX based certs) so the connector checks to Intune for PKCS cert requests even though there won't be any requests to process. We are splitting that functionality out, so this connector just handles SCEP, but no ETA yet. - -1. [Here](https://docs.microsoft.com/intune/intune-endpoints#microsoft-intune-certificate-connector) is a reference for Intune NDES connector network communications. diff --git a/devices/surface-hub/accessibility-surface-hub.md b/devices/surface-hub/accessibility-surface-hub.md index 031501c2b4..8237e61a08 100644 --- a/devices/surface-hub/accessibility-surface-hub.md +++ b/devices/surface-hub/accessibility-surface-hub.md @@ -3,7 +3,7 @@ title: Accessibility (Surface Hub) description: Accessibility settings for the Microsoft Surface Hub can be changed by using the Settings app. You'll find them under Ease of Access. Your Surface Hub has the same accessibility options as Windows 10. ms.assetid: 1D44723B-1162-4DF6-99A2-8A3F24443442 ms.reviewer: -manager: dansimp +manager: laurawi keywords: Accessibility settings, Settings app, Ease of Access ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/admin-group-management-for-surface-hub.md b/devices/surface-hub/admin-group-management-for-surface-hub.md index 8125113887..81c03b484c 100644 --- a/devices/surface-hub/admin-group-management-for-surface-hub.md +++ b/devices/surface-hub/admin-group-management-for-surface-hub.md @@ -3,7 +3,7 @@ title: Admin group management (Surface Hub) description: Every Microsoft Surface Hub can be configured individually by opening the Settings app on the device. ms.assetid: FA67209E-B355-4333-B903-482C4A3BDCCE ms.reviewer: -manager: dansimp +manager: laurawi keywords: admin group management, Settings app, configure Surface Hub ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md index 7b44ff3d38..f74f2297fa 100644 --- a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md +++ b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md @@ -3,7 +3,7 @@ title: PowerShell for Surface Hub (Surface Hub) description: PowerShell scripts to help set up and manage your Microsoft Surface Hub. ms.assetid: 3EF48F63-8E4C-4D74-ACD5-461F1C653784 ms.reviewer: -manager: dansimp +manager: laurawi keywords: PowerShell, set up Surface Hub, manage Surface Hub ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md b/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md index 7ea2bc584c..66dd43f75c 100644 --- a/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md +++ b/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md @@ -3,7 +3,7 @@ title: Applying ActiveSync policies to device accounts (Surface Hub) description: The Microsoft Surface Hub's device account uses ActiveSync to sync mail and calendar. This allows people to join and start scheduled meetings from the Surface Hub, and allows them to email any whiteboards they have made during their meeting. ms.assetid: FAABBA74-3088-4275-B58E-EC1070F4D110 ms.reviewer: -manager: dansimp +manager: laurawi keywords: Surface Hub, ActiveSync policies ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md index 2d55222b1b..77ce204725 100644 --- a/devices/surface-hub/change-history-surface-hub.md +++ b/devices/surface-hub/change-history-surface-hub.md @@ -1,7 +1,7 @@ --- title: Change history for Surface Hub ms.reviewer: -manager: dansimp +manager: laurawi description: This topic lists new and updated topics for Surface Hub. keywords: change history ms.prod: surface-hub diff --git a/devices/surface-hub/change-surface-hub-device-account.md b/devices/surface-hub/change-surface-hub-device-account.md index 142af6e80e..d20e57a184 100644 --- a/devices/surface-hub/change-surface-hub-device-account.md +++ b/devices/surface-hub/change-surface-hub-device-account.md @@ -3,7 +3,7 @@ title: Change the Microsoft Surface Hub device account description: You can change the device account in Settings to either add an account if one was not already provisioned, or to change any properties of an account that was already provisioned. ms.assetid: AFC43043-3319-44BC-9310-29B1F375E672 ms.reviewer: -manager: dansimp +manager: laurawi keywords: change device account, change properties, Surface Hub ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/connect-and-display-with-surface-hub.md b/devices/surface-hub/connect-and-display-with-surface-hub.md index 5fd13d7b95..d5f39c55db 100644 --- a/devices/surface-hub/connect-and-display-with-surface-hub.md +++ b/devices/surface-hub/connect-and-display-with-surface-hub.md @@ -3,7 +3,7 @@ title: Connect other devices and display with Surface Hub description: You can connect other device to your Surface Hub to display content. ms.assetid: 8BB80FA3-D364-4A90-B72B-65F0F0FC1F0D ms.reviewer: -manager: dansimp +manager: laurawi ms.prod: surface-hub ms.sitesec: library author: dansimp diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md index ff76987746..29f9557045 100644 --- a/devices/surface-hub/create-a-device-account-using-office-365.md +++ b/devices/surface-hub/create-a-device-account-using-office-365.md @@ -3,7 +3,7 @@ title: Create a device account using UI (Surface Hub) description: If you prefer to use a graphical user interface, you can create a device account for your Microsoft Surface Hub with either the Office 365 UI or the Exchange Admin Center. ms.assetid: D11BCDC4-DABA-4B9A-9ECB-58E02CC8218C ms.reviewer: -manager: dansimp +manager: laurawi keywords: create device account, Office 365 UI, Exchange Admin center, Microsoft 365 admin center, Skype for Business, mobile device mailbox policy ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md index dc72c7463a..8985f70c9d 100644 --- a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md +++ b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md @@ -3,7 +3,7 @@ title: Create and test a device account (Surface Hub) description: This topic introduces how to create and test the device account that Microsoft Surface Hub uses to communicate with Microsoft Exchange and Skype. ms.assetid: C8605B5F-2178-4C3A-B4E0-CE32C70ECF67 ms.reviewer: rikot -manager: dansimp +manager: laurawi keywords: create and test device account, device account, Surface Hub and Microsoft Exchange, Surface Hub and Skype ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/device-reset-surface-hub.md b/devices/surface-hub/device-reset-surface-hub.md index d8d0269900..8eb3486d7d 100644 --- a/devices/surface-hub/device-reset-surface-hub.md +++ b/devices/surface-hub/device-reset-surface-hub.md @@ -3,7 +3,7 @@ title: Reset or recover a Surface Hub description: Describes the reset and recovery processes for the Surface Hub, and provides instructions. ms.assetid: 44E82EEE-1905-464B-A758-C2A1463909FF ms.reviewer: -manager: dansimp +manager: laurawi keywords: reset Surface Hub, recover ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md index 73a50f66c9..9309e9b2a3 100644 --- a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md +++ b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md @@ -9,7 +9,7 @@ ms.author: dansimp ms.topic: article ms.date: 06/20/2019 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium --- diff --git a/devices/surface-hub/enable-8021x-wired-authentication.md b/devices/surface-hub/enable-8021x-wired-authentication.md index bf91e2e42c..8ac2baccb6 100644 --- a/devices/surface-hub/enable-8021x-wired-authentication.md +++ b/devices/surface-hub/enable-8021x-wired-authentication.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.date: 11/15/2017 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium --- diff --git a/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md b/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md index b6fca3a49e..9a100d4a60 100644 --- a/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md +++ b/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md @@ -3,7 +3,7 @@ title: Microsoft Exchange properties (Surface Hub) description: Some Microsoft Exchange properties of the device account must be set to particular values to have the best meeting experience on Microsoft Surface Hub. ms.assetid: 3E84393B-C425-45BF-95A6-D6502BA1BF29 ms.reviewer: -manager: dansimp +manager: laurawi keywords: Microsoft Exchange properties, device account, Surface Hub, Windows PowerShell cmdlet ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/finishing-your-surface-hub-meeting.md b/devices/surface-hub/finishing-your-surface-hub-meeting.md index 8776870779..3e02c9bb0a 100644 --- a/devices/surface-hub/finishing-your-surface-hub-meeting.md +++ b/devices/surface-hub/finishing-your-surface-hub-meeting.md @@ -9,7 +9,7 @@ ms.author: dansimp ms.topic: article ms.date: 07/27/2017 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium --- diff --git a/devices/surface-hub/first-run-program-surface-hub.md b/devices/surface-hub/first-run-program-surface-hub.md index 3d38a356f5..8a3bfc6e91 100644 --- a/devices/surface-hub/first-run-program-surface-hub.md +++ b/devices/surface-hub/first-run-program-surface-hub.md @@ -3,7 +3,7 @@ title: First-run program (Surface Hub) description: The term \ 0034;first run \ 0034; refers to the series of steps you'll go through the first time you power up your Microsoft Surface Hub, and means the same thing as \ 0034;out-of-box experience \ 0034; (OOBE). This section will walk you through the process. ms.assetid: 07C9E84C-1245-4511-B3B3-75939AD57C49 ms.reviewer: -manager: dansimp +manager: laurawi keywords: first run, Surface Hub, out-of-box experience, OOBE ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md index ea543e69f2..73c94f6557 100644 --- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md @@ -3,7 +3,7 @@ title: Hybrid deployment (Surface Hub) description: A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub. ms.assetid: 7BFBB7BE-F587-422E-9CE4-C9DDF829E4F1 ms.reviewer: -manager: dansimp +manager: laurawi keywords: hybrid deployment, device account for Surface Hub, Exchange hosted on-prem, Exchange hosted online ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/install-apps-on-surface-hub.md b/devices/surface-hub/install-apps-on-surface-hub.md index 74505ca6ff..9e1c8767f5 100644 --- a/devices/surface-hub/install-apps-on-surface-hub.md +++ b/devices/surface-hub/install-apps-on-surface-hub.md @@ -3,7 +3,7 @@ title: Install apps on your Microsoft Surface Hub description: Admins can install apps can from either the Microsoft Store or the Microsoft Store for Business. ms.assetid: 3885CB45-D496-4424-8533-C9E3D0EDFD94 ms.reviewer: -manager: dansimp +manager: laurawi keywords: install apps, Microsoft Store, Microsoft Store for Business ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/local-management-surface-hub-settings.md b/devices/surface-hub/local-management-surface-hub-settings.md index 810691dfe8..886e4b79f3 100644 --- a/devices/surface-hub/local-management-surface-hub-settings.md +++ b/devices/surface-hub/local-management-surface-hub-settings.md @@ -9,7 +9,7 @@ ms.author: dansimp ms.topic: article ms.date: 07/08/2019 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium --- diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index 5394d7c761..3762de36a4 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -3,7 +3,7 @@ title: Manage settings with an MDM provider (Surface Hub) description: Microsoft Surface Hub provides an enterprise management solution to help IT administrators manage policies and business applications on these devices using a mobile device management (MDM) solution. ms.assetid: 18EB8464-6E22-479D-B0C3-21C4ADD168FE ms.reviewer: -manager: dansimp +manager: laurawi keywords: mobile device management, MDM, manage policies ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/manage-surface-hub-settings.md b/devices/surface-hub/manage-surface-hub-settings.md index a5d76ff156..b217ccee4d 100644 --- a/devices/surface-hub/manage-surface-hub-settings.md +++ b/devices/surface-hub/manage-surface-hub-settings.md @@ -9,7 +9,7 @@ ms.author: dansimp ms.topic: article ms.date: 07/27/2017 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium --- diff --git a/devices/surface-hub/manage-surface-hub.md b/devices/surface-hub/manage-surface-hub.md index 4ad681ff5f..10240a192f 100644 --- a/devices/surface-hub/manage-surface-hub.md +++ b/devices/surface-hub/manage-surface-hub.md @@ -3,7 +3,7 @@ title: Manage Microsoft Surface Hub description: How to manage your Surface Hub after finishing the first-run program. ms.assetid: FDB6182C-1211-4A92-A930-6C106BCD5DC1 ms.reviewer: -manager: dansimp +manager: laurawi keywords: manage Surface Hub ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/manage-windows-updates-for-surface-hub.md b/devices/surface-hub/manage-windows-updates-for-surface-hub.md index 2dc9f71874..9dee3e2a4b 100644 --- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md +++ b/devices/surface-hub/manage-windows-updates-for-surface-hub.md @@ -3,7 +3,7 @@ title: Manage Windows updates on Surface Hub description: You can manage Windows updates on your Microsoft Surface Hub or Surface Hub 2S by setting the maintenance window, deferring updates, or using Windows Server Update Services (WSUS). ms.assetid: A737BD50-2D36-4DE5-A604-55053D549045 ms.reviewer: -manager: dansimp +manager: laurawi keywords: manage Windows updates, Surface Hub, Windows Server Update Services, WSUS ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/miracast-over-infrastructure.md b/devices/surface-hub/miracast-over-infrastructure.md index 1b09f33999..2bb6381924 100644 --- a/devices/surface-hub/miracast-over-infrastructure.md +++ b/devices/surface-hub/miracast-over-infrastructure.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.date: 06/20/2019 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium --- @@ -41,7 +41,6 @@ If you have a Surface Hub or other Windows 10 device that has been updated to Wi - As a Miracast source, the Windows PC or phone must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. - The DNS Hostname (device name) of the Surface Hub or device needs to be resolvable via your DNS servers. You can achieve this by either allowing your Surface Hub to register automatically via Dynamic DNS, or by manually creating an A or AAAA record for the Surface Hub's hostname. - Windows 10 PCs must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. -- On Windows 10 PCs, the **Projecting to this PC** feature must be enabled within System Settings, and the device must have a Wi-Fi interface enabled in order to respond to discovery requests. It is important to note that Miracast over Infrastructure is not a replacement for standard Miracast. Instead, the functionality is complementary, and provides an advantage to users who are part of the enterprise network. Users who are guests to a particular location and don’t have access to the enterprise network will continue to connect using the Wi-Fi Direct connection method. diff --git a/devices/surface-hub/miracast-troubleshooting.md b/devices/surface-hub/miracast-troubleshooting.md index eb33f483d6..c4e2ff5b3e 100644 --- a/devices/surface-hub/miracast-troubleshooting.md +++ b/devices/surface-hub/miracast-troubleshooting.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.date: 06/20/2019 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium --- diff --git a/devices/surface-hub/monitor-surface-hub.md b/devices/surface-hub/monitor-surface-hub.md index 262c565327..9828a8a268 100644 --- a/devices/surface-hub/monitor-surface-hub.md +++ b/devices/surface-hub/monitor-surface-hub.md @@ -3,7 +3,7 @@ title: Monitor your Microsoft Surface Hub description: Monitoring for Microsoft Surface Hub devices is enabled through Microsoft Operations Management Suite (OMS). ms.assetid: 1D2ED317-DFD9-423D-B525-B16C2B9D6942 ms.reviewer: -manager: dansimp +manager: laurawi keywords: monitor Surface Hub, Microsoft Operations Management Suite, OMS ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md index 88b0653b00..d35f03b804 100644 --- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md @@ -3,7 +3,7 @@ title: On-premises deployment single forest (Surface Hub) description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment. ms.assetid: 80E12195-A65B-42D1-8B84-ECC3FCBAAFC6 ms.reviewer: -manager: dansimp +manager: laurawi keywords: single forest deployment, on prem deployment, device account, Surface Hub ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md index f643e4cfe6..170dd03968 100644 --- a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md +++ b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md @@ -8,7 +8,7 @@ author: dansimp ms.author: dansimp ms.date: 08/28/2018 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium --- diff --git a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md index 0cd6fc5219..30f0e34b1f 100644 --- a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md @@ -3,7 +3,7 @@ title: Online deployment with Office 365 (Surface Hub) description: This topic has instructions for adding a device account for your Microsoft Surface Hub when you have a pure, online deployment. ms.assetid: D325CA68-A03F-43DF-8520-EACF7C3EDEC1 ms.reviewer: -manager: dansimp +manager: laurawi keywords: device account for Surface Hub, online deployment ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/password-management-for-surface-hub-device-accounts.md b/devices/surface-hub/password-management-for-surface-hub-device-accounts.md index 22e7e1284c..1ef2fcaa46 100644 --- a/devices/surface-hub/password-management-for-surface-hub-device-accounts.md +++ b/devices/surface-hub/password-management-for-surface-hub-device-accounts.md @@ -3,7 +3,7 @@ title: Password management (Surface Hub) description: Every Microsoft Surface Hub device account requires a password to authenticate and enable features on the device. ms.assetid: 0FBFB546-05F0-430E-905E-87111046E4B8 ms.reviewer: -manager: dansimp +manager: laurawi keywords: password, password management, password rotation, device account ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/physically-install-your-surface-hub-device.md b/devices/surface-hub/physically-install-your-surface-hub-device.md index 6d06a9ac69..aeadcb900a 100644 --- a/devices/surface-hub/physically-install-your-surface-hub-device.md +++ b/devices/surface-hub/physically-install-your-surface-hub-device.md @@ -3,7 +3,7 @@ title: Physically install Microsoft Surface Hub description: The Microsoft Surface Hub Readiness Guide will help make sure that your site is ready for the installation. ms.assetid: C764DBFB-429B-4B29-B4E8-D7F0073BC554 ms.reviewer: -manager: dansimp +manager: laurawi keywords: Surface Hub, readiness guide, installation location, mounting options ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index 198dba4f74..69ca8e6c3e 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -3,7 +3,7 @@ title: Prepare your environment for Microsoft Surface Hub description: This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Microsoft Surface Hub. ms.assetid: 336A206C-5893-413E-A270-61BFF3DF7DA9 ms.reviewer: -manager: dansimp +manager: laurawi keywords: prepare environment, features of Surface Hub, create and test device account, check network availability ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/provisioning-packages-for-surface-hub.md b/devices/surface-hub/provisioning-packages-for-surface-hub.md index 607c66829e..305403b9dc 100644 --- a/devices/surface-hub/provisioning-packages-for-surface-hub.md +++ b/devices/surface-hub/provisioning-packages-for-surface-hub.md @@ -3,7 +3,7 @@ title: Create provisioning packages (Surface Hub) description: For Windows 10, settings that use the registry or a configuration service provider (CSP) can be configured using provisioning packages. ms.assetid: 8AA25BD4-8A8F-4B95-9268-504A49BA5345 ms.reviewer: -manager: dansimp +manager: laurawi keywords: add certificate, provisioning package ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/remote-surface-hub-management.md b/devices/surface-hub/remote-surface-hub-management.md index 7a9acbe0fd..1794a9bcac 100644 --- a/devices/surface-hub/remote-surface-hub-management.md +++ b/devices/surface-hub/remote-surface-hub-management.md @@ -9,7 +9,7 @@ ms.author: dansimp ms.topic: article ms.date: 07/27/2017 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium --- diff --git a/devices/surface-hub/save-bitlocker-key-surface-hub.md b/devices/surface-hub/save-bitlocker-key-surface-hub.md index 6bbfd1532a..12e59349d6 100644 --- a/devices/surface-hub/save-bitlocker-key-surface-hub.md +++ b/devices/surface-hub/save-bitlocker-key-surface-hub.md @@ -3,7 +3,7 @@ title: Save your BitLocker key (Surface Hub) description: Every Microsoft Surface Hub is automatically set up with BitLocker drive encryption software. Microsoft strongly recommends that you make sure you back up your BitLocker recovery keys. ms.assetid: E11E4AB6-B13E-4ACA-BCE1-4EDC9987E4F2 ms.reviewer: -manager: dansimp +manager: laurawi keywords: Surface Hub, BitLocker, Bitlocker recovery keys ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/set-up-your-surface-hub.md b/devices/surface-hub/set-up-your-surface-hub.md index 96f42c3df1..08ca875984 100644 --- a/devices/surface-hub/set-up-your-surface-hub.md +++ b/devices/surface-hub/set-up-your-surface-hub.md @@ -3,7 +3,7 @@ title: Set up Microsoft Surface Hub description: Set up instructions for Surface Hub include a setup worksheet, and a walkthrough of the first-run program. ms.assetid: 4D1722BC-704D-4471-BBBE-D0500B006221 ms.reviewer: -manager: dansimp +manager: laurawi keywords: set up instructions, Surface Hub, setup worksheet, first-run program ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/setup-worksheet-surface-hub.md b/devices/surface-hub/setup-worksheet-surface-hub.md index 6043d88f1d..e7352a5dbe 100644 --- a/devices/surface-hub/setup-worksheet-surface-hub.md +++ b/devices/surface-hub/setup-worksheet-surface-hub.md @@ -3,7 +3,7 @@ title: Setup worksheet (Surface Hub) description: When you've finished pre-setup and are ready to start first-time setup for your Microsoft Surface Hub, make sure you have all the information listed in this section. ms.assetid: AC6F925B-BADE-48F5-8D53-8B6FFF6EE3EB ms.reviewer: -manager: dansimp +manager: laurawi keywords: Setup worksheet, pre-setup, first-time setup ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/skype-hybrid-voice.md b/devices/surface-hub/skype-hybrid-voice.md index c805fb9005..910f2d0129 100644 --- a/devices/surface-hub/skype-hybrid-voice.md +++ b/devices/surface-hub/skype-hybrid-voice.md @@ -9,7 +9,7 @@ ms.author: dansimp ms.topic: article ms.date: 07/27/2017 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium --- diff --git a/devices/surface-hub/support-solutions-surface-hub.md b/devices/surface-hub/support-solutions-surface-hub.md index b683f85daf..9de0b753f9 100644 --- a/devices/surface-hub/support-solutions-surface-hub.md +++ b/devices/surface-hub/support-solutions-surface-hub.md @@ -3,7 +3,7 @@ title: Top support solutions for Microsoft Surface Hub description: Find top solutions for common issues using Surface Hub. ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A ms.reviewer: -manager: dansimp +manager: laurawi keywords: Troubleshoot common problems, setup issues ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/surface-hub-authenticator-app.md b/devices/surface-hub/surface-hub-authenticator-app.md index 9ad0606641..80c7dbefd1 100644 --- a/devices/surface-hub/surface-hub-authenticator-app.md +++ b/devices/surface-hub/surface-hub-authenticator-app.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.date: 08/28/2017 ms.reviewer: -manager: dansimp +manager: laurawi localizationpriority: medium --- diff --git a/devices/surface-hub/surface-hub-downloads.md b/devices/surface-hub/surface-hub-downloads.md index 5e5073588a..79ff342ba9 100644 --- a/devices/surface-hub/surface-hub-downloads.md +++ b/devices/surface-hub/surface-hub-downloads.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.date: 08/22/2017 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium --- diff --git a/devices/surface-hub/surface-hub-qos.md b/devices/surface-hub/surface-hub-qos.md index 105a188ae1..aa1b746b8d 100644 --- a/devices/surface-hub/surface-hub-qos.md +++ b/devices/surface-hub/surface-hub-qos.md @@ -1,7 +1,7 @@ --- title: Implement Quality of Service on Surface Hub ms.reviewer: -manager: dansimp +manager: laurawi description: Learn how to configure QoS on Surface Hub. ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/surface-hub-recovery-tool.md b/devices/surface-hub/surface-hub-recovery-tool.md index 75feb89fc2..2db5f9706e 100644 --- a/devices/surface-hub/surface-hub-recovery-tool.md +++ b/devices/surface-hub/surface-hub-recovery-tool.md @@ -3,7 +3,7 @@ title: Using the Surface Hub Recovery Tool description: How to use the Surface Hub Recovery Tool to re-image the SSD. ms.assetid: FDB6182C-1211-4A92-A930-6C106BCD5DC1 ms.reviewer: -manager: dansimp +manager: laurawi keywords: manage Surface Hub ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/surface-hub-ssd-replacement.md b/devices/surface-hub/surface-hub-ssd-replacement.md index 7896a7d634..12f256388d 100644 --- a/devices/surface-hub/surface-hub-ssd-replacement.md +++ b/devices/surface-hub/surface-hub-ssd-replacement.md @@ -1,7 +1,7 @@ --- title: Surface Hub SSD replacement ms.reviewer: -manager: dansimp +manager: laurawi description: Learn how to replace the solid state drive in a Surface Hub. ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/surface-hub-technical-55.md b/devices/surface-hub/surface-hub-technical-55.md index 6abc46e411..209e77df4c 100644 --- a/devices/surface-hub/surface-hub-technical-55.md +++ b/devices/surface-hub/surface-hub-technical-55.md @@ -1,7 +1,7 @@ --- title: Technical information for 55" Surface Hub ms.reviewer: -manager: dansimp +manager: laurawi description: Specifications for the 55" Surface Hub ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/surface-hub-technical-84.md b/devices/surface-hub/surface-hub-technical-84.md index 0ba7d45aa1..1c08da5a6b 100644 --- a/devices/surface-hub/surface-hub-technical-84.md +++ b/devices/surface-hub/surface-hub-technical-84.md @@ -1,7 +1,7 @@ --- title: Technical information for 84" Surface Hub ms.reviewer: -manager: dansimp +manager: laurawi description: Specifications for the 84" Surface Hub ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/surface-hub-wifi-direct.md b/devices/surface-hub/surface-hub-wifi-direct.md index 8d94858bfa..fc1ada3230 100644 --- a/devices/surface-hub/surface-hub-wifi-direct.md +++ b/devices/surface-hub/surface-hub-wifi-direct.md @@ -9,7 +9,7 @@ ms.author: dansimp ms.topic: article ms.date: 11/27/2019 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium --- diff --git a/devices/surface-hub/surfacehub-whats-new-1703.md b/devices/surface-hub/surfacehub-whats-new-1703.md index 0626c4a0d7..4c324d33ce 100644 --- a/devices/surface-hub/surfacehub-whats-new-1703.md +++ b/devices/surface-hub/surfacehub-whats-new-1703.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.date: 01/18/2018 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium --- diff --git a/devices/surface-hub/troubleshoot-surface-hub.md b/devices/surface-hub/troubleshoot-surface-hub.md index cf02da1a6e..4a30281eff 100644 --- a/devices/surface-hub/troubleshoot-surface-hub.md +++ b/devices/surface-hub/troubleshoot-surface-hub.md @@ -3,7 +3,7 @@ title: Troubleshoot Microsoft Surface Hub description: Troubleshoot common problems, including setup issues, Exchange ActiveSync errors. ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A ms.reviewer: -manager: dansimp +manager: laurawi keywords: Troubleshoot common problems, setup issues, Exchange ActiveSync errors ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md index 33233a023b..cf9f2b6339 100644 --- a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md +++ b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md @@ -7,7 +7,7 @@ ms.author: dansimp ms.topic: article ms.date: 07/27/2017 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/use-room-control-system-with-surface-hub.md b/devices/surface-hub/use-room-control-system-with-surface-hub.md index cbc437e783..1ec1e19ab5 100644 --- a/devices/surface-hub/use-room-control-system-with-surface-hub.md +++ b/devices/surface-hub/use-room-control-system-with-surface-hub.md @@ -3,7 +3,7 @@ title: Using a room control system (Surface Hub) description: Room control systems can be used with your Microsoft Surface Hub. ms.assetid: DC365002-6B35-45C5-A2B8-3E1EB0CB8B50 ms.reviewer: -manager: dansimp +manager: laurawi keywords: room control system, Surface Hub ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface-hub/whiteboard-collaboration.md b/devices/surface-hub/whiteboard-collaboration.md index 416610d656..a1e05d92b5 100644 --- a/devices/surface-hub/whiteboard-collaboration.md +++ b/devices/surface-hub/whiteboard-collaboration.md @@ -8,7 +8,7 @@ ms.author: dansimp ms.topic: article ms.date: 03/18/2019 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium --- diff --git a/devices/surface-hub/wireless-network-management-for-surface-hub.md b/devices/surface-hub/wireless-network-management-for-surface-hub.md index 0a314fe596..96162edafe 100644 --- a/devices/surface-hub/wireless-network-management-for-surface-hub.md +++ b/devices/surface-hub/wireless-network-management-for-surface-hub.md @@ -3,7 +3,7 @@ title: Wireless network management (Surface Hub) description: Microsoft Surface Hub offers two options for network connectivity to your corporate network and Internet wireless, and wired. While both provide network access, we recommend you use a wired connection. ms.assetid: D2CFB90B-FBAA-4532-B658-9AA33CAEA31D ms.reviewer: -manager: dansimp +manager: laurawi keywords: network connectivity, wired connection ms.prod: surface-hub ms.sitesec: library diff --git a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md index 2ab8b6b45b..017f34559f 100644 --- a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md +++ b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md @@ -3,7 +3,7 @@ title: Advanced UEFI security features for Surface Pro 3 (Surface) description: This article describes how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices. ms.assetid: 90F790C0-E5FC-4482-AD71-60589E3C9C93 ms.reviewer: -manager: dansimp +manager: laurawi keywords: security, features, configure, hardware, device, custom, script, update ms.localizationpriority: medium ms.prod: w10 diff --git a/devices/surface/assettag.md b/devices/surface/assettag.md index 21d5947ce2..296a57b10e 100644 --- a/devices/surface/assettag.md +++ b/devices/surface/assettag.md @@ -9,7 +9,7 @@ author: coveminer ms.author: v-jokai ms.topic: article ms.reviewer: hachidan -manager: dansimp +manager: laurawi --- # Surface Asset Tag Tool diff --git a/devices/surface/battery-limit.md b/devices/surface/battery-limit.md index 8866b5c37b..c260718254 100644 --- a/devices/surface/battery-limit.md +++ b/devices/surface/battery-limit.md @@ -7,7 +7,7 @@ ms.pagetype: surface, devices ms.sitesec: library author: coveminer ms.reviewer: -manager: dansimp +manager: laurawi ms.author: v-jokai ms.topic: article ms.localizationpriority: medium diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md index c3a2ef2f31..35be5e736d 100644 --- a/devices/surface/change-history-for-surface.md +++ b/devices/surface/change-history-for-surface.md @@ -1,7 +1,7 @@ --- title: Change history for Surface documentation (Windows 10) ms.reviewer: -manager: dansimp +manager: laurawi description: This topic lists new and updated topics in the Surface documentation library. ms.prod: w10 ms.mktglfcycl: manage diff --git a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md index 5aac305c5a..f68989b045 100644 --- a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md +++ b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md @@ -12,7 +12,7 @@ ms.topic: article ms.localizationpriority: medium ms.audience: itpro ms.reviewer: -manager: dansimp +manager: laurawi --- # Considerations for Surface and Microsoft Endpoint Configuration Manager diff --git a/devices/surface/customize-the-oobe-for-surface-deployments.md b/devices/surface/customize-the-oobe-for-surface-deployments.md index bd26347d6a..70d53dae71 100644 --- a/devices/surface/customize-the-oobe-for-surface-deployments.md +++ b/devices/surface/customize-the-oobe-for-surface-deployments.md @@ -3,7 +3,7 @@ title: Customize the OOBE for Surface deployments (Surface) description: This article will walk you through the process of customizing the Surface out-of-box experience for end users in your organization. ms.assetid: F6910315-9FA9-4297-8FA8-2C284A4B1D87 ms.reviewer: -manager: dansimp +manager: laurawi keywords: deploy, customize, automate, network, Pen, pair, boot ms.localizationpriority: medium ms.prod: w10 diff --git a/devices/surface/deploy-surface-app-with-windows-store-for-business.md b/devices/surface/deploy-surface-app-with-windows-store-for-business.md index 4b24dd9589..121be61007 100644 --- a/devices/surface/deploy-surface-app-with-windows-store-for-business.md +++ b/devices/surface/deploy-surface-app-with-windows-store-for-business.md @@ -12,7 +12,7 @@ ms.topic: article ms.localizationpriority: medium ms.audience: itpro ms.reviewer: -manager: dansimp +manager: laurawi --- # Deploy Surface app with Microsoft Store for Business and Education diff --git a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md index e1debff872..a12b2f2dc4 100644 --- a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md +++ b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md @@ -12,7 +12,7 @@ ms.topic: article ms.localizationpriority: medium ms.audience: itpro ms.reviewer: -manager: dansimp +manager: laurawi --- # Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit diff --git a/devices/surface/deploy.md b/devices/surface/deploy.md index f0b8a6490f..a7220315da 100644 --- a/devices/surface/deploy.md +++ b/devices/surface/deploy.md @@ -7,7 +7,7 @@ ms.pagetype: surface, devices ms.sitesec: library author: coveminer ms.reviewer: -manager: dansimp +manager: laurawi ms.author: v-jokai ms.topic: article ms.localizationpriority: medium diff --git a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md index 65453aeaf5..d51a90413e 100644 --- a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md +++ b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md @@ -3,7 +3,7 @@ title: Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices (Surface) description: Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device. ms.assetid: A281EFA3-1552-467D-8A21-EB151E58856D ms.reviewer: -manager: dansimp +manager: laurawi keywords: network, wireless, device, deploy, authentication, protocol ms.localizationpriority: medium ms.prod: w10 diff --git a/devices/surface/enroll-and-configure-surface-devices-with-semm.md b/devices/surface/enroll-and-configure-surface-devices-with-semm.md index 8e512c1511..0147596761 100644 --- a/devices/surface/enroll-and-configure-surface-devices-with-semm.md +++ b/devices/surface/enroll-and-configure-surface-devices-with-semm.md @@ -12,7 +12,7 @@ ms.topic: article ms.localizationpriority: medium ms.audience: itpro ms.reviewer: -manager: dansimp +manager: laurawi --- # Enroll and configure Surface devices with SEMM diff --git a/devices/surface/ethernet-adapters-and-surface-device-deployment.md b/devices/surface/ethernet-adapters-and-surface-device-deployment.md index 4acda64004..c35dbe0630 100644 --- a/devices/surface/ethernet-adapters-and-surface-device-deployment.md +++ b/devices/surface/ethernet-adapters-and-surface-device-deployment.md @@ -3,7 +3,7 @@ title: Ethernet adapters and Surface deployment (Surface) description: This article provides guidance and answers to help you perform a network deployment to Surface devices. ms.assetid: 5273C59E-6039-4E50-96B3-426BB38A64C0 ms.reviewer: -manager: dansimp +manager: laurawi keywords: ethernet, deploy, removable, network, connectivity, boot, firmware, device, adapter, PXE boot, USB ms.localizationpriority: medium ms.prod: w10 diff --git a/devices/surface/ltsb-for-surface.md b/devices/surface/ltsb-for-surface.md index 9d47e34bb2..c250085467 100644 --- a/devices/surface/ltsb-for-surface.md +++ b/devices/surface/ltsb-for-surface.md @@ -9,7 +9,7 @@ author: coveminer ms.author: v-jokai ms.topic: article ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium ms.audience: itpro --- diff --git a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md index 3760d85a4d..36197ca93f 100644 --- a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md +++ b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md @@ -8,7 +8,7 @@ author: coveminer ms.author: v-jokai ms.topic: article ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium ms.audience: itpro ms.date: 10/28/2019 diff --git a/devices/surface/manage-surface-driver-and-firmware-updates.md b/devices/surface/manage-surface-driver-and-firmware-updates.md index 827d2c64c5..75ccff3070 100644 --- a/devices/surface/manage-surface-driver-and-firmware-updates.md +++ b/devices/surface/manage-surface-driver-and-firmware-updates.md @@ -3,7 +3,7 @@ title: Manage and deploy Surface driver and firmware updates description: This article describes the available options to manage and deploy firmware and driver updates for Surface devices. ms.assetid: CD1219BA-8EDE-4BC8-BEEF-99B50C211D73 ms.reviewer: -manager: dansimp +manager: laurawi keywords: Surface, Surface Pro 3, firmware, update, device, manage, deploy, driver, USB ms.localizationpriority: medium ms.prod: w10 diff --git a/devices/surface/manage-surface-uefi-settings.md b/devices/surface/manage-surface-uefi-settings.md index 224cc16744..c5f41821d3 100644 --- a/devices/surface/manage-surface-uefi-settings.md +++ b/devices/surface/manage-surface-uefi-settings.md @@ -11,7 +11,7 @@ author: coveminer ms.author: v-jokai ms.topic: article ms.reviewer: -manager: dansimp +manager: laurawi --- # Manage Surface UEFI settings diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md index 84ef8a1b9f..f0e6c5d221 100644 --- a/devices/surface/microsoft-surface-brightness-control.md +++ b/devices/surface/microsoft-surface-brightness-control.md @@ -9,7 +9,7 @@ author: coveminer ms.author: v-jokai ms.topic: article ms.reviewer: hachidan -manager: dansimp +manager: laurawi ms.localizationpriority: medium ms.audience: itpro --- diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md index 4ee475b184..0cbf9dac52 100644 --- a/devices/surface/microsoft-surface-data-eraser.md +++ b/devices/surface/microsoft-surface-data-eraser.md @@ -3,7 +3,7 @@ title: Microsoft Surface Data Eraser (Surface) description: Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices. ms.assetid: 8DD3F9FE-5458-4467-BE26-E9200341CF10 ms.reviewer: hachidan -manager: dansimp +manager: laurawi ms.localizationpriority: medium keywords: tool, USB, data, erase ms.prod: w10 diff --git a/devices/surface/microsoft-surface-deployment-accelerator.md b/devices/surface/microsoft-surface-deployment-accelerator.md index e60688692b..6c25746e2a 100644 --- a/devices/surface/microsoft-surface-deployment-accelerator.md +++ b/devices/surface/microsoft-surface-deployment-accelerator.md @@ -3,7 +3,7 @@ title: Microsoft Surface Deployment Accelerator (Surface) description: Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices. ms.assetid: E7991E90-4AAE-44B6-8822-58BFDE3EADE4 ms.reviewer: hachidan -manager: dansimp +manager: laurawi ms.localizationpriority: medium keywords: deploy, install, tool ms.prod: w10 diff --git a/devices/surface/step-by-step-surface-deployment-accelerator.md b/devices/surface/step-by-step-surface-deployment-accelerator.md index 42f641271c..e10b8209c9 100644 --- a/devices/surface/step-by-step-surface-deployment-accelerator.md +++ b/devices/surface/step-by-step-surface-deployment-accelerator.md @@ -3,7 +3,7 @@ title: Step by step Surface Deployment Accelerator (Surface) description: This article shows you how to install Microsoft Surface Deployment Accelerator (SDA), configure a deployment share for the deployment of Windows to Surface devices, and perform a deployment to Surface devices. ms.assetid: A944FB9C-4D81-4868-AFF6-B9D1F5CF1032 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium keywords: deploy, configure ms.prod: w10 diff --git a/devices/surface/support-solutions-surface.md b/devices/surface/support-solutions-surface.md index 4fe99f1ebd..a7ef242da7 100644 --- a/devices/surface/support-solutions-surface.md +++ b/devices/surface/support-solutions-surface.md @@ -3,7 +3,7 @@ title: Top support solutions for Surface devices description: Find top solutions for common issues using Surface devices in the enterprise. ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A ms.reviewer: -manager: dansimp +manager: laurawi keywords: Troubleshoot common problems, setup issues ms.prod: w10 ms.mktglfcycl: support diff --git a/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md b/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md index 15f3dc33f0..044b0e0437 100644 --- a/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md +++ b/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md @@ -12,7 +12,7 @@ ms.topic: article ms.localizationpriority: medium ms.audience: itpro ms.reviewer: scottmca -manager: dansimp +manager: laurawi --- # Surface device compatibility with Windows 10 Long-Term Servicing Channel (LTSC) diff --git a/devices/surface/surface-diagnostic-toolkit-business.md b/devices/surface/surface-diagnostic-toolkit-business.md index 9c71c1cee4..11a032fb45 100644 --- a/devices/surface/surface-diagnostic-toolkit-business.md +++ b/devices/surface/surface-diagnostic-toolkit-business.md @@ -10,7 +10,7 @@ ms.author: v-jokai ms.topic: article ms.date: 10/31/2019 ms.reviewer: hachidan -manager: dansimp +manager: laurawi ms.audience: itpro --- diff --git a/devices/surface/surface-diagnostic-toolkit-command-line.md b/devices/surface/surface-diagnostic-toolkit-command-line.md index 7dca10584e..035eec60da 100644 --- a/devices/surface/surface-diagnostic-toolkit-command-line.md +++ b/devices/surface/surface-diagnostic-toolkit-command-line.md @@ -8,7 +8,7 @@ author: coveminer ms.author: v-jokai ms.topic: article ms.reviewer: hachidan -manager: dansimp +manager: laurawi ms.localizationpriority: medium ms.audience: itpro --- diff --git a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md index 8586cb543a..795bff7f7f 100644 --- a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md +++ b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md @@ -8,7 +8,7 @@ author: coveminer ms.author: v-jokai ms.topic: article ms.reviewer: hachidan -manager: dansimp +manager: laurawi ms.localizationpriority: medium ms.audience: itpro --- diff --git a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md index 7c84f5c0e4..2b19282899 100644 --- a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md +++ b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md @@ -8,7 +8,7 @@ author: coveminer ms.author: v-jokai ms.topic: article ms.reviewer: cottmca -manager: dansimp +manager: laurawi ms.localizationpriority: medium ms.audience: itpro --- diff --git a/devices/surface/surface-dock-firmware-update.md b/devices/surface/surface-dock-firmware-update.md index d748891d49..26264b1509 100644 --- a/devices/surface/surface-dock-firmware-update.md +++ b/devices/surface/surface-dock-firmware-update.md @@ -1,5 +1,5 @@ --- -title: Microsoft Surface Dock Firmware Update +title: Microsoft Surface Dock Firmware Update - Technical information for IT administrators description: This article explains how to use Microsoft Surface Dock Firmware Update to update Surface Dock firmware. When installed on your Surface device, it will update any Surface Dock attached to your Surface device. ms.localizationpriority: medium ms.prod: w10 @@ -9,25 +9,34 @@ author: greg-lindsay ms.author: greglin ms.topic: article ms.reviewer: scottmca -manager: dansimp +manager: laurawi ms.audience: itpro --- -# Microsoft Surface Dock Firmware Update - -This article explains how to use Microsoft Surface Dock Firmware Update to update Surface Dock firmware. When installed on your Surface device, it will update any Surface Dock attached to your Surface device. - -Microsoft Surface Dock Firmware Update supersedes the earlier Microsoft Surface Dock Updater tool, previously available for download as part of Surface Tools for IT. It was named Surface_Dock_Updater_vx.xx.xxx.x.msi (where x indicates the version number). The earlier tool is no longer available for download and should not be used. +# Microsoft Surface Dock Firmware Update: Technical information for IT administrators > [!IMPORTANT] ->Microsoft periodically releases new versions of Surface Dock Firmware Update. The MSI file is not self-updating. If you have deployed the MSI to Surface devices and a new version of the firmware is released, you will need to deploy the new version. +> This article contains technical instructions for IT administrators. If you are a home user, please see [How to update your Surface Dock Firmware](https://support.microsoft.com/help/4023478/surface-update-your-surface-dock) on the Microsoft Support site. The instructions at the support site are the same as the general installation steps below, but this article has additional information for monitoring, verifying, and deploying the update to multiple devices on a network. + +This article explains how to use Microsoft Surface Dock Firmware Update to update Surface Dock firmware. When installed on your Surface device, it will update any Surface Dock attached to your Surface device. + +This tool supersedes the earlier Microsoft Surface Dock Updater tool, previously available for download as part of Surface Tools for IT. The earlier tool was named Surface_Dock_Updater_vx.xx.xxx.x.msi (where x indicates the version number) and is no longer available for download and should not be used. + +## Install the Surface Dock Firmware Update + +This section describes how to manually install the firmware update. + +> [!NOTE] +> Microsoft periodically releases new versions of Surface Dock Firmware Update. The MSI file is not self-updating. If you have deployed the MSI to Surface devices and a new version of the firmware is released, you will need to deploy the new version. + +1. Download and install [Microsoft Surface Dock Firmware Update](https://www.microsoft.com/download/details.aspx?id=46703). + - The update requires a Surface device running Windows 10, version 1803 or later. + - Installing the MSI file might prompt you to restart Surface. However, restarting is not required to perform the update. + +2. Disconnect your Surface device from the Surface Dock (using the power adapter), wait ~5 seconds, and then reconnect. The Surface Dock Firmware Update will update the dock silently in background. The process can take a few minutes to complete and will continue even if interrupted. ## Monitor the Surface Dock Firmware Update -This section is optional and provides an overview of how to monitor installation of the firmware update. When you are ready to install the update, see [Install the Surface Dock Firmware Update](#install-the-surface-dock-firmware-update) below. For more detailed information about monitoring the update process, see the following sections in this article: - - [How to verify completion of firmware update](#how-to-verify-completion-of-the-firmware-update) - - [Event logging](#event-logging) - - [Troubleshooting tips](#troubleshooting-tips) - - [Versions reference](#versions-reference) +This section is optional and provides an overview of how to monitor installation of the firmware update. To monitor the update: @@ -39,7 +48,6 @@ To monitor the update: Reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WUDF\Services\SurfaceDockFwUpdate\Parameters" ``` 3. Install the update as described in the [next section](#install-the-surface-dock-firmware-update) of this article. - 4. Event 2007 with the following text indicates a successful update: **Firmware update finished. hr=0 DriverTelementry EventCode = 2007**. - If the update is not successful, then event ID 2007 will be displayed as an **Error** event rather than **Information**. Additionally, the version reported in the Windows Registry will not be current. 5. When the update is complete, updated DWORD values will be displayed in the Windows Registry, corresponding to the current version of the tool. See the [Versions reference](#versions-reference) section in this article for details. For example: @@ -49,15 +57,11 @@ To monitor the update: >[!TIP] >If you see "The description for Event ID xxxx from source SurfaceDockFwUpdate cannot be found" in event text, this is expected and can be ignored. -## Install the Surface Dock Firmware Update - -This section describes how to install the firmware update. - -1. Download and install [Microsoft Surface Dock Firmware Update](https://www.microsoft.com/download/details.aspx?id=46703). - - The update requires a Surface device running Windows 10, version 1803 or later. - - Installing the MSI file might prompt you to restart Surface. However, restarting is not required to perform the update. - -2. Disconnect your Surface device from the Surface Dock (using the power adapter), wait ~5 seconds, and then reconnect. The Surface Dock Firmware Update will update the dock silently in background. The process can take a few minutes to complete and will continue even if interrupted. +Also see the following sections in this article: + - [How to verify completion of firmware update](#how-to-verify-completion-of-the-firmware-update) + - [Event logging](#event-logging) + - [Troubleshooting tips](#troubleshooting-tips) + - [Versions reference](#versions-reference) ## Network deployment diff --git a/devices/surface/surface-enterprise-management-mode.md b/devices/surface/surface-enterprise-management-mode.md index 493b04c1ae..fc88993c64 100644 --- a/devices/surface/surface-enterprise-management-mode.md +++ b/devices/surface/surface-enterprise-management-mode.md @@ -10,7 +10,7 @@ author: coveminer ms.author: v-jokai ms.topic: article ms.reviewer: scottmca -manager: dansimp +manager: laurawi ms.localizationpriority: medium ms.audience: itpro --- diff --git a/devices/surface/surface-manage-dfci-guide.md b/devices/surface/surface-manage-dfci-guide.md index 41a2f2f912..f21805f1a7 100644 --- a/devices/surface/surface-manage-dfci-guide.md +++ b/devices/surface/surface-manage-dfci-guide.md @@ -10,7 +10,7 @@ ms.author: v-jokai ms.topic: article ms.date: 11/13/2019 ms.reviewer: jesko -manager: dansimp +manager: laurawi ms.audience: itpro --- # Intune management of Surface UEFI settings diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md index fb4f9b552d..f3d922c048 100644 --- a/devices/surface/surface-pro-arm-app-management.md +++ b/devices/surface/surface-pro-arm-app-management.md @@ -8,8 +8,9 @@ ms.sitesec: library author: coveminer ms.author: v-jokai ms.topic: article +ms.date: 4/15/2020 ms.reviewer: jessko -manager: dansimp +manager: laurawi ms.audience: itpro --- # Deploying, managing, and servicing Surface Pro X @@ -43,7 +44,7 @@ Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager A component of Microsoft Enterprise Mobility + Security, Intune integrates with Azure Active Directory for identity and access control and provides granular management of enrolled Surface Pro X devices. Intune mobile device management (MDM) policies have a number of advantages over older on-premises tools such as Windows Group Policy. This includes faster device login times and a more streamlined catalog of policies enabling full device management from the cloud. For example, you can manage LTE using eSIM profiles to configure data plans and deploy activation codes to multiple devices.
-For more information about setting up Intune, refer to the [Intune documentation](https://docs.microsoft.com/intune/). +For more information about using Intune, refer to the [Intune documentation](https://docs.microsoft.com/intune/). ### Co-management @@ -108,9 +109,9 @@ Popular browsers run on Surface Pro X: ## Installing and using Microsoft Office - Use Office 365 for the best experience on a Windows 10 PC on an ARM-based processor. -- Office 365 “click-to-run” installs Outlook, Word, Excel, and PowerPoint, optimized to run on a Windows 10 PC on an ARM-based processor. +- Office 365 "click-to-run" installs Outlook, Word, Excel, and PowerPoint, optimized to run on a Windows 10 PC on an ARM-based processor. - Microsoft Teams runs great on Surface Pro X. -- For “perpetual versions” of Office such as Office 2019, install the 32-bit version. +- For "perpetual versions" of Office such as Office 2019, install the 32-bit version. ## VPN diff --git a/devices/surface/surface-pro-arm-app-performance.md b/devices/surface/surface-pro-arm-app-performance.md index 0057104b59..4459d6052b 100644 --- a/devices/surface/surface-pro-arm-app-performance.md +++ b/devices/surface/surface-pro-arm-app-performance.md @@ -10,7 +10,7 @@ ms.author: v-jokai ms.topic: article ms.date: 10/03/2019 ms.reviewer: jessko -manager: dansimp +manager: laurawi ms.audience: itpro --- # Surface Pro X app compatibility diff --git a/devices/surface/surface-system-sku-reference.md b/devices/surface/surface-system-sku-reference.md index 9c7b32f336..c0de20193f 100644 --- a/devices/surface/surface-system-sku-reference.md +++ b/devices/surface/surface-system-sku-reference.md @@ -11,7 +11,7 @@ ms.author: v-jokai ms.topic: article ms.date: 03/09/2020 ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium ms.audience: itpro --- diff --git a/devices/surface/surface-wireless-connect.md b/devices/surface/surface-wireless-connect.md index d30a955dac..24a358065b 100644 --- a/devices/surface/surface-wireless-connect.md +++ b/devices/surface/surface-wireless-connect.md @@ -10,7 +10,7 @@ ms.localizationpriority: medium ms.author: v-jokai ms.topic: article ms.reviewer: tokatz -manager: dansimp +manager: laurawi --- # Optimize Wi-Fi connectivity for Surface devices diff --git a/devices/surface/unenroll-surface-devices-from-semm.md b/devices/surface/unenroll-surface-devices-from-semm.md index 6174474de7..0caea932ab 100644 --- a/devices/surface/unenroll-surface-devices-from-semm.md +++ b/devices/surface/unenroll-surface-devices-from-semm.md @@ -10,7 +10,7 @@ author: coveminer ms.author: v-jokai ms.topic: article ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium ms.audience: itpro --- diff --git a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md index bac99f89bc..f483ed4583 100644 --- a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md +++ b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md @@ -12,7 +12,7 @@ ms.topic: article ms.localizationpriority: medium ms.audience: itpro ms.reviewer: -manager: dansimp +manager: laurawi --- # Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit diff --git a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md index da2a90ea0b..42c6d6f42f 100644 --- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md +++ b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md @@ -10,7 +10,7 @@ author: coveminer ms.author: v-jokai ms.topic: article ms.reviewer: -manager: dansimp +manager: laurawi ms.localizationpriority: medium ms.audience: itpro --- diff --git a/devices/surface/using-the-sda-deployment-share.md b/devices/surface/using-the-sda-deployment-share.md index 40c991f145..0309d071ec 100644 --- a/devices/surface/using-the-sda-deployment-share.md +++ b/devices/surface/using-the-sda-deployment-share.md @@ -12,7 +12,7 @@ ms.topic: article ms.localizationpriority: medium ms.audience: itpro ms.reviewer: -manager: dansimp +manager: laurawi --- # Using the Microsoft Surface Deployment Accelerator deployment share diff --git a/devices/surface/wake-on-lan-for-surface-devices.md b/devices/surface/wake-on-lan-for-surface-devices.md index 37cb7a1d1e..a6686dcf69 100644 --- a/devices/surface/wake-on-lan-for-surface-devices.md +++ b/devices/surface/wake-on-lan-for-surface-devices.md @@ -11,7 +11,7 @@ author: coveminer ms.author: v-jokai ms.topic: article ms.reviewer: scottmca -manager: dansimp +manager: laurawi ms.audience: itpro --- diff --git a/devices/surface/windows-autopilot-and-surface-devices.md b/devices/surface/windows-autopilot-and-surface-devices.md index b008fa625a..0860600d05 100644 --- a/devices/surface/windows-autopilot-and-surface-devices.md +++ b/devices/surface/windows-autopilot-and-surface-devices.md @@ -1,7 +1,7 @@ --- title: Windows Autopilot and Surface devices ms.reviewer: -manager: dansimp +manager: laurawi description: Find out about Windows Autopilot deployment options for Surface devices. keywords: autopilot, windows 10, surface, deployment ms.prod: w10 @@ -48,17 +48,14 @@ Select Surface partners can enroll Surface devices in Windows Autopilot for you Surface partners that are enabled for Windows Autopilot include: -- [ALSO](https://www.also.com/ec/cms5/de_1010/1010_anbieter/microsoft/windows-autopilot/index.jsp) -- [Atea](https://www.atea.com/) -- [Bechtle](https://www.bechtle.com/marken/microsoft/microsoft-windows-autopilot) -- [Cancom](https://www.cancom.de/) -- [CDW](https://www.cdw.com/) -- [Computacenter](https://www.computacenter.com/uk) -- [Connection](https://www.connection.com/brand/microsoft/microsoft-surface) -- [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html) -- [SHI](https://www.shi.com/Surface) -- [Synnex](https://www.synnexcorp.com/us/microsoft/surface-autopilot/) -- [Techdata](https://www.techdata.com/) +| US partners | Global partners | US distributors | +|--------------|---------------|-------------------| +| * [CDW](https://www.cdw.com/) | * [ALSO](https://www.also.com/ec/cms5/de_1010/1010_anbieter/microsoft/windows-autopilot/index.jsp) | * [Synnex](https://www.synnexcorp.com/us/microsoft/surface-autopilot/) | +| * [Connection](https://www.connection.com/brand/microsoft/microsoft-surface) | * [ATEA](https://www.atea.com/) | * [Techdata](https://www.techdata.com/) | +| * [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html) | * [Bechtle](https://www.bechtle.com/marken/microsoft/microsoft-windows-autopilot) | | +| * [SHI](https://www.shi.com/Surface) | * [Cancom](https://www.cancom.de/) | | +| * [LDI Connect](https://www.myldi.com/managed-it/) | * [Computacenter](https://www.computacenter.com/uk) | | +| * [F1](https://www.functiononeit.com/#empower) | | ## Learn more diff --git a/education/windows/images/edu-districtdeploy-fig1.png b/education/windows/images/edu-districtdeploy-fig1.png index a9ed962f95..9e9cd6c238 100644 Binary files a/education/windows/images/edu-districtdeploy-fig1.png and b/education/windows/images/edu-districtdeploy-fig1.png differ diff --git a/education/windows/images/edu-districtdeploy-fig2.png b/education/windows/images/edu-districtdeploy-fig2.png index 3838c18153..dfa00a0132 100644 Binary files a/education/windows/images/edu-districtdeploy-fig2.png and b/education/windows/images/edu-districtdeploy-fig2.png differ diff --git a/education/windows/images/edu-districtdeploy-fig4.png b/education/windows/images/edu-districtdeploy-fig4.png index c55ee20d47..ca07e5a968 100644 Binary files a/education/windows/images/edu-districtdeploy-fig4.png and b/education/windows/images/edu-districtdeploy-fig4.png differ diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md index a39eca9e4d..ebab019584 100644 --- a/windows/application-management/app-v/appv-supported-configurations.md +++ b/windows/application-management/app-v/appv-supported-configurations.md @@ -51,12 +51,15 @@ The following table lists the SQL Server versions that the App-V Management data |SQL Server version|Service pack|System architecture| |---|---|---| +|Microsoft SQL Server 2019||32-bit or 64-bit| |Microsoft SQL Server 2017||32-bit or 64-bit| |Microsoft SQL Server 2016|SP2|32-bit or 64-bit| |Microsoft SQL Server 2014||32-bit or 64-bit| |Microsoft SQL Server 2012|SP2|32-bit or 64-bit| |Microsoft SQL Server 2008 R2|SP3|32-bit or 64-bit| +For more information on user configuration files with SQL server 2016 or later, see the [support article](https://support.microsoft.com/help/4548751/app-v-server-publishing-might-fail-when-you-apply-user-configuration-f). + ### Publishing server operating system requirements The App-V Publishing server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later. diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 1eb4d1d50b..7f0c586ed7 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -31,64 +31,61 @@ The following tables list the system apps, installed Windows apps, and provision Some of the apps show up in multiple tables - that's because their status changed between versions. Make sure to check the version column for the version you are currently running. - ## Provisioned Windows apps -Here are the provisioned Windows apps in Windows 10 versions 1703, 1709, 1803 and 1809. +You can list all provisioned Windows apps with this PowerShell command: -> [!TIP] -> You can list all provisioned Windows apps with this PowerShell command: -> ``` -> Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName -> ``` +```Powershell +Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName +``` -
+Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, and 1909. -| Package name | App name | 1709 | 1803 | 1809 | 1909 | Uninstall through UI? | -|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:| -| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | Yes | -| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | Via Settings App | -| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | | x | x | No | -| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.MicrosoftOfficeHub | [My Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | | x | x | No | -| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Office.OneNote | [OneNote](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.OneConnect | [Paid Wi-Fi & Cellular](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Outlook.DesktopIntegrationServices | | | | | x | | -| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | | x | x | No | -| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No | -| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.VP9VideoExtensions | | | | x | x | No | -| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | | x | x | No | -| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | No | -| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Xbox.TCUI | [Xbox TCUI](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxApp | [Xbox](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxGameOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxGamingOverlay | [Xbox Gaming Overlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | No | -| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | | x | x | No | -| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | No | +| Package name | App name | 1803 | 1809 | 1903 | 1909 | Uninstall through UI? | +|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:| +| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | Yes | +| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | Yes | +| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | Via Settings App | +| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | x | x | x | No | +| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.MicrosoftOfficeHub | [My Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes | +| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | Yes | +| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | x | x | x | No | +| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Office.OneNote | [OneNote](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes | +| Microsoft.OneConnect | [Paid Wi-Fi & Cellular](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Outlook.DesktopIntegrationServices | | | | | x | | +| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | x | x | x | No | +| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No | +| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.VP9VideoExtensions | | | x | x | x | No | +| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | x | x | x | No | +| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | No | +| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Xbox.TCUI | [Xbox TCUI](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.XboxApp | [Xbox](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.XboxGameOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.XboxGamingOverlay | [Xbox Gaming Overlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | No | +| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | x | x | x | No | +| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | No | >[!NOTE] >The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it. @@ -97,13 +94,11 @@ Here are the provisioned Windows apps in Windows 10 versions 1703, 1709, 1803 an System apps are integral to the operating system. Here are the typical system apps in Windows 10 versions 1709, 1803, and 1809. -> [!TIP] -> You can list all system apps with this PowerShell command: -> ``` -> Get-AppxPackage -PackageTypeFilter Main | ? { $_.SignatureKind -eq "System" } | Sort Name | Format-Table Name, InstallLocation -> ``` +You can list all system apps with this PowerShell command: -
+```Powershell +Get-AppxPackage -PackageTypeFilter Main | ? { $_.SignatureKind -eq "System" } | Sort Name | Format-Table Name, InstallLocation +``` | Name | Package Name | 1709 | 1803 | 1809 |Uninstall through UI? | |----------------------------------|---------------------------------------------|:-----:|:----:|:----:|-----------------------| diff --git a/windows/client-management/mdm/get-product-packages.md b/windows/client-management/mdm/get-product-packages.md index 394b64e58c..5ad2851bc5 100644 --- a/windows/client-management/mdm/get-product-packages.md +++ b/windows/client-management/mdm/get-product-packages.md @@ -1,6 +1,6 @@ --- title: Get product packages -description: The Get product packages operation retrieves the information about applications in the Micosoft Store for Business. +description: The Get product packages operation retrieves the information about applications in the Microsoft Store for Business. ms.assetid: 039468BF-B9EE-4E1C-810C-9ACDD55C0835 ms.reviewer: manager: dansimp @@ -14,7 +14,7 @@ ms.date: 09/18/2017 # Get product packages -The **Get product packages** operation retrieves the information about applications in the Micosoft Store for Business. +The **Get product packages** operation retrieves the information about applications in the Microsoft Store for Business. ## Request diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index a55e6716ff..c5e74893fc 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -1025,6 +1025,7 @@ To validate on Desktop, do the following: [Scope](./policy-configuration-service-provider.md#policy-scope): > [!div class = "checklist"] +> * User > * Device
diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md index 70668fa9de..e7cb92b9c4 100644 --- a/windows/client-management/mdm/reboot-csp.md +++ b/windows/client-management/mdm/reboot-csp.md @@ -45,12 +45,16 @@ Setting a null (empty) date will delete the existing schedule. In accordance wit

The supported operations are Get, Add, Replace, and Delete.

+

The supported data type is "String".

+ **Schedule/DailyRecurrent**

This node will execute a reboot each day at a scheduled time starting at the configured starting time and date. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. The CSP will return the date time in the following format: 2018-06-29T10:00:00+01:00.
Example to configure: 2018-10-25T18:00:00

The supported operations are Get, Add, Replace, and Delete.

+

The supported data type is "String".

+ ## Related topics diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md index 1c13aa99ad..eecc7c7075 100644 --- a/windows/client-management/mdm/vpnv2-profile-xsd.md +++ b/windows/client-management/mdm/vpnv2-profile-xsd.md @@ -175,6 +175,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro + diff --git a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md index 2245bcd552..52246fddfd 100644 --- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md +++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md @@ -151,7 +151,7 @@ $oulist = Import-csv -Path c:\oulist.txt ForEach($entry in $oulist){ $ouname = $entry.ouname $oupath = $entry.oupath - New-ADOrganizationalUnit -Name $ouname -Path $oupath -WhatIf + New-ADOrganizationalUnit -Name $ouname -Path $oupath Write-Host -ForegroundColor Green "OU $ouname is created in the location $oupath" } ``` diff --git a/windows/deployment/images/configmgr-assets.PNG b/windows/deployment/images/configmgr-assets.PNG new file mode 100644 index 0000000000..ac315148c5 Binary files /dev/null and b/windows/deployment/images/configmgr-assets.PNG differ diff --git a/windows/deployment/images/configmgr-assets.png b/windows/deployment/images/configmgr-assets.png index 264606c2ab..ac315148c5 100644 Binary files a/windows/deployment/images/configmgr-assets.png and b/windows/deployment/images/configmgr-assets.png differ diff --git a/windows/deployment/images/fig16-contentstatus.png b/windows/deployment/images/fig16-contentstatus.png new file mode 100644 index 0000000000..f48490b97d Binary files /dev/null and b/windows/deployment/images/fig16-contentstatus.png differ diff --git a/windows/deployment/images/fig18-distwindows.png b/windows/deployment/images/fig18-distwindows.png index 6e696e321d..07ff1b74c6 100644 Binary files a/windows/deployment/images/fig18-distwindows.png and b/windows/deployment/images/fig18-distwindows.png differ diff --git a/windows/deployment/images/mdt-06-fig06.png b/windows/deployment/images/mdt-06-fig06.png index 324c8960c1..69e2b89c1e 100644 Binary files a/windows/deployment/images/mdt-06-fig06.png and b/windows/deployment/images/mdt-06-fig06.png differ diff --git a/windows/deployment/images/mdt-06-fig08.png b/windows/deployment/images/mdt-06-fig08.png index 086a3961a3..25c8a0a445 100644 Binary files a/windows/deployment/images/mdt-06-fig08.png and b/windows/deployment/images/mdt-06-fig08.png differ diff --git a/windows/deployment/media/Windows10DeploymentConfigManager.pdf b/windows/deployment/media/Windows10DeploymentConfigManager.pdf index ac27941579..3a4c5f022e 100644 Binary files a/windows/deployment/media/Windows10DeploymentConfigManager.pdf and b/windows/deployment/media/Windows10DeploymentConfigManager.pdf differ diff --git a/windows/deployment/media/Windows10DeploymentConfigManager.vsdx b/windows/deployment/media/Windows10DeploymentConfigManager.vsdx index 5c5328cb5f..8b2db358ff 100644 Binary files a/windows/deployment/media/Windows10DeploymentConfigManager.vsdx and b/windows/deployment/media/Windows10DeploymentConfigManager.vsdx differ diff --git a/windows/deployment/media/windows10-deployment-config-manager.png b/windows/deployment/media/windows10-deployment-config-manager.png index 9a3ae2b1f5..509e041741 100644 Binary files a/windows/deployment/media/windows10-deployment-config-manager.png and b/windows/deployment/media/windows10-deployment-config-manager.png differ diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md index d97bb2897a..2167039e0c 100644 --- a/windows/deployment/update/update-compliance-configuration-script.md +++ b/windows/deployment/update/update-compliance-configuration-script.md @@ -19,7 +19,7 @@ ms.topic: article The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures device policies via Group Policy, ensures that required services are running, and more. -You can [**download the script here**](https://github.com/cinglis-msft/UpdateComplianceConfigurationScript). Keep reading to learn how to configure the script and interpret error codes that are output in logs for troubleshooting. +You can [**download the script here**](https://www.microsoft.com/en-us/download/details.aspx?id=101086). Keep reading to learn how to configure the script and interpret error codes that are output in logs for troubleshooting. ## How the script is organized @@ -41,7 +41,7 @@ When using the script in the context of troubleshooting, use `Pilot`. Enter `Run 2. Configure `commercialIDValue` to your CommercialID. To get your CommercialID, see [Getting your CommercialID](update-compliance-get-started.md#get-your-commercialid). 3. Run the script. The script must be run in System context. 4. Examine the Logs output for any issues. If there were issues: - - Compare Logs output with the required settings covered in [Manually Configuring Devices for Update Compliance] (update-compliance-configuration-manual.md). + - Compare Logs output with the required settings covered in [Manually Configuring Devices for Update Compliance](update-compliance-configuration-manual.md). - Examine the script errors and refer to the [script error reference](#script-error-reference) on how to interpret the codes. - Make the necessary corrections and run the script again. 5. When you no longer have issues, proceed to using the script for more broad deployment with the `Deployment` folder. diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md index 9e8f6964b8..255adfa845 100644 --- a/windows/deployment/update/update-compliance-monitor.md +++ b/windows/deployment/update/update-compliance-monitor.md @@ -18,10 +18,9 @@ ms.topic: article # Monitor Windows Updates with Update Compliance > [!IMPORTANT] -> While [Windows Analytics was retired on January 31, 2020](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor), support for Update Compliance has continued through the Azure Portal; however, please note the following updates: -> -> * On March 31, 2020, the Windows Defender Antivirus reporting feature of Update Compliance was retired. You can continue to review malware definition status and manage and monitor malware attacks with Microsoft Endpoint Manager's [Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune). Configuration Manager customers can monitor Endpoint Protection with [Endpoint Protection in Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection). -> * The Perspectives feature of Update Compliance was retired on March 31, 2020 in favor of a better experience. The Perspectives feature is part of the Log Search portal of Log Analytics, which was deprecated on February 15, 2019 in favor of [Azure Monitor Logs](https://docs.microsoft.com/azure/azure-monitor/log-query/log-search-transition). Your Update Compliance solution will be automatically upgraded to Azure Monitor Logs, and the data available in Perspectives will be migrated to a set of queries in the [Needs Attention section](update-compliance-need-attention.md) of Update Compliance. +> While [Windows Analytics was retired on January 31, 2020](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor), support for Update Compliance has continued through the Azure Portal. A few retirements are planned, noted below, but are placed on hold until the current situation stabilizes. +> * As of March 31, 2020, The Windows Defender Antivirus reporting feature of Update Compliance is no longer supported and will soon be retired. You can continue to review malware definition status and manage and monitor malware attacks with Microsoft Endpoint Manager's [Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune). Configuration Manager customers can monitor Endpoint Protection with [Endpoint Protection in Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection). +> * As of March 31, 2020, The Perspectives feature of Update Compliance is no longer supported and will soon be retired in favor of a better experience. The Perspectives feature is part of the Log Search portal of Log Analytics, which was deprecated on February 15, 2019 in favor of [Azure Monitor Logs](https://docs.microsoft.com/azure/azure-monitor/log-query/log-search-transition). Your Update Compliance solution will be automatically upgraded to Azure Monitor Logs, and the data available in Perspectives will be migrated to a set of queries in the [Needs Attention section](update-compliance-need-attention.md) of Update Compliance. ## Introduction diff --git a/windows/deployment/update/update-compliance-schema-wudostatus.md b/windows/deployment/update/update-compliance-schema-wudostatus.md index 7a9adf27cd..f3d6dc0e2a 100644 --- a/windows/deployment/update/update-compliance-schema-wudostatus.md +++ b/windows/deployment/update/update-compliance-schema-wudostatus.md @@ -36,7 +36,7 @@ These fields are briefly described in this article, to learn more about Delivery |**BytesFromGroupPeers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`523132` |Total number of bytes downloaded from Group Peers. | |**BytesFromIntPeers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`328350` |Total number of bytes downloaded from Internet Peers. | |**BytesFromPeers** |[long](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/long) |`43145` |Total number of bytes downloaded from peers. | -|**ContentDownloadMode** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`0` |Device's Delivery Optimization [Download Mode](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#download-mode)**@JAIME** configuration for this content. | +|**ContentDownloadMode** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`0` |Device's Delivery Optimization [Download Mode](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#download-mode) configuration for this content. | |**ContentType** |[int](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/int) |`Quality Updates` |The type of content being downloaded. | |**DOStatusDescription** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) | |A short description of DO's status, if any. | |**DownloadMode** |[string](https://docs.microsoft.com/azure/kusto/query/scalar-data-types/string) |`HTTP+LAN (1)` |Device's Delivery Optimization [Download Mode](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization-reference#download-mode) configuration for this device. | diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md index 4f273824cb..5a53df6187 100644 --- a/windows/deployment/windows-10-poc-sc-config-mgr.md +++ b/windows/deployment/windows-10-poc-sc-config-mgr.md @@ -463,7 +463,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi 11. Edit the task sequence to add the Microsoft NET Framework 3.5, which is required by many applications. To edit the task sequence, double-click **Windows 10 Enterprise x64 Default Image** that was created in the previous step. -12. Click the **Task Sequence** tab. Under **State Restore** click **Tatto** to highlight it, then click **Add** and choose **New Group**. A new group will be added under Tattoo. +12. Click the **Task Sequence** tab. Under **State Restore** click **Tattoo** to highlight it, then click **Add** and choose **New Group**. A new group will be added under Tattoo. 13. On the Properties tab of the group that was created in the previous step, change the Name from New Group to **Custom Tasks (Pre-Windows Update)** and then click **Apply**. To see the name change, click **Tattoo**, then click the new group again. @@ -775,7 +775,7 @@ In this first deployment scenario, we will deploy Windows 10 using PXE. This sce 9. Close the Map Network Drive window, the Explorer window, and the command prompt. -10. The **Windows 10 Enterprise x64** task sequence is selected in the Task Sequenc Wizard. Click **Next** to continue with the deployment. +10. The **Windows 10 Enterprise x64** task sequence is selected in the Task Sequence Wizard. Click **Next** to continue with the deployment. 11. The task sequence will require several minutes to complete. You can monitor progress of the task sequence using the MDT Deployment Workbench under Deployment Shares > MDTProduction > Monitoring. The task sequence will: - Install Windows 10 @@ -1027,7 +1027,7 @@ In the Configuration Manager console, in the Software Library workspace under Op ### Deploy the new computer -1. Start PC4 and press ENTER for a network boot when prompted. To start PC4, type the following commands at an elevated Windows Powershell prompt on the Hyper-V host: +1. Start PC4 and press ENTER for a network boot when prompted. To start PC4, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host: ``` Start-VM PC4 diff --git a/windows/deployment/windows-autopilot/autopilot-support.md b/windows/deployment/windows-autopilot/autopilot-support.md index 7fd687321a..762aab67e5 100644 --- a/windows/deployment/windows-autopilot/autopilot-support.md +++ b/windows/deployment/windows-autopilot/autopilot-support.md @@ -10,7 +10,6 @@ ms.pagetype: deploy audience: itpro author: greg-lindsay ms.author: greglin -ms.date: 10/31/2018 ms.reviewer: manager: laurawi ms.collection: M365-modern-desktop @@ -25,19 +24,14 @@ The following table displays support information for the Windows Autopilot progr Before contacting the resources listed below for Windows Autopilot-related issues, check the [Windows Autopilot FAQ](autopilot-faq.md). - -| Audience | Support contact | -|---------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| OEM or Channel Partner registering devices as a CSP (via MPC) | Use the help resources available in MPC. Whether you are a named partner or a channel partner (distributor, reseller, SI, etc.), if you’re a CSP registering Autopilot devices through MPC (either manually or through the MPC API), your first-line of support should be the help resources within MPC. | -| OEM registering devices using OEM Direct API | Contact MSOEMOPS@microsoft.com. Response time depends on priority:
Low – 120 hours
Normal – 72 hours
High – 24 hours
Immediate – 4 hours | -| Partners with a Partner Technology Strategist (PTS) | If you have a PTS (whether you’re a CSP or not), you may first try working through your account’s specific Partner Technology Strategist (PTS). | -| Partners with an Ecosystem PM | If you have an Ecosystem PM (whether you’re a CSP or not), you may first try working through your account’s specific Ecosystem PM, especially for technical issues. To learn more about Ecosystem PMs and the services they offer, contact epsoinfo@microsoft.com. | -| Enterprise customers | Contact your Technical Account Manager (TAM), or Account Technology Strategist (ATS), or Customer Service Support (CSS) representative. | -| End-user | Contact your IT administrator. | -| Microsoft Partner Center (MPC) users | Use the [help resources](https://partner.microsoft.com/support) available in MPC. | -| Microsoft Store for Business (MSfB) users | Use the help resources available in MSfB. | -| Intune users | From the Microsoft Azure portal, click [Help + support](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/overview). | -| Microsoft 365 Business | Support is accessible directly through the Microsoft 365 Business portal when logged in: https://support.microsoft.com/en-us. | -| Queries relating to MDA testing | Contact MDAHelp@microsoft.com. | -| All other queries, or when unsure who to contact | Contact msoemops@microsoft.com. | - +| Audience | Support contact | +|------------|---------------------------------------| +| OEM or Channel Partner registering devices as a CSP (via MPC) | Use the help resources available in MPC. Whether you are a named partner or a channel partner (distributor, reseller, SI, etc.), if you’re a CSP registering Autopilot devices through MPC (either manually or through the MPC API), your first-line of support should be the help resources within MPC. | +| OEM registering devices using OEM Direct API | Contact MSOEMOPS@microsoft.com. Response time depends on priority:
Low – 120 hours
Normal – 72 hours
High – 24 hours
Immediate – 4 hours | +| Enterprise customers | Contact your Technical Account Manager (TAM), or Account Technology Strategist (ATS), or Customer Service Support (CSS) representative. | +| End-user | Contact your IT administrator. | +| Microsoft Partner Center (MPC) users | Use the [help resources](https://partner.microsoft.com/support) available in MPC. | +| Microsoft Store for Business (MSfB) users | Use the help resources available in MSfB. | +| Intune users | From the Microsoft Azure portal, click [Help + support](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/overview). | +| Microsoft 365 Business | Support is accessible directly through the Microsoft 365 Business portal when logged in: https://support.microsoft.com/en-us. | +| Queries relating to MDA testing | Contact MDAHelp@microsoft.com. | \ No newline at end of file diff --git a/windows/deployment/windows-autopilot/known-issues.md b/windows/deployment/windows-autopilot/known-issues.md index 162db9fe0e..b85fc9b010 100644 --- a/windows/deployment/windows-autopilot/known-issues.md +++ b/windows/deployment/windows-autopilot/known-issues.md @@ -26,6 +26,9 @@ ms.topic: article + + diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 03b72907ac..6dd9518dcf 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -10,7 +10,7 @@ ms.sitesec: library ms.localizationpriority: high audience: ITPro author: medgarmedgar -ms.author: v-medgar +ms.author: robsize manager: robsize ms.collection: M365-security-compliance ms.topic: article @@ -39,8 +39,8 @@ Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline] >[!Note] >Regarding the Windows Restricted Traffic Limited Functionality Baseline, the 1903 settings (folder) are applicable to 1909 Windows >Enterprise devices. There were no additional settings required for the 1909 release. ->[!Warning] ->If a user executes the "Reset this PC" command (Settings -> Update & Security -> Recovery) with the "Keep my files" option (or the >"Remove Everything" option) the Windows Restricted Traffic Limited Functionality Baseline settings will need to be re-applied in order >re-restrict the device. Egress traffic may occur prior to the re-application of the Restricted Traffic Limited Functionality Baseline >settings. +> [!Warning] +> If a user executes the **Reset this PC** command (Settings -> Update & Security -> Recovery) with the **Keep my files option** (or the **Remove Everything** option) the Windows Restricted Traffic Limited Functionality Baseline settings will need to be re-applied in order to re-restrict the device. Egress traffic may occur prior to the re-application of the Restricted Traffic Limited Functionality Baseline settings. To use Microsoft Intune cloud based device management for restricting traffic please refer to the [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm) @@ -1898,4 +1898,3 @@ For China releases of Windows 10 there is one additional Regkey to be set to pre To learn more, see [Device update management](https://msdn.microsoft.com/library/windows/hardware/dn957432.aspx) and [Configure Automatic Updates by using Group Policy](https://technet.microsoft.com/library/cc720539.aspx). - diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md index 6bc04cd39f..01dffaef6d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md +++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md @@ -47,7 +47,8 @@ Windows Hello provides many benefits, including: ## Where is Windows Hello data stored? The biometric data used to support Windows Hello is stored on the local device only. It doesn't roam and is never sent to external devices or servers. This separation helps to stop potential attackers by providing no single collection point that an attacker could potentially compromise to steal biometric data. Additionally, even if an attacker was actually able to get the biometric data from a device, it cannot be converted back into a raw biometric sample that could be recognized by the biometric sensor. -Each sensor on a device will have its own biometric database file where template data is stored. Each database has a unique, randomly generated key that is encrypted to the system. The template data for the sensor will be encrypted with this per-database key using AES with CBC chaining mode. The hash is SHA256. Some fingerprint sensors have the capability to complete matching on the fingerprint sensor module instead of in the OS. These sensors will store biometric data on the fingerprint module instead of in the database file. +> [!NOTE] +>Each sensor on a device will have its own biometric database file where template data is stored. Each database has a unique, randomly generated key that is encrypted to the system. The template data for the sensor will be encrypted with this per-database key using AES with CBC chaining mode. The hash is SHA256. Some fingerprint sensors have the capability to complete matching on the fingerprint sensor module instead of in the OS. These sensors will store biometric data on the fingerprint module instead of in the database file. ## Has Microsoft set any device requirements for Windows Hello? We've been working with the device manufacturers to help ensure a high-level of performance and protection is met by each sensor and device, based on these requirements: diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md index de0d46631b..528c1b6fe8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md @@ -18,16 +18,23 @@ ms.reviewer: # How Windows Hello for Business works **Applies to** + - Windows 10 -Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords. Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you. For cloud deployments, you can use Windows Hello for Business with Azure Active Directory joined, Hybrid Azure Active Directory joined, or Azure Active Directory registered devices. Windows Hello for Business also works for domain joined devices. +Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords. Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you. For cloud deployments, you can use Windows Hello for Business with Azure Active Directory joined, Hybrid Azure Active Directory joined, or Azure Active Directory registered devices. Windows Hello for Business also works for domain joined devices. Watch this quick video where Pieter Wigleven gives a simple explanation of how Windows Hello for Business works and some of its supporting features. > [!VIDEO https://www.youtube.com/embed/G-GJuDWbBE8] ## Technical Deep Dive + Windows Hello for Business is a distributed system that uses several components to accomplish device registration, provisioning, and authentication. Use this section to gain a better understanding of each of the components and how they support Windows Hello for Business. +Watch Matthew Palko and Ravi Vennapusa explain how Windows Hello for Business provisioning and authentication work. + +> [!VIDEO https://www.youtube.com/embed/RImGsIjSJ1s] +> [!VIDEO https://www.youtube.com/embed/WPmzoP_vMek] + - [Technology and Terminology](hello-how-it-works-technology.md) - [Device Registration](hello-how-it-works-device-registration.md) - [Provisioning](hello-how-it-works-provisioning.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 24172f6859..9369ea8370 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -329,7 +329,7 @@ If box **1a** on your planning worksheet reads **cloud only** or **hybrid**, wri If box **1a** on your planning worksheet reads **on-premises**, and box **1f** reads **AD FS with third party**, write **No** in box **6a** on your planning worksheet. Otherwise, write **Yes** in box **6a** as you need an Azure account for per-consumption MFA billing. Write **No** in box **6b** on your planning worksheet—on-premises deployments do not use the cloud directory. -Windows Hello for Business does not require an Azure AD premium subscription. However, some dependencies do. +Windows Hello for Business does not require an Azure AD premium subscription. However, some dependencies, such as [MDM automatic enrollment](https://docs.microsoft.com/mem/intune/enrollment/quickstart-setup-auto-enrollment) and [Conditional Access](https://docs.microsoft.com/azure/active-directory/conditional-access/overview) do. If box **1a** on your planning worksheet reads **on-premises**, write **No** in box **6c** on your planning worksheet. diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md index d9ecb9798b..00eddf6eee 100644 --- a/windows/security/identity-protection/hello-for-business/hello-videos.md +++ b/windows/security/identity-protection/hello-for-business/hello-videos.md @@ -24,14 +24,33 @@ ms.reviewer: ## Overview of Windows Hello for Business and Features Watch Pieter Wigleven explain Windows Hello for Business, Multi-factor Unlock, and Dynamic Lock + > [!VIDEO https://www.youtube.com/embed/G-GJuDWbBE8] +## Why PIN is more secure than a password + +Watch Dana Huang explain why a Windows Hello for Business PIN is more secure than a password. + +> [!VIDEO https://www.youtube.com/embed/cC24rPBvdhA] + ## Microsoft's passwordless strategy Watch Karanbir Singh's Ignite 2017 presentation **Microsoft's guide for going password-less** > [!VIDEO https://www.youtube.com/embed/mXJS615IGLM] +## Windows Hello for Business Provisioning + +Watch Matthew Palko and Ravi Vennapusa explain how Windows Hello for Business provisioning works. + +> [!VIDEO https://www.youtube.com/embed/RImGsIjSJ1s] + +## Windows Hello for Business Authentication + +Watch Matthew Palko and Ravi Vennapusa explain how Windows Hello for Business authentication works. + +> [!VIDEO https://www.youtube.com/embed/WPmzoP_vMek] + ## Windows Hello for Business user enrollment experience The user experience for Windows Hello for Business occurs after user sign-in, after you deploy Windows Hello for Business policy settings to your environment. diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md index 375f2be134..d74bd61baa 100644 --- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -21,13 +21,18 @@ ms.date: 10/23/2017 # Why a PIN is better than a password **Applies to** + - Windows 10 Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a password? On the surface, a PIN looks much like a password. A PIN can be a set of numbers, but enterprise policy might allow complex PINs that include special characters and letters, both upper-case and lower-case. Something like **t758A!** could be an account password or a complex Hello PIN. It isn't the structure of a PIN (length, complexity) that makes it better than a password, it's how it works. +Watch Dana Huang explain why a Windows Hello for Business PIN is more secure than a password. + +> [!VIDEO https://www.youtube.com/embed/cC24rPBvdhA] ## PIN is tied to the device + One important difference between a password and a Hello PIN is that the PIN is tied to the specific device on which it was set up. That PIN is useless to anyone without that specific hardware. Someone who steals your password can sign in to your account from anywhere, but if they steal your PIN, they'd have to steal your physical device too! Even you can't use that PIN anywhere except on that specific device. If you want to sign in on multiple devices, you have to set up Hello on each device. @@ -44,7 +49,7 @@ When the PIN is created, it establishes a trusted relationship with the identity The Hello PIN is backed by a Trusted Platform Module (TPM) chip, which is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. All Windows 10 Mobile phones and many modern laptops have TPM. -User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetric key pairs, users credentials can’t be stolen in cases where the identity provider or websites the user accesses have been compromised. +User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetric key pairs, users credentials can't be stolen in cases where the identity provider or websites the user accesses have been compromised. The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. After too many incorrect guesses, the device is locked. @@ -54,10 +59,11 @@ The Windows Hello for Business PIN is subject to the same set of IT management p ## What if someone steals the laptop or phone? -To compromise a Windows Hello credential that TPM protects, an attacker must have access to the physical device, and then must find a way to spoof the user’s biometrics or guess his or her PIN—and all of this must be done before [TPM anti-hammering](/windows/device-security/tpm/tpm-fundamentals#anti-hammering) protection locks the device. +To compromise a Windows Hello credential that TPM protects, an attacker must have access to the physical device, and then must find a way to spoof the user's biometrics or guess his or her PIN—and all of this must be done before [TPM anti-hammering](/windows/device-security/tpm/tpm-fundamentals#anti-hammering) protection locks the device. You can provide additional protection for laptops that don't have TPM by enabling BitLocker and setting a policy to limit failed sign-ins. **Configure BitLocker without TPM** + 1. Use the Local Group Policy Editor (gpedit.msc) to enable the following policy: **Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Require additional authentication at startup** @@ -72,7 +78,8 @@ You can provide additional protection for laptops that don't have TPM by enablin 2. Set the number of invalid logon attempts to allow, and then click OK. ## Why do you need a PIN to use biometrics? -Windows Hello enables biometric sign-in for Windows 10: fingerprint, iris, or facial recognition. When you set up Windows Hello, you're asked to create a PIN first. This PIN enables you to sign in using the PIN when you can’t use your preferred biometric because of an injury or because the sensor is unavailable or not working properly. + +Windows Hello enables biometric sign-in for Windows 10: fingerprint, iris, or facial recognition. When you set up Windows Hello, you're asked to create a PIN first. This PIN enables you to sign in using the PIN when you can't use your preferred biometric because of an injury or because the sensor is unavailable or not working properly. If you only had a biometric sign-in configured and, for any reason, were unable to use that method to sign in, you would have to sign in using your account and password, which doesn't provide you the same level of protection as Hello. diff --git a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md index 22d084bda3..66699d9e0b 100644 --- a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md +++ b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md @@ -595,7 +595,7 @@ $ProfileXML = ' true - http://webproxy.corp.contsoso.com/proxy.pac + http://webproxy.corp.contoso.com/proxy.pac ' @@ -672,5 +672,5 @@ An example of an [Intune-ready XML file](https://docs.microsoft.com/windows/secu >This XML is formatted for use with Intune and cannot contain any carriage returns or whitespace. ```xml -truecorp.contoso.comtruecorp.contoso.comedge1.contoso.comForceTunnelIKEv2Certificate
13.107.6.152
31true
13.107.18.10
31true
13.107.128.0
22true
23.103.160.0
20true
40.96.0.0
13true
40.104.0.0
15true
52.96.0.0
14true
131.253.33.215
32true
132.245.0.0
16true
150.171.32.0
22true
191.234.140.0
22true
204.79.197.215
32true
13.107.136.0
22true
40.108.128.0
17true
52.104.0.0
14true
104.146.128.0
17true
150.171.40.0
22true
13.107.60.1
32true
13.107.64.0
18true
52.112.0.0
14true
52.120.0.0
14truehttp://webproxy.corp.contsoso.com/proxy.pac +truecorp.contoso.comtruecorp.contoso.comedge1.contoso.comForceTunnelIKEv2Certificate
13.107.6.152
31true
13.107.18.10
31true
13.107.128.0
22true
23.103.160.0
20true
40.96.0.0
13true
40.104.0.0
15true
52.96.0.0
14true
131.253.33.215
32true
132.245.0.0
16true
150.171.32.0
22true
191.234.140.0
22true
204.79.197.215
32true
13.107.136.0
22true
40.108.128.0
17true
52.104.0.0
14true
104.146.128.0
17true
150.171.40.0
22true
13.107.60.1
32true
13.107.64.0
18true
52.112.0.0
14true
52.120.0.0
14truehttp://webproxy.corp.contoso.com/proxy.pac ``` diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index 56c13ecbbe..a7a7e7fce7 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -80,7 +80,9 @@ The server side configuration to enable Network Unlock also requires provisionin 1. The Windows boot manager detects that a Network Unlock protector exists in the BitLocker configuration. 2. The client computer uses its DHCP driver in the UEFI to obtain a valid IPv4 IP address. -3. The client computer broadcasts a vendor-specific DHCP request that contains the Network Key (a 256-bit intermediate key) and an AES-256 session key for the reply. Both of these keys are encrypted using the 2048-bit RSA Public Key of the Network Unlock certificate from the WDS server. +3. The client computer broadcasts a vendor-specific DHCP request that contains: + 1. A Network Key (a 256-bit intermediate key) encrypted using the 2048-bit RSA Public Key of the Network Unlock certificate from the WDS server. + 2. An AES-256 session key for the reply. 4. The Network Unlock provider on the WDS server recognizes the vendor-specific request. 5. The provider decrypts it with the WDS server’s BitLocker Network Unlock certificate RSA private key. 6. The WDS provider then returns the network key encrypted with the session key using its own vendor-specific DHCP reply to the client computer. This forms an intermediate key. diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 17bf4fe48e..99d33dcb26 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -6,6 +6,7 @@ ### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md) ### [Preview features](microsoft-defender-atp/preview.md) ### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md) +### [Overview of Microsoft Defender Security Center](microsoft-defender-atp/use.md) ### [Portal overview](microsoft-defender-atp/portal-overview.md) ### [Microsoft Defender ATP for US Government Community Cloud High customers](microsoft-defender-atp/commercial-gov.md) @@ -27,7 +28,7 @@ ### [Threat & Vulnerability Management]() #### [Overview of Threat & Vulnerability Management](microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md) #### [Supported operating systems and platforms](microsoft-defender-atp/tvm-supported-os.md) -#### [What's in the dashboard and what it means for my organization](microsoft-defender-atp/tvm-dashboard-insights.md) +#### [Dashboard insights](microsoft-defender-atp/tvm-dashboard-insights.md) #### [Exposure score](microsoft-defender-atp/tvm-exposure-score.md) #### [Configuration score](microsoft-defender-atp/configuration-score.md) #### [Security recommendations](microsoft-defender-atp/tvm-security-recommendation.md) diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 35ac0e33f0..039851e80d 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -77,7 +77,7 @@ To further reinforce the security perimeter of your network, Microsoft Defender - [Behavior monitoring](/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) - [Cloud-based protection](/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) - [Machine learning](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md) -- [URL Protection](/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md) +- [URL Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus) - [Automated sandbox service](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md index f1b9737820..da5160567b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md @@ -30,9 +30,9 @@ Your attack surface is the total number of places where an attacker could compro Attack surface reduction rules target software behaviors that are often abused by attackers, such as: -* Launching executable files and scripts that attempt to download or run files -* Running obfuscated or otherwise suspicious scripts -* Performing behaviors that apps don't usually initiate during normal day-to-day work +- Launching executable files and scripts that attempt to download or run files +- Running obfuscated or otherwise suspicious scripts +- Performing behaviors that apps don't usually initiate during normal day-to-day work These behaviors are sometimes seen in legitimate applications; however, they are considered risky because they are commonly abused by malware. Attack surface reduction rules can constrain these kinds of risky behaviors and help keep your organization safe. @@ -44,9 +44,11 @@ For more information about configuring attack surface reduction rules, see [Enab ## Attack surface reduction features across Windows versions -You can set attack surface reduction rules for computers running Windows 10 versions 1709 and 1803 or later, Windows Server version 1803 (Semi-Annual Channel) or later, and Windows Server 2019. +You can set attack surface reduction rules for computers running the following versions of Windows: +- [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) or later +- [Windows Server, version 1803](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) (Semi-Annual Channel) or later -To use the entire feature-set of attack surface reduction rules, you need a Windows 10 Enterprise license. With a Windows E5 license, you get advanced management capabilities including monitoring, analytics, and workflows available in [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the Microsoft 365 security center. These advanced capabilities aren't available with an E3 license, but you can still use Event Viewer to review attack surface reduction rule events. +To use the entire feature-set of attack surface reduction rules, you need a [Windows 10 Enterprise license](https://www.microsoft.com/licensing/product-licensing/windows10). With a [Windows E5 license](https://docs.microsoft.com/windows/deployment/deploy-enterprise-licenses), you get advanced management capabilities including monitoring, analytics, and workflows available in [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the [Microsoft 365 security center](https://docs.microsoft.com/microsoft-365/security/mtp/overview-security-center). These advanced capabilities aren't available with an E3 license, but you can still use Event Viewer to review attack surface reduction rule events. ## Review attack surface reduction events in the Microsoft Defender Security Center @@ -77,11 +79,11 @@ You can review the Windows event log to view events generated by attack surface This will create a custom view that filters events to only show the following, all of which are related to controlled folder access: -Event ID | Description --|- -5007 | Event when settings are changed -1121 | Event when rule fires in Block-mode -1122 | Event when rule fires in Audit-mode +|Event ID | Description | +|---|---| +|5007 | Event when settings are changed | +|1121 | Event when rule fires in Block-mode | +|1122 | Event when rule fires in Audit-mode | The "engine version" listed for attack surface reduction events in the event log, is generated by Microsoft Defender ATP, not by the operating system. Microsoft Defender ATP is integrated with Windows 10, so this feature works on all devices with Windows 10 installed. @@ -89,38 +91,42 @@ The "engine version" listed for attack surface reduction events in the event log The following sections describe each of the 15 attack surface reduction rules. This table shows their corresponding GUIDs, which you use if you're configuring the rules with Group Policy or PowerShell. If you use Microsoft Endpoint Configuration Manager or Microsoft Intune, you do not need the GUIDs: - Rule name | GUID | File & folder exclusions --|-|- -[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 | Supported -[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | D4F940AB-401B-4EFC-AADC-AD5F3C50688A | Supported -[Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | 3B576869-A4EC-4529-8536-B80A7769E899 | Supported -[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 | Supported -[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | D3E037E1-3EB8-44C8-A917-57927947596D | Not supported -[Block execution of potentially obfuscated scripts](#block-execution-of-potentially-obfuscated-scripts) | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC | Supported -[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B | Supported -[Block executable files from running unless they meet a prevalence, age, or trusted list criterion](#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | 01443614-cd74-433a-b99e-2ecdc07bfc25 | Supported -[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | c1db55ab-c21a-4637-bb3f-a12568109d35 | Supported -[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 | Supported -[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | d1e49aac-8f56-4280-b9ba-993a6d77406c | Supported -[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 | Supported -[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) | 26190899-1602-49e8-8b27-eb1d0a1ce869 | Supported -[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c | Supported -[Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) | e6db77e5-3df2-4cf1-b95a-636979351e5b | Not supported +| Rule name | GUID | File & folder exclusions | Minimum OS supported | +|-----|----|---|---| +|[Block executable content from email client and webmail](#block-executable-content-from-email-client-and-webmail) | `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block all Office applications from creating child processes](#block-all-office-applications-from-creating-child-processes) | `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block Office applications from creating executable content](#block-office-applications-from-creating-executable-content) | `3B576869-A4EC-4529-8536-B80A7769E899` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block Office applications from injecting code into other processes](#block-office-applications-from-injecting-code-into-other-processes) | `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block JavaScript or VBScript from launching downloaded executable content](#block-javascript-or-vbscript-from-launching-downloaded-executable-content) | `D3E037E1-3EB8-44C8-A917-57927947596D` | Not supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block execution of potentially obfuscated scripts](#block-execution-of-potentially-obfuscated-scripts) | `5BEB7EFE-FD9A-4556-801D-275E5FFC04CC` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block Win32 API calls from Office macros](#block-win32-api-calls-from-office-macros) | `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block executable files from running unless they meet a prevalence, age, or trusted list criterion](#block-executable-files-from-running-unless-they-meet-a-prevalence-age-or-trusted-list-criterion) | `01443614-cd74-433a-b99e-2ecdc07bfc25` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Use advanced protection against ransomware](#use-advanced-protection-against-ransomware) | `c1db55ab-c21a-4637-bb3f-a12568109d35` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block credential stealing from the Windows local security authority subsystem (lsass.exe)](#block-credential-stealing-from-the-windows-local-security-authority-subsystem) | `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block process creations originating from PSExec and WMI commands](#block-process-creations-originating-from-psexec-and-wmi-commands) | `d1e49aac-8f56-4280-b9ba-993a6d77406c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block untrusted and unsigned processes that run from USB](#block-untrusted-and-unsigned-processes-that-run-from-usb) | `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block Office communication application from creating child processes](#block-office-communication-application-from-creating-child-processes) | `26190899-1602-49e8-8b27-eb1d0a1ce869` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block Adobe Reader from creating child processes](#block-adobe-reader-from-creating-child-processes) | `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` | Supported | [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) (RS3, build 16299) or greater | +|[Block persistence through WMI event subscription](#block-persistence-through-wmi-event-subscription) | `e6db77e5-3df2-4cf1-b95a-636979351e5b` | Not supported | [Windows 10, version 1903](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1903) (build 18362) or greater | ### Block executable content from email client and webmail This rule blocks the following file types from launching from email opened within the Microsoft Outlook application, or Outlook.com and other popular webmail providers: -* Executable files (such as .exe, .dll, or .scr) -* Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file) +- Executable files (such as .exe, .dll, or .scr) +- Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file) -This rule was introduced in: Windows 10 1709, Windows Server 1809, Windows Server 2019, Microsoft Endpoint Configuration Manager CB 1710 +This rule was introduced in: +- [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) +- [Microsoft Endpoint Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) Intune name: Execution of executable content (exe, dll, ps, js, vbs, etc.) dropped from email (webmail/mail client) (no exceptions) Microsoft Endpoint Configuration Manager name: Block executable content from email client and webmail -GUID: BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550 +GUID: `BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550` ### Block all Office applications from creating child processes @@ -128,27 +134,35 @@ This rule blocks Office apps from creating child processes. This includes Word, Creating malicious child processes is a common malware strategy. Malware that abuse Office as a vector often run VBA macros and exploit code to download and attempt to run additional payloads. However, some legitimate line-of-business applications might also generate child processes for benign purposes, such as spawning a command prompt or using PowerShell to configure registry settings. -This rule was introduced in: Windows 10 1709, Windows Server 1809, Windows Server 2019, Configuration Manager CB 1710 +This rule was introduced in: +- [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) +- [Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) Intune name: Office apps launching child processes Configuration Manager name: Block Office application from creating child processes -GUID: D4F940AB-401B-4EFC-AADC-AD5F3C50688A +GUID: `D4F940AB-401B-4EFC-AADC-AD5F3C50688A` ### Block Office applications from creating executable content This rule prevents Office apps, including Word, Excel, and PowerPoint, from creating potentially malicious executable content, by blocking malicious code from being written to disk. - Malware that abuse Office as a vector may attempt to break out of Office and save malicious components to disk. These malicious components would survive a computer reboot and persist on the system. Therefore, this rule defends against a common persistence technique. + Malware that abuses Office as a vector may attempt to break out of Office and save malicious components to disk. These malicious components would survive a computer reboot and persist on the system. Therefore, this rule defends against a common persistence technique. -This rule was introduced in: Windows 10 1709, Windows Server 1809, Windows Server 2019, SCCM CB 1710 +This rule was introduced in: +- [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) +- [System Center Configuration Manager](https://docs.microsoft.com/configmgr/core/servers/manage/updates) (SCCM) CB 1710 (SCCM is now Microsoft Endpoint Configuration Manager) Intune name: Office apps/macros creating executable content SCCM name: Block Office applications from creating executable content -GUID: 3B576869-A4EC-4529-8536-B80A7769E899 +GUID: `3B576869-A4EC-4529-8536-B80A7769E899` ### Block Office applications from injecting code into other processes @@ -160,13 +174,17 @@ There are no known legitimate business purposes for using code injection. This rule applies to Word, Excel, and PowerPoint. -This rule was introduced in: Windows 10 1709, Windows Server 1809, Windows Server 2019, Configuration Manager CB 1710 +This rule was introduced in: +- [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) +- [Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) Intune name: Office apps injecting code into other processes (no exceptions) Configuration Manager name: Block Office applications from injecting code into other processes -GUID: 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 +GUID: `75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84` ### Block JavaScript or VBScript from launching downloaded executable content @@ -177,13 +195,17 @@ Although not common, line-of-business applications sometimes use scripts to down > [!IMPORTANT] > File and folder exclusions don't apply to this attack surface reduction rule. -This rule was introduced in: Windows 10 1709, Windows Server 1809, Windows Server 2019, Configuration Manager CB 1710 +This rule was introduced in: +- [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) +- [Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) Intune name: js/vbs executing payload downloaded from Internet (no exceptions) Configuration Manager name: Block JavaScript or VBScript from launching downloaded executable content -GUID: D3E037E1-3EB8-44C8-A917-57927947596D +GUID: `D3E037E1-3EB8-44C8-A917-57927947596D` ### Block execution of potentially obfuscated scripts @@ -191,13 +213,17 @@ This rule detects suspicious properties within an obfuscated script. Script obfuscation is a common technique that both malware authors and legitimate applications use to hide intellectual property or decrease script loading times. Malware authors also use obfuscation to make malicious code harder to read, which prevents close scrutiny by humans and security software. -This rule was introduced in: Windows 10 1709, Windows Server 1809, Windows Server 2019, Configuration Manager CB 1710 +This rule was introduced in: +- [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) +- [Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) Intune name: Obfuscated js/vbs/ps/macro code Configuration Manager name: Block execution of potentially obfuscated scripts. -GUID: 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC +GUID: `5BEB7EFE-FD9A-4556-801D-275E5FFC04CC` ### Block Win32 API calls from Office macros @@ -205,37 +231,42 @@ This rule prevents VBA macros from calling Win32 APIs. Office VBA provides the ability to make Win32 API calls. Malware can abuse this capability, such as [calling Win32 APIs to launch malicious shellcode](https://www.microsoft.com/security/blog/2018/09/12/office-vba-amsi-parting-the-veil-on-malicious-macros/) without writing anything directly to disk. Most organizations don't rely on the ability to call Win32 APIs in their day-to-day functioning, even if they use macros in other ways. -This rule was introduced in: Windows 10 1709, Windows Server 1809, Windows Server 2019, Configuration Manager CB 1710 +This rule was introduced in: +- [Windows 10, version 1709](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1709) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) +- [Configuration Manager CB 1710](https://docs.microsoft.com/configmgr/core/servers/manage/updates) Intune name: Win32 imports from Office macro code Configuration Manager name: Block Win32 API calls from Office macros -GUID: 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B +GUID: `92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B` ### Block executable files from running unless they meet a prevalence, age, or trusted list criterion This rule blocks the following file types from launching unless they meet prevalence or age criteria, or they're in a trusted list or an exclusion list: -* Executable files (such as .exe, .dll, or .scr) +- Executable files (such as .exe, .dll, or .scr) -Launching untrusted or unknown executable files can be risky, as it may not not be initially clear if the files are malicious. - -> [!NOTE] -> You must [enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) to use this rule. +Launching untrusted or unknown executable files can be risky, as it may not be initially clear if the files are malicious. > [!IMPORTANT] -> The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses cloud-delivered protection to update its trusted list regularly. +> You must [enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) to use this rule.

The rule **Block executable files from running unless they meet a prevalence, age, or trusted list criterion** with GUID 01443614-cd74-433a-b99e-2ecdc07bfc25 is owned by Microsoft and is not specified by admins. It uses cloud-delivered protection to update its trusted list regularly. > >You can specify individual files or folders (using folder paths or fully qualified resource names) but you can't specify which rules or exclusions apply to. -This rule was introduced in: Windows 10 1803, Windows Server 1809, Windows Server 2019, Configuration Manager CB 1802 +This rule was introduced in: +- [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) +- [Configuration Manager CB 1802](https://docs.microsoft.com/configmgr/core/servers/manage/updates) Intune name: Executables that don't meet a prevalence, age, or trusted list criteria. Configuration Manager name: Block executable files from running unless they meet a prevalence, age, or trusted list criteria -GUID: 01443614-cd74-433a-b99e-2ecdc07bfc25 +GUID: `01443614-cd74-433a-b99e-2ecdc07bfc25` ### Use advanced protection against ransomware @@ -244,13 +275,17 @@ This rule provides an extra layer of protection against ransomware. It scans exe > [!NOTE] > You must [enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) to use this rule. -This rule was introduced in: Windows 10 1803, Windows Server 1809, Windows Server 2019, Configuration Manager CB 1802 +This rule was introduced in: +- [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) +- [Configuration Manager CB 1802](https://docs.microsoft.com/configmgr/core/servers/manage/updates) Intune name: Advanced ransomware protection Configuration Manager name: Use advanced protection against ransomware -GUID: c1db55ab-c21a-4637-bb3f-a12568109d35 +GUID: `c1db55ab-c21a-4637-bb3f-a12568109d35` ### Block credential stealing from the Windows local security authority subsystem @@ -261,13 +296,17 @@ LSASS authenticates users who log in to a Windows computer. Microsoft Defender C > [!NOTE] > In some apps, the code enumerates all running processes and attempts to open them with exhaustive permissions. This rule denies the app's process open action and logs the details to the security event log. This rule can generate a lot of noise. If you have an app that overly enumerates LSASS, you need to add it to the exclusion list. By itself, this event log entry doesn't necessarily indicate a malicious threat. -This rule was introduced in: Windows 10 1803, Windows Server 1809, Windows Server 2019, Configuration Manager CB 1802 +This rule was introduced in: +- [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) +- [Configuration Manager CB 1802](https://docs.microsoft.com/configmgr/core/servers/manage/updates) Intune name: Flag credential stealing from the Windows local security authority subsystem Configuration Manager name: Block credential stealing from the Windows local security authority subsystem -GUID: 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 +GUID: `9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2` ### Block process creations originating from PSExec and WMI commands @@ -276,13 +315,16 @@ This rule blocks processes created through [PsExec](https://docs.microsoft.com/s > [!WARNING] > Only use this rule if you're managing your devices with [Intune](https://docs.microsoft.com/intune) or another MDM solution. This rule is incompatible with management through [Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr) because this rule blocks WMI commands the Configuration Manager client uses to function correctly. -This rule was introduced in: Windows 10 1803, Windows Server 1809, Windows Server 2019 +This rule was introduced in: +- [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) Intune name: Process creation from PSExec and WMI commands Configuration Manager name: Not applicable -GUID: d1e49aac-8f56-4280-b9ba-993a6d77406c +GUID: `d1e49aac-8f56-4280-b9ba-993a6d77406c` ### Block untrusted and unsigned processes that run from USB @@ -291,13 +333,17 @@ With this rule, admins can prevent unsigned or untrusted executable files from r * Executable files (such as .exe, .dll, or .scr) * Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file) -This rule was introduced in: Windows 10 1803, Windows Server 1809, Windows Server 2019, Configuration Manager CB 1802 +This rule was introduced in: +- [Windows 10, version 1803](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1803) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) +- [Configuration Manager CB 1802](https://docs.microsoft.com/configmgr/core/servers/manage/updates) Intune name: Untrusted and unsigned processes that run from USB Configuration Manager name: Block untrusted and unsigned processes that run from USB -GUID: b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 +GUID: `b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4` ### Block Office communication application from creating child processes @@ -308,13 +354,16 @@ This protects against social engineering attacks and prevents exploit code from > [!NOTE] > This rule applies to Outlook and Outlook.com only. -This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019 +This rule was introduced in: +- [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) Intune name: Process creation from Office communication products (beta) Configuration Manager name: Not yet available -GUID: 26190899-1602-49e8-8b27-eb1d0a1ce869 +GUID: `26190899-1602-49e8-8b27-eb1d0a1ce869` ### Block Adobe Reader from creating child processes @@ -322,13 +371,16 @@ This rule prevents attacks by blocking Adobe Reader from creating additional pro Through social engineering or exploits, malware can download and launch additional payloads and break out of Adobe Reader. By blocking child processes from being generated by Adobe Reader, malware attempting to use it as a vector are prevented from spreading. -This rule was introduced in: Windows 10 1809, Windows Server 1809, Windows Server 2019 +This rule was introduced in: +- [Windows 10, version 1809](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809) +- [Windows Server, version 1809](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1809) +- [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19) Intune name: Process creation from Adobe Reader (beta) Configuration Manager name: Not yet available -GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c +GUID: `7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c` ### Block persistence through WMI event subscription @@ -336,17 +388,22 @@ This rule prevents malware from abusing WMI to attain persistence on a device. Fileless threats employ various tactics to stay hidden, to avoid being seen in the file system, and to gain periodic execution control. Some threats can abuse the WMI repository and event model to stay hidden. -This rule was introduced in: Windows 10 1903, Windows Server 1903 +This rule was introduced in: +- [Windows 10, version 1903](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1903) +- [Windows Server 1903](https://docs.microsoft.com/windows-server/get-started-19/whats-new-in-windows-server-1903-1909) Intune name: Block persistence through WMI event subscription Configuration Manager name: Not yet available -GUID: e6db77e5-3df2-4cf1-b95a-636979351e5b +GUID: `e6db77e5-3df2-4cf1-b95a-636979351e5b` ## Related topics -* [Attack surface reduction FAQ](attack-surface-reduction.md) -* [Enable attack surface reduction rules](enable-attack-surface-reduction.md) -* [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md) -* [Compatibility of Microsoft Defender with other antivirus/antimalware](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md) +- [Attack surface reduction FAQ](attack-surface-reduction.md) + +- [Enable attack surface reduction rules](enable-attack-surface-reduction.md) + +- [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md) + +- [Compatibility of Microsoft Defender with other antivirus/antimalware](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md b/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md index 2830d49f18..de0e22cee2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md +++ b/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md @@ -77,7 +77,6 @@ Not currently available. ## Integrations Integrations with the following Microsoft products are not currently available: -- Azure Security Center - Azure Advanced Threat Protection - Azure Information Protection - Office 365 Advanced Threat Protection diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md index 09cd520b12..c5d535a96e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md @@ -34,7 +34,7 @@ For more information on using Microsoft Defender ATP CSP see, [WindowsAdvancedTh ## Before you begin If you're using Microsoft Intune, you must have the device MDM Enrolled. Otherwise, settings will not be applied successfully. -For more information on enabling MDM with Microsoft Intune, see [Setup Windows Device Management](https://docs.microsoft.com/intune-classic/deploy-use/set-up-windows-device-management-with-microsoft-intune). +For more information on enabling MDM with Microsoft Intune, see [Device enrollment (Microsoft Intune)](https://docs.microsoft.com/mem/intune/enrollment/device-enrollment). ## Onboard machines using Microsoft Intune diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md index 449dd5010c..2c8c2b2f66 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 04/24/2018 +ms.date: 04/16/2020 --- # Onboard non-persistent virtual desktop infrastructure (VDI) machines @@ -23,7 +23,8 @@ ms.date: 04/24/2018 **Applies to:** - Virtual desktop infrastructure (VDI) machines - +>[!WARNING] +> Micrsosoft Defender ATP currently does not support Windows Virtual Desktop multi-user session. >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configvdi-abovefoldlink) @@ -80,26 +81,62 @@ The following steps will guide you through onboarding VDI machines and will high 6. Test your solution: - a. Create a pool with one machine. + a. Create a pool with one machine. - b. Logon to machine. + b. Logon to machine. - c. Logoff from machine. + c. Logoff from machine. - d. Logon to machine with another user. + d. Logon to machine with another user. - e. **For single entry for each machine**: Check only one entry in Microsoft Defender Security Center.
+ e. **For single entry for each machine**: Check only one entry in Microsoft Defender Security Center.
**For multiple entries for each machine**: Check multiple entries in Microsoft Defender Security Center. 7. Click **Machines list** on the Navigation pane. 8. Use the search function by entering the machine name and select **Machine** as search type. +## Updating non-persistent virtual desktop infrastructure (VDI) images +As a best practice, we recommend using offline servicing tools to patch golden/master images.
+For example, you can use the below commands to install an update while the image remains offline: + +``` +DISM /Mount-image /ImageFile:"D:\Win10-1909.vhdx" /index:1 /MountDir:"C:\Temp\OfflineServicing" +DISM /Image:"C:\Temp\OfflineServicing" /Add-Package /Packagepath:"C:\temp\patch\windows10.0-kb4541338-x64.msu" +DISM /Unmount-Image /MountDir:"C:\Temp\OfflineServicing" /commit +``` + +For more information on DISM commands and offline servicing, please refer to the articles below: +- [Modify a Windows image using DISM](https://docs.microsoft.com/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism) +- [DISM Image Management Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14) +- [Reduce the Size of the Component Store in an Offline Windows Image](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reduce-the-size-of-the-component-store-in-an-offline-windows-image) + +If offline servicing is not a viable option for your non-persistent VDI environment, the following steps should be taken to ensure consistency and sensor health: + +1. After booting the master image for online servicing or patching, run an offboarding script to turn off the Microsoft Defender ATP sensor. For more information, see [Offboard machines using a local script](configure-endpoints-script.md#offboard-machines-using-a-local-script). + +2. Ensure the sensor is stopped by running the command below in a CMD window: + + ``` + sc query sense + ``` + +3. Service the image as needed. + +4. Run the below commands using PsExec.exe (which can be downloaded from https://download.sysinternals.com/files/PSTools.zip) to cleanup the cyber folder contents that the sensor may have accumulated since boot: + + ``` + PsExec.exe -s cmd.exe + cd "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber" + del *.* /f /s /q + exit + ``` + +5. Re-seal the golden/master image as you normally would. + ## Related topics - [Onboard Windows 10 machines using Group Policy](configure-endpoints-gp.md) - [Onboard Windows 10 machines using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) - [Onboard Windows 10 machines using Mobile Device Management tools](configure-endpoints-mdm.md) - [Onboard Windows 10 machines using a local script](configure-endpoints-script.md) - [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md) - - diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md index 371aa16ecd..e7da43acc6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md @@ -31,7 +31,7 @@ ms.topic: article > Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configserver-abovefoldlink) -Microsoft Defender ATP extends support to also include the Windows Server operating system, providing advanced attack detection and investigation capabilities, seamlessly through the Microsoft Defender Security Center console. +Microsoft Defender ATP extends support to also include the Windows Server operating system. This support provides advanced attack detection and investigation capabilities seamlessly through the Microsoft Defender Security Center console. The service supports the onboarding of the following servers: - Windows Server 2008 R2 SP1 @@ -46,7 +46,7 @@ For a practical guidance on what needs to be in place for licensing and infrastr > [!NOTE] > An Azure Security Center Standard license is required, per node, to enroll Microsoft Defender ATP on a supported Windows Server platform, see [Supported features available in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-services) -## Windows Server 2008 R2 SP1, Windows Server 2012 R2 and Windows Server 2016 +## Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016 There are two options to onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2 and Windows Server 2016 to Microsoft Defender ATP: @@ -77,7 +77,7 @@ You'll need to take the following steps if you choose to onboard servers through > This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2008 R2 SP1 and Windows Server 2012 R2. - Turn on server monitoring from Microsoft Defender Security Center. -- If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), simply attach the Microsoft Monitoring Agent (MMA) to report to your Microsoft Defender ATP workspace through Multihoming support. Otherwise, install and configure MMA to report sensor data to Microsoft Defender ATP as instructed below. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent). +- If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), attach the Microsoft Monitoring Agent (MMA) to report to your Microsoft Defender ATP workspace through Multihoming support. Otherwise, install and configure MMA to report sensor data to Microsoft Defender ATP as instructed below. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent). > [!TIP] @@ -87,7 +87,7 @@ You'll need to take the following steps if you choose to onboard servers through > [!IMPORTANT] > This step is required only if your organization uses System Center Endpoint Protection (SCEP) and you're onboarding Windows Server 2012 R2. -Microsoft Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. +Microsoft Defender ATP integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. The following steps are required to enable this integration: - Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie) @@ -100,7 +100,7 @@ The following steps are required to enable this integration: 2. Select Windows Server 2012 R2 and 2016 as the operating system. -3. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment set up. When the set up completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent. +3. Click **Turn on server monitoring** and confirm that you'd like to proceed with the environment setup. When the setup completes, the **Workspace ID** and **Workspace key** fields are populated with unique values. You'll need to use these values to configure the MMA agent. @@ -126,7 +126,7 @@ Once completed, you should see onboarded servers in the portal within an hour. ## Windows Server, version 1803 and Windows Server 2019 -To onboard Windows Server, version 1803 or Windows Server 2019, please refer to the supported methods and versions below. +To onboard Windows Server, version 1803 or Windows Server 2019, refer to the supported methods and versions below. > [!NOTE] > The Onboarding package for Windows Server 2019 through Microsoft Endpoint Configuration Manager currently ships a script. For more information on how to deploy scripts in Configuration Manager, see [Packages and programs in Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/packages-and-programs). @@ -140,11 +140,11 @@ Supported tools include: For more information, see [Onboard Windows 10 machines](configure-endpoints.md). -Support for Windows Server, version 1803 and Windows 2019 provides deeper insight into activities happening on the server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well. +Support for Windows Server, provide deeper insight into activities happening on the server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well. 1. Configure Microsoft Defender ATP onboarding settings on the server. For more information, see [Onboard Windows 10 machines](configure-endpoints.md). -2. If you’re running a third party antimalware solution, you'll need to apply the following Windows Defender AV passive mode settings and verify it was configured correctly: +2. If you're running a third-party antimalware solution, you'll need to apply the following Windows Defender AV passive mode settings. Verify that it was configured correctly: a. Set the following registry entry: - Path: `HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection` @@ -165,17 +165,17 @@ Support for Windows Server, version 1803 and Windows 2019 provides deeper insigh ```sc query Windefend``` - If the result is ‘The specified service does not exist as an installed service’, then you'll need to install Windows Defender AV. For more information, see [Windows Defender Antivirus in Windows 10](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). + If the result is 'The specified service does not exist as an installed service', then you'll need to install Windows Defender AV. For more information, see [Windows Defender Antivirus in Windows 10](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). ## Integration with Azure Security Center -Microsoft Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration Azure Security Center can leverage the power of Microsoft Defender ATP to provide improved threat detection for Windows Servers. +Microsoft Defender ATP integrates with Azure Security Center to provide a comprehensive server protection solution. With this integration, Azure Security Center can leverage the power of Microsoft Defender ATP to provide improved threat detection for Windows Servers. The following capabilities are included in this integration: - Automated onboarding - Microsoft Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding). > [!NOTE] - > Automated onboarding is only applicable for Windows Server 2012 R2 and Windows Server 2016. + > Automated onboarding is only applicable for Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016. - Servers monitored by Azure Security Center will also be available in Microsoft Defender ATP - Azure Security Center seamlessly connects to the Microsoft Defender ATP tenant, providing a single view across clients and servers. In addition, Microsoft Defender ATP alerts will be available in the Azure Security Center console. - Server investigation - Azure Security Center customers can access Microsoft Defender Security Center to perform detailed investigation to uncover the scope of a potential breach diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md index a1d4579881..0786bb44f2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md @@ -76,6 +76,9 @@ See the [attack surface reduction](attack-surface-reduction.md) topic for detail 4. Double-click the **Exclude files and paths from Attack surface reduction Rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. +> [!WARNING] +> Do not use quotes as they are not supported for either the **Value name** column or the **Value** column. + ### Use PowerShell to exclude files and folders 1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator** diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index 655d13f73e..9b5990bdb7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -131,10 +131,13 @@ Value: c:\path|e:\path|c:\Whitelisted.exe 5. To exclude files and folders from ASR rules, select the **Exclude files and paths from Attack surface reduction rules** setting and set the option to **Enabled**. Click **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. +> [!WARNING] +> Do not use quotes as they are not supported for either the **Value name** column or the **Value** column. + ## PowerShell ->[!WARNING] ->If you manage your computers and devices with Intune, Configuration Manager, or other enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup. +> [!WARNING] +> If you manage your computers and devices with Intune, Configuration Manager, or other enterprise-level management platform, the management software will overwrite any conflicting PowerShell settings on startup. 1. Type **powershell** in the Start menu, right-click **Windows PowerShell** and click **Run as administrator**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md b/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md index a003bd5a09..f408e29140 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-siem-integration.md @@ -67,6 +67,8 @@ Enable security information and event management (SIEM) integration so you can p > [!NOTE] > You'll need to generate a new Refresh token every 90 days. +6. Follow the instructions for [creating an Azure AD app registration for Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-create-app-webapp) and assign the correct permissions to it to read alerts. + You can now proceed with configuring your SIEM solution or connecting to the detections REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive detections from Microsoft Defender Security Center. ## Integrate Microsoft Defender ATP with IBM QRadar diff --git a/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md b/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md index da28a46770..1d9da1a791 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md +++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access.md @@ -58,6 +58,9 @@ Event ID | Description 1124 | Audited controlled folder access event 1123 | Blocked controlled folder access event +> [!TIP] +> You can configure a [Windows Event Forwarding subscription](https://docs.microsoft.com/windows/win32/wec/setting-up-a-source-initiated-subscription) to collect the logs centrally. + ## Customize protected folders and apps During your evaluation, you may wish to add to the list of protected folders, or allow certain apps to modify files. diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-dashboard.png b/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-dashboard.png new file mode 100644 index 0000000000..94df3bad5b Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-dashboard.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-download-package.png b/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-download-package.png index 6d49c8b659..ef831f2c25 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-download-package.png and b/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-download-package.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-onboarding-wizard.png b/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-onboarding-wizard.png index 39b714cdd4..ef12c4002b 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-onboarding-wizard.png and b/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-onboarding-wizard.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-portal-overview.png b/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-portal-overview.png new file mode 100644 index 0000000000..a08711f23f Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/mdatp-portal-overview.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/rules-indicators.png b/windows/security/threat-protection/microsoft-defender-atp/images/rules-indicators.png index 570609f803..6062d5248d 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/rules-indicators.png and b/windows/security/threat-protection/microsoft-defender-atp/images/rules-indicators.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-evidence.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-evidence.png new file mode 100644 index 0000000000..48af27eb1f Binary files /dev/null and b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-software-evidence.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index 1ea46c138a..5d6395cdf9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -43,6 +43,9 @@ The choice of the channel determines the type and frequency of updates that are In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either *insiders-fast* or *insiders-slow*. +> [!WARNING] +> Switching the channel after the initial installation requires the product to be reinstalled. To switch the product channel: uninstall the existing package, re-configure your device to use the new channel, and follow the steps in this document to install the package from the new location. + ### RHEL and variants (CentOS and Oracle Linux) - Note your distribution and version, and identify the closest entry for it under `https://packages.microsoft.com/config/`. @@ -201,15 +204,19 @@ Download the onboarding package from Microsoft Defender Security Center: 4. From a command prompt, verify that you have the file. Extract the contents of the archive: - ```bash - ls -l - total 8 - -rw-r--r-- 1 test staff 5752 Feb 18 11:22 WindowsDefenderATPOnboardingPackage.zip +```bash +ls -l +``` - unzip WindowsDefenderATPOnboardingPackage.zip - Archive: WindowsDefenderATPOnboardingPackage.zip - inflating: WindowsDefenderATPOnboarding.py - ``` +`total 8` +`-rw-r--r-- 1 test staff 5752 Feb 18 11:22 WindowsDefenderATPOnboardingPackage.zip` + +```bash +unzip WindowsDefenderATPOnboardingPackage.zip +``` + +`Archive: WindowsDefenderATPOnboardingPackage.zip` +`inflating: WindowsDefenderATPOnboarding.py` ## Client configuration @@ -231,14 +238,12 @@ Download the onboarding package from Microsoft Defender Security Center: ```bash mdatp --health orgId - [your organization identifier] ``` 4. A few minutes after you complete the installation, you can see the status by running the following command. A return value of `1` denotes that the product is functioning as expected: ```bash mdatp --health healthy - 1 ``` > [!IMPORTANT] @@ -248,22 +253,21 @@ Download the onboarding package from Microsoft Defender Security Center: - Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command): - ```bash - mdatp --health realTimeProtectionEnabled - 1 - ``` + ```bash + mdatp --health realTimeProtectionEnabled + ``` - Open a Terminal window. Copy and execute the following command: - ``` bash - curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt - ``` + ``` bash + curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt + ``` - The file should have been quarantined by Microsoft Defender ATP for Linux. Use the following command to list all the detected threats: - ```bash - mdatp --threat --list --pretty - ``` + ```bash + mdatp --threat --list --pretty + ``` ## Log installation issues diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 373d409cfd..d097245cf8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -139,6 +139,9 @@ Create subtask or role files that contribute to an actual task. First create the In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either *insiders-fast* or *insiders-slow*. + > [!WARNING] + > Switching the channel after the initial installation requires the product to be reinstalled. To switch the product channel: uninstall the existing package, re-configure your device to use the new channel, and follow the steps in this document to install the package from the new location. + Note your distribution and version and identify the closest entry for it under `https://packages.microsoft.com/config/`. In the following commands, replace *[distro]* and *[version]* with the information you've identified. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index 66f9ecf65c..92c721fedf 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -84,6 +84,9 @@ The choice of the channel determines the type and frequency of updates that are In order to preview new features and provide early feedback, it is recommended that you configure some devices in your enterprise to use either *insiders-fast* or *insiders-slow*. +> [!WARNING] +> Switching the channel after the initial installation requires the product to be reinstalled. To switch the product channel: uninstall the existing package, re-configure your device to use the new channel, and follow the steps in this document to install the package from the new location. + Note your distribution and version and identify the closest entry for it under `https://packages.microsoft.com/config/`. In the below commands, replace *[distro]* and *[version]* with the information you've identified: diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md index d34c004a38..308e1695b1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md @@ -54,7 +54,7 @@ OK https://cdn.x.cp.wd.microsoft.com/ping > [!WARNING] > PAC, WPAD, and authenticated proxies are not supported. Ensure that only a static proxy or transparent proxy is being used. > -> Intercepting proxies are also not supported for security reasons. Configure your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. +> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception. If a static proxy is required, add a proxy parameter to the above command, where `proxy_address:port` correspond to the proxy address and port: diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md index 9ebc453a7a..4c49223e78 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-whatsnew.md @@ -21,6 +21,9 @@ ms.topic: conceptual ## 100.90.70 +> [!WARNING] +> When upgrading the installed package from a product version earlier than 100.90.70, the update may fail on Red Hat-based and SLES distributions. This is because of a major change in a file path. A temporary solution is to remove the older package, and then install the newer one. This issue does not exist in newer versions. + - Antivirus [exclusions now support wildcards](linux-exclusions.md#supported-exclusion-types) - Added the ability to [troubleshoot performance issues](linux-support-perf.md) through the `mdatp` command-line tool - Improvements to make the package installation more robust diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index aa9058cedb..c965ddd359 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -59,6 +59,9 @@ You'll need to enable the live response capability in the [Advanced features set >[!NOTE] >Only users with manage security or global admin roles can edit these settings. + +- **Ensure that the machine has an Automation Remediation level assigned to it**
+You'll need to enable, at least, the minimum Remdiation Level for a given Machine Group. Otherwise you won't be able to establish a Live Response session to a member of that group. - **Enable live response unsigned script execution** (optional)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md index 9a7563b95c..1daa3a12b2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-intune.md @@ -24,15 +24,29 @@ ms.topic: conceptual - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) This topic describes how to deploy Microsoft Defender ATP for Mac through Intune. A successful deployment requires the completion of all of the following steps: -- [Download installation and onboarding packages](#download-installation-and-onboarding-packages) -- [Client device setup](#client-device-setup) -- [Create System Configuration profiles](#create-system-configuration-profiles) -- [Publish application](#publish-application) + +1. [Download installation and onboarding packages](#download-installation-and-onboarding-packages) +1. [Client device setup](#client-device-setup) +1. [Create System Configuration profiles](#create-system-configuration-profiles) +1. [Publish application](#publish-application) ## Prerequisites and system requirements Before you get started, see [the main Microsoft Defender ATP for Mac page](microsoft-defender-atp-mac.md) for a description of prerequisites and system requirements for the current software version. +## Overview + +The following table summarizes the steps you would need to take to deploy and manage Microsoft Defender ATP for Macs, via Intune. More detailed steps are available below. + +| Step | Sample file names | BundleIdentifier | +|-|-|-| +| [Download installation and onboarding packages](#download-installation-and-onboarding-packages) | WindowsDefenderATPOnboarding__MDATP_wdav.atp.xml | com.microsoft.wdav.atp | +| [Approve Kernel Extension for Microsoft Defender ATP](#download-installation-and-onboarding-packages) | MDATP_KExt.xml | N/A | +| [Grant full disk access to Microsoft Defender ATP](#create-system-configuration-profiles-step-8) | MDATP_tcc_Catalina_or_newer.xml | com.microsoft.wdav.tcc | +| [Configure Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-updates#intune) | MDATP_Microsoft_AutoUpdate.xml | com.microsoft.autoupdate2 | +| [Microsoft Defender ATP configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#intune-profile-1)

**Note:** If you are planning to run a 3rd party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.xml | com.microsoft.wdav | +| [Configure Microsoft Defender ATP and MS AutoUpdate (MAU) notifications](#create-system-configuration-profiles-step-9) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.autoupdate2 or com.microsoft.wdavtray | + ## Download installation and onboarding packages Download the installation and onboarding packages from Microsoft Defender Security Center: @@ -86,23 +100,23 @@ Download the installation and onboarding packages from Microsoft Defender Securi ## Client device setup -You need no special provisioning for a Mac device beyond a standard [Company Portal installation](https://docs.microsoft.com/intune-user-help/enroll-your-device-in-intune-macos-cp). +You do not need any special provisioning for a Mac device beyond a standard [Company Portal installation](https://docs.microsoft.com/intune-user-help/enroll-your-device-in-intune-macos-cp). -1. You are asked to confirm device management. +1. Confirm device management. - ![Confirm device management screenshot](../windows-defender-antivirus/images/MDATP-3-ConfirmDeviceMgmt.png) +![Confirm device management screenshot](../windows-defender-antivirus/images/MDATP-3-ConfirmDeviceMgmt.png) - Select **Open System Preferences**, locate **Management Profile** on the list, and select **Approve...**. Your Management Profile would be displayed as **Verified**: +Select **Open System Preferences**, locate **Management Profile** on the list, and select **Approve...**. Your Management Profile would be displayed as **Verified**: - ![Management profile screenshot](../windows-defender-antivirus/images/MDATP-4-ManagementProfile.png) +![Management profile screenshot](../windows-defender-antivirus/images/MDATP-4-ManagementProfile.png) 2. Select **Continue** and complete the enrollment. - You may now enroll more devices. You can also enroll them later, after you have finished provisioning system configuration and application packages. +You may now enroll more devices. You can also enroll them later, after you have finished provisioning system configuration and application packages. 3. In Intune, open **Manage** > **Devices** > **All devices**. Here you can see your device among those listed: - ![Add Devices screenshot](../windows-defender-antivirus/images/MDATP-5-allDevices.png) +![Add Devices screenshot](../windows-defender-antivirus/images/MDATP-5-allDevices.png) ## Create System Configuration profiles @@ -116,7 +130,7 @@ You need no special provisioning for a Mac device beyond a standard [Company Por 5. Select **Manage** > **Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. 6. Repeat steps 1 through 5 for more profiles. 7. Create another profile, give it a name, and upload the intune/WindowsDefenderATPOnboarding.xml file. -8. Create tcc.xml file with content below. Create another profile, give it any name and upload this file to it. +8. Create tcc.xml file with content below. Create another profile, give it any name and upload this file to it. > [!CAUTION] > macOS 10.15 (Catalina) contains new security and privacy enhancements. Beginning with this version, by default, applications are not able to access certain locations on disk (such as Documents, Downloads, Desktop, etc.) without explicit consent. In the absence of this consent, Microsoft Defender ATP is not able to fully protect your device. @@ -187,7 +201,7 @@ You need no special provisioning for a Mac device beyond a standard [Company Por ``` -9. To whitelist Defender and Auto Update for displaying notifications in UI on macOS 10.15 (Catalina), import the following .mobileconfig as a custom payload: +9. To whitelist Defender and Auto Update for displaying notifications in UI on macOS 10.15 (Catalina), import the following .mobileconfig as a custom payload: ```xml @@ -284,9 +298,9 @@ You need no special provisioning for a Mac device beyond a standard [Company Por 10. Select **Manage > Assignments**. In the **Include** tab, select **Assign to All Users & All devices**. - Once the Intune changes are propagated to the enrolled devices, you can see them listed under **Monitor** > **Device status**: +Once the Intune changes are propagated to the enrolled devices, you can see them listed under **Monitor** > **Device status**: - ![System configuration profiles screenshot](../windows-defender-antivirus/images/MDATP-7-DeviceStatusBlade.png) +![System configuration profiles screenshot](../windows-defender-antivirus/images/MDATP-7-DeviceStatusBlade.png) ## Publish application @@ -294,11 +308,13 @@ You need no special provisioning for a Mac device beyond a standard [Company Por 2. Select **App type=Other/Line-of-business app**. 3. Select **file=wdav.pkg.intunemac**. Select **OK** to upload. 4. Select **Configure** and add the required information. -5. Use **macOS High Sierra 10.13** as the minimum OS. +5. Use **macOS High Sierra 10.13** as the minimum OS. 6. Set *Ignore app version* to **Yes**. Other settings can be any arbitrary value. > [!CAUTION] - > Setting *Ignore app version* to **No** impacts the ability of the application to receive updates through Microsoft AutoUpdate. If the version uploaded by Intune is lower than the version on the device, then the lower version will be installed, effectively downgrading Defender. This could result in a non-functioning application. See [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md) for additional information about how the product is updated. If you deployed Defender with *Ignore app version* set to **No**, please change it to **Yes**. If Defender still cannot be installed on a client machine, then uninstall Defender and push the updated policy. + > Setting *Ignore app version* to **No** impacts the ability of the application to receive updates through Microsoft AutoUpdate. See [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md) for additional information about how the product is updated. + > + > If the version uploaded by Intune is lower than the version on the device, then the lower version will be installed, effectively downgrading Defender. This could result in a non-functioning application. See [Deploy updates for Microsoft Defender ATP for Mac](mac-updates.md) for additional information about how the product is updated. If you deployed Defender with *Ignore app version* set to **No**, please change it to **Yes**. If Defender still cannot be installed on a client machine, then uninstall Defender and push the updated policy. ![Device status blade screenshot](../windows-defender-antivirus/images/MDATP-8-IntuneAppInfo.png) @@ -311,7 +327,7 @@ You need no special provisioning for a Mac device beyond a standard [Company Por ![Client apps screenshot](../windows-defender-antivirus/images/MDATP-10-ClientApps.png) 9. Change **Assignment type** to **Required**. -10. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Click **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**. +10. Select **Included Groups**. Select **Make this app required for all devices=Yes**. Select **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**. ![Intune assignments info screenshot](../windows-defender-antivirus/images/MDATP-11-Assignments.png) @@ -341,7 +357,7 @@ Solution: Follow the steps above to create a device profile using WindowsDefende ## Logging installation issues -For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Logging installation issues](mac-resources.md#logging-installation-issues) . +For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Logging installation issues](mac-resources.md#logging-installation-issues). ## Uninstallation diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md index 2e8c52861f..da29d3b4a2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md @@ -15,7 +15,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/03/2020 +ms.date: 04/10/2020 --- # JAMF-based deployment for Microsoft Defender ATP for Mac @@ -25,11 +25,12 @@ ms.date: 04/03/2020 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Mac](microsoft-defender-atp-mac.md) This topic describes how to deploy Microsoft Defender ATP for Mac through JAMF. A successful deployment requires the completion of all of the following steps: -- [Download installation and onboarding packages](#download-installation-and-onboarding-packages) -- [Create JAMF policies](#create-jamf-policies) -- [Client device setup](#client-device-setup) -- [Deployment](#deployment) -- [Check onboarding status](#check-onboarding-status) + +1. [Download installation and onboarding packages](#download-installation-and-onboarding-packages) +1. [Create JAMF policies](#create-jamf-policies) +1. [Client device setup](#client-device-setup) +1. [Deployment](#deployment) +1. [Check onboarding status](#check-onboarding-status) ## Prerequisites and system requirements @@ -37,6 +38,19 @@ Before you get started, please see [the main Microsoft Defender ATP for Mac page In addition, for JAMF deployment, you need to be familiar with JAMF administration tasks, have a JAMF tenant, and know how to deploy packages. This includes having a properly configured distribution point. JAMF has many ways to complete the same task. These instructions provide an example for most common processes. Your organization might use a different workflow. +## Overview + +The following table summarizes the steps you would need to take to deploy and manage Microsoft Defender ATP for Macs, via JAMF. More detailed steps are available below. + +| Step | Sample file names | BundleIdentifier | +|-|-|-| +| [Download installation and onboarding packages](#download-installation-and-onboarding-packages) | WindowsDefenderATPOnboarding__MDATP_wdav.atp.xml | com.microsoft.wdav.atp | +| [Microsoft Defender ATP configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-preferences#property-list-for-jamf-configuration-profile-1)

**Note:** If you are planning to run a 3rd party AV for macOS, set `passiveMode` to `true`. | MDATP_WDAV_and_exclusion_settings_Preferences.plist | com.microsoft.wdav | +| [Configure Microsoft Defender ATP and MS AutoUpdate (MAU) notifications](#notification-settings) | MDATP_MDAV_Tray_and_AutoUpdate2.mobileconfig | com.microsoft.wdavtray | +| [Configure Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-updates#jamf) | MDATP_Microsoft_AutoUpdate.mobileconfig | com.microsoft.autoupdate2 | +| [Grant Full Disk Access to Microsoft Defender ATP](#privacy-preferences-policy-control) | Note: If there was one, MDATP_tcc_Catalina_or_newer.plist | com.microsoft.wdav.tcc | +| [Approve Kernel Extension for Microsoft Defender ATP](#approved-kernel-extension) | Note: If there was one, MDATP_KExt.plist | N/A | + ## Download installation and onboarding packages Download the installation and onboarding packages from Microsoft Defender Security Center: @@ -44,16 +58,16 @@ Download the installation and onboarding packages from Microsoft Defender Securi 1. In Microsoft Defender Security Center, go to **Settings > Machine management > Onboarding**. 2. In Section 1 of the page, set the operating system to **Linux, macOS, iOS or Android**. 3. Set the deployment method to **Mobile Device Management / Microsoft Intune**. - - >[!NOTE] - >Jamf falls under **Mobile Device Management**. - + + > [!NOTE] + > Jamf falls under **Mobile Device Management**. + 4. In Section 2 of the page, select **Download installation package**. Save it as _wdav.pkg_ to a local directory. 5. In Section 2 of the page, select **Download onboarding package**. Save it as _WindowsDefenderATPOnboardingPackage.zip_ to the same directory. ![Microsoft Defender Security Center screenshot](../windows-defender-antivirus/images/jamf-onboarding.png) -5. From the command prompt, verify that you have the two files. Extract the contents of the .zip files like so: +6. From the command prompt, verify that you have the two files. Extract the contents of the .zip files like so: ```bash $ ls -l @@ -81,6 +95,7 @@ The configuration profile contains a custom settings payload that includes the f To set the onboarding information, add a property list file that is named **jamf/WindowsDefenderATPOnboarding.plist** as a custom setting. To do this, select **Computers** > **Configuration Profiles** > **New**, and then select **Application & Custom Settings** > **Configure**. From there, you can upload the property list. + >[!IMPORTANT] > You have to set the **Preference Domain** to **com.microsoft.wdav.atp**. There are some changes to the Custom Payloads and also to the Jamf Pro user interface in version 10.18 and later versions. For more information about the changes, see [Configuration Profile Payload Settings Specific to Jamf Pro](https://www.jamf.com/jamf-nation/articles/217/configuration-profile-payload-settings-specific-to-jamf-pro). @@ -231,6 +246,7 @@ $ mdatp --health healthy The above command prints "1" if the product is onboarded and functioning as expected. If the product is not healthy, the exit code (which can be checked through `echo $?`) indicates the problem: + - 0 if the device is not yet onboarded - 3 if the connection to the daemon cannot be established—for example, if the daemon is not running diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md index 6c5a04ada0..19065efe0b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-preferences.md @@ -310,17 +310,6 @@ Manage the preferences of the endpoint detection and response (EDR) component of | **Data type** | Dictionary (nested preference) | | **Comments** | See the following sections for a description of the dictionary contents. | -#### Enable / disable early preview - -Specify whether to enable EDR early preview features. - -||| -|:---|:---| -| **Domain** | `com.microsoft.wdav` | -| **Key** | earlyPreview | -| **Data type** | Boolean | -| **Possible values** | true (default)
false | - #### Device tags Specify a tag name and its value. diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md index ed7b91f290..c6e5f743ca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md @@ -1,4 +1,4 @@ ---- +--- title: Manage indicators ms.reviewer: description: Create indicators for a file hash, IP address, URLs or domains that define the detection, prevention, and exclusion of entities. diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 14e534cd2c..b84dce1ebe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -85,6 +85,9 @@ If you experience any installation failures, refer to [Troubleshooting installat - Minimum kernel version 2.6.38 - The `fanotify` kernel option must be enabled + > [!CAUTION] + > Running Microsoft Defender ATP for Linux side by side with other `fanotify`-based security solutions is not supported. It can lead to unpredictable results, including hanging the operating system. + - Disk space: 650 MB - The solution currently provides real-time protection for the following file system types: @@ -111,7 +114,7 @@ The following table lists the services and their associated URLs that your netwo | United States | unitedstates.x.cp.wd.microsoft.com
us-v20.events.data.microsoft.com
ussus1eastprod.blob.core.windows.net 
ussus1westprod.blob.core.windows.net | > [!NOTE] -> For a more specific URL list, see [Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server) +> For a more specific URL list, see [Configure proxy and internet connectivity settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). Microsoft Defender ATP can discover a proxy server by using the following discovery methods: - Transparent proxy @@ -119,7 +122,12 @@ Microsoft Defender ATP can discover a proxy server by using the following discov If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. For transparent proxies, no additional configuration is needed for Microsoft Defender ATP. For static proxy, follow the steps in [Manual Static Proxy Configuration](linux-static-proxy-configuration.md). -For troubleshooting steps, see the [Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux](linux-support-connectivity.md) page. +> [!WARNING] +> PAC, WPAD, and authenticated proxies are not supported. Ensure that only a static proxy or transparent proxy is being used. +> +> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception. + +For troubleshooting steps, see [Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux](linux-support-connectivity.md). ## How to update Microsoft Defender ATP for Linux @@ -131,4 +139,4 @@ Guidance for how to configure the product in enterprise environments is availabl ## Resources -- For more information about logging, uninstalling, or other topics, see the [Resources](linux-resources.md) page. +- For more information about logging, uninstalling, or other topics, see [Resources](linux-resources.md). diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index d5135bbd1c..a22b112426 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -79,11 +79,17 @@ The following table lists the services and their associated URLs that your netwo | United States | unitedstates.x.cp.wd.microsoft.com
us-v20.events.data.microsoft.com
ussus1eastprod.blob.core.windows.net 
ussus1westprod.blob.core.windows.net | Microsoft Defender ATP can discover a proxy server by using the following discovery methods: +- Proxy auto-config (PAC) - Web Proxy Auto-discovery Protocol (WPAD) - Manual static proxy configuration If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. +> [!WARNING] +> Authenticated proxies are not supported. Ensure that only PAC, WPAD, or a static proxy is being used. +> +> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Mac to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception. + To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping](https://cdn.x.cp.wd.microsoft.com/ping) in a browser. If you prefer the command line, you can also check the connection by running the following command in Terminal: diff --git a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md index eed0fc1ca1..baef5fe6ab 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md +++ b/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements.md @@ -13,7 +13,7 @@ author: mjcaparas ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: M365-security-compliance +ms.collection: M365-security-compliance ms.topic: conceptual --- @@ -24,12 +24,12 @@ ms.topic: conceptual There are some minimum requirements for onboarding machines to the service. Learn about the licensing, hardware and software requirements, and other configuration settings to onboard devices to the service. ->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-minreqs-abovefoldlink) +> Want to experience Microsoft Defender ATP? [Sign up for a free trial](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-minreqs-abovefoldlink). ->[!TIP] ->- Learn about the latest enhancements in Microsoft Defender ATP:[Microsoft Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced). ->- Microsoft Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). +> [!TIP] +> - Learn about the latest enhancements in Microsoft Defender ATP:[Microsoft Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced). +> - Microsoft Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/). ## Licensing requirements Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers: @@ -40,7 +40,7 @@ Microsoft Defender Advanced Threat Protection requires one of the following Micr - Microsoft 365 E5 Security - Microsoft 365 A5 (M365 A5) -For detailed licensing information, see the [Product terms page](https://www.microsoft.com/en-us/licensing/product-licensing/products) and work with your account team to learn the detailed terms and conditions for the product. +For detailed licensing information, see the [Product terms page](https://www.microsoft.com/licensing/product-licensing/products) and work with your account team to learn the detailed terms and conditions for the product. For more information on the array of features in Windows 10 editions, see [Compare Windows 10 editions](https://www.microsoft.com/windowsforbusiness/compare). @@ -53,13 +53,14 @@ For more information about licensing requirements for Microsoft Defender ATP pla Access to Microsoft Defender ATP is done through a browser, supporting the following browsers: - Microsoft Edge - Internet Explorer version 11 -- Google Chrome +- Google Chrome ->[!NOTE] ->While other browsers might work, the mentioned browsers are the ones supported. +> [!NOTE] +> While other browsers might work, the mentioned browsers are the ones supported. ## Hardware and software requirements + ### Supported Windows versions - Windows 7 SP1 Enterprise - Windows 7 SP1 Pro @@ -67,6 +68,7 @@ Access to Microsoft Defender ATP is done through a browser, supporting the follo - Windows 8.1 Pro - Windows 10, version 1607 or later - Windows 10 Enterprise + - [Windows 10 Enterprise LTSC](https://docs.microsoft.com/windows/whats-new/ltsc/) - Windows 10 Education - Windows 10 Pro - Windows 10 Pro Education @@ -82,24 +84,25 @@ Machines on your network must be running one of these editions. The hardware requirements for Microsoft Defender ATP on machines is the same as those for the supported editions. > [!NOTE] -> Machines that are running mobile versions of Windows are not supported. +> Machines running mobile versions of Windows are not supported. ### Other supported operating systems -- macOSX -- Linux -- Android +- macOSX +- Linux (currently, Microsoft Defender ATP is only available in the Public Preview Edition for Linux) ->[!NOTE] ->You'll need to know the exact Linux distros, Android, and macOS versions that are compatible with Microsoft Defender ATP for the integration to work. +> [!NOTE] +> You'll need to know the exact Linux distros, Android, and macOS versions that are compatible with Microsoft Defender ATP for the integration to work. +> +> Also note that Microsoft Defender ATP is currently only available in the Public Preview Edition for Linux. ### Network and data storage and configuration requirements When you run the onboarding wizard for the first time, you must choose where your Microsoft Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter. > [!NOTE] -> - You cannot change your data storage location after the first-time setup. -> - Review the [Microsoft Defender ATP data storage and privacy](data-storage-privacy.md) for more information on where and how Microsoft stores your data. +> - You cannot change your data storage location after the first-time setup. +> - Review the [Microsoft Defender ATP data storage and privacy](data-storage-privacy.md) for more information on where and how Microsoft stores your data. ### Diagnostic data settings @@ -131,12 +134,11 @@ By default, this service is enabled, but it's good practice to check to ensu If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the service to automatically start. - **Use the command line to set the Windows 10 diagnostic data service to automatically start:** 1. Open an elevated command-line prompt on the endpoint: - a. Go to **Start** and type **cmd**. + a. Go to **Start** and type **cmd**. b. Right-click **Command prompt** and select **Run as administrator**. @@ -153,22 +155,18 @@ If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the ``` - #### Internet connectivity Internet connectivity on machines is required either directly or through proxy. The Microsoft Defender ATP sensor can utilize a daily average bandwidth of 5MB to communicate with the Microsoft Defender ATP cloud service and report cyber data. One-off activities such as file uploads and investigation package collection are not included in this daily average bandwidth. -For more information on additional proxy configuration settings see, [Configure machine proxy and Internet connectivity settings](configure-proxy-internet.md) . +For more information on additional proxy configuration settings, see [Configure machine proxy and Internet connectivity settings](configure-proxy-internet.md). Before you onboard machines, the diagnostic data service must be enabled. The service is enabled by default in Windows 10. - - - ## Windows Defender Antivirus configuration requirement -The Microsoft Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. +The Microsoft Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. You must configure Security intelligence updates on the Microsoft Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md). @@ -177,7 +175,7 @@ When Windows Defender Antivirus is not the active antimalware in your organizati If you are onboarding servers and Windows Defender Antivirus is not the active antimalware on your servers, you shouldn't uninstall Windows Defender Antivirus. You'll need to configure it to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints.md). > [!NOTE] -> Your regular group policy doesn’t apply to Tamper Protection, and changes to Windows Defender Antivirus settings will be ignored when Tamper Protection is on. +> Your regular group policy doesn't apply to Tamper Protection, and changes to Windows Defender Antivirus settings will be ignored when Tamper Protection is on. For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). @@ -188,9 +186,6 @@ If you're running Windows Defender Antivirus as the primary antimalware product If you're running a third-party antimalware client and use Mobile Device Management solutions or Microsoft Endpoint Configuration Manager (current branch), you'll need to ensure that the Windows Defender Antivirus ELAM driver is enabled. For more information, see [Ensure that Windows Defender Antivirus is not disabled by policy](troubleshoot-onboarding.md#ensure-that-windows-defender-antivirus-is-not-disabled-by-a-policy). - - - -## Related topic +## Related topics - [Validate licensing and complete setup](licensing.md) - [Onboard machines](onboard-configure.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md index 6b17eb0031..5f38878dec 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md +++ b/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt.md @@ -66,7 +66,7 @@ Threat & Vulnerability Management helps customers prioritize and focus on those Microsoft Defender ATP's Threat & Vulnerability Management allows security administrators and IT administrators to collaborate seamlessly to remediate issues. -- Remediation requests to IT. Through Microsoft Defender ATP's integration with Microsoft Intune and Microsoft Endpoint Configuration Manager, security administrators can create a remediation task in Microsoft Intune from the Security recommendation pages. We plan to expand this capability to other IT security management platforms. +- Remediation requests to IT. Through Microsoft Defender ATP's integration with Microsoft Intune and Microsoft Endpoint Configuration Manager, security administrators can create a remediation task in Microsoft Intune from the Security recommendation pages. We plan to expand this capability to other IT security management platforms. - Alternate mitigations. Threat & Vulnerability Management provides insights on additional mitigations, such as configuration changes that can reduce risk associated with software vulnerabilities. - Real-time remediation status. Microsoft Defender ATP provides real-time monitoring of the status and progress of remediation activities across the organization. @@ -84,10 +84,10 @@ Ensure that your machines: > Release | Security update KB number and link > :---|:--- -> RS3 customers | [KB4493441](https://support.microsoft.com/help/4493441/windows-10-update-kb4493441) and [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071) -> RS4 customers| [KB4493464](https://support.microsoft.com/help/4493464) and [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045) -> RS5 customers | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077) -> 19H1 customers | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941) +> Windows 10 Version 1709 | [KB4493441](https://support.microsoft.com/help/4493441/windows-10-update-kb4493441) and [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071) +> Windows 10 Version 1803 | [KB4493464](https://support.microsoft.com/help/4493464) and [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045) +> Windows 10 Version 1809 | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077) +> Windows 10 Version 1903 | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941) - Are onboarded to Microsoft Intune and Microsoft Endpoint Configuration Manager. If you are using Configuration Manager, update your console to the latest version. - Have at least one security recommendation that can be viewed in the machine page diff --git a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md index 3a1e55ca42..e3d22ad134 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/onboarding.md @@ -123,7 +123,7 @@ Manager and deploy that policy to Windows 10 devices. ![Image of Microsoft Defender ATP onboarding wizard](images/mdatp-onboarding-wizard.png) -3. Select **Download package**. +3. Select **Download package**. ![Image of Microsoft Defender ATP onboarding wizard](images/mdatp-download-package.png) @@ -184,11 +184,11 @@ Before the systems can be onboarded into the workspace, the deployment scripts n Edit the InstallMMA.cmd with a text editor, such as notepad and update the following lines and save the file: - ![Image of onboarding](images/a22081b675da83e8f62a046ae6922b0d.png) + ![Image of onboarding](images/a22081b675da83e8f62a046ae6922b0d.png) Edit the ConfiguerOMSAgent.vbs with a text editor, such as notepad, and update the following lines and save the file: - ![Image of onboarding](images/09833d16df7f37eda97ea1d5009b651a.png) + ![Image of onboarding](images/09833d16df7f37eda97ea1d5009b651a.png) Microsoft Monitoring Agent (MMA) is currently (as of January 2019) supported on the following Windows Operating Systems: diff --git a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md index ceb8637a40..db2e81192e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/portal-overview.md @@ -22,25 +22,24 @@ ms.topic: conceptual **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - - >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) -Enterprise security teams can use Microsoft Defender Security Center to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches. +Enterprise security teams can use Microsoft Defender Security Center to monitor and assist in responding to alerts of potential advanced persistent threat activity or data breaches. You can use [Microsoft Defender Security Center](https://securitycenter.windows.com/) to: + - View, sort, and triage alerts from your endpoints - Search for more information on observed indicators such as files and IP Addresses -- Change Microsoft Defender ATP settings, including time zone and review licensing information. +- Change Microsoft Defender ATP settings, including time zone and review licensing information ## Microsoft Defender Security Center -When you open the portal, you’ll see the main areas of the application: - ![Microsoft Defender Advanced Threat Protection portal](images/dashboard.png) +When you open the portal, you'll see: -- (1) Navigation pane -- (2) Main portal -- (3) Search, Community center, Time settings, Help and support, Feedback +- (1) Navigation pane (select the horizontal lines at the top of the navigation pane to show or hide it) +- (2) Search, Community center, Localization, Help and support, Feedback + + ![Microsoft Defender Advanced Threat Protection portal](images/mdatp-portal-overview.png) > [!NOTE] > Malware related detections will only appear if your machines are using Windows Defender Antivirus as the default real-time protection antimalware product. @@ -49,27 +48,27 @@ You can navigate through the portal using the menu options available in all sect Area | Description :---|:--- -**(1) Navigation pane** | Use the navigation pane to move between **Dashboards**, **Incidents**, **Machines list**, **Alerts queue**, **Automated investigations**, **Advanced hunting**, **Reports**, **Interoperability**, **Threat & vulnerability management**, **Evaluation and tutorials**, **Service health**, **Configuration management**, and **Settings**. -**Dashboards** | Access the Security operations, the Secure Score, or Threat analytics dashboard. +**(1) Navigation pane** | Use the navigation pane to move between **Dashboards**, **Incidents**, **Machines list**, **Alerts queue**, **Automated investigations**, **Advanced hunting**, **Reports**, **Partners & APIs**, **Threat & Vulnerability Management**, **Evaluation and tutorials**, **Service health**, **Configuration management**, and **Settings**. Select the horizontal lines at the top of the navigation pane to show or hide it. +**Dashboards** | Access the active automated investigations, active alerts, automated investigations statistics, machines at risk, users at risk, machines with sensor issues, service health, detection sources, and daily machines reporting dashboards. **Incidents** | View alerts that have been aggregated as incidents. -**Machines list** | Displays the list of machines that are onboarded to Microsoft Defender ATP, some information about them, and the corresponding number of alerts. +**Machines list** | Displays the list of machines that are onboarded to Microsoft Defender ATP, some information about them, and their exposure and risk levels. **Alerts queue** | View alerts generated from machines in your organizations. -**Automated investigations** | Displays a list of automated investigations that's been conducted in the network, the status of each investigation and other details such as when the investigation started and the duration of the investigation. +**Automated investigations** | Displays automated investigations that have been conducted in the network, triggering alert, the status of each investigation and other details such as when the investigation started and the duration of the investigation. **Advanced hunting** | Advanced hunting allows you to proactively hunt and investigate across your organization using a powerful search and query tool. -**Reports** | View graphs detailing alert trends over time, and alert summary charts categorizing threats by severity, status, and attack approach -**Interoperability** | Lists supported partner applications that can work together with Microsoft Defender, as well as applications that are already connected to Microsoft Defender. +**Reports** | View graphs detailing threat protection, machine health and compliance, web protection, and vulnerability. +**Partners & APIs** | View supported partner connections, which enhance the detection, investigation, and threat intelligence capabilities of the platform. You can also view connected applications, the API explorer, API usage overview, and data export settings. **Threat & Vulnerability management** | View your configuration score, exposure score, exposed machines, vulnerable software, and take action on top security recommendations. -**Evaluation and tutorials** | Manage test machines, attack simulations, and reports. Learn and experience the Microsoft Defender ATP capabilities through a guided walkthrough in a trial environment. -**Service health** | Provides information on the current status of the Window Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. -**Configuration management** | Displays on-boarded machines, your organizations' security baseline, predictive analysis, and allows you to perform attack surface management on your machines. -**Settings** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set other configuration settings such as email notifications, activate the preview experience, enable or turn off advanced features, SIEM integration, threat intel API, build Power BI reports, and set baselines for the Secure Score dashboard. -**(2) Main portal** | Main area where you will see the different views such as the Dashboards, Alerts queue, and Machines list. -**(3) Community center, Localization, Help and support, Feedback** | **Community center** -Access the Community center to learn, collaborate, and share experiences about the product.

**Time settings** - Gives you access to the configuration settings where you can set time zones and view license information.

**Help and support** - Gives you access to the Microsoft Defender ATP guide, Microsoft support, and Premier support.

**Feedback** - Access the feedback button to provide comments about the portal. +**Evaluation and tutorials** | Manage test machines, attack simulations, and reports. Learn and experience the Microsoft Defender ATP capabilities through a guided walk-through in a trial environment. +**Service health** | Provides information on the current status of the Microsoft Defender ATP service. You'll be able to verify that the service health is healthy or if there are current issues. +**Configuration management** | Displays on-boarded machines, your organizations' security baseline, predictive analysis, web protection coverage, and allows you to perform attack surface management on your machines. +**Settings** | Shows the settings you selected during onboarding and lets you update your industry preferences and retention policy period. You can also set other configuration settings such as permissions, APIs, rules, machine management, IT service management, and network assessments. +**(2) Search, Community center, Localization, Help and support, Feedback** | **Search** - search by machine, file, user, URL, IP, vulnerability, software, and recommendation.

**Community center** - Access the Community center to learn, collaborate, and share experiences about the product.

**Localization** - Set time zones.

**Help and support** - Access the Microsoft Defender ATP guide, Microsoft and Microsoft Premier support, license information, simulations & tutorials, Microsoft Defender ATP evaluation lab, consult a threat expert.

**Feedback** - Provide comments about what you like or what we can do better. > [!NOTE] > For devices with high resolution DPI scaling issues, please see [Windows scaling issues for high-DPI devices](https://support.microsoft.com/help/3025083/windows-scaling-issues-for-high-dpi-devices) for possible solutions. ## Microsoft Defender ATP icons + The following table provides information on the icons used all throughout the portal: Icon | Description @@ -105,22 +104,23 @@ Icon | Description ![Memory allocation icon](images/atp-memory-allocation-icon.png)| Memory allocation ![Process injection icon](images/atp-process-injection.png)| Process injection ![Powershell command run icon](images/atp-powershell-command-run-icon.png)| Powershell command run -![Community center icon](images/atp-community-center.png) | Community center +![Community center icon](images/atp-community-center.png) | Community center ![Notifications icon](images/atp-notifications.png) | Notifications ![No threats found](images/no-threats-found.png) | Automated investigation - no threats found ![Failed icon](images/failed.png) | Automated investigation - failed ![Partially remediated icon](images/partially-investigated.png) | Automated investigation - partially investigated -![Termindated by system](images/terminated-by-system.png) | Automated investigation - terminated by system +![Terminated by system](images/terminated-by-system.png) | Automated investigation - terminated by system ![Pending icon](images/pending.png) | Automated investigation - pending ![Running icon](images/running.png) | Automated investigation - running -![Remediated icon](images/remediated.png) | Automated investigation - remediated +![Remediated icon](images/remediated.png) | Automated investigation - remediated ![Partially investigated icon](images/partially_remediated.png) | Automated investigation - partially remediated ![Threat insights icon](images/tvm_bug_icon.png) | Threat & Vulnerability Management - threat insights -![Possible active alert icon](images/tvm_alert_icon.png) | Threat & Vulnerability Management - possible active alert +![Possible active alert icon](images/tvm_alert_icon.png) | Threat & Vulnerability Management - possible active alert ![Recommendation insights icon](images/tvm_insight_icon.png) | Threat & Vulnerability Management - recommendation insights ## Related topics -- [Understand the Microsoft Defender Advanced Threat Protection portal](use.md) + +- [Overview of Microsoft Defender Security Center](use.md) - [View the Security operations dashboard](security-operations-dashboard.md) - [View the Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) - [View the Threat analytics dashboard and take recommended mitigation actions](threat-analytics.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md index 2436a0642e..83b69c2140 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/prepare-deployment.md @@ -170,12 +170,12 @@ how the endpoint security suite should be enabled. | Component | Description | Adoption Order Rank | |-----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------| -| Endpoint Detection & Response (EDR) | Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) | 1 | -| Next Generation Protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. Windows Defender Antivirus includes: | 2 | -| Attack Surface Reduction (ASR) | Attack surface reduction capabilities in Microsoft Defender ATP helps protect the devices and applications in the organization from new and emerging threats. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) | 3 | -| Threat & Vulnerability Management (TVM) | Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including: | 4 | -| Auto Investigation & Remediation (AIR) | Microsoft Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | Not applicable | -| Microsoft Threat Experts (MTE) | Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don't get missed. [Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts) | Not applicable | +| Endpoint Detection & Response (EDR) | Microsoft Defender ATP endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.
[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-endpoint-detection-response) | 1 | +|Threat & Vulnerability Management (TVM)|Threat & Vulnerability Management is a component of Microsoft Defender ATP, and provides both security administrators and security operations teams with unique value, including:
- Real-time endpoint detection and response (EDR) insights correlated with endpoint vulnerabilities
- Invaluable machine vulnerability context during incident investigations
- Built-in remediation processes through Microsoft Intune and Microsoft System Center Configuration Manager
[Learn more](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Introducing-a-risk-based-approach-to-threat-and-vulnerability/ba-p/377845).| 2 | +| Next Generation Protection (NGP) | Microsoft Defender Antivirus is a built-in antimalware solution that provides next generation protection for desktops, portable computers, and servers. Windows Defender Antivirus includes:
-Cloud-delivered protection for near-instant detection and blocking of new and emerging threats. Along with machine learning and the Intelligent Security Graph, cloud-delivered protection is part of the next-gen technologies that power Windows Defender Antivirus.
- Always-on scanning using advanced file and process behavior monitoring and other heuristics (also known as "real-time protection").
- Dedicated protection updates based on machine-learning, human and automated big-data analysis, and in-depth threat resistance research.
[Learn more](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10). |3 | +| Attack Surface Reduction (ASR) | Attack surface reduction capabilities in Microsoft Defender ATP helps protect the devices and applications in the organization from new and emerging threats.
[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/overview-attack-surface-reduction) | 4 | +| Auto Investigation & Remediation (AIR) | Microsoft Defender ATP uses Automated investigations to significantly reduce the volume of alerts that need to be investigated individually. The Automated investigation feature leverages various inspection algorithms, and processes used by analysts (such as playbooks) to examine alerts and take immediate remediation action to resolve breaches. This significantly reduces alert volume, allowing security operations experts to focus on more sophisticated threats and other high value initiatives.
[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection) | Not applicable | +| Microsoft Threat Experts (MTE) | Microsoft Threat Experts is a managed hunting service that provides Security Operation Centers (SOCs) with expert level monitoring and analysis to help them ensure that critical threats in their unique environments don't get missed.
[Learn more.](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/microsoft-threat-experts) | Not applicable | ## Next step ||| diff --git a/windows/security/threat-protection/microsoft-defender-atp/preview.md b/windows/security/threat-protection/microsoft-defender-atp/preview.md index c55fe2642d..e4676f46b6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/preview.md +++ b/windows/security/threat-protection/microsoft-defender-atp/preview.md @@ -46,8 +46,6 @@ Turn on the preview experience setting to be among the first to try upcoming fea The following features are included in the preview release: - [Microsoft Defender ATP for Linux](microsoft-defender-atp-linux.md)
Microsoft Defender ATP now adds support for Linux. Learn how to install, configure, update, and use Microsoft Defender ATP for Linux. -- [Threat & Vulnerability Management API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list)
Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and machine vulnerability inventory, software version distribution, machine vulnerability information, security recommendation information. - - [Threat & Vulnerability supported operating systems and platforms](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os)
Ensure that you meet the operating system or platform requisites for Threat & Vulnerability Management so the activities in your devices are properly accounted for. Threat & Vulnerability Management supports Windows 7, Windows 10 1607-1703, Windows 10 1709+, Windows Server 2008R2, Windows Server 2012R2, Windows Server 2016, Windows Server 2019.

Secure Configuration Assessment (SCA) supports Windows 10 1709+, Windows Server 2008R2, Windows Server 2012R2, Windows Server 2016, and Windows Server 2019. See [Secure Configuration Assessment (SCA) for Windows Server now in public preview](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/secure-configuration-assessment-sca-for-windows-server-now-in/ba-p/1243885) and [Reducing risk with new Threat & Vulnerability Management capabilities](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/reducing-risk-with-new-threat-amp-vulnerability-management/ba-p/978145) blogs for more information. - [Threat & Vulnerability Management granular exploit details](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses)
You can now see a comprehensive set of details on the vulnerabilities found in your machine to give you informed decision on your next steps. The threat insights icon now shows more granular details, such as if the exploit is a part of an exploit kit, connected to specific advanced persistent campaigns or activity groups for which, Threat Analytics report links are provided that you can read, has associated zero-day exploitation news, disclosures, or related security advisories. diff --git a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md index 4fabe73b03..0c0a59b197 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md +++ b/windows/security/threat-protection/microsoft-defender-atp/production-deployment.md @@ -57,7 +57,7 @@ In this deployment scenario, you'll be guided through the steps on: >[!NOTE] ->For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Microsoft Defnder ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md). +>For the purpose of guiding you through a typical deployment, this scenario will only cover the use of Microsoft Endpoint Configuration Manager. Microsoft Defender ATP supports the use of other onboarding tools but will not cover those scenarios in the deployment guide. For more information, see [Onboard machines to Microsoft Defender ATP](onboard-configure.md). ## Check license state diff --git a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md index e52e94be42..f2c30ec2e4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md +++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md @@ -175,7 +175,7 @@ Here is an example return value: ## Code examples ### Get access token -The following code example demonstrates how to obtain an access token and call the Microsoft Defender ATP API. +The following code examples demonstrate how to obtain an access token for calling the Microsoft Defender ATP SIEM API. ```csharp AuthenticationContext context = new AuthenticationContext(string.Format("https://login.windows.net/{0}", tenantId)); @@ -183,19 +183,114 @@ ClientCredential clientCredentials = new ClientCredential(clientId, clientSecret AuthenticationResult authenticationResult = context.AcquireTokenAsync(detectionsResource, clientCredentials).GetAwaiter().GetResult(); ``` -### Use token to connect to the detections endpoint +```PowerShell +#Get current working directory +$scriptDir = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent +#Paste below your Tenant ID, App ID and App Secret (App key). +$tenantId = '' ### Paste your tenant ID here +$appId = '' ### Paste your Application ID here +$appSecret = '' ### Paste your Application secret here + +$resourceAppIdUri = 'https://graph.windows.net' +$oAuthUri = "https://login.windows.net/$tenantId/oauth2/token" +$authBody = [Ordered] @{ + resource = "$resourceAppIdUri" + client_id = "$appId" + client_secret = "$appSecret" + grant_type = 'client_credentials' +} + +#call API +$authResponse = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $authBody -ErrorAction Stop +$authResponse +Out-File -FilePath "$scriptDir\LatestSIEM-token.txt" -InputObject $authResponse.access_token ``` + +```Bash +tenantId='' ### Paste your tenant ID here +appId='' ### Paste your Application ID here +appSecret='' ### Paste your Application secret here +resourceAppIdUri='https://graph.windows.net' +oAuthUri="https://login.windows.net/$tenantId/oauth2/token" +scriptDir=$(pwd) + +apiResponse=$(curl -s X POST "$oAuthUri" -d "resource=$resourceAppIdUri&client_id=$appId&client_secret=$appSecret&\ + grant_type=client_credentials" | cut -d "{" -f2 | cut -d "}" -f1) +IFS="," +apiResponseArr=($apiResponse) +IFS=":" +tokenArr=(${apiResponseArr[6]}) +echo ${tokenArr[1]} | cut -d "\"" -f2 | cut -d "\"" -f1 >> $scriptDir/LatestSIEM-token.txt +``` + +### Use token to connect to the detections endpoint +The following code examples demonstrate how to use an access token for calling the Microsoft Defender ATP SIEM API to get alerts. + +```csharp HttpClient httpClient = new HttpClient(); httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(authenticationResult.AccessTokenType, authenticationResult.AccessToken); HttpResponseMessage response = httpClient.GetAsync("https://wdatp-alertexporter-eu.windows.com/api/alert").GetAwaiter().GetResult(); string detectionsJson = response.Content.ReadAsStringAsync().Result; Console.WriteLine("Got detections list: {0}", detectionsJson); - ``` +```PowerShell +#Get current working directory +$scriptDir = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent +#run the script Get-Token.ps1 - make sure you are running this script from the same folder of Get-SIEMToken.ps1 +$token = Get-Content "$scriptDir\LatestSIEM-token.txt" +#Get Alert from the last xx hours 200 in this example. Make sure you have alerts in that time frame. +$dateTime = (Get-Date).ToUniversalTime().AddHours(-200).ToString("o") + +#test SIEM API +$url = 'https://wdatp-alertexporter-us.windows.com/api/alerts?limit=20&sinceTimeUtc=2020-01-01T00:00:00.000' + +#Set the WebRequest headers +$headers = @{ + 'Content-Type' = 'application/json' + Accept = 'application/json' + Authorization = "Bearer $token" +} + +#Send the webrequest and get the results. +$response = Invoke-WebRequest -Method Get -Uri $url -Headers $headers -ErrorAction Stop +$response +Write-Host + +#Extract the alerts from the results. This works for SIEM API: +$alerts = $response.Content | ConvertFrom-Json | ConvertTo-Json + +#Get string with the execution time. We concatenate that string to the output file to avoid overwrite the file +$dateTimeForFileName = Get-Date -Format o | foreach {$_ -replace ":", "."} + +#Save the result as json and as csv +$outputJsonPath = "$scriptDir\Latest Alerts $dateTimeForFileName.json" +$outputCsvPath = "$scriptDir\Latest Alerts $dateTimeForFileName.csv" + +Out-File -FilePath $outputJsonPath -InputObject $alerts +Get-Content -Path $outputJsonPath -Raw | ConvertFrom-Json | Select-Object -ExpandProperty value | Export-CSV $outputCsvPath -NoTypeInformation +``` + +```Bash +#Get current working directory +scriptDir=$(pwd) + +#get the token +token=$(<$scriptDir/LatestSIEM-token.txt) + +#test the SIEM API, get alerts since 1/1/2020 +url='https://wdatp-alertexporter-us.windows.com/api/alerts?limit=20&sinceTimeUtc=2020-01-01T00:00:00.000' + +#send web requst to API and echo JSON content +apiResponse=$(curl -s X GET "$url" -H "Content-Type: application/json" -H "Accept: application/json"\ + -H "Authorization: Bearer $token" | cut -d "[" -f2 | cut -d "]" -f1) +echo "If you see Alert info in JSON format, congratulations you accessed the MDATP SIEM API!" +echo +echo $apiResponse +``` ## Error codes The Microsoft Defender ATP REST API returns the following error codes caused by an invalid request. diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md index 6d27373c84..d5491f5b3c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md +++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md @@ -29,8 +29,10 @@ ms.topic: article ## APIs -Threat and vulnerability management supports multiple APIs. See the following topics for related APIs: +Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and machine vulnerability inventory, software version distribution, machine vulnerability information, security recommendation information. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/threat-amp-vulnerability-management-apis-are-now-generally/ba-p/1304615). +See the following topics for related APIs: +- [Supported Microsoft Defender ATP APIs](exposed-apis-list.md) - [Machine APIs](machine.md) - [Recommendation APIs](vulnerability.md) - [Score APIs](score.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md index e35d189282..05264dcf03 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-dashboard-insights.md @@ -1,5 +1,5 @@ --- -title: Threat & Vulnerability Management dashboard overview +title: Threat & Vulnerability Management dashboard insights description: The Threat & Vulnerability Management dashboard can help SecOps and security admins address cybersecurity threats and build their organization's security resilience. keywords: mdatp-tvm, mdatp-tvm dashboard, threat & vulnerability management, risk-based threat & vulnerability management, security configuration, configuration score, exposure score search.appverid: met150 @@ -16,7 +16,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual --- -# Threat & Vulnerability Management dashboard overview +# Threat & Vulnerability Management dashboard insights **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md index 3078eee09f..0305625c65 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md @@ -51,20 +51,20 @@ You can remediate the issues based on prioritized [security recommendations](tvm To lower your threat and vulnerability exposure, follow these steps. -1. Review the **Top security recommendations** from your [**Threat & Vulnerability Management dashboard**](tvm-dashboard-insights.md) , and select the first item on the list. The **Security recommendation** page opens. +1. Review the **Top security recommendations** from your [**Threat & Vulnerability Management dashboard**](tvm-dashboard-insights.md) and select an item on the list. - Always prioritize recommendations that are associated with ongoing threats: + ![Example of Top security recommendations card, with four security recommendations.](images/top-security-recommendations350.png) - - ![Threat insight](images/tvm_bug_icon.png) Threat insight icon - - ![Possible active alert](images/tvm_alert_icon.png) Active alert icon + Always prioritize recommendations that are associated with ongoing threats: - ![Screenshot of security recommendations page](images/top-security-recommendations350.png) + - ![Red bug](images/tvm_bug_icon.png) Threat insight icon + - ![Arrow hitting a target](images/tvm_alert_icon.png) Active alert icon -2. The **Security recommendations** page shows the list of items to remediate. Select the security recommendation that you need to investigate. When you select a recommendation from the list, a fly-out panel will display a description of what you need to remediate, number of vulnerabilities, associated exploits in machines, number of exposed machines and their machine names, business impact, and a list of CVEs. Click **Open software page** option from the flyout panel. ![Details in security recommendations page](images/tvm_security_recommendations_page.png) +2. The **Security recommendations** page will open, and a flyout for the recommendation you selected will open. The flyout panel will display a description of what you need to remediate, number of vulnerabilities, associated exploits in machines, number of exposed machines and their machine names, business impact, and a list of CVEs. Select **Open software page** option from the flyout panel. ![Example of security recommendations page with the flyout "Update Windows Server 2019" open.](images/tvm_security_recommendations_page.png) -3. Select **Installed machines** and then the affected machine from the list. A flyout panel will open with the relevant machine details, exposure and risk levels, alert and incident activities. ![Details in software page ](images/tvm_software_page_details.png) +3. Select **Installed machines** and then the affected machine from the list. A flyout panel will open with the relevant machine details, exposure and risk levels, alert and incident activities. ![Example of the software page for Git, and a flyout open for a selected machine.](images/tvm_software_page_details.png) -4. Click **Open machine page** to connect to the machine and apply the selected recommendation. See [Investigate machines in the Microsoft Defender ATP Machines list](investigate-machines.md) for details. ![Details in machine page](images/tvm_machine_page_details.png) +4. Click **Open machine page** to connect to the machine and apply the selected recommendation. See [Investigate machines in the Microsoft Defender ATP Machines list](investigate-machines.md) for details. ![Example of a machine page.](images/tvm_machine_page_details.png) 5. Allow a few hours for the changes to propagate in the system. diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md index 96d0ba1377..239b7afd31 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-remediation.md @@ -45,14 +45,14 @@ Go to the Threat & Vulnerability Management navigation menu and select **Remedia View **Top remediation activities** in the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md). Select any of the entries to go to the **Remediation** page. You can mark the remediation activity as completed after the IT admin team remediates the task. -![Screenshot of the remediation page flyout for a software which reached end-of-support](images/tvm-remediation-activities-card.png) +![Example of Top remediation activities card with a table that lists top activities that were generated from security recommendations.](images/tvm-remediation-activities-card.png) ## Remediation activities When you [submit a remediation request](tvm-security-recommendation.md#request-remediation) from the [Security recommendations page](tvm-security-recommendation.md), it kicks-off a remediation activity. A security task is created which will be tracked in the Threat & Vulnerability Management **Remediation** page, and a remediation ticket is created in Microsoft Intune. Once you are in the Remediation page, select the remediation activity that you want to view. You can follow the remediation steps, track progress, view the related recommendation, export to CSV, or mark as complete. -![Screenshot of the remediation page flyout for a software which reached end-of-support](images/remediation_flyouteolsw.png) +![Example of the Remediation page, with a selected remediation activity, and that activity's flyout listing the description, IT service and device management tools, and machine remediation progress.](images/remediation_flyouteolsw.png) ## Exceptions @@ -60,7 +60,7 @@ When you [file for an exception](tvm-security-recommendation.md#file-for-excepti The exceptions you've filed will show up in the **Remediation** page, in the **Exceptions** tab. You can filter your view based on exception justification, type, and status. -![Screenshot of exception tab and filters](images/tvm-exception-filters.png) +![Example of the exception page and filter options.](images/tvm-exception-filters.png) ### Exception actions and statuses @@ -85,13 +85,13 @@ Creating an exception can potentially affect the Exposure Score (for both types The exception impact shows on both the Security recommendations page column and in the flyout pane. -![Screenshot of where to find the exception impact](images/tvm-exception-impact.png) +![Screenshot identifying the impact sections which list score impacts in the full page security recommendations table, and the flyout.](images/tvm-exception-impact.png) ### View exceptions in other places Select **Show exceptions** at the bottom of the **Top security recommendations** card in the dashboard to open a filtered view in the **Security recommendations** page of recommendations with an "Exception" status. -![Screenshot of Show exceptions link in the Top security recommendations card in the dashboard](images/tvm-exception-dashboard.png) +![Screenshot of Show exceptions link in the Top security recommendations card in the dashboard.](images/tvm-exception-dashboard.png) ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md index 14d39dfac1..c3e900103b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md @@ -23,7 +23,7 @@ ms.topic: conceptual - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) > [!TIP] -> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) +> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) [!include[Prerelease information](../../includes/prerelease.md)] @@ -61,7 +61,7 @@ Go to the Threat & Vulnerability Management navigation menu and select **Securit In a given day as a Security Administrator, you can take a look at the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) to see your [exposure score](tvm-exposure-score.md) side-by-side with your [configuration score](configuration-score.md). The goal is to **lower** your organization's exposure from vulnerabilities, and **increase** your organization's security configuration to be more resilient against cybersecurity threat attacks. The top security recommendations list can help you achieve that goal. -![Screenshot of security recommendations page](images/top-security-recommendations350.png) +![Example of Top security recommendations card, with four security recommendations.](images/top-security-recommendations350.png) The top security recommendations lists the improvement opportunities prioritized based on the important factors mentioned in the previous section - threat, likelihood to be breached, and value. Selecting a recommendation will take you to the security recommendations page with more details about the recommendation. @@ -71,17 +71,17 @@ View recommendations, the number of weaknesses found, related components, threat The color of the **Exposed machines** graph changes as the trend changes. If the number of exposed machines is on the rise, the color changes into red. If there's a decrease in the number of exposed machines, the color of the graph will change into green. -![Screenshot of security recommendations page](images/tvmsecrec-updated.png) +![Example of the landing page for security recommendations.](images/tvmsecrec-updated.png) ### Icons -Useful icons also quickly calls your attention to:
  • ![Possible active alert](images/tvm_alert_icon.png) possible active alerts
  • ![Threat insight](images/tvm_bug_icon.png) associated public exploits
  • ![Recommendation insight](images/tvm_insight_icon.png) recommendation insights

+Useful icons also quickly calls your attention to:
  • ![arrow hitting a target](images/tvm_alert_icon.png) possible active alerts
  • ![red bug](images/tvm_bug_icon.png) associated public exploits
  • ![light bulb](images/tvm_insight_icon.png) recommendation insights

### Investigate Select the security recommendation that you want to investigate or process. -![Screenshot of the security recommendation page flyout for a software which reached its end-of-life](images/secrec-flyouteolsw.png) +![Example of a security recommendation flyout page.](images/secrec-flyouteolsw.png) From the flyout, you can do any of the following: @@ -130,7 +130,7 @@ Exceptions can be created for both Security update and Configuration change reco When an exception is created for a recommendation, the recommendation is no longer active. The recommendation state changes to **Exception**, and it no longer shows up in the security recommendations list. 1. Select a security recommendation you would like create an exception for, and then **Exception options**. -![Screenshot of the exception option in the remediation flyout pane](images/tvm-exception-option.png) +![Showing where the button for "exception options" is location in a security recommendation flyout.](images/tvm-exception-option.png) 2. Select your justification for the exception you need to file instead of remediating the security recommendation in question. Fill out the justification context, then set the exception duration. @@ -154,13 +154,12 @@ You can report a false positive when you see any vague, inaccurate, incomplete, 2. Select the three dots beside the security recommendation that you want to report, then select **Report inaccuracy**. -![Screenshot of Report inaccuracy control](images/report-inaccuracy500.png) +![Showing where the "Report inaccuracy" button is in a security recommendation flyout.](images/report-inaccuracy500.png) 3. From the flyout pane, select the inaccuracy category from the drop-down menu, fill in your email address, and details regarding the inaccuracy. 4. Select **Submit**. Your feedback is immediately sent to the Threat & Vulnerability Management experts. - ## Related topics - [Threat & Vulnerability Management overview](next-gen-threat-and-vuln-mgt.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md index 84165fe568..2f1c8da158 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-software-inventory.md @@ -37,14 +37,16 @@ Since it is real-time, in a matter of minutes, you will see vulnerability inform You can access the Software inventory page by selecting **Software inventory** from the Threat & Vulnerability Management navigation menu in the [Microsoft Defender Security Center](portal-overview.md). +View software on specific machines in the individual machines pages from the [machines list](machines-view-overview.md). + ## Software inventory overview The **Software inventory** page opens with a list of software installed in your network, vendor name, weaknesses found, threats associated with them, exposed machines, impact to exposure score, and tags. You can also filter the software inventory list view based on weaknesses found in the software, threats associated with them, and whether the software or software versions have reached end-of-support. -![Screenshot of software inventory page](images/software_inventory_filter.png) +![Example of the landing page for software inventory.](images/software_inventory_filter.png) Select the software that you want to investigate and a flyout panel opens up with a more compact view of the information on the page. You can either dive deeper into the investigation and select **Open software page**, or flag any technical inconsistencies by selecting **Report inaccuracy**. -![Screenshot of software inventory flyout](images/tvm-software-inventory-flyout500.png) +![Flyout example page of "Visual Studio 2017" from the software inventory page.](images/tvm-software-inventory-flyout500.png) ## Software pages @@ -54,7 +56,16 @@ Once you are in the Software inventory page and have opened the flyout panel by - Data visualizations showing the number of, and severity of, vulnerabilities and misconfigurations. Also, graphs of the number of exposed machines - Tabs with lists of the corresponding security recommendations for the weaknesses and vulnerabilities identified, the named CVEs of discovered vulnerabilities, the names of the machines that the software is installed on, and the specific versions of the software with the number of machines that have each version installed and number of vulnerabilities. -![Screenshot of software page example](images/tvm-software-page-example.png) +![Software example page for Visual Studio 2017 with the software details, weaknesses, exposed devices, and more.](images/tvm-software-page-example.png) + +## Software evidence + +We now show evidence of where we detected a specific software on a machine from the registry, disk or both machine on where we detected a certain software. +You can find it on any machines found in the [machines list](machines-view-overview.md) in a section called "Software Evidence." + +From the Microsoft Defender Security Center navigation panel, go to **Machines list** > select the name of a machine to open the machine page (like Computer1) > select the **Software inventory** tab > select the software name to open the flyout and view software evidence. + +![Software evidence example of Windows 10 from the machines list, showing software evidence registry path.](images/tvm-software-evidence.png) ## Report inaccuracy diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md index d7cad2e5aa..64933d374c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md @@ -34,14 +34,14 @@ Windows 7 | Operating System (OS) vulnerabilities Windows 8.1 | Not supported Windows 10 1607-1703 | Operating System (OS) vulnerabilities Windows 10 1709+ |Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment -Windows Server 2008R2 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment -Windows Server 2012R2 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment +Windows Server 2008 R2 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment +Windows Server 2012 R2 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment Windows Server 2016 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment Windows Server 2019 | Operating System (OS) vulnerabilities
Software product vulnerabilities
Operating System (OS) configuration assessment
Security controls configuration assessment
Software product configuration assessment MacOS | Not supported (planned) Linux | Not supported (planned) -Some of the above prerequisites might be different from the [Minimum requirements for Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements) list. +Some of the above prerequisites might be different from the [Minimum requirements for Microsoft Defender ATP](minimum-requirements.md) list. ## Related topics diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md index 7df8d6c770..4b7a5cb97e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md +++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md @@ -51,7 +51,7 @@ Go to the Threat & Vulnerability Management navigation menu and select **Weaknes 1. Go to the global search drop-down menu. 2. Select **Vulnerability** and key-in the Common Vulnerabilities and Exposures (CVE) ID that you are looking for, then select the search icon. The **Weaknesses** page opens with the CVE information that you are looking for. -![tvm-vuln-globalsearch](images/tvm-vuln-globalsearch.png) +![Global search box with the dropdown option "vulnerability" selected and an example CVE.](images/tvm-vuln-globalsearch.png) 3. Select the CVE and a flyout panel opens up with more information - the vulnerability description, exploits available, severity level, CVSS v3 rating, publishing and update dates. To see the rest of the vulnerabilities in the **Weaknesses** page, type CVE, then click search. @@ -67,26 +67,26 @@ If the **Exposed Machines** column shows 0, that means you are not at risk. If e You can view the related breach and threat insights in the **Threat** column when the icons are colored red. >[!NOTE] - > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight ![threat insight](images/tvm_bug_icon.png) icon and breach insight ![possible active alert](images/tvm_alert_icon.png) icon. + > Always prioritize recommendations that are associated with ongoing threats. These recommendations are marked with the threat insight icon ![Simple drawing of a red bug.](images/tvm_bug_icon.png) and breach insight icon ![Simple drawing of an arrow hitting a target.](images/tvm_alert_icon.png). The breach insights icon is highlighted if there is a vulnerability found in your organization. -![tvm-breach-insights](images/tvm-breach-insights.png) +![Example of a breach insights text that could show up when hovering over icon. This one says "possible active alert is associated with this recommendation.](images/tvm-breach-insights.png) The threat insights icon is highlighted if there are associated exploits in the vulnerability found in your organization. It also shows whether the threat is a part of an exploit kit or connected to specific advanced persistent campaigns or activity groups. Threat Analytics report links are provided that you can read with zero-day exploitation news, disclosures, or related security advisories. -![tvm-threat-insights](images/tvm-threat-insights.png) +![Threat insights text that that could show up when hovering over icon. This one has multiple bullet points and linked text.](images/tvm-threat-insights.png) ## View Common Vulnerabilities and Exposures (CVE) entries in other places ### Top vulnerable software in the dashboard 1. Go to the [Threat & Vulnerability Management dashboard](tvm-dashboard-insights.md) and scroll down to the **Top vulnerable software** widget. You will see the number of vulnerabilities found in each software along with threat information and a high-level view of the device exposure trend over time. -![top vulnerable software card](images/tvm-top-vulnerable-software500.png) +![Top vulnerable software card with four columns: software, weaknesses, threats, exposed machines.](images/tvm-top-vulnerable-software500.png) 2. Select the software that you want to investigate to go a drill down page. 3. Select the **Discovered vulnerabilities** tab. 4. Select the vulnerability that you want to investigate. A flyout panel will appear with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, publish, and update dates. -![Windows server drill down overview](images/windows-server-drilldown.png) +![Windows Server 2019 drill down overview.](images/windows-server-drilldown.png) ### Discover vulnerabilities in the machine page @@ -104,7 +104,7 @@ View related weaknesses information in the machine page. Similar to the software evidence, we now show the detection logic we applied on a machine in order to state that it's vulnerable. This is a new section called "Detection Logic" (in any discovered vulnerability in the machine page) that shows the detection logic and source. -![Screenshot of the machine page with details and response options](images/cve-detection-logic.png) +![Detection Logic example which lists the software detected on the device and the KBs.](images/cve-detection-logic.png) ## Report inaccuracy diff --git a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md index 689a9fe3d1..2d474782f2 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md @@ -30,6 +30,10 @@ For more information preview features, see [Preview features](https://docs.micro RSS feed: Get notified when this page is updated by copying and pasting the following URL into your feed reader: `https://docs.microsoft.com/api/search/rss?search=%22Lists+the+new+features+and+functionality+in+Microsoft+Defender+ATP%22&locale=en-us` +## April 2020 + +- [Threat & Vulnerability Management API support](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exposed-apis-list)
Run Threat & Vulnerability Management-related API calls such as get your organization's threat exposure score or device secure score, software and machine vulnerability inventory, software version distribution, machine vulnerability information, security recommendation information. Learn more from this [Microsoft Tech Community blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/threat-amp-vulnerability-management-apis-are-now-generally/ba-p/1304615). + ## November-December 2019 - [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md)
Microsoft Defender ATP for Mac brings the next-generation protection to Mac devices. Core components of the unified endpoint security platform will now be available for Mac devices, including [endpoint detection and response](endpoint-detection-response-mac-preview.md). diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md index e1d64c8cfd..84ae5e963d 100644 --- a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md +++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md @@ -2,7 +2,7 @@ title: Interactive logon Don't display username at sign-in (Windows 10) description: Describes the best practices, location, values, and security considerations for the Interactive logon Don't display username at sign-in security policy setting. ms.assetid: 98b24b03-95fe-4edc-8e97-cbdaa8e314fd -ms.reviewer: +ms.reviewer: ms.author: dansimp ms.prod: w10 ms.mktglfcycl: deploy @@ -20,9 +20,9 @@ ms.date: 04/19/2017 # Interactive logon: Don't display username at sign-in **Applies to** -- Windows Server 2003, Windows Vista, Windows XP, Windows Server 2008, Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8, Windows 10 +- Windows 10, Windows Server 2019 -Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display username at sign-in** security policy setting. +Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display username at sign-in** security policy setting. ## Reference @@ -56,7 +56,7 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Sec | Domain controller effective default settings | Not defined| | Member server effective default settings | Not defined| | Effective GPO default settings on client computers | Not defined| - + ## Policy management This section describes features and tools that are available to help you manage this policy. diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index c8e505e884..ab45f10ade 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -129,9 +129,9 @@ Wildcards can be used at the beginning or end of a path rule; only one wildcard ## Windows Defender Application Control filename rules -File name rule levels provide administrators to specify the file attributes off which to base a file name rule. File name rules do not provide the same security guarantees that explicit signer rules do, as they are based on mutable access permissions. Specification of the file name level occurs when creating new policy rules. In addition, to combine file name levels found in multiple policies, you can merge multiple policies. +File name rule levels provide administrators to specify the file attributes off which to base a file name rule. File name rules provide the same security guarantees that explicit signer rules do, as they are based on non-mutable file attributes. Specification of the file name level occurs when creating new policy rules. In addition, to combine file name levels found in multiple policies, you can merge multiple policies. -Use Table 3 to select the appropriate file name level for your available administrative resources and Windows Defender Application Control deployment scenario. +Use Table 3 to select the appropriate file name level for your available administrative resources and Windows Defender Application Control deployment scenario. For instance, an LOB or production application and its binaries (eg. DLLs) may all share the same product name. This allows users to easily create targeted policies based on the Product Name filename rule level. **Table 3. Windows Defender Application Control policy - filename levels** diff --git a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md index 5c81b7eb36..ca449ea92c 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md @@ -42,4 +42,3 @@ Your environment needs the following software to run Windows Defender Applicatio |Operating system|Windows 10 Enterprise edition, version 1709 or higher
Windows 10 Professional edition, version 1803 or higher
Windows 10 Professional for Workstations edition, version 1803 or higher
Windows 10 Professional Education edition version 1803 or higher
Windows 10 Education edition, version 1903 or higher
Professional editions are only supported for non-managed devices; Intune or any other 3rd party mobile device management (MDM) solutions are not supported with WDAG for Professional editions. | |Browser|Microsoft Edge and Internet Explorer| |Management system
(only for managed devices)|[Microsoft Intune](https://docs.microsoft.com/intune/)

**-OR-**

[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/)

**-OR-**

[Group Policy](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx)

**-OR-**

Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.| -|Windows Defender Exploit Protection settings|The following settings should be configured or verified in the **Windows Security** app under **App & browser control** > **Exploit protection** > **Exploit protection settings** > **System Settings**.

**Control flow guard (CFG)** must be set to **Use default (On)** or **Off by default**. If set to **On by default**, [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard) will not launch.

**Randomize memory allocations (Bottom-up ASLR)** must be set to **Use default (On)** or **Off by default**. If set to "On by default", the `Vmmem` process will have high CPU utilization while a Windows Defender Application Guard window is open.| diff --git a/windows/security/threat-protection/windows-defender-smartscreen/images/Microsoft-Defender-Smartscreen-submission.png b/windows/security/threat-protection/windows-defender-smartscreen/images/Microsoft-Defender-Smartscreen-submission.png new file mode 100644 index 0000000000..74f9fb15ed Binary files /dev/null and b/windows/security/threat-protection/windows-defender-smartscreen/images/Microsoft-Defender-Smartscreen-submission.png differ diff --git a/windows/security/threat-protection/windows-defender-smartscreen/images/Windows-defender-smartscreen-control-2020.png b/windows/security/threat-protection/windows-defender-smartscreen/images/Windows-defender-smartscreen-control-2020.png new file mode 100644 index 0000000000..daa96d291d Binary files /dev/null and b/windows/security/threat-protection/windows-defender-smartscreen/images/Windows-defender-smartscreen-control-2020.png differ diff --git a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md index 0dabbdb3b1..8181c99856 100644 --- a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md +++ b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md @@ -1,7 +1,7 @@ --- -title: Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings (Windows 10) -description: A list of all available settings for Windows Defender SmartScreen using Group Policy and mobile device management (MDM) settings. -keywords: SmartScreen Filter, Windows SmartScreen, Windows Defender SmartScreen +title: Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings (Windows 10) +description: A list of all available settings for Microsoft Defender SmartScreen using Group Policy and mobile device management (MDM) settings. +keywords: SmartScreen Filter, Windows SmartScreen, Microsoft Defender SmartScreen ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library @@ -13,13 +13,13 @@ ms.reviewer: manager: dansimp ms.author: dansimp --- -# Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings +# Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings **Applies to:** - Windows 10 - Windows 10 Mobile -Windows Defender SmartScreen works with Intune, Group Policy, and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Windows Defender SmartScreen, you can show employees a warning page and let them continue to the site, or you can block the site entirely. +Microsoft Defender SmartScreen works with Intune, Group Policy, and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Microsoft Defender SmartScreen, you can show employees a warning page and let them continue to the site, or you can block the site entirely. See [Windows 10 (and later) settings to protect devices using Intune](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-defender-smartscreen-settings) for the controls you can use in Intune. @@ -35,48 +35,48 @@ SmartScreen uses registry-based Administrative Template policy settings. For mor - + - + - + - + - + - + - + - +
IssueMore information +
Blocking apps specified in a user-targeted Enrollment Status Profile are ignored during device ESP.The services responsible for determining the list of apps that should be blocking during device ESP are not able to determine the correct ESP profile containing the list of apps because they do not know the user identity. As a workaround, enable the default ESP profile (which targets all users and devices) and place the blocking app list there. In the future, it will be possible to instead target the ESP profile to device groups to avoid this issue.
Windows Autopilot user-driven Hybrid Azure AD deployments do not grant users Administrator rights even when specified in the Windows Autopilot profile. This will occur when there is another user on the device that already has Administrator rights. For example, a PowerShell script or policy could create an additional local account that is a member of the Administrators group. To ensure this works properly, do not create an additional account until after the Windows Autopilot process has completed.
Windows 10, version 1703:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen

Windows 10, Version 1607 and earlier:
Administrative Templates\Windows Components\File Explorer\Configure Windows SmartScreen

 At least Windows Server 2012, Windows 8 or Windows RTThis policy setting turns on Windows Defender SmartScreen.

If you enable this setting, it turns on Windows Defender SmartScreen and your employees are unable to turn it off. Additionally, when enabling this feature, you must also pick whether Windows Defender SmartScreen should Warn your employees or Warn and prevent bypassing the message (effectively blocking the employee from the site).

If you disable this setting, it turns off Windows Defender SmartScreen and your employees are unable to turn it on.

If you don't configure this setting, your employees can decide whether to use Windows Defender SmartScreen.

This policy setting turns on Microsoft Defender SmartScreen.

If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off. Additionally, when enabling this feature, you must also pick whether Microsoft Defender SmartScreen should Warn your employees or Warn and prevent bypassing the message (effectively blocking the employee from the site).

If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.

If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.
Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control Windows 10, version 1703This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.

This setting does not protect against malicious content from USB devices, network shares or other non-internet sources.

Important: Using a trustworthy browser helps ensure that these protections work as expected.

This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.

This setting does not protect against malicious content from USB devices, network shares or other non-internet sources.

Important: Using a trustworthy browser helps ensure that these protections work as expected.
Windows 10, version 1703:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen

Windows 10, Version 1607 and earlier:
Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen

 Microsoft Edge on Windows 10 or laterThis policy setting turns on Windows Defender SmartScreen.

If you enable this setting, it turns on Windows Defender SmartScreen and your employees are unable to turn it off.

If you disable this setting, it turns off Windows Defender SmartScreen and your employees are unable to turn it on.

If you don't configure this setting, your employees can decide whether to use Windows Defender SmartScreen.

This policy setting turns on Microsoft Defender SmartScreen.

If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off.

If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.

If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.
Windows 10, version 1703:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files

Windows 10, Version 1511 and 1607:
Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for files

 Microsoft Edge on Windows 10, version 1511 or laterThis policy setting stops employees from bypassing the Windows Defender SmartScreen warnings about potentially malicious files.

If you enable this setting, it stops employees from bypassing the warning, stopping the file download.

If you disable or don't configure this setting, your employees can bypass the warnings and continue to download potentially malicious files.

This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious files.

If you enable this setting, it stops employees from bypassing the warning, stopping the file download.

If you disable or don't configure this setting, your employees can bypass the warnings and continue to download potentially malicious files.
Windows 10, version 1703:
Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites

Windows 10, Version 1511 and 1607:
Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for sites

 Microsoft Edge on Windows 10, version 1511 or laterThis policy setting stops employees from bypassing the Windows Defender SmartScreen warnings about potentially malicious sites.

If you enable this setting, it stops employees from bypassing the warning, stopping them from going to the site.

If you disable or don't configure this setting, your employees can bypass the warnings and continue to visit a potentially malicious site.

This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious sites.

If you enable this setting, it stops employees from bypassing the warning, stopping them from going to the site.

If you disable or don't configure this setting, your employees can bypass the warnings and continue to visit a potentially malicious site.
Administrative Templates\Windows Components\Internet Explorer\Prevent managing SmartScreen Filter Internet Explorer 9 or laterThis policy setting prevents the employee from managing Windows Defender SmartScreen.

If you enable this policy setting, the employee isn't prompted to turn on Windows Defender SmartScreen. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the employee.

If you disable or don't configure this policy setting, the employee is prompted to decide whether to turn on Windows Defender SmartScreen during the first-run experience.

This policy setting prevents the employee from managing Microsoft Defender SmartScreen.

If you enable this policy setting, the employee isn't prompted to turn on Microsoft Defender SmartScreen. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the employee.

If you disable or don't configure this policy setting, the employee is prompted to decide whether to turn on Microsoft Defender SmartScreen during the first-run experience.
Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings Internet Explorer 8 or laterThis policy setting determines whether an employee can bypass warnings from Windows Defender SmartScreen.

If you enable this policy setting, Windows Defender SmartScreen warnings block the employee.

If you disable or don't configure this policy setting, the employee can bypass Windows Defender SmartScreen warnings.

This policy setting determines whether an employee can bypass warnings from Microsoft Defender SmartScreen.

If you enable this policy setting, Microsoft Defender SmartScreen warnings block the employee.

If you disable or don't configure this policy setting, the employee can bypass Microsoft Defender SmartScreen warnings.
Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet Internet Explorer 9 or laterThis policy setting determines whether the employee can bypass warnings from Windows Defender SmartScreen. Windows Defender SmartScreen warns the employee about executable files that Internet Explorer users do not commonly download from the Internet.

If you enable this policy setting, Windows Defender SmartScreen warnings block the employee.

If you disable or don't configure this policy setting, the employee can bypass Windows Defender SmartScreen warnings.

This policy setting determines whether the employee can bypass warnings from Microsoft Defender SmartScreen. Microsoft Defender SmartScreen warns the employee about executable files that Internet Explorer users do not commonly download from the Internet.

If you enable this policy setting, Microsoft Defender SmartScreen warnings block the employee.

If you disable or don't configure this policy setting, the employee can bypass Microsoft Defender SmartScreen warnings.
## MDM settings If you manage your policies using Microsoft Intune, you'll want to use these MDM policy settings. All settings support both desktop computers (running Windows 10 Pro or Windows 10 Enterprise, enrolled with Microsoft Intune) and Windows 10 Mobile devices.

-For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP - InternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-internetexplorer). +For Microsoft Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP - InternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-internetexplorer). @@ -91,8 +91,8 @@ For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP
  • URI full path. ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen
  • Data type. Integer
  • Allowed values:
      -
    • 0 . Turns off Windows Defender SmartScreen in Edge.
      • -
    • 1. Turns on Windows Defender SmartScreen in Edge.
    • +
  • 0 . Turns off Microsoft Defender SmartScreen in Edge.
    • +
  • 1. Turns on Microsoft Defender SmartScreen in Edge.
    • @@ -115,8 +115,8 @@ For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP
  • URI full path. ./Vendor/MSFT/Policy/Config/SmartScreen/EnableSmartScreenInShell
  • Data type. Integer
  • Allowed values:
      -
    • 0 . Turns off Windows Defender SmartScreen in Windows for app and file execution.
      • -
    • 1. Turns on Windows Defender SmartScreen in Windows for app and file execution.
    • +
  • 0 . Turns off Microsoft Defender SmartScreen in Windows for app and file execution.
    • +
  • 1. Turns on Microsoft Defender SmartScreen in Windows for app and file execution.
    • @@ -127,8 +127,8 @@ For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP
  • URI full path. ./Vendor/MSFT/Policy/Config/SmartScreen/PreventOverrideForFilesInShell
  • Data type. Integer
  • Allowed values:
      -
    • 0 . Employees can ignore Windows Defender SmartScreen warnings and run malicious files.
      • -
    • 1. Employees can't ignore Windows Defender SmartScreen warnings and run malicious files.
    • +
  • 0 . Employees can ignore Microsoft Defender SmartScreen warnings and run malicious files.
    • +
  • 1. Employees can't ignore Microsoft Defender SmartScreen warnings and run malicious files.
    • @@ -139,8 +139,8 @@ For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP
  • URI full path. ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride
  • Data type. Integer
  • Allowed values:
      -
    • 0 . Employees can ignore Windows Defender SmartScreen warnings.
      • -
    • 1. Employees can't ignore Windows Defender SmartScreen warnings.
    • +
  • 0 . Employees can ignore Microsoft Defender SmartScreen warnings.
    • +
  • 1. Employees can't ignore Microsoft Defender SmartScreen warnings.
    • @@ -151,16 +151,16 @@ For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP
  • URI full path. ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles
  • Data type. Integer
  • Allowed values:
      -
    • 0 . Employees can ignore Windows Defender SmartScreen warnings for files.
      • -
    • 1. Employees can't ignore Windows Defender SmartScreen warnings for files.
    • +
  • 0 . Employees can ignore Microsoft Defender SmartScreen warnings for files.
    • +
  • 1. Employees can't ignore Microsoft Defender SmartScreen warnings for files.
    • Setting
    ## Recommended Group Policy and MDM settings for your organization -By default, Windows Defender SmartScreen lets employees bypass warnings. Unfortunately, this can let employees continue to an unsafe site or to continue to download an unsafe file, even after being warned. Because of this possibility, we strongly recommend that you set up Windows Defender SmartScreen to block high-risk interactions instead of providing just a warning. +By default, Microsoft Defender SmartScreen lets employees bypass warnings. Unfortunately, this can let employees continue to an unsafe site or to continue to download an unsafe file, even after being warned. Because of this possibility, we strongly recommend that you set up Microsoft Defender SmartScreen to block high-risk interactions instead of providing just a warning. -To better help you protect your organization, we recommend turning on and using these specific Windows Defender SmartScreen Group Policy and MDM settings. +To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen Group Policy and MDM settings. @@ -168,7 +168,7 @@ To better help you protect your organization, we recommend turning on and using - + @@ -191,7 +191,7 @@ To better help you protect your organization, we recommend turning on and using - + @@ -203,7 +203,7 @@ To better help you protect your organization, we recommend turning on and using - + @@ -214,7 +214,7 @@ To better help you protect your organization, we recommend turning on and using ## Related topics - [Threat protection](../index.md) -- [Windows Defender SmartScreen overview](windows-defender-smartscreen-overview.md) +- [Microsoft Defender SmartScreen overview](windows-defender-smartscreen-overview.md) - [Available Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies) diff --git a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md index b9d400165d..56b4084b8b 100644 --- a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md +++ b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md @@ -1,7 +1,7 @@ --- -title: Windows Defender SmartScreen overview (Windows 10) -description: Conceptual info about Windows Defender SmartScreen. -keywords: SmartScreen Filter, Windows SmartScreen, Windows Defender SmartScreen +title: Microsoft Defender SmartScreen overview (Windows 10) +description: Conceptual info about Microsoft Defender SmartScreen. +keywords: SmartScreen Filter, Windows SmartScreen, Microsoft Defender SmartScreen ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library @@ -15,55 +15,61 @@ ms.reviewer: manager: dansimp --- -# Windows Defender SmartScreen +# Microsoft Defender SmartScreen **Applies to:** - Windows 10 - Windows 10 Mobile +- Microsoft Edge -Windows Defender SmartScreen protects against phishing or malware websites, and the downloading of potentially malicious files. +Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files. -**Windows Defender SmartScreen determines whether a site is potentially malicious by:** +**Microsoft Defender SmartScreen determines whether a site is potentially malicious by:** -- Analyzing visited webpages looking for indications of suspicious behavior. If Windows Defender Smartscreen determines that a page is suspicious, it will show a warning page to advise caution. +- Analyzing visited webpages looking for indications of suspicious behavior. If Microsoft Defender SmartScreen determines that a page is suspicious, it will show a warning page to advise caution. -- Checking the visited sites against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, Windows Defender SmartScreen shows a warning to let the user know that the site might be malicious. +- Checking the visited sites against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, Microsoft Defender SmartScreen shows a warning to let the user know that the site might be malicious. -**Windows Defender SmartScreen determines whether a downloaded app or app installer is potentially malicious by:** +**Microsoft Defender SmartScreen determines whether a downloaded app or app installer is potentially malicious by:** -- Checking downloaded files against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, Windows Defender SmartScreen shows a warning to let the user know that the site might be malicious. +- Checking downloaded files against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, Microsoft Defender SmartScreen shows a warning to let the user know that the site might be malicious. -- Checking downloaded files against a list of files that are well known and downloaded by many Windows users. If the file isn't on that list, Windows Defender SmartScreen shows a warning, advising caution. +- Checking downloaded files against a list of files that are well known and downloaded by many Windows users. If the file isn't on that list, Microsoft Defender SmartScreen shows a warning, advising caution. - >[!NOTE] - >Before Windows 10, version 1703, this feature was called _the SmartScreen filter_ when used within the browser and _Windows SmartScreen_ when used outside of the browser. +## Benefits of Microsoft Defender SmartScreen -## Benefits of Windows Defender SmartScreen +Microsoft Defender SmartScreen provide an early warning system against websites that might engage in phishing attacks or attempt to distribute malware through a socially-engineered attack. The primary benefits are: -Windows Defender SmartScreen provide an early warning system against websites that might engage in phishing attacks or attempt to distribute malware through a socially-engineered attack. The primary benefits are: +- **Anti-phishing and anti-malware support.** Microsoft Defender SmartScreen helps to protect users from sites that are reported to host phishing attacks or attempt to distribute malicious software. It can also help protect against deceptive advertisements, scam sites, and drive-by attacks. Drive-by attacks are web-based attacks that tend to start on a trusted site, targeting security vulnerabilities in commonly used software. Because drive-by attacks can happen even if the user does not click or download anything on the page, the danger often goes unnoticed. For more info about drive-by attacks, see [Evolving Microsoft Defender SmartScreen to protect you from drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/SmartScreen-drive-by-improvements/#3B7Bb8bzeAPq8hXE.97) -- **Anti-phishing and anti-malware support.** Windows Defender SmartScreen helps to protect your employees from sites that are reported to host phishing attacks or attempt to distribute malicious software. It can also help protect against deceptive advertisements, scam sites, and drive-by attacks. Drive-by attacks are web-based attacks that tend to start on a trusted site, targeting security vulnerabilities in commonly-used software. Because drive-by attacks can happen even if the user does not click or download anything on the page, the danger often goes unnoticed. For more info about drive-by attacks, see [Evolving Windows Defender SmartScreen to protect you from drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/SmartScreen-drive-by-improvements/#3B7Bb8bzeAPq8hXE.97) +- **Reputation-based URL and app protection.** Microsoft Defender SmartScreen evaluates a website's URLs to determine if they're known to distribute or host unsafe content. It also provides reputation checks for apps, checking downloaded programs and the digital signature used to sign a file. If a URL, a file, an app, or a certificate has an established reputation, users won't see any warnings. If, however, there's no reputation, the item is marked as a higher risk and presents a warning to the user. -- **Reputation-based URL and app protection.** Windows Defender SmartScreen evaluates a website's URLs to determine if they're known to distribute or host unsafe content. It also provides reputation checks for apps, checking downloaded programs and the digital signature used to sign a file. If a URL, a file, an app, or a certificate has an established reputation, your employees won't see any warnings. If however there's no reputation, the item is marked as a higher risk and presents a warning to the employee. +- **Operating system integration.** Microsoft Defender SmartScreen is integrated into the Windows 10 operating system, meaning that it checks any files an app (including 3rd-party browsers and email clients) attempts to download and run. -- **Operating system integration.** Windows Defender SmartScreen is integrated into the Windows 10 operating system, meaning that it checks any files an app (including 3rd-party browsers and email clients) attempts to download and run. +- **Improved heuristics and diagnostic data.** Microsoft Defender SmartScreen is constantly learning and endeavoring to stay up-to-date, so it can help to protect you against potentially malicious sites and files. -- **Improved heuristics and diagnostic data.** Windows Defender SmartScreen is constantly learning and endeavoring to stay up-to-date, so it can help to protect you against potentially malicious sites and files. +- **Management through Group Policy and Microsoft Intune.** Microsoft Defender SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen-available-settings.md). -- **Management through Group Policy and Microsoft Intune.** Windows Defender SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen-available-settings.md). - -- **Blocking URLs associated with potentially unwanted applications.** In the next major version of Microsoft Edge (based on Chromium), SmartScreen will blocks URLs associated with potentially unwanted applications, or PUAs. For more information on blocking URLs associated with PUAs, see [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md). +- **Blocking URLs associated with potentially unwanted applications.** In Microsoft Edge (based on Chromium), SmartScreen blocks URLs associated with potentially unwanted applications, or PUAs. For more information on blocking URLs associated with PUAs, see [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md). > [!IMPORTANT] > SmartScreen protects against malicious files from the internet. It does not protect against malicious files on internal locations or network shares, such as shared folders with UNC paths or SMB/CIFS shares. -## Viewing Windows Defender SmartScreen anti-phishing events +## Submit files to Microsoft Defender SmartScreen for review -When Windows Defender SmartScreen warns or blocks an employee from a website, it's logged as [Event 1035 - Anti-Phishing](https://technet.microsoft.com/scriptcenter/dd565657(v=msdn.10).aspx). +If you believe a warning or block was incorrectly shown for a file or application, or if you believe an undetected file is malware, you can [submit a file](https://www.microsoft.com/wdsi/filesubmission/) to Microsoft for review. For more info, see [Submit files for analysis](https://docs.microsoft.com/windows/security/threat-protection/intelligence/submission-guide). -## Viewing Windows event logs for Windows Defender SmartScreen -Windows Defender SmartScreen events appear in the Microsoft-Windows-SmartScreen/Debug log in Event Viewer. +When submitting Microsoft Defender Smartscreen products, make sure to select **Microsoft Defender SmartScreen** from the product menu. + +![Windows Security, Microsoft Defender SmartScreen controls](images/Microsoft-defender-smartscreen-submission.png) + +## Viewing Microsoft Defender SmartScreen anti-phishing events + +When Microsoft Defender SmartScreen warns or blocks a user from a website, it's logged as [Event 1035 - Anti-Phishing](https://technet.microsoft.com/scriptcenter/dd565657(v=msdn.10).aspx). + +## Viewing Windows event logs for Microsoft Defender SmartScreen +Microsoft Defender SmartScreen events appear in the Microsoft-Windows-SmartScreen/Debug log in Event Viewer. Windows event log for SmartScreen is disabled by default, users can use Event Viewer UI to enable the log or use the command line to enable it: @@ -82,8 +88,5 @@ EventID | Description 1002 | User Decision Windows Defender SmartScreen Event ## Related topics -- [Windows Defender SmartScreen Frequently Asked Questions (FAQ)](https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx) - -- [SmartScreen Frequently Asked Questions (FAQ)](https://feedback.smartscreen.microsoft.com/smartscreenfaq.aspx) - [Threat protection](../index.md) -- [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings) +- [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings) diff --git a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md index bdbd3df95e..dd2eb47e6c 100644 --- a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md +++ b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md @@ -1,7 +1,7 @@ --- -title: Set up and use Windows Defender SmartScreen on individual devices (Windows 10) -description: Learn how employees can use Windows Security to set up Windows Defender SmartScreen. Windows Defender SmartScreen protects users from running malicious apps. -keywords: SmartScreen Filter, Windows SmartScreen, Windows Defender SmartScreen +title: Set up and use Microsoft Defender SmartScreen on individual devices (Windows 10) +description: Learn how employees can use Windows Security to set up Microsoft Defender SmartScreen. Microsoft Defender SmartScreen protects users from running malicious apps. +keywords: SmartScreen Filter, Windows SmartScreen, Microsoft Defender SmartScreen ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library @@ -14,70 +14,75 @@ manager: dansimp ms.author: macapara --- -# Set up and use Windows Defender SmartScreen on individual devices +# Set up and use Microsoft Defender SmartScreen on individual devices **Applies to:** - Windows 10, version 1703 - Windows 10 Mobile +- Microsoft Edge -Windows Defender SmartScreen helps to protect your employees if they try to visit sites previously reported as phishing or malware websites, or if an employee tries to download potentially malicious files. +Microsoft Defender SmartScreen helps to protect users if they try to visit sites previously reported as phishing or malware websites, or if a user tries to download potentially malicious files. -## How employees can use Windows Security to set up Windows Defender SmartScreen -Starting with Windows 10, version 1703 your employees can use Windows Security to set up Windows Defender SmartScreen for an individual device; unless you've used Group Policy or Microsoft Intune to prevent it. +## How users can use Windows Security to set up Microsoft Defender SmartScreen +Starting with Windows 10, version 1703, users can use Windows Security to set up Microsoft Defender SmartScreen for an individual device; unless an administrator has used Group Policy or Microsoft Intune to prevent it. >[!NOTE] >If any of the following settings are managed through Group Policy or mobile device management (MDM) settings, it appears as unavailable to the employee. -**To use Windows Security to set up Windows Defender SmartScreen on a device** -1. Open the Windows Security app, and then click **App & browser control**. +**To use Windows Security to set up Microsoft Defender SmartScreen on a device** +1. Open the Windows Security app, and then select **App & browser control** > **Reputation-based protection settings**. -2. In the **App & browser control** screen, choose from the following options: +2. In the **Reputation-based protection** screen, choose from the following options: - In the **Check apps and files** area: - - - **Block.** Stops employees from downloading and running unrecognized apps and files from the web. - - **Warn.** Warns employees that the apps and files being downloaded from the web are potentially dangerous, but allows the action to continue. + - **On.** Warns users that the apps and files being downloaded from the web are potentially dangerous but allows the action to continue. - - **Off.** Turns off Windows Defender SmartScreen, so an employee isn't alerted or stopped from downloading potentially malicious apps and files. + - **Off.** Turns off Microsoft Defender SmartScreen, so a user isn't alerted or stopped from downloading potentially malicious apps and files. - - In the **Windows Defender SmartScreen for Microsoft Edge** area: - - - **Block.** Stops employees from downloading and running unrecognized apps and files from the web, while using Microsoft Edge. + - In the **Microsoft Defender SmartScreen for Microsoft Edge** area: - - **Warn.** Warns employees that sites and downloads are potentially dangerous, but allows the action to continue while running in Microsoft Edge. + - **On.** Warns users that sites and downloads are potentially dangerous but allows the action to continue while running in Microsoft Edge. - - **Off.** Turns off Windows Defender SmartScreen, so an employee isn't alerted or stopped from downloading potentially malicious apps and files. + - **Off.** Turns off Microsoft Defender SmartScreen, so a user isn't alerted or stopped from downloading potentially malicious apps and files. + - In the **Potentially unwanted app blocking** area: - - In the **Windows Defender SmartScreen from Microsoft Store apps** area: + - **On.** Turns on both the 'Block apps' and 'Block downloads settings. To learn more, see [How Microsoft identifies malware and potentially unwanted applications](https://docs.microsoft.com/windows/security/threat-protection/intelligence/criteria#potentially-unwanted-application-pua). + - **Block apps.** This setting will prevent new apps from installing on the device and warn users of apps that are existing on the device. + + - **Block downloads.** This setting will alert users and stop the downloads of apps in the Microsoft Edge browser (based on Chromium). + + - **Off.** Turns off Potentially unwanted app blocking, so a user isn't alerted or stopped from downloading or installing potentially unwanted apps. + + - In the **Microsoft Defender SmartScreen from Microsoft Store apps** area: - - **Warn.** Warns employees that the sites and downloads used by Microsoft Store apps are potentially dangerous, but allows the action to continue. + - **On.** Warns users that the sites and downloads used by Microsoft Store apps are potentially dangerous but allows the action to continue. - - **Off.** Turns off Windows Defender SmartScreen, so an employee isn't alerted or stopped from visiting sites or from downloading potentially malicious apps and files. + - **Off.** Turns off Microsoft Defender SmartScreen, so a user isn't alerted or stopped from visiting sites or from downloading potentially malicious apps and files. - ![Windows Security, Windows Defender SmartScreen controls](images/windows-defender-smartscreen-control.png) + ![Windows Security, Microsoft Defender SmartScreen controls](images/windows-defender-smartscreen-control-2020.png) -## How Windows Defender SmartScreen works when an employee tries to run an app -Windows Defender SmartScreen checks the reputation of any web-based app the first time it's run from the Internet, checking digital signatures and other factors against a Microsoft-maintained service. If an app has no reputation or is known to be malicious, Windows Defender SmartScreen can warn the employee or block the app from running entirely, depending on how you've configured the feature to run in your organization. +## How Microsoft Defender SmartScreen works when a user tries to run an app +Microsoft Defender SmartScreen checks the reputation of any web-based app the first time it's run from the Internet, checking digital signatures and other factors against a Microsoft-maintained service. If an app has no reputation or is known to be malicious, Microsoft Defender SmartScreen can warn the user or block the app from running entirely, depending on how you've configured the feature to run in your organization. -By default, your employees can bypass Windows Defender SmartScreen protection, letting them run legitimate apps after accepting a warning message prompt. You can also use Group Policy or Microsoft Intune to block employees from using unrecognized apps, or to entirely turn off Windows Defender SmartScreen (not recommended). +By default, users can bypass Microsoft Defender SmartScreen protection, letting them run legitimate apps after accepting a warning message prompt. You can also use Group Policy or Microsoft Intune to block your employees from using unrecognized apps, or to entirely turn off Microsoft Defender SmartScreen (not recommended). -## How employees can report websites as safe or unsafe -You can configure Windows Defender SmartScreen to warn employees from going to a potentially dangerous site. Employees can then choose to report a website as safe from the warning message or as unsafe from within Microsoft Edge and Internet Explorer 11. +## How users can report websites as safe or unsafe +Microsoft Defender SmartScreen can be configured to warn users from going to a potentially dangerous site. Users can then choose to report a website as safe from the warning message or as unsafe from within Microsoft Edge and Internet Explorer 11. **To report a website as safe from the warning message** - On the warning screen for the site, click **More Information**, and then click **Report that this site does not contain threats**. The site info is sent to the Microsoft feedback site, which provides further instructions. **To report a website as unsafe from Microsoft Edge** -- If a site seems potentially dangerous, employees can report it to Microsoft by clicking **More (...)**, clicking **Send feedback**, and then clicking **Report unsafe site**. +- If a site seems potentially dangerous, users can report it to Microsoft by clicking **More (...)**, clicking **Send feedback**, and then clicking **Report unsafe site**. **To report a website as unsafe from Internet Explorer 11** -- If a site seems potentially dangerous, employees can report it to Microsoft by clicking on the **Tools** menu, clicking **Windows Defender SmartScreen**, and then clicking **Report unsafe website**. +- If a site seems potentially dangerous, users can report it to Microsoft by clicking on the **Tools** menu, clicking **Windows Defender SmartScreen**, and then clicking **Report unsafe website**. ## Related topics - [Threat protection](../index.md) -- [Windows Defender SmartScreen overview](windows-defender-smartscreen-overview.md) +- [Microsoft Defender SmartScreen overview](windows-defender-smartscreen-overview.md) >[!NOTE] >Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md index f46696402c..c141b00025 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md @@ -59,9 +59,6 @@ Click **Start** > **Settings** > **Update & Security** > **Windows Security** > ![Secure Launch Registry](images/secure-launch-registry.png) -> [!IMPORTANT] -> If System Guard is enabled with a registry key, standard hardware security is not available for the Intel i5 7200U processor. - ## How to verify System Guard Secure Launch is configured and running To verify that Secure Launch is running, use System Information (MSInfo32). Click **Start**, search for **System Information**, and look under **Virtualization-based Security Services Running** and **Virtualization-based Security Services Configured**. diff --git a/windows/security/threat-protection/windows-security-baselines.md b/windows/security/threat-protection/windows-security-baselines.md index 48bfb00d06..535af777d7 100644 --- a/windows/security/threat-protection/windows-security-baselines.md +++ b/windows/security/threat-protection/windows-security-baselines.md @@ -64,7 +64,7 @@ The security baselines are included in the [Security Compliance Toolkit (SCT)](s ## Community -[![Microsoft Security Guidance Blog](images/community.png)](https://blogs.technet.microsoft.com/secguide/) +[![Microsoft Security Guidance Blog](images/community.png)](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bd-p/Security-Baselines) ## Related Videos @@ -73,9 +73,9 @@ You may also be interested in this msdn channel 9 video: ## See Also -- [Microsoft Endpoint Configuration Manager](https://www.microsoft.com/cloud-platform/system-center-configuration-manager) -- [Operations Management Suite](https://www.microsoft.com/cloud-platform/operations-management-suite) -- [Configuration Management for Nano Server](https://blogs.technet.microsoft.com/grouppolicy/2016/05/09/configuration-management-on-servers/) -- [Microsoft Security Guidance Blog](https://blogs.technet.microsoft.com/secguide/) -- [Microsoft Security Compliance Toolkit Download](https://www.microsoft.com/download/details.aspx?id=55319) -- [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319) +- [Microsoft Endpoint Configuration Manager](https://www.microsoft.com/cloud-platform/system-center-configuration-manager) +- [Operations Management Suite](https://www.microsoft.com/cloud-platform/operations-management-suite) +- [Configuration Management for Nano Server](https://docs.microsoft.com/archive/blogs/grouppolicy/configuration-management-on-servers/) +- [Microsoft Security Guidance Blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines) +- [Microsoft Security Compliance Toolkit Download](https://www.microsoft.com/download/details.aspx?id=55319) +- [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319)
    Group Policy setting
    Administrative Templates\Windows Components\Microsoft Edge\Configure Windows Defender SmartScreenEnable. Turns on Windows Defender SmartScreen.Enable. Turns on Microsoft Defender SmartScreen.
    Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites
    Browser/AllowSmartScreen1. Turns on Windows Defender SmartScreen.1. Turns on Microsoft Defender SmartScreen.
    Browser/PreventSmartScreenPromptOverride
    SmartScreen/EnableSmartScreenInShell1. Turns on Windows Defender SmartScreen in Windows.

    Requires at least Windows 10, version 1703.

    		1. Turns on Microsoft Defender SmartScreen in Windows.

    Requires at least Windows 10, version 1703.
    SmartScreen/PreventOverrideForFilesInShell