deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 21:03:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into microsoft-edge-rs5

Browse Source
This commit is contained in:
Patti Short
2018-09-06 05:58:56 -07:00
parent aedf1108b6 5cd7143475
commit ecea20eb56
10 changed files with 51 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/client-management/mdm/policy-csp-restrictedgroups.md
View File

@ -114,8 +114,8 @@ Here is an example:
```
<groupmembership>
<accessgroup desc="Administrators">
<member name="Contoso\Alice" />
<member name = "S-188-5-5666-5-688" / >
<member name="Contoso\Alice">
<member name = "S-188-5-5666-5-688">
</accessgroup>
</groupmembership>
```

8
windows/deployment/upgrade/windows-10-upgrade-paths.md
View File

@ -142,7 +142,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
</tr>
<tr>
<td>Professional</td>
<td>Pro</td>
<td>D</td>
<td></td>
<td></td>
@ -153,7 +153,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
</tr>
<tr>
<td>Professional Student</td>
<td>Pro Student</td>
<td>D</td>
<td></td>
<td></td>
@ -164,7 +164,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
</tr>
<tr>
<td>Professional WMC</td>
<td>Pro WMC</td>
<td>D</td>
<td></td>
<td></td>
@ -233,7 +233,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
</tr>
<tr>
<td>Professional</td>
<td>Pro</td>
<td>D</td>
<td></td>
<td></td>

15
windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md
View File

@ -18,22 +18,19 @@ ms.date: 06/01/2018
Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory; it also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs:
- Windows 10 version 1703 or higher must be used. The Professional, Professional for Education, Business, Enterprise, and Education editions are supported.
- Windows 10 version 1703 or higher must be used. Supported editions are the following:
- Pro
- Pro Education
- Pro for Workstations
- Enterprise
- Education
- One of the following, to provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality:
- Microsoft 365 Business subscriptions
- Microsoft 365 F1 subscriptions
- Microsoft 365 Enterprise E3 or E5 subscriptions, which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune)
- Enterprise Mobility + Security E3 or E5 subscriptions, which include all needed Azure AD and Intune features
- Azure Active Directory Premium P1 or P2 and Intune subscriptions (or an alternative MDM service)
Additionally, the following are also recommended but not required:
- Office 365 ProPlus, which can be deployed easily via Intune (or other MDM services)
- [Windows Subscription Activation](https://docs.microsoft.com/en-us/windows/deployment/windows-10-enterprise-subscription-activation), to automatically step up devices from Windows 10 Pro to Windows 10 Enterprise

2
windows/security/threat-protection/index.md
View File

@ -44,7 +44,7 @@ The attack surface reduction set of capabilities provide the first line of defen
- [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md)
- [Controlled folder access](windows-defender-exploit-guard/controlled-folders-exploit-guard.md)
- [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
- [Attack surface reducation controls](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
- [Attack surface reduction controls](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md)
<a name="ngp"></a>

6
windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md
View File

@ -56,10 +56,14 @@ authentication level that servers accept. The following table identifies the pol
- Best practices are dependent on your specific security and authentication requirements.
### Location
### Policy Location
Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options
### Registry Location
HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
### Default values
The following table lists the actual and effective default values for this policy. Default values are also listed on the policys property page.

4
windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
View File

@ -28,11 +28,11 @@ Turn on the following advanced features to get better protected from potentially
When you enable this feature, you'll be able to take advantage of the automated investigation and remediation features of the service. For more information, see [Automated investigations](automated-investigations-windows-defender-advanced-threat-protection.md).
## Auto-resolve remediated alerts
The Automated investigations capability is configured by default to resolve alerts where the automated analysis result status is <EFBFBD>No threats found<EFBFBD> or <EFBFBD>Remediated<EFBFBD>.
The Automated investigations capability is configured by default to resolve alerts where the automated analysis result status is "No threats found" or "Remediated".
>[!NOTE]
> - The result of the auto-resolve action may influence the Machine risk level calculation which is based on the active alerts found on a machine.
>- If a security operations analyst manually sets the status of an alert to <EFBFBD>In progress<EFBFBD> or <EFBFBD>Resolved<EFBFBD> the auto-resolve capability will not overrite it.
>- If a security operations analyst manually sets the status of an alert to "In progress" or "Resolved" the auto-resolve capability will not overrite it.
If you don<6F>t want to have alerts auto-resolved, you<6F>ll need to manually turn off the feature.

4
windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
View File

@ -1,7 +1,7 @@
---
title: Onboard servers to the Windows Defender ATP service
description: Onboard servers so that they can send sensor data to the Windows Defender ATP sensor.
keywords: onboard server, server, server onboarding, machine management, configure Windows ATP servers, onboard Windows Defender Advanced Threat Protection servers
keywords: onboard server, server, 2012r2, 2016, 2019, server onboarding, machine management, configure Windows ATP servers, onboard Windows Defender Advanced Threat Protection servers
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: security
author: mjcaparas
ms.localizationpriority: high
ms.date: 09/03/2018
ms.date: 09/04/2018
---
# Onboard servers to the Windows Defender ATP service

15
windows/security/threat-protection/windows-defender-atp/threat-analytics.md
View File

@ -19,22 +19,21 @@ ms.date: 09/03/2018
[!include[Prerelease<73>information](prerelease.md)]
Cyber threats are emerging more frequently and prevalently. It is critical for organizations to be able to quickly assess their security posture, including impact, and organizational resilience in the context of specific emerging threats.
Cyberthreats are emerging more frequently and prevalently. It is critical for organizations to be able to quickly assess their security posture, including impact, and organizational resilience in the context of specific emerging threats.
Threat Analytics is a set of interactive reports published by the Windows Defender ATP research team as soon as emerging threats and outbreaks are identified. The reports help you the assess impact of threats in your environment and provides recommended actions to contain, increase organizational resilience, and prevent specific threats.
>[!NOTE]
>Threat analytics requires all Windows Defender ATP components to be running, including Next generation protection and Attack surface reduction.
>The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts being resolved within a few days.
Each threat report provides a summary to describe details such as where the threat is coming from, where it's been seen, or techniques and tools that were used by the threat.
The dashboard shows the impact in your organization through the following tiles:
- Machines with alerts - shows the current distinct number of impacted machines in your organization
- Machines with alerts over time - shows the distinct number of impacted over time
- Mitigation recommendations - provides specific actionable recommendations to take for the threat can be contained
- Mitigation status - shows the current distinct number of machines that have been mitigated, unmitigated, and unavailable
- Mitigation recommendations - lists the measurable mitigations and the number of machines that do not have each of the mitigations in place
- Mitigation status - shows the number of mitigated and unmitigated machines. Machines are considered mitigated if they have all the measurable mitigations in place.
- Mitigation status over time - shows the distinct number of machines that have been mitigated, unmitigated, and unavailable over time
![Image of a threat analytics report](images/ta.png)
@ -45,15 +44,13 @@ You can assess the organizational impact of a threat using the **Machines with a
A machine is categorized as **Active** if there is at least 1 alert associated with that threat and **Resolved** if *all* alerts associated with the threat on the machine are resolved.
The **Machine with alerts over time**, shows the number of distinct machines with **Active** and **Resolved alerts over time**. An indication of threat containment is reflected by the number of **Resolved alerts**. Total number of Resolved alerts increasing over time is a good indication of threat containment.
The **Machine with alerts over time**, shows the number of distinct machines with **Active** and **Resolved alerts over time**. The number of resolved alerts indicates how quickly your organization responds to alerts associated with a threat. Ideally, the chart should be showing alerts being resolved within a few days.
## Organizational resilience
The **Mitigation recommendations** section provides specific actionable recommendations to improve your visibility into this threat and increase your organizational resilience.
The **Mitigation status** and **Mitigation status over time** shows the endpoint configuration status assessed based on the recommended mitigations.
>![IMPORTANT]
>[!IMPORTANT]
>- The chart only reflects mitigations that are measurable and where an evaluation can be made on the machine state as being compliant or non-compliant. There can be additional mitigations or compliance actions that currently cannot be computed or measured that are not reflected in the charts and are covered in the threat description under **Mitigation recommendations** section.
>- Even if all mitigations were measurable, there is no absolute guarantee of complete resilience but reflects the best possible actions that need to be taken to improve resiliency.