deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 20:03:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into defender-updates

Browse Source
This commit is contained in:
Charles
2020-03-26 13:13:37 -07:00
parent 036a11dda5 b850ddbd31
commit ee40179865
17 changed files with 108 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
windows/configuration/kiosk-policies.md
View File

@ -40,7 +40,6 @@ Remove access to the context menus for the task bar | Enabled
Clear history of recently opened documents on exit | Enabled
Prevent users from customizing their Start Screen | Enabled
Prevent users from uninstalling applications from Start | Enabled
Remove All Programs list from the Start menu | Enabled
Remove Run menu from Start Menu | Enabled
Disable showing balloon notifications as toast | Enabled
Do not allow pinning items in Jump Lists | Enabled

3
windows/deployment/mbr-to-gpt.md
View File

@ -427,6 +427,9 @@ To fix this issue, mount the Windows PE image (WIM), copy the missing file from
For example, if the ADK is installed to the default location of C:\Program Files (x86)\Windows Kits\10 and the Windows PE image is mounted to C:\WinPE_Mount, run the following commands from an elevated Command Prompt window:
> [!NOTE]
> You can access the ReAgent files if you have installed the User State Migration Tool (USMT) as a feature while installing Windows Assessment and Deployment Kit.
**Command 1:**
```cmd
copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\ReAgent*.*" "C:\WinPE_Mount\Windows\System32"

15
windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
View File

@ -10,8 +10,8 @@ ms.localizationpriority: high
audience: ITPro
author: medgarmedgar
ms.author: v-medgar
manager: sanashar
ms.date: 9/10/2019
manager: robsize
ms.date: 3/25/2020
---
# Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server
@ -23,10 +23,6 @@ ms.date: 9/10/2019
This article describes the network connections that Windows 10 components make to Microsoft and the Mobile Device Management/Configuration Service Provider (MDM/CSP) and custom Open Mobile Alliance Uniform Resource Identifier ([OMA URI](https://docs.microsoft.com/intune/custom-settings-windows-10)) policies available to IT Professionals using Microsoft Intune to help manage the data shared with Microsoft. If you want to minimize connections from Windows to Microsoft services, or configure privacy settings, there are a number of settings for consideration. For example, you can configure diagnostic data to the lowest level for your edition of Windows and evaluate other connections Windows makes to Microsoft services you want to turn off using the instructions in this article. While it is possible to minimize network connections to Microsoft, there are many reasons why these communications are enabled by default, such as updating malware definitions and maintaining current certificate revocation lists. This data helps us deliver a secure, reliable, and up-to-date experience.
Note: The 1903 settings in the Windows Restricted Traffic Limited Functionality Baseline package are applicable to 1909 Windows Enterprise devices.
Note: If a user executes the "Reset this PC" command (Settings -> Update & Security -> Recovery) with the "Keep my files" option the Windows Restricted Traffic Limited Functionality Baseline settings will need to be re-applied to in order re-restrict the device. Also, egress traffic may occur during the period leading up to the re-applications of the Restricted Traffic Limited Functionality Baseline settings.
>[!IMPORTANT]
>- The Allowed Traffic endpoints for an MDM configuration are here: [Allowed Traffic](#bkmk-mdm-allowedtraffic)
> - CRL (Certificate Revocation List) and OCSP (Online Certificate Status Protocol) network traffic cannot be disabled and will still show up in network traces. CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of these authorities. There are many others such as DigiCert, Thawte, Google, Symantec, and VeriSign.
@ -35,6 +31,9 @@ Note: If a user executes the "Reset this PC" command (Settings -> Update & Secur
>- To ensure CSPs take priority over Group Policies in case of conflicts, use the [ControlPolicyConflict](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy.
>- The **Get Help** and **Give us Feedback** links in Windows may no longer work after applying some or all of the MDM/CSP settings.
>[!Warning]
>If a user executes the "Reset this PC" command (Settings -> Update & Security -> Recovery) with the "Remove Everything" option the >Windows Restricted Traffic Limited Functionality settings will need to be re-applied in order re-restrict the device's egress traffic. >To do this the client must be re-enrolled to the Microsoft Intune service. Egress traffic may occur during the period prior to the re->application of the Restricted Traffic Limited Functionality settings. If the user executes a "Reset this PC" with the "Keep my files" >option the Restricted Traffic Limited Functionality settings are retained on the device, and therefore the client will remain in a >Restricted Traffic configuration during and after the "Keep my files" reset, and no re-enrollment is required.
For more information on Microsoft Intune please see [Transform IT service delivery for your modern workplace](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune?rtc=1) and [Microsoft Intune documentation](https://docs.microsoft.com/intune/).
For detailed information about managing network connections to Microsoft services using Windows Settings, Group Policies and Registry settings see [Manage connections from Windows 10 operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services).
@ -143,8 +142,8 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt
1. [Defender/AllowCloudProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection). Disconnect from the Microsoft Antimalware Protection Service. **Set to 0 (zero)**
1. [Defender/SubmitSamplesConsent](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent). Stop sending file samples back to Microsoft. **Set to 2 (two)**
1. [Defender/EnableSmartScreenInShell](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings#mdm-settings). Turns off SmartScreen in Windows for app and file execution. **Set to 0 (zero)**
1. Windows Defender Smartscreen - [Browser/AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen). Disable Windows Defender Smartscreen. **Set to 0 (zero)**
1. Windows Defender Smartscreen EnableAppInstallControl - [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol). Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)**
1. Windows Defender SmartScreen - [Browser/AllowSmartScreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen). Disable Windows Defender SmartScreen. **Set to 0 (zero)**
1. Windows Defender SmartScreen EnableAppInstallControl - [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol). Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)**
1. Windows Defender Potentially Unwanted Applications(PUA) Protection - [Defender/PUAProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-puaprotection). Specifies the level of detection for potentially unwanted applications (PUAs). **Set to 1 (one)**
1. [Defender/SignatureUpdateFallbackOrder](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm). Allows you to define the order in which different definition update sources should be contacted. The OMA-URI for this is: **./Vendor/MSFT/Policy/Config/Defender/SignatureUpdateFallbackOrder**, Data type: **String**, Value: **FileShares**
1. **Windows Spotlight** - [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight). Disable Windows Spotlight. **Set to 0 (zero)**

10
windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -11,10 +11,10 @@ ms.localizationpriority: high
audience: ITPro
author: medgarmedgar
ms.author: v-medgar
manager: sanashar
manager: robsize
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 9/17/2019
ms.date: 3/25/2020
---
# Manage connections from Windows 10 operating system components to Microsoft services
@ -36,6 +36,12 @@ Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline]
> - It is recommended that you restart a device after making configuration changes to it.
> - The **Get Help** and **Give us Feedback** links no longer work after the Windows Restricted Traffic Limited Functionality Baseline is applied.
>[!Note]
>Regarding the Windows Restricted Traffic Limited Functionality Baseline, the 1903 settings (folder) are applicable to 1909 Windows >Enterprise devices. There were no additional settings required for the 1909 release.
>[!Warning]
>If a user executes the "Reset this PC" command (Settings -> Update & Security -> Recovery) with the "Keep my files" option (or the >"Remove Everything" option) the Windows Restricted Traffic Limited Functionality Baseline settings will need to be re-applied in order >re-restrict the device. Egress traffic may occur prior to the re-application of the Restricted Traffic Limited Functionality Baseline >settings.
To use Microsoft Intune cloud based device management for restricting traffic please refer to the [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm)
We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting **telmhelp**@**microsoft.com**.

6
windows/security/identity-protection/credential-guard/dg-readiness-tool.md
View File

@ -151,8 +151,8 @@ function CheckExemption($_ModName)
}
function CheckFailedDriver($_ModName, $CIStats)''
{''
function CheckFailedDriver($_ModName, $CIStats)
{
Log "Module: " $_ModName.Trim()
if(CheckExemption($_ModName.Trim()) - eq 1)
{
@ -959,7 +959,7 @@ function PrintToolVersion
LogAndConsole ""
LogAndConsole "###########################################################################"
LogAndConsole ""
LogAndConsole "Readiness Tool Version 3.7 Release. `nTool to check if your device is capable to run Device Guard and Credential Guard."
LogAndConsole "Readiness Tool Version 3.7.1 Release. `nTool to check if your device is capable to run Device Guard and Credential Guard."
LogAndConsole ""
LogAndConsole "###########################################################################"
LogAndConsole ""

BIN
windows/security/threat-protection/microsoft-defender-atp/images/eos-upcoming-eos.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/software-drilldown-eos.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 97 KiB

BIN
windows/security/threat-protection/microsoft-defender-atp/images/version-eos-date.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

4
windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md
View File

@ -79,7 +79,7 @@ Download the onboarding package from Microsoft Defender Security Center:
## Create Ansible YAML files
Create subtask or role files that contribute to an actual task. First create the `copy_onboarding_pkg.yml` file under the `/etc/ansible/roles` directory:
Create subtask or role files that contribute to an actual task. First create the `download_copy_blob.yml` file under the `/etc/ansible/roles` directory:
- Copy the onboarding package to all client machines:
@ -158,7 +158,7 @@ Create subtask or role files that contribute to an actual task. First create the
- name: Add Microsoft APT key
apt_key:
keyserver: https://packages.microsoft.com/
id: BC528686B50D79E339D3721CEB3E94ADBE1229C
id: BC528686B50D79E339D3721CEB3E94ADBE1229CF
when: ansible_os_family == "Debian"
- name: Add Microsoft yum repository for MDATP

16
windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
View File

@ -67,6 +67,22 @@ To find software or software versions which have reached end-of-support:
![Screenshot tags that say EOS software, EOS versions, and Upcoming EOS versions](images/tvm-eos-tags-column.png)
### List of versions and dates
To view a list of version that have reached end of support, or end or support soon, and those dates, follow the below steps:
1. For software that has versions which have reached end of support, or will reach end of support soon, a message will appear in the flyout once the security recommendation is selected.
![Screenshot of version distribution link](images/eos-upcoming-eos.png) <br><br>
2. Select the **version distribution** link to go to the software drill down page. There, you can see a filtered list of versions with tags identifying them as end of support, or upcoming end of support.
![Screenshot of version distribution link](images/software-drilldown-eos.png) <br><br>
3. Select one of the versions in the table to open. For example, version 3.5.2150.0. A flyout will appear with the end of support date.
![Screenshot of version distribution link](images/version-eos-date.png)<br><br>
After you have identified which software and software versions are vulnerable due to its end-of-support status, remediate them to lower your organizations exposure to vulnerabilities and advanced persistent threats. See [Remediation and exception](tvm-remediation.md) for details.
## Use APIs

39
windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
View File

@ -8,20 +8,20 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: dolmont
author: DulceMontemayor
ms.author: ellevin
author: levinec
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 10/31/2019
---
# Weaknesses
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
[!include[Prerelease information](../../includes/prerelease.md)]
@ -36,37 +36,41 @@ The **Weaknesses** page lists down the vulnerabilities found in the infected sof
>- RS4 customers | [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045)
>- RS3 customers | [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071)
## Navigate to your organization's weaknesses page
## Navigate through your organization's weaknesses page
You can access the list of vulnerabilities in a few places in the portal:
- Global search
- Weaknesses option in the navigation menu
- Top vulnerable software widget in the dashboard
- Discovered vulnerabilities page in the machine page
*Vulnerabilities in global search*
1. Click the global search drop-down menu.
2. Select **Vulnerability** and key-in the Common Vulnerabilities and Exposures (CVE) ID that you are looking for, then click the search icon. The **Weaknesses** page opens with the CVE information that you are looking for.
### Vulnerabilities in global search
1. Go to the global search drop-down menu.
2. Select **Vulnerability** and key-in the Common Vulnerabilities and Exposures (CVE) ID that you are looking for, then select the search icon. The **Weaknesses** page opens with the CVE information that you are looking for.
![tvm-vuln-globalsearch](images/tvm-vuln-globalsearch.png)
3. Select the CVE and a flyout panel opens up with more information - the vulnerability description, exploits available, severity level, CVSS v3 rating, publishing and update dates.
3. Select the CVE and a flyout panel opens up with more information - the vulnerability description, exploits available, severity level, CVSS v3 rating, publishing and update dates.
> [!NOTE]
> To see the rest of the vulnerabilities in the **Weaknesses** page, type CVE, then click search.
To see the rest of the vulnerabilities in the **Weaknesses** page, type CVE, then click search.
### Weaknesses page in the menu
*Weaknesses page in the menu*
1. Go to the Threat & Vulnerability Management navigation menu and select **Weaknesses** to open up the list of vulnerabilities found in your organization.
2. Select the vulnerability that you want to investigate to open up a flyout panel with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, dates when it was published and updated, related software, exploit kits available, vulnerability type, link to useful reference, and number of exposed machines which users can also export.
2. Select the vulnerability that you want to investigate to open up a flyout panel with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, dates when it was published and updated, related software, exploit kits available, vulnerability type, link to useful reference, and number of exposed machines which users can also export.
![Screenshot of the CVE details in the flyout pane in the Weaknesses page](images/tvm-weaknesses-page.png)
*Top vulnerable software widget in the dashboard*
1. Go to the Threat & Vulnerability Management dashboard and scroll down to the **Top vulnerable software** widget. You will see the number of vulnerabilities found in each software along with threat information and a high-level view of the device exposure trend over time.
### Top vulnerable software widget in the dashboard
1. Go to the Threat & Vulnerability Management dashboard and scroll down to the **Top vulnerable software** widget. You will see the number of vulnerabilities found in each software along with threat information and a high-level view of the device exposure trend over time.
![tvm-top-vulnerable-software](images/tvm-top-vulnerable-software.png)
2. Click the software that you want to investigate and it takes you to the software page. You will see the weaknesses found in your machine per severity level, in which machines are they installed, version distribution, and the corresponding security recommendation.
3. Select the **Discovered vulnerabilities** tab.
4. Select the vulnerability that you want to investigate to open up a flyout panel with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, publish, and update dates.
*Discovered vulnerabilities in the machine page*
1. Go to the left-hand navigation menu bar, then select the machine icon. The **Machines list** page opens.
### Discovered vulnerabilities in the machine page
1. Go to the left-hand navigation menu bar, then select the machine icon. The **Machines list** page opens.
<br>![Screenshot of Machines list page](images/tvm_machineslist.png)</br>
2. In the **Machines list** page, select the machine that you want to investigate.
<br>![Screenshot of machine list with selected machine to investigate](images/tvm_machinetoinvestigate.png)</br>
@ -78,6 +82,7 @@ You can access the list of vulnerabilities in a few places in the portal:
5. Select the vulnerability that you want to investigate to open up a flyout panel with the vulnerability details, such as: CVE description, CVE ID, exploits available, CVSS V3 rating, severity, publish, and update dates.
## How it works
When new vulnerabilities are released, you would want to know how many of your assets are exposed. You can see the list of vulnerabilities and the details in the **Weaknesses** page.
If the **Exposed Machines** column shows 0, that means you are not at risk.

3
windows/security/threat-protection/microsoft-defender-atp/user-roles.md
View File

@ -79,7 +79,8 @@ The following steps guide you on how to create roles in Microsoft Defender Secur
7. Apply the configuration settings.
After creating roles, you'll need to create a machine group and provide access to the machine group by assigning it to a role that you just created.
> [!IMPORTANT]
> After creating roles, you'll need to create a machine group and provide access to the machine group by assigning it to a role that you just created.
## Edit roles

3
windows/security/threat-protection/windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md
View File

@ -11,7 +11,6 @@ ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.date: 01/09/2020
ms.reviewer:
manager: dansimp
ms.custom: nextgen
@ -40,7 +39,7 @@ This article describes how to specify from where updates should be downloaded (t
## Fallback order
Typically, you configure endpoints to individually download updates from a primary source followed by other sources in order of priority, based on your network configuration. Updates are obtained from sources in the order you specify. If a source is not available, the next source in the list is used.
Typically, you configure endpoints to individually download updates from a primary source followed by other sources in order of priority, based on your network configuration. Updates are obtained from sources in the order you specify. If a source is not available, the next source in the list is used immediately.
When updates are published, some logic is applied to minimize the size of the update. In most cases, only the differences between the latest update and the update that is currently installed (this is referred to as the delta) on the device is downloaded and applied. However, the size of the delta depends on two main factors:
- The age of the last update on the device; and

1
windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
View File

@ -50,6 +50,7 @@ Only the main version is listed in the following table as reference information:
Month | Platform/Client | Engine
---|---|---
Mar-2020 | 4.18.2003.x| 1.1.16900.x
Feb-2020 | - | 1.1.16800.x
Jan-2020 | 4.18.2001.x | 1.1.16700.x
Dec-2019 | - | - |