diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json
index 5d581c9574..294efd050c 100644
--- a/.openpublishing.publish.config.json
+++ b/.openpublishing.publish.config.json
@@ -510,6 +510,9 @@
"notification_subscribers": [
"elizapo@microsoft.com"
],
+ "sync_notification_subscribers": [
+ "daniha@microsoft.com"
+ ],
"branches_to_filter": [
""
],
@@ -518,6 +521,7 @@
"skip_source_output_uploading": false,
"need_preview_pull_request": true,
"resolve_user_profile_using_github": true,
+ "contribution_branch_mappings": {},
"dependent_repositories": [
{
"path_to_root": "_themes.pdf",
@@ -547,11 +551,7 @@
]
},
"need_generate_pdf_url_template": true,
- "targets": {
- "Pdf": {
- "template_folder": "_themes.pdf"
- }
- },
+ "targets": {},
"need_generate_pdf": false,
"need_generate_intellisense": false
}
\ No newline at end of file
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 8f3ea8a965..5e59e1f357 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -13929,5 +13929,10 @@
"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
"redirect_document_id": false
},
+{
+"source_path": "windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-atp/use-apis",
+"redirect_document_id": false
+},
]
}
diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md
index f4df822a14..d24333f170 100644
--- a/devices/surface-hub/TOC.md
+++ b/devices/surface-hub/TOC.md
@@ -32,7 +32,7 @@
#### [Wireless network management](wireless-network-management-for-surface-hub.md)
### [Install apps on your Surface Hub](install-apps-on-surface-hub.md)
### [Configure Surface Hub Start menu](surface-hub-start-menu.md)
-### [Set up and use Whiteboard to Whiteboard collaboration](whiteboard-collaboration.md)
+### [Set up and use Microsoft Whiteboard](whiteboard-collaboration.md)
### [End a Surface Hub meeting with End session](i-am-done-finishing-your-surface-hub-meeting.md)
### [Sign in to Surface Hub with Microsoft Authenticator](surface-hub-authenticator-app.md)
### [Save your BitLocker key](save-bitlocker-key-surface-hub.md)
diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md
index dc313f8f5d..2d52e698c0 100644
--- a/devices/surface-hub/create-a-device-account-using-office-365.md
+++ b/devices/surface-hub/create-a-device-account-using-office-365.md
@@ -190,15 +190,15 @@ Enable the device account with Skype for Business.
In order to enable Skype for Business, your environment will need to meet the following prerequisites:
-- You'll need to have Lync Online (Plan 2) or higher in your O365 plan. The plan needs to support conferencing capability.
-- If you need Enterprise Voice (PSTN telephony) using telephony service providers for the Surface Hub, you need Lync Online (Plan 3).
+- You'll need to have Skype for Business Online Standalone Plan 2 or higher in your O365 plan. The plan needs to support conferencing capability.
+- If you need Enterprise Voice (PSTN telephony) using telephony service providers for the Surface Hub, you need Skype for Business Online Standalone Plan 3.
- Your tenant users must have Exchange mailboxes.
-- Your Surface Hub account does require a Lync Online (Plan 2) or Lync Online (Plan 3) license, but it does not require an Exchange Online license.
+- Your Surface Hub account does require a Skype for Business Online Standalone Plan 2 or Skype for Business Online Standalone Plan 3 license, but it does not require an Exchange Online license.
1. Start by creating a remote PowerShell session from a PC.
```PowerShell
- Import-Module LyncOnlineConnector
+ Import-Module SkypeOnlineConnector
$cssess=New-CsOnlineSession -Credential $cred
Import-PSSession $cssess -AllowClobber
```
@@ -348,15 +348,15 @@ Enable the device account with Skype for Business.
In order to enable Skype for Business, your environment will need to meet the following prerequisites:
-- You'll need to have Lync Online (Plan 2) or higher in your O365 plan. The plan needs to support conferencing capability.
-- If you need Enterprise Voice (PSTN telephony) using telephony service providers for the Surface Hub, you need Lync Online (Plan 3).
+- You'll need to have Skype for Business Online Standalone Plan 2 or higher in your O365 plan. The plan needs to support conferencing capability.
+- If you need Enterprise Voice (PSTN telephony) using telephony service providers for the Surface Hub, you need Skype for Business Online Standalone Plan 3.
- Your tenant users must have Exchange mailboxes.
-- Your Surface Hub account does require a Lync Online (Plan 2) or Lync Online (Plan 3) license, but it does not require an Exchange Online license.
+- Your Surface Hub account does require a Skype for Business Online Standalone Plan 2 or Skype for Business Online Standalone Plan 3 license, but it does not require an Exchange Online license.
1. Start by creating a remote PowerShell session from a PC.
```PowerShell
- Import-Module LyncOnlineConnector
+ Import-Module SkypeOnlineConnector
$cssess=New-CsOnlineSession -Credential $cred
Import-PSSession $cssess -AllowClobber
```
@@ -372,8 +372,7 @@ If you aren't sure what value to use for the `RegistrarPool` parameter in your e
3. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
```PowerShell
- Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool
- "sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress
+ Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool "sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress
```
diff --git a/devices/surface-hub/manage-surface-hub.md b/devices/surface-hub/manage-surface-hub.md
index 9518232b8b..da29b06c9d 100644
--- a/devices/surface-hub/manage-surface-hub.md
+++ b/devices/surface-hub/manage-surface-hub.md
@@ -32,7 +32,7 @@ Learn about managing and updating Surface Hub.
| [Manage Surface Hub settings](manage-surface-hub-settings.md) |Topics related to managing Surface Hub settings: accessibility, device account, device reset, fully qualified domain name, Windows Update settings, and wireless network |
| [Install apps on your Surface Hub]( https://technet.microsoft.com/itpro/surface-hub/install-apps-on-surface-hub) | Admins can install apps can from either the Microsoft Store or the Microsoft Store for Business.|
[Configure Surface Hub Start menu](surface-hub-start-menu.md) | Use MDM to customize the Start menu for Surface Hub.
-| [Set up and use Whiteboard to Whiteboard collaboration](whiteboard-collaboration.md) | Microsoft Whiteboard’s latest update includes the capability for two Surface Hubs to collaborate in real time on the same board. |
+| [Set up and use Microsoft Whiteboard](whiteboard-collaboration.md) | Microsoft Whiteboard’s latest update includes the capability for two Surface Hubs to collaborate in real time on the same board. |
| [End a meeting with End session](https://technet.microsoft.com/itpro/surface-hub/i-am-done-finishing-your-surface-hub-meeting) | At the end of a meeting, users can tap **End session** to clean up any sensitive data and prepare the device for the next meeting.|
| [Sign in to Surface Hub with Microsoft Authenticator](surface-hub-authenticator-app.md) | You can sign in to a Surface Hub without a password using the Microsoft Authenticator app, available on Android and iOS. |
| [Save your BitLocker key](https://technet.microsoft.com/itpro/surface-hub/save-bitlocker-key-surface-hub) | Every Surface Hub is automatically set up with BitLocker drive encryption software. Microsoft strongly recommends that you make sure you back up your BitLocker recovery keys.|
diff --git a/devices/surface-hub/provisioning-packages-for-surface-hub.md b/devices/surface-hub/provisioning-packages-for-surface-hub.md
index ad3c3d7d7e..5698f985b0 100644
--- a/devices/surface-hub/provisioning-packages-for-surface-hub.md
+++ b/devices/surface-hub/provisioning-packages-for-surface-hub.md
@@ -8,7 +8,7 @@ ms.sitesec: library
author: jdeckerms
ms.author: jdecker
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 03/16/2019
ms.localizationpriority: medium
---
@@ -267,13 +267,13 @@ If your build is successful, the name of the provisioning package, output direct
## Apply a provisioning package to Surface Hub
-There are two options for deploying provisioning packages to a Surface Hub. You can apply a provisioning packing [during the first run wizard](#apply-a-provisioning-package-during-first-run), or using [Settings](#apply-a-package-using-settings).
+There are two options for deploying provisioning packages to a Surface Hub. [During the first run wizard](#apply-a-provisioning-package-during-first-run), you can apply a provisioning package that installs certificates, or after the first-run program is complete, you can apply a provisioning package that configures settings, apps, and certificates by using [Settings](#apply-a-package-using-settings).
### Apply a provisioning package during first run
> [!IMPORTANT]
-> Only use provisioning packages to install certificates during first run. Use the **Settings** app to install apps and apply other settings.
+> During the first-run program, you can only use provisioning packages to install certificates. Use the **Settings** app to install apps and apply other settings.
1. When you turn on the Surface Hub for the first time, the first-run program will display the [**Hi there page**](first-run-program-surface-hub.md#first-page). Make sure that the settings are properly configured before proceeding.
diff --git a/devices/surface-hub/surface-hub-recovery-tool.md b/devices/surface-hub/surface-hub-recovery-tool.md
index 262bcc5d2a..e6e0eeb5c1 100644
--- a/devices/surface-hub/surface-hub-recovery-tool.md
+++ b/devices/surface-hub/surface-hub-recovery-tool.md
@@ -46,9 +46,9 @@ If the tool is unsuccessful in reimaging your drive, please contact [Surface Hub
## Download Surface Hub Recovery Tool
-Surface Hub Recovery Tool is available for download from [Surface Hub Tools for IT](https://www.microsoft.com/download/details.aspx?id=52210) under the file name **SurfaceHub_Recovery_v1.4.137.0.msi**.
+Surface Hub Recovery Tool is available for download from [Surface Hub Tools for IT](https://www.microsoft.com/download/details.aspx?id=52210) under the file name **SurfaceHub_Recovery_v1.14.137.0.msi**.
-To start the download, click **Download**, choose **SurfaceHub_Recovery_v1.4.137.0.msi** from the list, and click **Next**. From the pop-up, choose one of the following:
+To start the download, click **Download**, choose **SurfaceHub_Recovery_v1.14.137.0.msi** from the list, and click **Next**. From the pop-up, choose one of the following:
- Click **Run** to start the installation immediately.
- Click **Save** to copy the download to your computer for later installation.
@@ -96,4 +96,4 @@ The reimaging process appears halted/frozen | It is safe to close and restart th
The drive isn’t recognized by the tool | Verify that the Surface Hub SSD is enumerated as a Lite-On drive, "LITEON L CH-128V2S USB Device". If the drive is recognized as another named device, your current cable isn’t compatible. Try another cable or one of the tested cable listed above.
Error: -2147024809 | Open Disk Manager and remove the partitions on the Surface Hub drive. Disconnect and reconnect the drive to the host machine. Restart the imaging tool again.
-If the tool is unsuccessful in reimaging your drive, please contact [Surface Hub Support](https://support.microsoft.com/help/4037644/surface-contact-surface-warranty-and-software-support).
\ No newline at end of file
+If the tool is unsuccessful in reimaging your drive, please contact [Surface Hub Support](https://support.microsoft.com/help/4037644/surface-contact-surface-warranty-and-software-support).
diff --git a/devices/surface-hub/whiteboard-collaboration.md b/devices/surface-hub/whiteboard-collaboration.md
index 10f086f358..9a68506147 100644
--- a/devices/surface-hub/whiteboard-collaboration.md
+++ b/devices/surface-hub/whiteboard-collaboration.md
@@ -1,27 +1,29 @@
---
-title: Set up and use Whiteboard to Whiteboard collaboration
+title: Set up and use Microsoft Whiteboard
description: Microsoft Whiteboard’s latest update includes the capability for two Surface Hubs to collaborate in real time on the same board.
ms.prod: surface-hub
ms.sitesec: library
author: jdeckerms
ms.author: jdecker
ms.topic: article
-ms.date: 07/12/2018
+ms.date: 03/18/2019
ms.localizationpriority: medium
---
-# Set up and use Whiteboard to Whiteboard collaboration (Surface Hub)
+# Set up and use Microsoft Whiteboard
+
-The Microsoft Whiteboard app includes the capability for two Surface Hubs to collaborate in real time on the same board.
>[!IMPORTANT]
->A new Microsoft Whiteboard app was released on July 12, 2018. The existing Whiteboard app that comes installed on Surface Hub and is pinned to the Welcome screen cannot collaborate with the new version that can be installed on the PC. If people in your organization install the new Whiteboard on their PCs, you must install the new Whiteboard on Surface Hub to enable collaboration. To learn more about installing the new Whiteboard on your Surface Hub, see [Whiteboard on Surface Hub opt-in](https://go.microsoft.com/fwlink/p/?LinkId=2004277).
+>A new Microsoft Whiteboard app was released on July 12, 2018. The existing Whiteboard app that comes installed on Surface Hub and is pinned to the Welcome screen has been renamed **Microsoft Whiteboard 2016**. Microsoft Whiteboard 2016 will be automatically upgraded by May 21, 2019, and the collaboration service for the legacy app will stop functioning after June 7, 2019. For more details, see [Enable Microsoft Whiteboard on Surface Hub](https://support.office.com/article/enable-microsoft-whiteboard-on-surface-hub-b5df4539-f735-42ff-b22a-0f5e21be7627?ui=en-US&rs=en-US&ad=US).
+
+The Microsoft Whiteboard app includes the capability for two Surface Hubs to collaborate in real time on the same board.
By ensuring that your organization meets the prerequisites, users can then ink, collaborate, and ideate together.
-## Prerequisites for Whiteboard to Whiteboard collaboration
+## Prerequisites for Whiteboard to Whiteboard collaboration (Microsoft Whiteboard 2016)
To get Whiteboard to Whiteboard collaboration up and running, you’ll need to make sure your organization meets the following requirements:
@@ -36,7 +38,7 @@ To get Whiteboard to Whiteboard collaboration up and running, you’ll need to m
>[!NOTE]
>Collaborative sessions can only take place between users within the same tenant, so users outside of your organization won’t be able to join even if they have a Surface Hub.
-## Using Whiteboard to Whiteboard collaboration
+## Using Whiteboard to Whiteboard collaboration (Microsoft Whiteboard 2016)
To start a collaboration session:
diff --git a/devices/surface/windows-autopilot-and-surface-devices.md b/devices/surface/windows-autopilot-and-surface-devices.md
index 08390d3c46..baef69db7c 100644
--- a/devices/surface/windows-autopilot-and-surface-devices.md
+++ b/devices/surface/windows-autopilot-and-surface-devices.md
@@ -52,6 +52,9 @@ Enrolling Surface devices in Windows Autopilot at the time of purchase is a capa
When you purchase Surface devices from a Surface partner enabled for Windows Autopilot, your new devices can be enrolled in your Windows Autopilot deployment for you by the partner. Surface partners enabled for Windows Autopilot include:
-- [SHI](https://www.shi.com/Surface)
-- [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html)
- [Atea](https://www.atea.com/)
+- [Connection](https://www.connection.com/brand/microsoft/microsoft-surface)
+- [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html)
+- [SHI](https://www.shi.com/Surface)
+
+
diff --git a/mdop/uev-v1/index.md b/mdop/uev-v1/index.md
index 0eacccc566..49e6e8a74c 100644
--- a/mdop/uev-v1/index.md
+++ b/mdop/uev-v1/index.md
@@ -13,6 +13,9 @@ ms.date: 04/19/2017
# Microsoft User Experience Virtualization (UE-V) 1.0
+>[!NOTE]
+>This documentation is a for version of UE-V that was included in the Microsoft Desktop Optimization Pack (MDOP). For information about the latest version of UE-V which is included in Windows 10 Enterprise, see [Get Started with UE-V](https://docs.microsoft.com/windows/configuration/ue-v/uev-getting-started).
+
Microsoft User Experience Virtualization (UE-V) captures and centralizes application settings and Windows operating system settings for the user. These settings are then applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions.
diff --git a/mdop/uev-v2/index.md b/mdop/uev-v2/index.md
index 8932147ff3..4f56275558 100644
--- a/mdop/uev-v2/index.md
+++ b/mdop/uev-v2/index.md
@@ -13,6 +13,9 @@ ms.date: 04/19/2017
# Microsoft User Experience Virtualization (UE-V) 2.x
+>[!NOTE]
+>This documentation is a for version of UE-V that was included in the Microsoft Desktop Optimization Pack (MDOP). For information about the latest version of UE-V which is included in Windows 10 Enterprise, see [Get Started with UE-V](https://docs.microsoft.com/windows/configuration/ue-v/uev-getting-started).
+
Capture and centralize your users’ application settings and Windows OS settings by implementing Microsoft User Experience Virtualization (UE-V) 2.0 or 2.1. Then, apply these settings to the devices users access in your enterprise, like desktop computers, laptops, or virtual desktop infrastructure (VDI) sessions.
diff --git a/store-for-business/update-microsoft-store-for-business-account-settings.md b/store-for-business/update-microsoft-store-for-business-account-settings.md
index 46dd73d807..212b62ecf0 100644
--- a/store-for-business/update-microsoft-store-for-business-account-settings.md
+++ b/store-for-business/update-microsoft-store-for-business-account-settings.md
@@ -1,6 +1,6 @@
---
-title: Update Microsoft Store for Business and Microsoft Store for Education billing account settings (Windows 10)
-description: The billing account page in Microsoft Store for Business and Microsoft Store for Education shows information about your organization that you can update, including country or region, organization contact info, agreements with Microsoft and admin approvals.
+title: Update your Billing account settings
+description: The billing account page in Microsoft Store for Business and Microsoft Store for Education, and M365 admin center shows information about your organization that you can update, including country or region, organization contact info, agreements with Microsoft and admin approvals.
keywords: billing accounts, organization info
ms.prod: w10
ms.mktglfcycl: manage
@@ -10,10 +10,10 @@ author: TrudyHa
ms.author: TrudyHa
ms.topic: conceptual
ms.localizationpriority: medium
-ms.date: 03/01/2019
+ms.date: 03/18/2019
---
-# Update Microsoft Store for Business and Microsoft Store for Education account settings
+# Update Billing account settings
A billing account contains defining information about your organization.
>[!NOTE]
diff --git a/windows/application-management/app-v/appv-evaluating-appv.md b/windows/application-management/app-v/appv-evaluating-appv.md
index d055f0c12d..c17263348d 100644
--- a/windows/application-management/app-v/appv-evaluating-appv.md
+++ b/windows/application-management/app-v/appv-evaluating-appv.md
@@ -45,9 +45,6 @@ Use the following links for more information about creating and managing virtual
- [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)
-## Have a suggestion for App-V?
-
-Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
## Related topics
diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md
index 70fc4d7a66..8eed696dd9 100644
--- a/windows/application-management/apps-in-windows-10.md
+++ b/windows/application-management/apps-in-windows-10.md
@@ -8,7 +8,6 @@ ms.pagetype: mobile
ms.author: elizapo
author: lizap
ms.localizationpriority: medium
-ms.date: 12/12/2018
ms.topic: article
---
# Understand the different apps included in Windows 10
@@ -26,7 +25,7 @@ Digging into the Windows apps, there are two categories:
- Installed: Installed as part of the OS.
- System apps - Apps that are installed in the C:\Windows\* directory. These apps are integral to the OS.
-The following tables list the system apps, installed Windows apps, and provisioned Windows apps in a standard Windows 10 Enterprise installation. (If you have a custom image, your specific apps might differ.) The tables list the app, the full name, show the app's status in Windows 10 version 1607, 1703, and 1709, and indicate whether an app can be uninstalled through the UI.
+The following tables list the system apps, installed Windows apps, and provisioned Windows apps in a standard Windows 10 Enterprise installation. (If you have a custom image, your specific apps might differ.) The tables list the app, the full name, show the app's status in Windows 10 version 1709, 1803, and 1809 and indicate whether an app can be uninstalled through the UI.
Some of the apps show up in multiple tables - that's because their status changed between versions. Make sure to check the version column for the version you are currently running.
@@ -94,7 +93,7 @@ Here are the provisioned Windows apps in Windows 10 versions 1703, 1709, 1803 an
## System apps
-System apps are integral to the operating system. Here are the typical system apps in Windows 10 versions 1703, 1709, and 1803.
+System apps are integral to the operating system. Here are the typical system apps in Windows 10 versions 1709, 1803, and 1809.
> [!TIP]
> You can list all system apps with this PowerShell command:
@@ -104,57 +103,47 @@ System apps are integral to the operating system. Here are the typical system ap
-| Name | Package Name | 1703 | 1709 | 1803 | Uninstall through UI? |
+| Name | Package Name | 1709 | 1803 | 1809 |Uninstall through UI? |
|----------------------------------|---------------------------------------------|:-----:|:----:|:----:|-----------------------|
-| File Picker | 1527c705-839a-4832-9118-54d4Bd6a0c89 | | | x | No |
-| File Explorer | c5e2524a-ea46-4f67-841f-6a9465d9d515 | | | x | No |
-| App Resolver UX | E2A4F912-2574-4A75-9BB0-0D023378592B | | | x | No |
-| Add Suggested Folders To Library | F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE | | | x | No |
-| | InputApp | | x | x | No |
-| Cortana UI | CortanaListenUIApp | x | | | No |
-| | Desktop Learning | x | | | No |
-| | DesktopView | x | | | No |
-| | EnvironmentsApp | x | | | No |
-| Mixed Reality + | HoloCamera | x | | | No |
-| Mixed Reality + | HoloItemPlayerApp | x | | | No |
-| Mixed Reality + | HoloShell | x | | | No |
-| | Microsoft.AAD.Broker.Plugin | x | x | x | No |
-| | Microsoft.AccountsControl | x | x | x | No |
-| | Microsoft.AsyncTextService | | | x | No |
+| File Picker | 1527c705-839a-4832-9118-54d4Bd6a0c89 | | x | x | No |
+| File Explorer | c5e2524a-ea46-4f67-841f-6a9465d9d515 | | x | x | No |
+| App Resolver UX | E2A4F912-2574-4A75-9BB0-0D023378592B | | x | x | No |
+| Add Suggested Folders To Library | F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE | | x | x | No |
+| | InputApp | x | x | x | No |
+| Microsoft.AAD.Broker.Plugin | Microsoft.AAD.Broker.Plugin | x | x | x | No |
+| Microsoft.AccountsControl | Microsoft.AccountsControl | x | x | x | No |
+| Microsoft.AsyncTextService | Microsoft.AsyncTextService | | x | x | No |
| Hello setup UI | Microsoft.BioEnrollment | x | x | x | No |
| | Microsoft.CredDialogHost | x | x | x | No |
-| | Microsoft.ECApp | | x | x | No |
+| | Microsoft.ECApp | x | x | x | No |
| | Microsoft.LockApp | x | x | x | No |
| Microsoft Edge | Microsoft.MicrosoftEdge | x | x | x | No |
-| | Microsoft.MicrosoftEdgeDevToolsClient | | | x | No |
-| | Microsoft.PPIProjection | x | x | | No |
-| | Microsoft.Win32WebViewHost | | | x | No |
+| | Microsoft.MicrosoftEdgeDevToolsClient | | x | x | No |
+| | Microsoft.PPIProjection | x | x | x | No |
+| | Microsoft.Win32WebViewHost | | x | x | No |
| | Microsoft.Windows.Apprep.ChxApp | x | x | x | No |
| | Microsoft.Windows.AssignedAccessLockApp | x | x | x | No |
-| | Microsoft.Windows.CapturePicker | | | x | No |
+| | Microsoft.Windows.CapturePicker | | x | x | No |
| | Microsoft.Windows.CloudExperienceHost | x | x | x | No |
| | Microsoft.Windows.ContentDeliveryManager | x | x | x | No |
| Cortana | Microsoft.Windows.Cortana | x | x | x | No |
| | Microsoft.Windows.Holographic.FirstRun | x | x | | No |
-| | Microsoft.Windows.ModalSharePickerHost | x | | | No |
| | Microsoft.Windows.OOBENetworkCaptivePort | x | x | x | No |
| | Microsoft.Windows.OOBENetworkConnectionFlow | x | x | x | No |
| | Microsoft.Windows.ParentalControls | x | x | x | No |
-| People Hub | Microsoft.Windows.PeopleExperienceHost | | x | x | No |
-| | Microsoft.Windows.PinningConfirmationDialog | | x | x | No |
+| People Hub | Microsoft.Windows.PeopleExperienceHost | x | x | x | No |
+| | Microsoft.Windows.PinningConfirmationDialog | x | x | x | No |
| | Microsoft.Windows.SecHealthUI | x | x | x | No |
-| | Microsoft.Windows.SecondaryTileExperience | x | x | | No |
+| | Microsoft.Windows.SecondaryTileExperience | x | | | No |
| | Microsoft.Windows.SecureAssessmentBrowser | x | x | x | No |
| Start | Microsoft.Windows.ShellExperienceHost | x | x | x | No |
-| Windows Feedback | Microsoft.WindowsFeedback | * | * | | No |
+| Windows Feedback | Microsoft.WindowsFeedback | * | | | No |
| | Microsoft.XboxGameCallableUI | x | x | x | No |
-| | Windows.CBSPreview | | | x | No |
-| Contact Support* | Windows.ContactSupport | x | * | | Via Settings App |
+| | Windows.CBSPreview | | x | x | No |
+| Contact Support* | Windows.ContactSupport | * | | | Via Settings App |
| Settings | Windows.immersivecontrolpanel | x | x | x | No |
-| Connect | Windows.MiracastView | x | | | No |
-| Print 3D | Windows.Print3D | | x | | Yes |
+| Print 3D | Windows.Print3D | | x | x | Yes |
| Print UI | Windows.PrintDialog | x | x | x | No |
-| Purchase UI | Windows.PurchaseDialog | | | | No |
> [!NOTE]
@@ -162,36 +151,34 @@ System apps are integral to the operating system. Here are the typical system ap
## Installed Windows apps
-Here are the typical installed Windows apps in Windows 10 versions 1703, 1709, and 1803.
+Here are the typical installed Windows apps in Windows 10 versions 1709, 1803, and 1809.
-| Name | Full name | 1703 | 1709 | 1803 |Uninstall through UI? |
+| Name | Full name | 1709 | 1803 | 1809 | Uninstall through UI? |
|--------------------|------------------------------------------|:----:|:----:|:----:|:---------------------:|
-| Remote Desktop | Microsoft.RemoteDesktop | x | x | | Yes |
-| PowerBI | Microsoft.Microsoft PowerBIforWindows | x | | | Yes |
-| Code Writer | ActiproSoftwareLLC.562882FEEB491 | x | x | x | Yes |
-| Eclipse Manager | 46928bounde.EclipseManager | x | x | x | Yes |
-| Pandora | PandoraMediaInc.29680B314EFC2 | x | x | x | Yes |
-| Photoshop Express | AdobeSystemIncorporated. AdobePhotoshop | x | x | x | Yes |
-| Duolingo | D5EA27B7.Duolingo- LearnLanguagesforFree | x | x | x | Yes |
+| Remote Desktop | Microsoft.RemoteDesktop | x | | x | Yes |
+| Code Writer | ActiproSoftwareLLC.562882FEEB491 | x | x | | Yes |
+| Eclipse Manager | 46928bounde.EclipseManager | x | x | | Yes |
+| Pandora | PandoraMediaInc.29680B314EFC2 | x | x | | Yes |
+| Photoshop Express | AdobeSystemIncorporated. AdobePhotoshop | x | x | | Yes |
+| Duolingo | D5EA27B7.Duolingo- LearnLanguagesforFree | x | x | | Yes |
| Network Speed Test | Microsoft.NetworkSpeedTest | x | x | x | Yes |
| News | Microsoft.BingNews | x | x | x | Yes |
-| Flipboard | | | | | Yes |
-| | Microsoft.Advertising.Xaml | x | x | x | Yes |
-| | Microsoft.NET.Native.Framework.1.2 | x | x | x | Yes |
-| | Microsoft.NET.Native.Framework.1.3 | x | x | x | Yes |
-| | Microsoft.NET.Native.Framework.1.6 | | x | x | Yes |
-| | Microsoft.NET.Native.Framework.1.7 | | | x | Yes |
-| | Microsoft.NET.Native.Framework.2.0 | | x | x | Yes |
-| | Microsoft.NET.Native.Runtime.1.1 | | x | x | Yes |
-| | Microsoft.NET.Native.Runtime.1.3 | x | x | | Yes |
-| | Microsoft.NET.Native.Runtime.1.4 | x | x | x | Yes |
-| | Microsoft.NET.Native.Runtime.1.6 | | x | x | Yes |
-| | Microsoft.NET.Native.Runtime.1.7 | | | x | Yes |
-| | Microsoft.NET.Native.Runtime.2.0 | | x | x | Yes |
-| | Microsoft.Services.Store.Engagement | | x | x | Yes |
-| | Microsoft.VCLibs.120.00 | x | x | x | Yes |
+| Sway | Microsoft.Office.Sway | x | x | x | Yes |
+| Microsoft.Advertising | Microsoft.Advertising.Xaml | x | x | x | Yes |
+| | Microsoft.NET.Native.Framework.1.2 | x | x | | Yes |
+| | Microsoft.NET.Native.Framework.1.3 | x | x | | Yes |
+| | Microsoft.NET.Native.Framework.1.6 | x | x | x | Yes |
+| | Microsoft.NET.Native.Framework.1.7 | | x | x | Yes |
+| | Microsoft.NET.Native.Framework.2.0 | x | x | | Yes |
+| | Microsoft.NET.Native.Runtime.1.1 | x | x | | Yes |
+| | Microsoft.NET.Native.Runtime.1.3 | x | | | Yes |
+| | Microsoft.NET.Native.Runtime.1.4 | x | x | | Yes |
+| | Microsoft.NET.Native.Runtime.1.6 | x | x | x | Yes |
+| | Microsoft.NET.Native.Runtime.1.7 | x | x | x | Yes |
+| | Microsoft.NET.Native.Runtime.2.0 | x | x | | Yes |
+| | Microsoft.Services.Store.Engagement | x | x | | Yes |
+| | Microsoft.VCLibs.120.00 | x | x | | Yes |
| | Microsoft.VCLibs.140.00 | x | x | x | Yes |
-| | Microsoft.VCLibs.120.00.Universal | | x | | Yes |
-| | Microsoft.VCLibs.140.00.UWPDesktop | | | x | Yes |
-| | Microsoft.WinJS.2.0 | x | | | Yes |
+| | Microsoft.VCLibs.120.00.Universal | x | | | Yes |
+| | Microsoft.VCLibs.140.00.UWPDesktop | | x | | Yes |
---
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md
index d744ed476c..d31379fc55 100644
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@@ -113,8 +113,8 @@ Here is an example:
```
-
-
+
+
```
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
index 950452b167..04e32767b2 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
@@ -22,7 +22,7 @@ ms.date: 10/05/2017
|Group policy |MDM policy |Description |
|-------------|-----------|------------|
|Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortanaAboveLock|AboveLock/AllowCortanaAboveLock|Specifies whether an employee can interact with Cortana using voice commands when the system is locked.**Note**
This setting only applies to Windows 10 for desktop devices. |
-|Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow input personalization|Privacy/AllowInputPersonalization|Specifies whether an employee can use voice commands with Cortana in your organization.
**In Windows 10, version 1511**
Cortana won’t work if this setting is turned off (disabled).
**In Windows 10, version 1607 and later**
Cortana still works if this setting is turned off (disabled).|
+|Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow users to enable online speech recognition services|Privacy/AllowInputPersonalization|Specifies whether an employee can use voice commands with Cortana in your organization.
**In Windows 10, version 1511**
Cortana won’t work if this setting is turned off (disabled).
**In Windows 10, version 1607 and later**
Cortana still works if this setting is turned off (disabled).|
|None|System/AllowLocation|Specifies whether to allow app access to the Location service.
**In Windows 10, version 1511**
Cortana won’t work if this setting is turned off (disabled).
**In Windows 10, version 1607 and later**
Cortana still works if this setting is turned off (disabled).|
|None|Accounts/AllowMicrosoftAccountConnection|Specifies whether to allow employees to sign in using a Microsoft account (MSA) from Windows apps.
Use this setting if you only want to support Azure AD in your organization.|
|Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location|Search/AllowSearchToUseLocation|Specifies whether Cortana can use your current location during searches and for location reminders.|
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 14905d408b..4d636e90c8 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -505,7 +505,7 @@ Provisioning packages can be applied to a device during the first-run experience
#### After setup, from a USB drive, network folder, or SharePoint site
1. Sign in with an admin account.
-2. Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install.
+2. Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. For a provisioning package stored on a network folder or on a SharePoint site, navigate to the provisioning package and double-click it to begin installation.
>[!NOTE]
>if your provisioning package doesn’t include the assigned access user account creation, make sure the account you specified in the multi-app configuration XML exists on the device.
@@ -537,6 +537,7 @@ The OMA-URI for multi-app policy is `./Device/Vendor/MSFT/AssignedAccess/Configu
+
## Considerations for Windows Mixed Reality immersive headsets
diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md
index a4a8ead75e..f45cc4b960 100644
--- a/windows/configuration/ue-v/uev-getting-started.md
+++ b/windows/configuration/ue-v/uev-getting-started.md
@@ -14,6 +14,9 @@ ms.date: 03/08/2018
**Applies to**
- Windows 10, version 1607
+>[!NOTE]
+>This documentation is for the most recent version of UE-V. If you're looking for information about UE-V 2.x, which was included in the Microsoft Desktop Optimization Pack (MDOP), see [Get Started with UE-V 2.x](https://docs.microsoft.com/microsoft-desktop-optimization-pack/uev-v2/get-started-with-ue-v-2x-new-uevv2).
+
Follow the steps in this topic to deploy User Experience Virtualization (UE-V) for the first time in a test environment. Evaluate UE-V to determine whether it’s the right solution to manage user settings across multiple devices within your enterprise.
>[!NOTE]
@@ -150,7 +153,7 @@ You’re ready to run a few tests on your UE-V evaluation deployment to see how
## Have a suggestion for UE-V?
-Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).
For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
## Other resources for this feature
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index 5da3446971..d2d9d74f45 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -554,4 +554,4 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowUserInputFromWirelessDisplayReceiver](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub. | X | X | | | |
\ No newline at end of file
+| [AllowUserInputFromWirelessDisplayReceiver](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub. | X | X | | | |
diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
index 1466263dc5..049d352939 100644
--- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@@ -22,13 +22,14 @@ This topic will show you how to take your reference image for Windows 10, and d
For the purposes of this topic, we will use three machines: DC01, MDT01, and PC0005. DC01 is a domain controller, MDT01 is a Windows Server 2012 R2 standard server, and PC0005 is a blank machine to which you deploy Windows 10. MDT01 and PC0005 are members of the domain contoso.com for the fictitious Contoso Corporation.
-**Note**
-For important details about the setup for the steps outlined in this article, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
-
Figure 1. The machines used in this topic.
+>[!NOTE]
+>For important details about the setup for the steps outlined in this article, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
+
+
## Step 1: Configure Active Directory permissions
These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you have downloaded the sample [Set-OUPermissions.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01. The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.
@@ -92,9 +93,10 @@ In these steps, we assume that you have completed the steps in the [Create a Win
6. On the **Destination** page, in the **Destination directory name** text box, type **W10EX64RTM**, click **Next** twice, and then click **Finish**.
7. After adding the operating system, double-click the added operating system name in the **Operating Systems / Windows 10** node and change the name to match the following: **Windows 10 Enterprise x64 RTM Custom Image**.
-**Note**
-The reason for adding the setup files has changed since earlier versions of MDT. MDT 2010 used the setup files to install Windows. MDT uses DISM to apply the image; however, you still need the setup files because some components in roles and features are stored outside the main image.
+>[!NOTE]
+>The reason for adding the setup files has changed since earlier versions of MDT. MDT 2010 used the setup files to install Windows. MDT uses DISM to apply the image; however, you still need the setup files because some components in roles and features are stored outside the main image.
+
Figure 2. The imported operating system after renaming it.
@@ -128,8 +130,8 @@ In order to deploy Windows 10 with MDT successfully, you need drivers for the b
- Microsoft Surface Pro
For boot images, you need to have storage and network drivers; for the operating system, you need to have the full suite of drivers.
-**Note**
-You should only add drivers to the Windows PE images if the default drivers don't work. Adding drivers that are not necessary will only make the boot image larger and potentially delay the download time.
+>[!NOTE]
+>You should only add drivers to the Windows PE images if the default drivers don't work. Adding drivers that are not necessary will only make the boot image larger and potentially delay the download time.
### Create the driver source structure in the file system
@@ -150,8 +152,8 @@ The key to successful management of drivers for MDT, as well as for any other de
- Microsoft Corporation
- Surface Pro 3
-**Note**
-Even if you are not going to use both x86 and x64 boot images, we still recommend that you add the support structure for future use.
+>[!NOTE]
+>Even if you are not going to use both x86 and x64 boot images, we still recommend that you add the support structure for future use.
### Create the logical driver structure in MDT
@@ -285,8 +287,9 @@ This section will show you how to create the task sequence used to deploy your p
2. Configure the **Inject Drivers** action with the following settings:
1. Choose a selection profile: Nothing
2. Install all drivers from the selection profile
- **Note**
- The configuration above indicates that MDT should only use drivers from the folder specified by the DriverGroup001 property, which is defined by the "Choose a selection profile: Nothing" setting, and that MDT should not use plug and play to determine which drivers to copy, which is defined by the "Install all drivers from the selection profile" setting.
+
+ >[!NOTE]
+ >The configuration above indicates that MDT should only use drivers from the folder specified by the DriverGroup001 property, which is defined by the "Choose a selection profile: Nothing" setting, and that MDT should not use plug and play to determine which drivers to copy, which is defined by the "Install all drivers from the selection profile" setting.
3. State Restore. Enable the **Windows Update (Pre-Application Installation)** action.
4. State Restore. Enable the **Windows Update (Post-Application Installation)** action.
@@ -359,8 +362,10 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh
- In the **Lite Touch Boot Image Settings** area:
1. Image description: MDT Production x86
2. ISO file name: MDT Production x86.iso
- **Note**
- Because you are going to use Pre-Boot Execution Environment (PXE) later to deploy the machines, you do not need the ISO file; however, we recommend creating ISO files because they are useful when troubleshooting deployments and for quick tests.
+
+ >[!NOTE]
+
+ >Because you are going to use Pre-Boot Execution Environment (PXE) later to deploy the machines, you do not need the ISO file; however, we recommend creating ISO files because they are useful when troubleshooting deployments and for quick tests.
7. In the **Drivers and Patches** sub tab, select the **WinPE x86** selection profile and select the **Include all drivers from the selection profile** option.
8. In the **Windows PE** tab, in the **Platform** drop-down list, select **x64**.
@@ -372,8 +377,8 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh
11. In the **Monitoring** tab, select the **Enable monitoring for this deployment share** check box.
12. Click **OK**.
-**Note**
-It will take a while for the Deployment Workbench to create the monitoring database and web service.
+>[!NOTE]
+>It will take a while for the Deployment Workbench to create the monitoring database and web service.
@@ -479,8 +484,8 @@ Like the MDT Build Lab deployment share, the MDT Production deployment share nee
1. Right-click the **MDT Production** deployment share and select **Update Deployment Share**.
2. Use the default options for the Update Deployment Share Wizard.
-**Note**
-The update process will take 5 to 10 minutes.
+>[!NOTE]
+>The update process will take 5 to 10 minutes.
## Step 8: Deploy the Windows 10 client image
@@ -588,8 +593,9 @@ To filter what is being added to the media, you create a selection profile. When
In these steps, you generate offline media from the MDT Production deployment share. To filter what is being added to the media, you use the previously created selection profile.
1. On MDT01, using File Explorer, create the **E:\\MDTOfflineMedia** folder.
- **Note**
- When creating offline media, you need to create the target folder first. It is crucial that you do not create a subfolder inside the deployment share folder because it will break the offline media.
+
+ >[!NOTE]
+ >When creating offline media, you need to create the target folder first. It is crucial that you do not create a subfolder inside the deployment share folder because it will break the offline media.
2. Using Deployment Workbench, in the **MDT Production / Advanced Configuration** node, right-click the **Media** node, and select **New Media**.
3. Use the following settings for the New Media Wizard:
diff --git a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
index 23c462b839..c96216fab7 100644
--- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
@@ -45,7 +45,10 @@ These steps assume that you have the MDT01 member server installed and configure
3. On the **Select the features you want to change** page, select the features below and complete the wizard using the default settings:
1. Deployment Tools
2. Windows Preinstallation Environment (Windows PE)
- 3. User State Migration Tool (UMST)
+ 3. User State Migration Tool (USMT)
+
+ >[!IMPORTANT]
+ >Starting with Windows 10, version 1809, Windows PE is released separately from the AFK. See [Download and install the Windows ADK](https://docs.microsoft.com/windows-hardware/get-started/adk-install) for more information.
## Install MDT
diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md
index 9c63798bd2..be96b68e59 100644
--- a/windows/deployment/update/waas-manage-updates-wufb.md
+++ b/windows/deployment/update/waas-manage-updates-wufb.md
@@ -112,7 +112,7 @@ Also, the pause period is calculated from the set start date. For more details,
## Monitor Windows Updates by using Update Compliance
-Update Compliance, now **available in public preview**, provides a holistic view of OS update compliance, update deployment progress, and failure troubleshooting for Windows 10 devices. This new service uses diagnostic data including installation progress, Windows Update configuration, and other information to provide such insights, at no extra cost and without additional infrastructure requirements. Whether used with Windows Update for Business or other management tools, you can be assured that your devices are properly updated.
+Update Compliance provides a holistic view of OS update compliance, update deployment progress, and failure troubleshooting for Windows 10 devices. This new service uses diagnostic data including installation progress, Windows Update configuration, and other information to provide such insights, at no extra cost and without additional infrastructure requirements. Whether used with Windows Update for Business or other management tools, you can be assured that your devices are properly updated.
diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index 218be1564a..3d46e34a86 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -117,8 +117,7 @@ The concept of servicing channels is new, but organizations can use the same man
### Semi-Annual Channel
-In the Semi-Annual servicing channel, feature updates are available as soon as Microsoft releases them. Windows 10, version 1511, had few servicing tool options to delay feature updates, limiting the use of the Semi-Annual servicing channel. Windows 10, version 1607 and onward, includes more servicing tools that can delay feature updates for up to 365 days. This servicing modal is ideal for pilot deployments and testing of Windows 10 feature updates and for users such as developers who need to work with the latest features immediately.
-Once the latest release went through pilot deployment and testing, you choose the timing at which it goes into broad deployment.
+In the Semi-Annual servicing channel, feature updates are available as soon as Microsoft releases them. Windows 10, version 1511, had few servicing tool options to delay feature updates, limiting the use of the Semi-Annual servicing channel. Windows 10, version 1607 and onward, includes more servicing tools that can delay feature updates for up to 365 days. This servicing model is ideal for pilot deployments and testing of Windows 10 feature updates and for users such as developers who need to work with the latest features immediately. Once the latest release has gone through pilot deployment and testing, you will be able to choose the timing at which it goes into broad deployment.
When Microsoft officially releases a feature update for Windows 10, it is made available to any PC not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft System Center Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the Semi-Annual Channel will be available but not necessarily immediately mandatory, depending on the policy of the management system. For more details about Windows 10 servicing tools, see [Servicing tools](#servicing-tools).
@@ -146,7 +145,7 @@ Microsoft never publishes feature updates through Windows Update on devices that
>[!NOTE]
>Windows 10 LTSB will support the currently released processors and chipsets at the time of release of the LTSB. As future CPU generations are released, support will be created through future Windows 10 LTSB releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products).
-The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSB edition. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in Windows 10 Enterprise LTSB edition, even of you install by using sideloading.
+The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSB edition. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in Windows 10 Enterprise LTSB edition, even if you install by using sideloading.
>[!NOTE]
>If an organization has devices currently running Windows 10 Enterprise LTSB that it would like to change to the Semi-Annual Channel, it can make the change without losing user data. Because LTSB is its own SKU, however, an upgrade is required from Windows 10 Enterprise LTSB to Windows 10 Enterprise, which supports the Semi-Annual Channel.
diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md
index c6eda60ace..6b83fee5c8 100644
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@@ -17,15 +17,15 @@ ms.topic: article
**Applies to**
- Windows 10
-- Windows 10 Mobile
+- Windows 10 Mobile
-> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
+> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
You can use Group Policy settings, mobile device management (MDM) or Registry (not recommended) to configure when devices will restart after a Windows 10 update is installed. You can schedule update installation and set policies for restart, configure active hours for when restarts will not occur, or you can do both.
## Schedule update installation
-In Group Policy, within **Configure Automatic Updates**, you can configure a forced restart after a specified installation time.
+In Group Policy, within **Configure Automatic Updates**, you can configure a forced restart after a specified installation time.
To set the time, you need to go to **Configure Automatic Updates**, select option **4 - Auto download and schedule the install**, and then enter a time in the **Scheduled install time** dropdown. Alternatively, you can specify that installation will occur during the automatic maintenance time (configured using **Computer Configuration\Administrative Templates\Windows Components\Maintenance Scheduler**).
@@ -40,7 +40,7 @@ For a detailed description of these registry keys, see [Registry keys used to ma
When **Configure Automatic Updates** is enabled in Group Policy, you can enable one of the following additional policies to delay an automatic reboot after update installation:
- **Turn off auto-restart for updates during active hours** prevents automatic restart during active hours.
-- **No auto-restart with logged on users for scheduled automatic updates installations** prevents automatic restart when a user is signed in. If a user schedules the restart in the update notification, the device will restart at the time the user specifies even if a user is signed in at the time. This policy only applies when **Configure Automatic Updates** is set to option **4-Auto download and schedule the install**.
+- **No auto-restart with logged on users for scheduled automatic updates installations** prevents automatic restart when a user is signed in. If a user schedules the restart in the update notification, the device will restart at the time the user specifies even if a user is signed in at the time. This policy only applies when **Configure Automatic Updates** is set to option **4-Auto download and schedule the install**.
You can also use Registry, to prevent automatic restarts when a user is signed in. Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU**, set **AuOptions** to **4** and enable **NoAutoRebootWithLoggedOnUsers**. As with Group Policy, if a user schedules the restart in the update notification, it will override this setting.
@@ -48,9 +48,9 @@ For a detailed description of these registry keys, see [Registry keys used to ma
## Configure active hours
-*Active hours* identify the period of time when you expect the device to be in use. Automatic restarts after an update will occur outside of the active hours.
+*Active hours* identify the period of time when you expect the device to be in use. Automatic restarts after an update will occur outside of the active hours.
-By default, active hours are from 8 AM to 5 PM on PCs and from 5 AM to 11 PM on phones. Users can change the active hours manually.
+By default, active hours are from 8 AM to 5 PM on PCs and from 5 AM to 11 PM on phones. Users can change the active hours manually.
Starting with Windows 10, version 1703, you can also specify the max active hours range. The specified range will be counted from the active hours start time.
@@ -89,7 +89,7 @@ For a detailed description of these registry keys, see [Registry keys used to ma
With Windows 10, version 1703, administrators can specify the max active hours range users can set. This option gives you additional flexibility to leave some of the decision for active hours on the user's side, while making sure you allow enough time for updating. The max range is calculated from active hours start time.
-To configure active hours max range through Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Windows Update** and open the **Specify active hours range for auto-restarts**.
+To configure active hours max range through Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Windows Update** and open the **Specify active hours range for auto-restarts**.
To configure active hours max range through MDM, use [**Update/ActiveHoursMaxRange**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider?UpdatePolicies#update-activehoursmaxrange).
@@ -103,9 +103,9 @@ In Windows 10, version 1703, we have added settings to control restart notificat
### Auto-restart notifications
-Administrators can override the default behavior for the auto-restart required notification. By default, this notification will dismiss automatically.
+Administrators can override the default behavior for the auto-restart required notification. By default, this notification will dismiss automatically.
-To configure this behavior through Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Windows Update** and select **Configure auto-restart required notification for updates**. When configured to **2 - User Action**, a user that gets this notification must manually dismiss it.
+To configure this behavior through Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Windows Update** and select **Configure auto-restart required notification for updates**. When configured to **2 - User Action**, a user that gets this notification must manually dismiss it.
To configure this behavior through MDM, use [**Update/AutoRestartRequiredNotificationDismissal**](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider?UpdatePolicies#update-AutoRestartRequiredNotificationDismissal)
@@ -170,7 +170,7 @@ The following tables list registry values that correspond to the Group Policy se
| Registry key | Key type | Value |
| --- | --- | --- |
| ActiveHoursEnd | REG_DWORD | 0-23: set active hours to end at a specific hourstarts with 12 AM (0) and ends with 11 PM (23) |
-| ActiveHoursStart | REG_DWORD | 0-23: set active hours to start at a specific hourstarts with 12 AM (0) and ends with 11 PM (23) |
+| ActiveHoursStart | REG_DWORD | 0-23: set active hours to start at a specific hourstarts with 12 AM (0) and ends with 11 PM (23) |
| SetActiveHours | REG_DWORD | 0: disable automatic restart after updates outside of active hours1: enable automatic restart after updates outside of active hours |
**HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU**
@@ -179,32 +179,24 @@ The following tables list registry values that correspond to the Group Policy se
| --- | --- | --- |
| AlwaysAutoRebootAtScheduledTime | REG_DWORD | 0: disable automatic reboot after update installation at scheduled time1: enable automatic reboot after update installation at ascheduled time |
| AlwaysAutoRebootAtScheduledTimeMinutes | REG_DWORD | 15-180: set automatic reboot to occur after given minutes |
-| AUOptions | REG_DWORD | 2: notify for download and automatically install updates3: automatically download and notify for instllation of updates4: Automatically download and schedule installation of updates5: allow the local admin to configure these settings**Note:** To configure restart behavior, set this value to **4** |
-| NoAutoRebootWithLoggedOnUsers | REG_DWORD | 0: disable do not reboot if users are logged on1: do not reboot after an update installation if a user is logged on**Note:** If disabled : Automatic Updates will notify the user that the computer will automatically restarts in 5 minutes to complete the installation |
+| AUOptions | REG_DWORD | 2: notify for download and automatically install updates3: automatically download and notify for installation of updates4: Automatically download and schedule installation of updates5: allow the local admin to configure these settings**Note:** To configure restart behavior, set this value to **4** |
+| NoAutoRebootWithLoggedOnUsers | REG_DWORD | 0: disable do not reboot if users are logged on1: do not reboot after an update installation if a user is logged on**Note:** If disabled : Automatic Updates will notify the user that the computer will automatically restart in 5 minutes to complete the installation |
| ScheduledInstallTime | REG_DWORD | 0-23: schedule update installation time to a specific hourstarts with 12 AM (0) and ends with 11 PM (23) |
There are 3 different registry combinations for controlling restart behavior:
- To set active hours, **SetActiveHours** should be **1**, while **ActiveHoursStart** and **ActiveHoursEnd** should define the time range.
- To schedule a specific installation and reboot time, **AUOptions** should be **4**, **ScheduledInstallTime** should specify the installation time, **AlwaysAutoRebootAtScheduledTime** set to **1** and **AlwaysAutoRebootAtScheduledTimeMinutes** should specify number of minutes to wait before rebooting.
-- To delay rebooting if a user is logged on, **AUOptions** should be **4**, while **NoAutoRebootWithLoggedOnUsers** is set to **1**.
+- To delay rebooting if a user is logged on, **AUOptions** should be **4**, while **NoAutoRebootWithLoggedOnUsers** is set to **1**.
## Related topics
- [Update Windows 10 in the enterprise](index.md)
- [Overview of Windows as a service](waas-overview.md)
-- [Manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md)
+- [Manage updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md)
- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
- [Configure Windows Update for Business](waas-configure-wufb.md)
- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
- [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md)
-
-
-
-
-
-
-
-
diff --git a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
index de1e61231d..6be715e074 100644
--- a/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
+++ b/windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
@@ -79,12 +79,14 @@ If you have deployed images that have not been generalized, then many of them mi
[](images/device-reliability-device-count.png)
If you have devices that appear in other solutions, but not Device Health, follow these steps to investigate the issue:
-1. Confirm that the devices are running Windows10.
-2. Verify that the Commercial ID is present in the device's registry. For details see [https://gpsearch.azurewebsites.net/#13551](https://gpsearch.azurewebsites.net/#13551).
-3. Confirm that devices have opted in to provide diagnostic data by checking in the registry that **AllowTelemetry** is set to 2 (Enhanced) or 3 (Full) in **HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection** (or **HKLM\Software\Policies\Microsoft\Windows\DataCollection**, which takes precedence if set).
-4. Verify that devices can reach the endpoints specified in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md). Also check settings for SSL inspection and proxy authentication; see [Configuring endpoint access with SSL inspection](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started#configuring-endpoint-access-with-ssl-inspection) for more information.
-5. Wait 48 hours for activity to appear in the reports.
-6. If you need additional troubleshooting, contact Microsoft Support.
+1. Using the Azure portal, remove the Device Health (appears as DeviceHealthProd on some pages) solution from your Log Analytics workspace. After completing this, add the Device Health solution to you workspace again.
+2. Confirm that the devices are running Windows 10.
+3. Verify that the Commercial ID is present in the device's registry. For details see [https://gpsearch.azurewebsites.net/#13551](https://gpsearch.azurewebsites.net/#13551).
+4. Confirm that devices have opted in to provide diagnostic data by checking in the registry that **AllowTelemetry** is set to 2 (Enhanced) or 3 (Full) in **HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection** (or **HKLM\Software\Policies\Microsoft\Windows\DataCollection**, which takes precedence if set).
+5. Verify that devices can reach the endpoints specified in [Enrolling devices in Windows Analytics](windows-analytics-get-started.md). Also check settings for SSL inspection and proxy authentication; see [Configuring endpoint access with SSL inspection](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started#configuring-endpoint-access-with-ssl-inspection) for more information.
+6. Remove the Device Health (appears as DeviceHealthProd on some pages) from your Log Analytics workspace
+7. Wait 48 hours for activity to appear in the reports.
+8. If you need additional troubleshooting, contact Microsoft Support.
### Device crashes not appearing in Device Health Device Reliability
diff --git a/windows/deployment/update/windows-as-a-service.md b/windows/deployment/update/windows-as-a-service.md
index 3f665bd4b4..f49645a75a 100644
--- a/windows/deployment/update/windows-as-a-service.md
+++ b/windows/deployment/update/windows-as-a-service.md
@@ -25,6 +25,8 @@ Everyone wins when transparency is a top priority. We want you to know when upda
The latest news:
+- Data, insights and listening to improve the customer experience - March 6, 2019
+- Getting to know the Windows update history pages - February 21, 2019
- Windows Update for Business and the retirement of SAC-T - February 14, 2019
- Application compatibility in the Windows ecosystem - January 15, 2019
- Windows monthly security and quality updates overview - January 10, 2019
diff --git a/windows/deployment/upgrade/upgrade-readiness-requirements.md b/windows/deployment/upgrade/upgrade-readiness-requirements.md
index dbae4ad42f..9d4f85609f 100644
--- a/windows/deployment/upgrade/upgrade-readiness-requirements.md
+++ b/windows/deployment/upgrade/upgrade-readiness-requirements.md
@@ -26,7 +26,8 @@ The compatibility update that sends diagnostic data from user computers to Micro
If you need to update user computers to Windows 7 SP1 or Windows 8.1, use Windows Update or download and deploy the applicable package from the Microsoft Download Center.
-Note: Upgrade Readiness is designed to best support in-place upgrades. In-place upgrades do not support migrations from BIOS to UEFI or from 32-bit to 64-bit architecture. If you need to migrate computers in these scenarios, use the wipe-and-reload method. Upgrade Readiness insights are still valuable in this scenario, however, you can ignore in-place upgrade specific guidance.
+> [!NOTE]
+> Upgrade Readiness is designed to best support in-place upgrades. In-place upgrades do not support migrations from BIOS to UEFI or from 32-bit to 64-bit architecture. If you need to migrate computers in these scenarios, use the wipe-and-reload method. Upgrade Readiness insights are still valuable in this scenario, however, you can ignore in-place upgrade specific guidance.
See [Windows 10 Specifications](https://www.microsoft.com/en-US/windows/windows-10-specifications) for additional information about computer system requirements.
diff --git a/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md b/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md
index cfb358040c..ed314a0bb8 100644
--- a/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md
+++ b/windows/deployment/upgrade/upgrade-windows-phone-8-1-to-10.md
@@ -6,9 +6,8 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
-ms.pagetype: mdt
-author: Jamiejdt
-ms.date: 07/27/2017
+ms.pagetype: mdm
+author: greg-lindsay
ms.topic: article
---
@@ -19,9 +18,15 @@ ms.topic: article
- Windows 10 Mobile
## Summary
-This article describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using Mobile Device Management (MDM). To determine if the device is eligible for an upgrade, see the [How to determine whether an upgrade is available for a device](#howto-upgrade-available) topic in this article.
-The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. An eligible device must opt-in to be offered the upgrade. For consumers, the Windows 10 Mobile Upgrade Advisor app is available from the Windows Store to perform the opt-in. For Enterprises, Microsoft is offering a centralized management solution through MDM that can push a management policy to each eligible device to perform the opt-in.
+This article describes how system administrators can upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile using [Mobile Device Management](https://docs.microsoft.com/windows/client-management/mdm/) (MDM).
+
+>[!IMPORTANT]
+>If you are not a system administrator, see the [Windows 10 Mobile Upgrade & Updates](https://www.microsoft.com/windows/windows-10-mobile-upgrade) page for details about updating your Windows 8.1 Mobile device to Windows 10 Mobile using the [Upgrade Advisor](https://www.microsoft.com/store/p/upgrade-advisor/9nblggh0f5g4).
+
+## Upgrading with MDM
+
+The Windows Phone 8.1 to Windows 10 Mobile upgrade uses an "opt-in" or "seeker" model. To determine if the device is eligible for an upgrade with MDM, see the [How to determine whether an upgrade is available for a device](#howto-upgrade-available) topic in this article. An eligible device must opt-in to be offered the upgrade. For consumers, the Windows 10 Mobile Upgrade Advisor app is available from the Windows Store to perform the opt-in. For Enterprises, Microsoft is offering a centralized management solution through MDM that can push a management policy to each eligible device to perform the opt-in.
If you use a list of allowed applications (app whitelisting) with MDM, verify that system applications are whitelisted before you upgrade to Windows 10 Mobile. Also, be aware that there are [known issues](https://msdn.microsoft.com/library/windows/hardware/mt299056.aspx#whitelist) with app whitelisting that could adversely affect the device after you upgrade.
@@ -90,7 +95,7 @@ The Windows 10 Mobile Upgrade Advisor app is not designed or intended for Enterp
We recommend that enterprises use a pilot device with the Windows 10 Mobile Upgrade Advisor app installed. The pilot device provides the device model and MO used by the enterprise. When you run the app on the pilot device, it will tell you that either an upgrade is available, that the device is eligible for upgrade, or that an upgrade is not available for this device.
-Note: The availability of Windows 10 Mobile as an update for existing Windows Phone 8.1 devices varies by device manufacturer, device model, country or region, mobile operator or service provider, hardware limitations, and other factors. To check for compatibility and other important installation information, see the [Windows 10 mobile](https://www.microsoft.com/en/mobile/windows10) page.
+Note: The availability of Windows 10 Mobile as an update for existing Windows Phone 8.1 devices varies by device manufacturer, device model, country or region, mobile operator or service provider, hardware limitations, and other factors. To check for compatibility and other important installation information, see the [Windows 10 Mobile FAQ](https://support.microsoft.com/help/10599/windows-10-mobile-how-to-get) page.
### How to blacklist the Upgrade Advisor app
diff --git a/windows/deployment/windows-autopilot/autopilot-faq.md b/windows/deployment/windows-autopilot/autopilot-faq.md
index a22b5336e7..7399e75801 100644
--- a/windows/deployment/windows-autopilot/autopilot-faq.md
+++ b/windows/deployment/windows-autopilot/autopilot-faq.md
@@ -32,7 +32,7 @@ A [glossary](#glossary) of abbreviations used in this topic is provided at the e
| How does a customer authorize an OEM or Channel Partner to register Autopilot devices on the customer’s behalf? | Before an OEM or Channel Partner can register a device for Autopilot on behalf of a customer, the customer must first give them consent. The consent process begins with the OEM or Channel Partner sending a link to the customer, which directs the customer to a consent page in Microsoft Store for Business. The steps explaining this process are [here](registration-auth.md). |
| Are there any restrictions if a business customer has registered devices in MSfB and later wants those devices to be managed by a CSP via the Partner Center? | The devices will need to be deleted in MSfB by the business customer before the CSP can upload and manage them in the Partner Center. |
| Does Windows Autopilot support removing the option to enable a local administrator account? | Windows Autopilot doesn’t support removing the local admin account. However, it does support restricting the user performing AAD domain join in OOBE to a standard account (versus admin account by default).|
-| How can I test the Windows Autopilot CSV file in the Partner Center? | Only CSP Partners have access to the Partner Center portal. If you are a CSP, you can create a Sales agent user account which has access to “Devices” for testing the file. This can be done today in the Partner Center.
Go [here](https://msdn.microsoft.com/partner-center/createuseraccounts-and-set-permissions) for more information. |
+| How can I test the Windows Autopilot CSV file in the Partner Center? | Only CSP Partners have access to the Partner Center portal. If you are a CSP, you can create a Sales agent user account which has access to “Devices” for testing the file. This can be done today in the Partner Center.
Go [here](https://msdn.microsoft.com/partner-center/create-user-accounts-and-set-permissions) for more information. |
| Must I become a Cloud Solution Provider (CSP) to participate in Windows Autopilot? | Top volume OEMs do not, as they can use the OEM Direct API. All others who choose to use MPC to register devices must become CSPs in order to access MPC. |
| Do the different CSP levels have all the same capabilities when it comes to Windows Autopilot? | For purposes of Windows Autopilot, there are three different types of CSPs, each with different levels of authority an access:
1. Direct CSP: Gets direct authorization from the customer to register devices.
2. Indirect CSP Provider: Gets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer. Indirect CSP Providers register devices through Microsoft Partner Center.
3. Indirect CSP Reseller: Gets direct authorization from the customer to register devices. At the same time, their indirect CSP Provider partner also gets authorization, which mean that either the Indirect Provider or the Indirect Reseller can register devices for the customer. However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs. |
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
index eaf8f033d0..ab42290c6b 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
@@ -4236,7 +4236,7 @@ The following fields are available:
- **RelatedCV** The Correlation Vector that was used before the most recent change to a new Correlation Vector.
- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download.
- **RevisionNumber** The revision number of the specified piece of content.
-- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Windows Store, etc.).
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped.
- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult).
@@ -5132,7 +5132,7 @@ The following fields are available:
- **RebootReason** Reason for the reboot.
-## Windows Store events
+## Microsoft Store events
### Microsoft.Windows.Store.Partner.ReportApplication
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
index 27fcd87f88..658324d8b4 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
@@ -4128,7 +4128,7 @@ The following fields are available:
- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.)
- **RevisionNumber** Unique revision number of Update
- **ServerId** Identifier for the service to which the software distribution client is connecting, such as Windows Update and Microsoft Store.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc)
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
- **SystemBIOSMajorRelease** Major version of the BIOS.
- **SystemBIOSMinorRelease** Minor version of the BIOS.
- **UpdateId** Unique Update ID
@@ -4192,7 +4192,7 @@ The following fields are available:
- **RelatedCV** The previous Correlation Vector that was used before swapping with a new one
- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download.
- **RevisionNumber** The revision number of the specified piece of content.
-- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Windows Store, etc.).
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped.
- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult).
@@ -5298,7 +5298,7 @@ The following fields are available:
- **ReportId** WER Report Id associated with this bug check (used for finding the corresponding report archive in Watson).
-## Windows Store events
+## Microsoft Store events
### Microsoft.Windows.Store.Partner.ReportApplication
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
index e3c6418b17..55e5adf886 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
@@ -4934,7 +4934,7 @@ The following fields are available:
- **FlightId** The specific id of the flight the device is getting
- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.)
- **RevisionNumber** Identifies the revision number of this specific piece of content
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc)
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
- **SystemBIOSMajorRelease** Major release version of the system bios
- **SystemBIOSMinorRelease** Minor release version of the system bios
- **UpdateId** Identifier associated with the specific piece of content
@@ -4997,7 +4997,7 @@ The following fields are available:
- **RelatedCV** The Correlation Vector that was used before the most recent change to a new Correlation Vector.
- **RepeatFailFlag** Indicates whether this specific piece of content had previously failed to download.
- **RevisionNumber** The revision number of the specified piece of content.
-- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Windows Store, etc.).
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped.
- **StatusCode** Indicates the result of a Download event (success, cancellation, failure code HResult).
@@ -5988,7 +5988,7 @@ The following fields are available:
- **PertProb** Constant used in algorithm for randomization.
-## Windows Store events
+## Microsoft Store events
### Microsoft.Windows.Store.StoreActivating
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
index 6c44410d18..f8a042ef3d 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
@@ -4859,7 +4859,7 @@ The following fields are available:
- **FlightId** The specific id of the flight the device is getting
- **HandlerType** Indicates the kind of content (app, driver, windows patch, etc.)
- **RevisionNumber** Identifies the revision number of this specific piece of content
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc)
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc)
- **SystemBIOSMajorRelease** Major release version of the system bios
- **SystemBIOSMinorRelease** Minor release version of the system bios
- **UpdateId** Identifier associated with the specific piece of content
@@ -4935,7 +4935,7 @@ The following fields are available:
- **RepeatFailCount** Indicates whether this specific content has previously failed.
- **RepeatFailFlag** Indicates whether this specific content previously failed to download.
- **RevisionNumber** The revision number of the specified piece of content.
-- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Windows Store, etc.).
+- **ServiceGuid** A unique identifier for the service that the software distribution client is installing content for (Windows Update, Microsoft Store, etc.).
- **Setup360Phase** Identifies the active phase of the upgrade download if the current download is for an Operating System upgrade.
- **ShippingMobileOperator** The mobile operator linked to the device when the device shipped.
- **SizeCalcTime** Time (in seconds) taken to calculate the total download size of the payload.
@@ -5117,7 +5117,7 @@ The following fields are available:
- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one.
- **RepeatFailCount** Indicates whether this specific piece of content has previously failed.
- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.).
- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
@@ -5177,7 +5177,7 @@ The following fields are available:
- **RelatedCV** The previous correlation vector that was used by the client before swapping with a new one.
- **RepeatFailCount** Indicates whether this specific piece of content previously failed.
- **RevisionNumber** Identifies the revision number of this specific piece of content.
-- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Windows Store, etc.).
+- **ServiceGuid** Identifier for the service to which the software distribution client is connecting (Windows Update, Microsoft Store, etc.).
- **StatusCode** Result code of the event (success, cancellation, failure code HResult).
- **TargetGroupId** For drivers targeted to a specific device model, this ID indicates the distribution group of devices receiving that driver.
- **TargetingVersion** For drivers targeted to a specific device model, this is the version number of the drivers being distributed to the device.
@@ -5983,7 +5983,7 @@ The following fields are available:
- **PertProb** The probability the entry will be Perturbed if the algorithm chosen is “heavy-hitters”.
-## Windows Store events
+## Microsoft Store events
### Microsoft.Windows.Store.StoreActivating
diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index adb861c877..0cbf266f2a 100644
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -18,7 +18,7 @@ ms.date: 06/05/2018
# Manage connections from Windows operating system components to Microsoft services
-**Applies to**
+**Applies to**
- Windows 10 Enterprise, version 1607 and newer
- Windows Server 2016
@@ -36,7 +36,7 @@ To help make it easier to deploy settings to restrict connections from Windows 1
This baseline was created in the same way as the [Windows security baselines](/windows/device-security/windows-security-baselines) that are often used to efficiently configure Windows to a known secure state.
Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document.
However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended.
-Make sure should you've chosen the right settings configuration for your environment before applying.
+Make sure you've chosen the right settings configuration for your environment before applying.
You should not extract this package to the windows\\system32 folder because it will not apply correctly.
>[!IMPORTANT]
@@ -118,49 +118,50 @@ The following table lists management options for each setting, beginning with Wi
| [6. Font streaming](#font-streaming) | |  |  |  | |
| [7. Insider Preview builds](#bkmk-previewbuilds) |  |  |  |  | |
| [8. Internet Explorer](#bkmk-ie) |  |  | |  | |
-| [9. Live Tiles](#live-tiles) | |  | |  | |
-| [10. Mail synchronization](#bkmk-mailsync) |  | |  |  | |
-| [11. Microsoft Account](#bkmk-microsoft-account) | |  |  |  | |
-| [12. Microsoft Edge](#bkmk-edge) |  |  |  |  | |
-| [13. Network Connection Status Indicator](#bkmk-ncsi) | |  |  |  | |
-| [14. Offline maps](#bkmk-offlinemaps) |  |  |  |  | |
-| [15. OneDrive](#bkmk-onedrive) | |  | |  | |
-| [16. Preinstalled apps](#bkmk-preinstalledapps) |  | | | |  |
-| [17. Settings > Privacy](#bkmk-settingssection) | | | | | |
-| [17.1 General](#bkmk-general) |  |  |  |  | |
-| [17.2 Location](#bkmk-priv-location) |  |  |  |  | |
-| [17.3 Camera](#bkmk-priv-camera) |  |  |  |  | |
-| [17.4 Microphone](#bkmk-priv-microphone) |  |  |  |  | |
-| [17.5 Notifications](#bkmk-priv-notifications) |  |  | |  | |
-| [17.6 Speech, inking, & typing](#bkmk-priv-speech) |  |  |  |  | |
-| [17.7 Account info](#bkmk-priv-accounts) |  |  |  |  | |
-| [17.8 Contacts](#bkmk-priv-contacts) |  |  |  |  | |
-| [17.9 Calendar](#bkmk-priv-calendar) |  |  |  |  | |
-| [17.10 Call history](#bkmk-priv-callhistory) |  |  |  |  | |
-| [17.11 Email](#bkmk-priv-email) |  |  |  |  | |
-| [17.12 Messaging](#bkmk-priv-messaging) |  |  |  |  | |
-| [17.13 Phone calls](#bkmk-priv-phone-calls) |  |  |  |  | |
-| [17.14 Radios](#bkmk-priv-radios) |  |  |  |  | |
-| [17.15 Other devices](#bkmk-priv-other-devices) |  |  |  |  | |
-| [17.16 Feedback & diagnostics](#bkmk-priv-feedback) |  |  |  |  | |
-| [17.17 Background apps](#bkmk-priv-background) |  |  |  | | |
-| [17.18 Motion](#bkmk-priv-motion) |  |  |  |  | |
-| [17.19 Tasks](#bkmk-priv-tasks) |  |  |  |  | |
-| [17.20 App Diagnostics](#bkmk-priv-diag) |  |  |  |  | |
-| [18. Software Protection Platform](#bkmk-spp) | |  |  |  | |
-| [19. Storage Health](#bkmk-storage-health) | |  | | | |
-| [20. Sync your settings](#bkmk-syncsettings) |  |  |  |  | |
-| [21. Teredo](#bkmk-teredo) | |  | |  |  |
-| [22. Wi-Fi Sense](#bkmk-wifisense) |  |  | |  | |
-| [23. Windows Defender](#bkmk-defender) | |  |  |  | |
-| [23.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | |  |  |  | |
-| [24. Windows Media Player](#bkmk-wmp) |  | | | |  |
-| [25. Windows Spotlight](#bkmk-spotlight) |  |  |  |  | |
-| [26. Microsoft Store](#bkmk-windowsstore) | |  | |  | |
-| [26.1 Apps for websites](#bkmk-apps-for-websites) | |  | | |
-| [27. Windows Update Delivery Optimization](#bkmk-updates) |  |  |  |  | |
-| [28. Windows Update](#bkmk-wu) |  |  |  | | |
-| [29. License Manager](#bkmk-licmgr) | | | |  | |
+| [9. License Manager](#bkmk-licmgr) | | | |  | |
+| [10. Live Tiles](#live-tiles) | |  | |  | |
+| [11. Mail synchronization](#bkmk-mailsync) |  | |  |  | |
+| [12. Microsoft Account](#bkmk-microsoft-account) | |  |  |  | |
+| [13. Microsoft Edge](#bkmk-edge) |  |  |  |  | |
+| [14. Network Connection Status Indicator](#bkmk-ncsi) | |  |  |  | |
+| [15. Offline maps](#bkmk-offlinemaps) |  |  | |  | |
+| [16. OneDrive](#bkmk-onedrive) | |  | |  | |
+| [17. Preinstalled apps](#bkmk-preinstalledapps) |  | | | |  |
+| [18. Settings > Privacy](#bkmk-settingssection) | | | | | |
+| [18.1 General](#bkmk-general) |  |  |  |  | |
+| [18.2 Location](#bkmk-priv-location) |  |  |  |  | |
+| [18.3 Camera](#bkmk-priv-camera) |  |  |  |  | |
+| [18.4 Microphone](#bkmk-priv-microphone) |  |  |  |  | |
+| [18.5 Notifications](#bkmk-priv-notifications) |  |  | |  | |
+| [18.6 Speech, inking, & typing](#bkmk-priv-speech) |  |  |  |  | |
+| [18.7 Account info](#bkmk-priv-accounts) |  |  |  |  | |
+| [18.8 Contacts](#bkmk-priv-contacts) |  |  |  |  | |
+| [18.9 Calendar](#bkmk-priv-calendar) |  |  |  |  | |
+| [18.10 Call history](#bkmk-priv-callhistory) |  |  |  |  | |
+| [18.11 Email](#bkmk-priv-email) |  |  |  |  | |
+| [18.12 Messaging](#bkmk-priv-messaging) |  |  |  |  | |
+| [18.13 Phone calls](#bkmk-priv-phone-calls) |  |  |  |  | |
+| [18.14 Radios](#bkmk-priv-radios) |  |  |  |  | |
+| [18.15 Other devices](#bkmk-priv-other-devices) |  |  |  |  | |
+| [18.16 Feedback & diagnostics](#bkmk-priv-feedback) |  |  |  |  | |
+| [18.17 Background apps](#bkmk-priv-background) |  |  |  | | |
+| [18.18 Motion](#bkmk-priv-motion) |  |  |  |  | |
+| [18.19 Tasks](#bkmk-priv-tasks) |  |  |  |  | |
+| [18.20 App Diagnostics](#bkmk-priv-diag) |  |  |  |  | |
+| [19. Software Protection Platform](#bkmk-spp) | |  |  |  | |
+| [20. Storage Health](#bkmk-storage-health) | |  | | | |
+| [21. Sync your settings](#bkmk-syncsettings) |  |  |  |  | |
+| [22. Teredo](#bkmk-teredo) | |  | |  |  |
+| [23. Wi-Fi Sense](#bkmk-wifisense) |  |  | |  | |
+| [24. Windows Defender](#bkmk-defender) | |  |  |  | |
+| [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | |  |  |  | |
+| [25. Windows Media Player](#bkmk-wmp) |  | | | |  |
+| [26. Windows Spotlight](#bkmk-spotlight) |  |  |  |  | |
+| [27. Microsoft Store](#bkmk-windowsstore) | |  | |  | |
+| [27.1 Apps for websites](#bkmk-apps-for-websites) | |  | | |
+| [28. Windows Update Delivery Optimization](#bkmk-updates) |  |  |  |  | |
+| [29. Windows Update](#bkmk-wu) |  |  |  | | |
+
### Settings for Windows Server 2016 with Desktop Experience
@@ -175,19 +176,19 @@ See the following table for a summary of the management settings for Windows Ser
| [6. Font streaming](#font-streaming) | |  |  | |
| [7. Insider Preview builds](#bkmk-previewbuilds) |  |  |  | |
| [8. Internet Explorer](#bkmk-ie) |  |  |  | |
-| [9. Live Tiles](#live-tiles) | |  |  | |
-| [11. Microsoft Account](#bkmk-microsoft-account) | |  |  | |
-| [13. Network Connection Status Indicator](#bkmk-ncsi) | |  |  | |
-| [15. OneDrive](#bkmk-onedrive) | |  | | |
-| [17. Settings > Privacy](#bkmk-settingssection) | | | | |
-| [17.1 General](#bkmk-general) |  |  |  | |
-| [18. Software Protection Platform](#bkmk-spp) | |  |  | |
-| [21. Teredo](#bkmk-teredo) | |  |  |  |
-| [23. Windows Defender](#bkmk-defender) | |  |  | |
-| [24. Windows Media Player](#bkmk-wmp) | | | |  |
-| [26. Microsoft Store](#bkmk-windowsstore) | |  |  | |
-| [26.1 Apps for websites](#bkmk-apps-for-websites) | |  | | |
-| [28. Windows Update](#bkmk-wu) | |  |  | |
+| [10. Live Tiles](#live-tiles) | |  |  | |
+| [12. Microsoft Account](#bkmk-microsoft-account) | |  |  | |
+| [14. Network Connection Status Indicator](#bkmk-ncsi) | |  |  | |
+| [16. OneDrive](#bkmk-onedrive) | |  | | |
+| [18. Settings > Privacy](#bkmk-settingssection) | | | | |
+| [18.1 General](#bkmk-general) |  |  |  | |
+| [19. Software Protection Platform](#bkmk-spp) | |  |  | |
+| [20. Teredo](#bkmk-teredo) | |  |  |  |
+| [24. Windows Defender](#bkmk-defender) | |  |  | |
+| [25. Windows Media Player](#bkmk-wmp) | | | |  |
+| [27. Microsoft Store](#bkmk-windowsstore) | |  |  | |
+| [27.1 Apps for websites](#bkmk-apps-for-websites) | |  | | |
+| [29. Windows Update](#bkmk-wu) | |  |  | |
### Settings for Windows Server 2016 Server Core
@@ -198,11 +199,11 @@ See the following table for a summary of the management settings for Windows Ser
| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) |  |  | |
| [3. Date & Time](#bkmk-datetime) |  |  | |
| [6. Font streaming](#font-streaming) |  |  | |
-| [13. Network Connection Status Indicator](#bkmk-ncsi) |  | | |
-| [18. Software Protection Platform](#bkmk-spp) |  | | |
-| [21. Teredo](#bkmk-teredo) |  | |  |
-| [23. Windows Defender](#bkmk-defender) |  |  | |
-| [28. Windows Update](#bkmk-wu) |  |  | |
+| [14. Network Connection Status Indicator](#bkmk-ncsi) |  | | |
+| [19. Software Protection Platform](#bkmk-spp) |  | | |
+| [22. Teredo](#bkmk-teredo) |  | |  |
+| [24. Windows Defender](#bkmk-defender) |  |  | |
+| [29. Windows Update](#bkmk-wu) |  |  | |
### Settings for Windows Server 2016 Nano Server
@@ -212,8 +213,8 @@ See the following table for a summary of the management settings for Windows Ser
| - | :-: | :-: | :-: | :-: | :-: |
| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) |  | |
| [3. Date & Time](#bkmk-datetime) |  | |
-| [21. Teredo](#bkmk-teredo) | |  |
-| [28. Windows Update](#bkmk-wu) |  | |
+| [22. Teredo](#bkmk-teredo) | |  |
+| [29. Windows Update](#bkmk-wu) |  | |
### Settings for Windows Server 2019
@@ -229,48 +230,48 @@ See the following table for a summary of the management settings for Windows Ser
| [6. Font streaming](#font-streaming) | |  |  |  | |
| [7. Insider Preview builds](#bkmk-previewbuilds) |  |  |  |  | |
| [8. Internet Explorer](#bkmk-ie) |  |  | |  | |
-| [9. Live Tiles](#live-tiles) | |  | |  | |
-| [10. Mail synchronization](#bkmk-mailsync) |  | |  |  | |
-| [11. Microsoft Account](#bkmk-microsoft-account) | |  |  |  | |
-| [12. Microsoft Edge](#bkmk-edge) |  |  |  |  | |
-| [13. Network Connection Status Indicator](#bkmk-ncsi) | |  |  |  | |
-| [14. Offline maps](#bkmk-offlinemaps) |  |  | |  | |
-| [15. OneDrive](#bkmk-onedrive) | |  | |  | |
-| [16. Preinstalled apps](#bkmk-preinstalledapps) |  | | | |  |
-| [17. Settings > Privacy](#bkmk-settingssection) | | | | | |
-| [17.1 General](#bkmk-general) |  |  |  |  | |
-| [17.2 Location](#bkmk-priv-location) |  |  |  |  | |
-| [17.3 Camera](#bkmk-priv-camera) |  |  |  |  | |
-| [17.4 Microphone](#bkmk-priv-microphone) |  |  |  |  | |
-| [17.5 Notifications](#bkmk-priv-notifications) |  |  | |  | |
-| [17.6 Speech, inking, & typing](#bkmk-priv-speech) |  |  |  |  | |
-| [17.7 Account info](#bkmk-priv-accounts) |  |  |  |  | |
-| [17.8 Contacts](#bkmk-priv-contacts) |  |  |  |  | |
-| [17.9 Calendar](#bkmk-priv-calendar) |  |  |  |  | |
-| [17.10 Call history](#bkmk-priv-callhistory) |  |  |  |  | |
-| [17.11 Email](#bkmk-priv-email) |  |  |  |  | |
-| [17.12 Messaging](#bkmk-priv-messaging) |  |  |  |  | |
-| [17.13 Phone calls](#bkmk-priv-phone-calls) |  |  |  |  | |
-| [17.14 Radios](#bkmk-priv-radios) |  |  |  |  | |
-| [17.15 Other devices](#bkmk-priv-other-devices) |  |  |  |  | |
-| [17.16 Feedback & diagnostics](#bkmk-priv-feedback) |  |  |  |  | |
-| [17.17 Background apps](#bkmk-priv-background) |  |  |  | | |
-| [17.18 Motion](#bkmk-priv-motion) |  |  |  |  | |
-| [17.19 Tasks](#bkmk-priv-tasks) |  |  |  |  | |
-| [17.20 App Diagnostics](#bkmk-priv-diag) |  |  |  |  | |
-| [18. Software Protection Platform](#bkmk-spp) | |  |  |  | |
-| [19. Storage Health](#bkmk-storage-health) | |  | | | |
-| [20. Sync your settings](#bkmk-syncsettings) |  |  |  |  | |
-| [21. Teredo](#bkmk-teredo) | |  | |  |  |
-| [22. Wi-Fi Sense](#bkmk-wifisense) |  |  | |  | |
-| [23. Windows Defender](#bkmk-defender) | |  |  |  | |
-| [23.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | |  |  |  | |
-| [24. Windows Media Player](#bkmk-wmp) |  | | | |  |
-| [25. Windows Spotlight](#bkmk-spotlight) |  |  |  |  | |
-| [26. Microsoft Store](#bkmk-windowsstore) | |  | |  | |
-| [26.1 Apps for websites](#bkmk-apps-for-websites) | |  | | |
-| [27. Windows Update Delivery Optimization](#bkmk-updates) |  |  |  |  | |
-| [28. Windows Update](#bkmk-wu) |  |  |  | | |
+| [10. Live Tiles](#live-tiles) | |  | |  | |
+| [11. Mail synchronization](#bkmk-mailsync) |  | |  |  | |
+| [12. Microsoft Account](#bkmk-microsoft-account) | |  |  |  | |
+| [13. Microsoft Edge](#bkmk-edge) |  |  |  |  | |
+| [14. Network Connection Status Indicator](#bkmk-ncsi) | |  |  |  | |
+| [15. Offline maps](#bkmk-offlinemaps) |  |  | |  | |
+| [16. OneDrive](#bkmk-onedrive) | |  | |  | |
+| [17. Preinstalled apps](#bkmk-preinstalledapps) |  | | | |  |
+| [18. Settings > Privacy](#bkmk-settingssection) | | | | | |
+| [18.1 General](#bkmk-general) |  |  |  |  | |
+| [18.2 Location](#bkmk-priv-location) |  |  |  |  | |
+| [18.3 Camera](#bkmk-priv-camera) |  |  |  |  | |
+| [18.4 Microphone](#bkmk-priv-microphone) |  |  |  |  | |
+| [18.5 Notifications](#bkmk-priv-notifications) |  |  | |  | |
+| [18.6 Speech, inking, & typing](#bkmk-priv-speech) |  |  |  |  | |
+| [18.7 Account info](#bkmk-priv-accounts) |  |  |  |  | |
+| [18.8 Contacts](#bkmk-priv-contacts) |  |  |  |  | |
+| [18.9 Calendar](#bkmk-priv-calendar) |  |  |  |  | |
+| [18.10 Call history](#bkmk-priv-callhistory) |  |  |  |  | |
+| [18.11 Email](#bkmk-priv-email) |  |  |  |  | |
+| [18.12 Messaging](#bkmk-priv-messaging) |  |  |  |  | |
+| [18.13 Phone calls](#bkmk-priv-phone-calls) |  |  |  |  | |
+| [18.14 Radios](#bkmk-priv-radios) |  |  |  |  | |
+| [18.15 Other devices](#bkmk-priv-other-devices) |  |  |  |  | |
+| [18.16 Feedback & diagnostics](#bkmk-priv-feedback) |  |  |  |  | |
+| [18.17 Background apps](#bkmk-priv-background) |  |  |  | | |
+| [18.18 Motion](#bkmk-priv-motion) |  |  |  |  | |
+| [18.19 Tasks](#bkmk-priv-tasks) |  |  |  |  | |
+| [18.20 App Diagnostics](#bkmk-priv-diag) |  |  |  |  | |
+| [19. Software Protection Platform](#bkmk-spp) | |  |  |  | |
+| [20. Storage Health](#bkmk-storage-health) | |  | | | |
+| [21. Sync your settings](#bkmk-syncsettings) |  |  |  |  | |
+| [22. Teredo](#bkmk-teredo) | |  | |  |  |
+| [23. Wi-Fi Sense](#bkmk-wifisense) |  |  | |  | |
+| [24. Windows Defender](#bkmk-defender) | |  |  |  | |
+| [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | |  |  |  | |
+| [25. Windows Media Player](#bkmk-wmp) |  | | | |  |
+| [26. Windows Spotlight](#bkmk-spotlight) |  |  |  |  | |
+| [27. Microsoft Store](#bkmk-windowsstore) | |  | |  | |
+| [27.1 Apps for websites](#bkmk-apps-for-websites) | |  | | |
+| [28. Windows Update Delivery Optimization](#bkmk-updates) |  |  |  |  | |
+| [29. Windows Update](#bkmk-wu) |  |  |  | | |
## How to configure each setting
@@ -341,8 +342,6 @@ You can also apply the Group Policies using the following registry keys:
| Don't search the web or display web results in Search| HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search
REG_DWORD: ConnectedSearchUseWeb
Value: 0 |
| Set what information is shared in Search | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search
REG_DWORD: ConnectedSearchPrivacy
Value: 3 |
-In Windows 10, version 1507 and Windows 10, version 1511, when you enable the **Don't search the web or display web results in Search** Group Policy, you can control the behavior of whether Cortana searches the web to display web results. However, this policy only covers whether or not web search is performed. There could still be a small amount of network traffic to Bing.com to evaluate if certain Cortana components are up-to-date or not. In order to turn off that network activity completely, you can create a Windows Firewall rule to prevent outbound traffic.
-
>[!IMPORTANT]
>These steps are not required for devices running Windows 10, version 1607 or Windows Server 2016.
@@ -446,8 +445,6 @@ If you're running Windows 10, version 1607, Windows Server 2016, or later:
- **true**. Font streaming is enabled.
-If you're running Windows 10, version 1507 or Windows 10, version 1511, create a REG\_DWORD registry setting named **DisableFontProviders** in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\FontCache\\Parameters** with a value of 1.
-
> [!NOTE]
> After you apply this policy, you must restart the device for it to take effect.
@@ -541,7 +538,6 @@ You can also use registry entries to set these Group Policies.
| Turn off background synchronization for feeds and Web Slices | HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Feeds
REG_DWORD: BackgroundSyncStatus
Value: 0|
| Turn off Online Tips | HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer
REG_DWORD: AllowOnlineTips
Value: 0|
-1. HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!AllowOnlineTips, 0, Null, Fail
To turn off the home page, enable the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Disable changing home page settings**, and set it to **about:blank**.
@@ -564,7 +560,25 @@ You can turn this off by:
For more info, see [Out-of-date ActiveX control blocking](https://technet.microsoft.com/library/dn761713.aspx).
-### 9. Live Tiles
+### 9. License Manager
+
+You can turn off License Manager related traffic by setting the following registry entry:
+
+- Add a REG\_DWORD value named **Start** to **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\LicenseManager** and set the value to 4
+
+- The value 4 is to disable the service. Here are the available options to set the registry:
+
+ - **0x00000000** = Boot
+
+ - **0x00000001** = System
+
+ - **0x00000002** = Automatic
+
+ - **0x00000003** = Manual
+
+ - **0x00000004** = Disabled
+
+### 10. Live Tiles
To turn off Live Tiles:
@@ -576,7 +590,7 @@ To turn off Live Tiles:
In Windows 10 Mobile, you must also unpin all tiles that are pinned to Start.
-### 10. Mail synchronization
+### 11. Mail synchronization
To turn off mail synchronization for Microsoft Accounts that are configured on a device:
@@ -598,7 +612,7 @@ To turn off the Windows Mail app:
- Create a REG\_DWORD registry setting named **ManualLaunchAllowed** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Mail** with a value of 0 (zero).
-### 11. Microsoft Account
+### 12. Microsoft Account
To prevent communication to the Microsoft Account cloud authentication service. Many apps and system components that depend on Microsoft Account authentication may lose functionality. Some of them could be in unexpected ways. For example, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
@@ -616,15 +630,14 @@ To disable the Microsoft Account Sign-In Assistant:
- Change the Start REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\wlidsvc** to a value of **4**.
-### 12. Microsoft Edge
+### 13. Microsoft Edge
Use either Group Policy or MDM policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730682).
-### 12.1 Microsoft Edge Group Policies
+### 13.1 Microsoft Edge Group Policies
Find the Microsoft Edge Group Policy objects under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft Edge**.
-
| Policy | Description |
|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
| Allow configuration updates for the Books Library | Choose whether configuration updates are done for the Books Library.
Default: Enabled |
@@ -637,19 +650,6 @@ Find the Microsoft Edge Group Policy objects under **Computer Configuration** &g
| Configure Start pages | Choose the Start page for domain-joined devices.
Set this to **\** |
| Prevent the First Run webpage from opening on Microsoft Edge | Choose whether employees see the First Run webpage.
Set to: Enable |
-The Windows 10, version 1511 Microsoft Edge Group Policy names are:
-
-| Policy | Description |
-|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Allow address bar drop-down list suggestions | Choose whether employees can use Address Bar drop-down list suggestions.
Default: Disabled |
-| Turn off autofill | Choose whether employees can use autofill on websites.
Default: Enabled |
-| Allow employees to send Do Not Track headers | Choose whether employees can send Do Not Track headers.
Default: Disabled |
-| Turn off password manager | Choose whether employees can save passwords locally on their devices.
Default: Enabled |
-| Turn off Address Bar search suggestions | Choose whether the Address Bar shows search suggestions.
Default: Enabled |
-| Turn off the SmartScreen Filter | Choose whether SmartScreen is turned on or off.
Default: Enabled |
-| Open a new tab with an empty tab | Choose whether a new tab page appears.
Default: Enabled |
-| Configure corporate Home pages | Choose the corporate Home page for domain-joined devices.
Set this to **about:blank** |
-
Alternatively, you can configure the Microsoft Group Policies using the following registry entries:
| Policy | Registry path |
@@ -666,7 +666,7 @@ Alternatively, you can configure the Microsoft Group Policies using the followin
| Prevent the First Run webpage from opening on Microsoft Edge | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Main
REG_DWORD name: PreventFirstRunPage
Value: 1|
-### 12.2 Microsoft Edge MDM policies
+### 13.2 Microsoft Edge MDM policies
The following Microsoft Edge MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
@@ -683,7 +683,7 @@ The following Microsoft Edge MDM policies are available in the [Policy CSP](http
For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/available-policies).
-### 13. Network Connection Status Indicator
+### 14. Network Connection Status Indicator
Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. For more info about NCSI, see [The Network Connection Status Icon](http://blogs.technet.com/b/networking/archive/2012/12/20/the-network-connection-status-icon.aspx).
@@ -702,7 +702,7 @@ You can turn off NCSI by doing one of the following:
- Create a REG\_DWORD registry setting named **NoActiveProbe** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\NetworkConnectivityStatusIndicator** with a value of 1 (one).
-### 14. Offline maps
+### 15. Offline maps
You can turn off the ability to download and update offline maps.
@@ -724,11 +724,7 @@ You can turn off the ability to download and update offline maps.
- Create a REG\_DWORD registry setting named **AllowUntriggeredNetworkTrafficOnSettingsPage** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Maps** with a value of 0 (zero).
- -or-
-
-- In Windows 10, version 1703 and later, apply the Settings/PageVisibilityList MDM policy from the [Policy CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) with a value of "hide:maps;maps-downloadmaps".
-
-### 15. OneDrive
+### 16. OneDrive
To turn off OneDrive in your organization:
@@ -746,7 +742,12 @@ To turn off OneDrive in your organization:
- Create a REG\_DWORD registry setting named **PreventNetworkTrafficPreUserSignIn** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\OneDrive** with a value of 1 (one).
-### 16. Preinstalled apps
+ -or-
+
+- Set the System/DisableOneDriveFileSync MDM policy from the [Policy CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync) to True (value 1) to disable OneDrive File Sync.
+
+
+### 17. Preinstalled apps
Some preinstalled apps get content before they are opened to ensure a great experience. You can remove these using the steps in this section.
@@ -866,49 +867,49 @@ To remove the Sticky notes app:
Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.MicrosoftStickyNotes | Remove-AppxPackage**
-### 17. Settings > Privacy
+### 18. Settings > Privacy
Use Settings > Privacy to configure some settings that may be important to your organization. Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC.
-- [17.1 General](#bkmk-general)
+- [18.1 General](#bkmk-general)
-- [17.2 Location](#bkmk-priv-location)
+- [18.2 Location](#bkmk-priv-location)
-- [17.3 Camera](#bkmk-priv-camera)
+- [18.3 Camera](#bkmk-priv-camera)
-- [17.4 Microphone](#bkmk-priv-microphone)
+- [18.4 Microphone](#bkmk-priv-microphone)
-- [17.5 Notifications](#bkmk-priv-notifications)
+- [18.5 Notifications](#bkmk-priv-notifications)
-- [17.6 Speech, inking, & typing](#bkmk-priv-speech)
+- [18.6 Speech, inking, & typing](#bkmk-priv-speech)
-- [17.7 Account info](#bkmk-priv-accounts)
+- [18.7 Account info](#bkmk-priv-accounts)
-- [17.8 Contacts](#bkmk-priv-contacts)
+- [18.8 Contacts](#bkmk-priv-contacts)
-- [17.9 Calendar](#bkmk-priv-calendar)
+- [18.9 Calendar](#bkmk-priv-calendar)
-- [17.10 Call history](#bkmk-priv-callhistory)
+- [18.10 Call history](#bkmk-priv-callhistory)
-- [17.11 Email](#bkmk-priv-email)
+- [18.11 Email](#bkmk-priv-email)
-- [17.12 Messaging](#bkmk-priv-messaging)
+- [18.12 Messaging](#bkmk-priv-messaging)
-- [17.13 Radios](#bkmk-priv-radios)
+- [18.13 Radios](#bkmk-priv-radios)
-- [17.14 Other devices](#bkmk-priv-other-devices)
+- [18.14 Other devices](#bkmk-priv-other-devices)
-- [17.15 Feedback & diagnostics](#bkmk-priv-feedback)
+- [18.15 Feedback & diagnostics](#bkmk-priv-feedback)
-- [17.16 Background apps](#bkmk-priv-background)
+- [18.16 Background apps](#bkmk-priv-background)
-- [17.17 Motion](#bkmk-priv-motion)
+- [18.17 Motion](#bkmk-priv-motion)
-- [17.18 Tasks](#bkmk-priv-tasks)
+- [18.18 Tasks](#bkmk-priv-tasks)
-- [17.19 App Diagnostics](#bkmk-priv-diag)
+- [18.19 App Diagnostics](#bkmk-priv-diag)
-### 17.1 General
+### 18.1 General
**General** includes options that don't fall into other areas.
@@ -1025,7 +1026,7 @@ To turn off **Let apps on my other devices use Bluetooth to open apps and contin
- Turn off the feature in the UI.
-### 17.2 Location
+### 18.2 Location
In the **Location** area, you choose whether devices have access to location-specific sensors and which apps have access to the device's location.
@@ -1084,7 +1085,7 @@ To turn off **Choose apps that can use your location**:
- Turn off each app using the UI.
-### 17.3 Camera
+### 18.3 Camera
In the **Camera** area, you can choose which apps can access a device's camera.
@@ -1125,7 +1126,7 @@ To turn off **Choose apps that can use your camera**:
- Turn off the feature in the UI for each app.
-### 17.4 Microphone
+### 18.4 Microphone
In the **Microphone** area, you can choose which apps can access a device's microphone.
@@ -1155,7 +1156,7 @@ To turn off **Choose apps that can use your microphone**:
- Turn off the feature in the UI for each app.
-### 17.5 Notifications
+### 18.5 Notifications
>[!IMPORTANT]
>Disabling notifications will also disable the ability to manage the device through MDM. If you are using an MDM solution, make sure cloud notifications are enabled through one of the options below.
@@ -1202,7 +1203,7 @@ To turn off **Let apps access my notifications**:
- Create a REG\_DWORD registry setting named **LetAppsAccessNotifications** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two)
-### 17.6 Speech, inking, & typing
+### 18.6 Speech, inking, & typing
In the **Speech, Inking, & Typing** area, you can let Windows and Cortana better understand your employee's voice and written input by sampling their voice and writing, and by comparing verbal and written input to contact names and calendar entrees.
@@ -1244,7 +1245,7 @@ Apply the Speech/AllowSpeechModelUpdate MDM policy from the [Policy CSP](https:/
- Create a REG\_DWORD registry setting named **ModelDownloadAllowed** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Preferences** with a value of 0 (zero).
-### 17.7 Account info
+### 18.7 Account info
In the **Account Info** area, you can choose which apps can access your name, picture, and other account info.
@@ -1274,7 +1275,7 @@ To turn off **Choose the apps that can access your account info**:
- Turn off the feature in the UI for each app.
-### 17.8 Contacts
+### 18.8 Contacts
In the **Contacts** area, you can choose which apps can access an employee's contacts list.
@@ -1300,7 +1301,7 @@ To turn off **Choose apps that can access contacts**:
- Create a REG\_DWORD registry setting named **LetAppsAccessContacts** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
-### 17.9 Calendar
+### 18.9 Calendar
In the **Calendar** area, you can choose which apps have access to an employee's calendar.
@@ -1330,7 +1331,7 @@ To turn off **Choose apps that can access calendar**:
- Turn off the feature in the UI for each app.
-### 17.10 Call history
+### 18.10 Call history
In the **Call history** area, you can choose which apps have access to an employee's call history.
@@ -1356,7 +1357,7 @@ To turn off **Let apps access my call history**:
- Create a REG\_DWORD registry setting named **LetAppsAccessCallHistory** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
-### 17.11 Email
+### 18.11 Email
In the **Email** area, you can choose which apps have can access and send email.
@@ -1382,7 +1383,7 @@ To turn off **Let apps access and send email**:
- Create a REG\_DWORD registry setting named **LetAppsAccessEmail** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
-### 17.12 Messaging
+### 18.12 Messaging
In the **Messaging** area, you can choose which apps can read or send messages.
@@ -1422,7 +1423,7 @@ To turn off **Choose apps that can read or send messages**:
- Set the **Allow Message Service Cloud** to **Disable**.
-### 17.13 Phone calls
+### 18.13 Phone calls
In the **Phone calls** area, you can choose which apps can make phone calls.
@@ -1453,7 +1454,7 @@ To turn off **Choose apps that can make phone calls**:
- Turn off the feature in the UI for each app.
-### 17.14 Radios
+### 18.14 Radios
In the **Radios** area, you can choose which apps can turn a device's radio on or off.
@@ -1484,7 +1485,7 @@ To turn off **Choose apps that can control radios**:
- Turn off the feature in the UI for each app.
-### 17.15 Other devices
+### 18.15 Other devices
In the **Other Devices** area, you can choose whether devices that aren't paired to PCs, such as an Xbox One, can share and sync info.
@@ -1527,7 +1528,7 @@ To turn off **Let your apps use your trusted devices (hardware you've already co
- **1**. Force allow
- **2**. Force deny
-### 17.16 Feedback & diagnostics
+### 18.16 Feedback & diagnostics
In the **Feedback & Diagnostics** area, you can choose how often you're asked for feedback and how much diagnostic and usage information is sent to Microsoft.
@@ -1614,7 +1615,7 @@ To turn off tailored experiences with relevant tips and recommendations by using
- Apply the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**
-### 17.17 Background apps
+### 18.17 Background apps
In the **Background Apps** area, you can choose which apps can run in the background.
@@ -1643,7 +1644,7 @@ To turn off **Let apps run in the background**:
> [!NOTE]
> Some apps, including Cortana and Search, might not function as expected if you set **Let apps run in the background** to **Force Deny**.
-### 17.18 Motion
+### 18.18 Motion
In the **Motion** area, you can choose which apps have access to your motion data.
@@ -1667,7 +1668,7 @@ To turn off **Let Windows and your apps use your motion data and collect motion
- Create a REG\_DWORD registry setting named **LetAppsAccessMotion** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two).
-### 17.19 Tasks
+### 18.19 Tasks
In the **Tasks** area, you can choose which apps have access to your tasks.
@@ -1689,7 +1690,7 @@ To turn this off:
- **1**. Force allow
- **2**. Force deny
-### 17.20 App Diagnostics
+### 18.20 App Diagnostics
In the **App diagnostics** area, you can choose which apps have access to your diagnostic information.
@@ -1710,7 +1711,7 @@ To turn this off:
- **2**. Force deny
-### 18. Software Protection Platform
+### 19. Software Protection Platform
Enterprise customers can manage their Windows activation status with volume licensing using an on-premises Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:
@@ -1742,7 +1743,7 @@ For Windows Server 2016:
The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
-### 19. Storage health
+### 20. Storage health
Enterprise customers can manage updates to the Disk Failure Prediction Model.
@@ -1753,7 +1754,7 @@ For Windows 10:
- Create a REG\_DWORD registry setting named **AllowDiskHealthModelUpdates** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\StorageHealth** with a value of 0.
-### 20. Sync your settings
+### 21. Sync your settings
You can control if your settings are synchronized:
@@ -1784,7 +1785,7 @@ To turn off Messaging cloud sync:
- Set the Group Policy Allow Message Service Cloud to Disable. The Group Policy path is Computer Configuration\Administrative templates\Windows Components\Messaging\Allow Message Service Cloud
- Create a REG\_DWORD registry setting named **CloudServiceSyncEnabled** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Messaging** with a value of 0 (zero).
-### 21. Teredo
+### 22. Teredo
You can disable Teredo by using Group Policy or by using the netsh.exe command. For more info on Teredo, see [Internet Protocol Version 6, Teredo, and Related Technologies](https://technet.microsoft.com/library/cc722030.aspx).
@@ -1801,7 +1802,7 @@ You can disable Teredo by using Group Policy or by using the netsh.exe command.
- From an elevated command prompt, run **netsh interface teredo set state disabled**
-### 22. Wi-Fi Sense
+### 23. Wi-Fi Sense
>[!IMPORTANT]
>Beginning with Windows 10, version 1803, Wi-Fi Sense is no longer available. The following section only applies to Windows 10, version 1709 and prior. Please see [Connecting to open Wi-Fi hotspots in Windows 10](https://privacy.microsoft.com/en-us/windows-10-open-wi-fi-hotspots) for more details.
@@ -1830,7 +1831,7 @@ To turn off **Connect to suggested open hotspots** and **Connect to networks sha
When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but they’re non-functional and they can’t be controlled by the employee.
-### 23. Windows Defender
+### 24. Windows Defender
You can disconnect from the Microsoft Antimalware Protection Service.
@@ -1890,7 +1891,7 @@ For Windows 10 only, you can stop Enhanced Notifications:
You can also use the registry to turn off Malicious Software Reporting Tool diagnostic data by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1.
-### 23.1 Windows Defender SmartScreen
+### 24.1 Windows Defender SmartScreen
To disable Windows Defender Smartscreen:
@@ -1920,7 +1921,7 @@ To disable Windows Defender Smartscreen:
- Apply the Browser/AllowSmartScreen MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is turned off and 1 is turned on.
-### 24. Windows Media Player
+### 25. Windows Media Player
To remove Windows Media Player on Windows 10:
@@ -1934,7 +1935,7 @@ To remove Windows Media Player on Windows Server 2016:
- Run the following DISM command from an elevated command prompt: **dism /online /Disable-Feature /FeatureName:WindowsMediaPlayer**
-### 25. Windows Spotlight
+### 26. Windows Spotlight
Windows Spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface, MDM policy, or through Group Policy.
@@ -1969,9 +1970,6 @@ If you're not running Windows 10, version 1607 or later, you can use the other o
- **Personalization** > **Lock screen** > **Background** > **Windows spotlight**, select a different background, and turn off **Get fun facts, tips, tricks and more on your lock screen**.
- > [!NOTE]
- > In Windows 10, version 1507 and Windows 10, version 1511, this setting was named **Show me tips, tricks, and more on the lock screen**.
-
- **Personalization** > **Start** > **Occasionally show suggestions in Start**.
- **System** > **Notifications & actions** > **Show me tips about Windows**.
@@ -2010,7 +2008,7 @@ If you're not running Windows 10, version 1607 or later, you can use the other o
For more info, see [Windows Spotlight on the lock screen](/windows/configuration/windows-spotlight).
-### 26. Microsoft Store
+### 27. Microsoft Store
You can turn off the ability to launch apps from the Microsoft Store that were preinstalled or downloaded.
This will also turn off automatic app updates, and the Microsoft Store will be disabled.
@@ -2029,13 +2027,13 @@ On Windows Server 2016, this will block Microsoft Store calls from Universal Win
- Create a new REG\_DWORD registry setting named **AutoDownload** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore** with a value of 2 (two).
-### 26.1 Apps for websites
+### 27.1 Apps for websites
You can turn off apps for websites, preventing customers who visit websites that are registered with their associated app from directly launching the app.
Disable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Group Policy** > **Configure web-to-app linking with URI handlers**
-### 27. Windows Update Delivery Optimization
+### 28. Windows Update Delivery Optimization
Windows Update Delivery Optimization lets you get Windows updates and Microsoft Store apps from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection, but can also help you reduce the amount of bandwidth needed to keep all of your organization's PCs up-to-date. If you have Delivery Optimization turned on, PCs on your network may send and receive updates and apps to other PCs on your local network, if you choose, or to PCs on the Internet.
@@ -2045,13 +2043,13 @@ Use the UI, Group Policy, MDM policies, or Windows Provisioning to set up Delive
In Windows 10, version 1607, you can stop network traffic related to Windows Update Delivery Optimization by setting **Download Mode** to **Simple** (99) or **Bypass** (100), as described below.
-### 27.1 Settings > Update & security
+### 28.1 Settings > Update & security
You can set up Delivery Optimization from the **Settings** UI.
- Go to **Settings** > **Update & security** > **Windows Update** > **Advanced options** > **Choose how updates are delivered**.
-### 27.2 Delivery Optimization Group Policies
+### 28.2 Delivery Optimization Group Policies
You can find the Delivery Optimization Group Policy objects under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Delivery Optimization**.
@@ -2065,7 +2063,7 @@ You can find the Delivery Optimization Group Policy objects under **Computer Con
Set the Delivery Optimization Group Policy to "Bypass" to prevent traffic. Alternatively, you can set the **Download Mode** policy by creating a new REG\_DWORD registry setting named **DODownloadMode** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization** to a value of 100 (one hundred).
-### 27.3 Delivery Optimization MDM policies
+### 28.3 Delivery Optimization MDM policies
The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
@@ -2078,7 +2076,7 @@ The following Delivery Optimization MDM policies are available in the [Policy CS
| DeliveryOptimization/DOMaxUploadBandwidth | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity.
The default value is 0, which means unlimited possible bandwidth.|
-### 27.4 Delivery Optimization Windows Provisioning
+### 28.4 Delivery Optimization Windows Provisioning
If you don't have an MDM server in your enterprise, you can use Windows Provisioning to configure the Delivery Optimization policies
@@ -2094,7 +2092,7 @@ Use Windows ICD, included with the [Windows Assessment and Deployment Kit (Windo
For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730684).
-### 28. Windows Update
+### 29. Windows Update
You can turn off Windows Update by setting the following registry entries:
@@ -2141,23 +2139,5 @@ You can turn off automatic updates by doing one of the following. This is not re
- **5**. Turn off automatic updates.
-
-### 29. License Manager
-
-You can turn off License Manager related traffic by setting the following registry entry:
-
-- Add a REG\_DWORD value named **Start** to **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\LicenseManager** and set the value to 4
-
-- The value 4 is to disable the service. Here are the available options to set the registry:
-
- - **0x00000000** = Boot
-
- - **0x00000001** = System
-
- - **0x00000002** = Automatic
-
- - **0x00000003** = Manual
-
- - **0x00000004** = Disabled
-
To learn more, see [Device update management](https://msdn.microsoft.com/library/windows/hardware/dn957432.aspx) and [Configure Automatic Updates by using Group Policy](https://technet.microsoft.com/library/cc720539.aspx).
+
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
index 789395a1bf..f07f4f199a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
@@ -15,7 +15,7 @@ localizationpriority: medium
ms.date: 08/19/2018
---
# Windows Hello for Business Provisioning
-
+
**Applies to:**
- Windows 10
@@ -24,14 +24,14 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
- The Windows Hello for Business deployment type
- If the environment is managed or federated
-[Azure AD joined provisioning in a Managed environment](#Azure-AD-joined-provisioning-in-a-Managed-environment)
-[Azure AD joined provisioning in a Federated environment](#Azure-AD-joined-provisioning-in-a-Federated-environment)
-[Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed envrionment](#Hybrid-Azure-AD-joined-provisioning-in-a-Key-Trust-deployment-in-a-Managed-envrionment)
-[Hybrid Azure AD joined provisioning in a Certificate Trust deployment in a Managed environment](#Hybrid-Azure-AD-joined-provisioning-in-a-Certificate-Trust-deployment-in-a-Managed-environment)
-[Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Managed environment](#Hybrid-Azure-AD-joined-provisioning-in-a-synchronous-Certificate-Trust-deployment-in-a-Managed-environment)
-[Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment](#Hybrid-Azure-AD-joined-provisioning-in-a-synchronous-Certificate-Trust-deployment-in-a-Federated-environment)
-[Domain joined provisioning in an On-premises Key Trust deployment](#Domain-joined-provisioning-in-an-On-premises-Key-Trust-deployment)
-[Domain joined provisioning in an On-premises Certificate Trust deployment](#Domain-joined-provisioning-in-an-On-premises-Certificate-Trust-deployment)
+[Azure AD joined provisioning in a Managed environment](#azure-ad-joined-provisioning-in-a-managed-environment)
+[Azure AD joined provisioning in a Federated environment](#azure-ad-joined-provisioning-in-a-federated-environment)
+[Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment](#hybrid-azure-ad-joined-provisioning-in-a-key-trust-deployment-in-a-managed-environment)
+[Hybrid Azure AD joined provisioning in a Certificate Trust deployment in a Managed environment](#hybrid-azure-ad-joined-provisioning-in-a-certificate-trust-deployment-in-a-managed-environment)
+[Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Managed environment](#hybrid-azure-ad-joined-provisioning-in-a-synchronous-certificate-trust-deployment-in-a-managed-environment)
+[Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment](#hybrid-azure-ad-joined-provisioning-in-a-synchronous-certificate-trust-deployment-in-a-federated-environment)
+[Domain joined provisioning in an On-premises Key Trust deployment](#domain-joined-provisioning-in-an-on-premises-key-trust-deployment)
+[Domain joined provisioning in an On-premises Certificate Trust deployment](#domain-joined-provisioning-in-an-on-premises-certificate-trust-deployment)
@@ -45,7 +45,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
|C | The application sends the ADRS token, ukpub, attestation data, and device information to ADRS for user key registration. Azure DRS validates the MFA claim remains current. On successful validation, Azure DRS locates the user's object in Azure Active Directory, writes the key information to a multi-values attribute. The key information includes a reference to the device from which it was created. Azure Active Directory returns a key ID to the application which signals the end of user provisioning and the application exits.|
-[Return to top](#Windows-Hello-for-Business-Provisioning)
+[Return to top](#windows-hello-for-business-provisioning)
## Azure AD joined provisioning in a Federated environment
@@ -55,7 +55,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
|B | After receiving a ADRS access token, the application detects if the device has a Windows Hello biometric compatible sensor. If the application detects a biometric sensor, it gives the user the choice to enroll biometrics. After completing or skipping biometric enrollment, the application requires the user to create a PIN and the default (and fall-back gesture when used with biometrics). The user provides and confirms their PIN. Next, the application requests a Windows Hello for Business key pair from the key pre-generation pool, which includes attestation data. This is the user key (ukpub/ukpriv).|
|C | The application sends the ADRS token, ukpub, attestation data, and device information to ADRS for user key registration. Azure DRS validates MFA claim remains current. On successful validation, Azure DRS locates the user's object in Azure Active Directory, writes the key information to a multi-values attribute. The key information includes a reference to the device from which it was created. Azure Active Directory returns key ID to the application which signals the end of user provisioning and the application exits.|
-[Return to top](#Windows-Hello-for-Business-Provisioning)
+[Return to top](#windows-hello-for-business-provisioning)
## Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed envrionment
@@ -71,7 +71,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
-[Return to top](#Windows-Hello-for-Business-Provisioning)
+[Return to top](#windows-hello-for-business-provisioning)
## Hybrid Azure AD joined provisioning in a Certificate Trust deployment in a Managed environment
@@ -89,7 +89,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
> The newly provisionied user will not be able to sign in using Windows Hello for Business until Azure AD Connect successfully synchronizes the public key to the on-premises Active Directory.
-[Return to top](#Windows-Hello-for-Business-Provisioning)
+[Return to top](#windows-hello-for-business-provisioning)
## Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Managed environment
@@ -106,7 +106,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
> Synchronous certificate enrollment does not depend on Azure AD Connect to syncrhonize the user's public key to issue the Windows Hello for Business authentication certificate. Users can sign-in using the certificate immediately after provisioning completes. Azure AD Connect continues to synchronize the public key to Active Directory, but is not show in this flow.
-[Return to top](#Windows-Hello-for-Business-Provisioning)
+[Return to top](#windows-hello-for-business-provisioning)
## Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment
@@ -122,7 +122,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
> [!IMPORTANT]
> Synchronous certificate enrollment does not depend on Azure AD Connect to syncrhonize the user's public key to issue the Windows Hello for Business authentication certificate. Users can sign-in using the certificate immediately after provisioning completes. Azure AD Connect continues to synchronize the public key to Active Directory, but is not show in this flow.
-[Return to top](#Windows-Hello-for-Business-Provisioning)
+[Return to top](#windows-hello-for-business-provisioning)
## Domain joined provisioning in an On-premises Key Trust deployment
@@ -133,7 +133,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
|C | The application sends the EDRS token, ukpub, attestation data, and device information to the Enterprise DRS for user key registration. Enterprise DRS validates the MFA claim remains current. On successful validation, the Enterprise DRS locates the user's object in Active Directory, writes the key information to a multi-values attribute. The key information includes a reference to the device from which it was created. The Enterprise DRS returns a key ID to the application, which represents the end of user key registration.|
-[Return to top](#Windows-Hello-for-Business-Provisioning)
+[Return to top](#windows-hello-for-business-provisioning)
## Domain joined provisioning in an On-premises Certificate Trust deployment
@@ -147,4 +147,4 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong,
|F |The registration authority sends the certificate request to the enterprise issuing certificate authority. The certificate authority validates the certificate request is signed by a valid enrollment agent and, on success, issues a certificate and returns it to the registration authority that then returns the certificate to the application.|
|G | The application receives the newly issued certificate and installs it into the Personal store of the user. This signals the end of provisioning.|
-[Return to top](#Windows-Hello-for-Business-Provisioning)
+[Return to top](#windows-hello-for-business-provisioning)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index 4ddd3e27d4..d231dc9a9c 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -66,15 +66,21 @@ If you are interested in configuring your environment to use the Windows Hello f
Certificate authorities write CRL distribution points in certificates as they are issued. If the distribution point changes, then previously issued certificates must be reissued for the certificate authority to include the new CRL distribution point. The domain controller certificate is one the critical components of Azure AD joined devices authenticating to Active Directory
-#### Why does Windows need to validate the domain controller certifcate?
+#### Why does Windows need to validate the domain controller certificate?
-Windows Hello for Business enforces the strict KDC validation security feature, which enforces a more restrictive criteria that must be met by the Key Distribution Center (KDC). When authenticating using Windows Hello for Business, the Windows 10 client validates the reply from the domain controller by ensuring all of the following are met:
+Windows Hello for Business enforces the strict KDC validation security feature, which imposes more restrictive criteria that must be met by the Key Distribution Center (KDC). When authenticating using Windows Hello for Business, the Windows 10 client validates the reply from the domain controller by ensuring all of the following are met:
- The domain controller has the private key for the certificate provided.
- The root CA that issued the domain controller's certificate is in the device's **Trusted Root Certificate Authorities**.
+- Use the **Kerberos Authentication certificate template** instead of any other older template.
- The domain controller's certificate has the **KDC Authentication** enhanced key usage.
- The domain controller's certificate's subject alternate name has a DNS Name that matches the name of the domain.
+
+> [!Tip]
+> If you are using Windows Server 2008, **Kerberos Authentication** is not the default template, so make sure to use the correct template when issuing or re-issuing the certificate.
+
+
## Configuring a CRL Distribution Point for an issuing certificate authority
Use this set of procedures to update your certificate authority that issues your domain controller certificates to include an http-based CRL distribution point.
@@ -164,7 +170,7 @@ These procedures configure NTFS and share permissions on the web server to allow
9. Click **Close** in the **cdp Properties** dialog box.
-### Configure the new CRL distribution point and Publishing location in the issuing certifcate authority
+### Configure the new CRL distribution point and Publishing location in the issuing certificate authority
The web server is ready to host the CRL distribution point. Now, configure the issuing certificate authority to publish the CRL at the new location and to include the new CRL distribution point
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
index 71ad012ce7..6f443cff4f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
@@ -30,7 +30,7 @@ The distributed systems on which these technologies were built involved several
* [Public Key Infrastucture](#public-key-infrastructure)
* [Directory Synchronization](#directory-synchronization)
* [Federation](#federation)
-* [MultiFactor Authetication](#multifactor-authentication)
+* [MultiFactor Authentication](#multifactor-authentication)
* [Device Registration](#device-registration)
## Directories ##
@@ -140,4 +140,4 @@ If your environment is already federated and supports Azure device registration,
3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md)
-6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md)
\ No newline at end of file
+6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index aebc17a2ae..1993139da7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -62,7 +62,7 @@ The minimum required enterprise certificate authority that can be used with Wind
> [!IMPORTANT]
> For Azure AD joined device to authenticate to and use on-premises resources, ensure you:
-> * Install the root certificate authority certificate for your organization in the user's trusted root certifcate store.
+> * Install the root certificate authority certificate for your organization in the user's trusted root certificate store.
> * Publish your certificate revocation list to a location that is available to Azure AD joined devices, such as a web-based url.
### Section Review
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index fbd2110915..6a27c63800 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -11,7 +11,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.date: 03/05/2019
+ms.date: 03/15/2019
---
# Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune
@@ -426,7 +426,7 @@ For example:
URL <,proxy>|URL <,proxy>/*AppCompat*/
```
-When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the **Domain joined or marked as compliant** option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access.
+When you use this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the **Domain joined or marked as compliant** option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access.
Value format with proxy:
diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 177a70d01a..66995768bb 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -235,11 +235,13 @@
###### [Troubleshoot onboarding issues](windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
####### [Troubleshoot subscription and portal access issues](windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
-##### [Use the Windows Defender ATP exposed APIs](windows-defender-atp/use-apis.md)
-###### Create your app
-####### [Get access on behalf of a user](windows-defender-atp/exposed-apis-create-app-nativeapp.md)
-####### [Get access without a user](windows-defender-atp/exposed-apis-create-app-webapp.md)
-###### [Supported Windows Defender ATP APIs](windows-defender-atp/exposed-apis-list.md)
+##### [Windows Defender ATP API](windows-defender-atp/use-apis.md)
+###### [Get started with Windows Defender ATP APIs](windows-defender-atp/apis-intro.md)
+####### [Hello World](windows-defender-atp/api-hello-world.md)
+####### [Get access with application context](windows-defender-atp/exposed-apis-create-app-webapp.md)
+####### [Get access with user context](windows-defender-atp/exposed-apis-create-app-nativeapp.md)
+###### [APIs](windows-defender-atp/exposed-apis-list.md)
+
####### [Advanced Hunting](windows-defender-atp/run-advanced-query-api.md)
####### [Alert](windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md)
@@ -253,6 +255,33 @@
######## [Get alert related machine information](windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md)
######## [Get alert related user information](windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md)
+####### [Machine](windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md)
+######## [List machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md)
+######## [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md)
+######## [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md)
+######## [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md)
+######## [Add or Remove machine tags](windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md)
+######## [Find machines by IP](windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md)
+
+####### [Machine Action](windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md)
+######## [List Machine Actions](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md)
+######## [Get Machine Action](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md)
+######## [Collect investigation package](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md)
+######## [Get investigation package SAS URI](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md)
+######## [Isolate machine](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md)
+######## [Release machine from isolation](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md)
+######## [Restrict app execution](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md)
+######## [Remove app restriction](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md)
+######## [Run antivirus scan](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md)
+######## [Offboard machine](windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md)
+######## [Stop and quarantine file](windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md)
+######## [Initiate investigation (preview)](windows-defender-atp/initiate-autoir-investigation-windows-defender-advanced-threat-protection-new.md)
+
+####### [Indicators (preview)](windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md)
+######## [Submit Indicator](windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md)
+######## [List Indicators](windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md)
+######## [Delete Indicator](windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md)
+
####### Domain
######## [Get domain related alerts](windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md)
######## [Get domain related machines](windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md)
@@ -271,28 +300,6 @@
######## [Get IP statistics](windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection-new.md)
######## [Is IP seen in organization](windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection-new.md)
-####### [Machine](windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md)
-######## [List machines](windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md)
-######## [Get machine by ID](windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md)
-######## [Get machine log on users](windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection-new.md)
-######## [Get machine related alerts](windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection-new.md)
-######## [Add or Remove machine tags](windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md)
-######## [Find machines by IP](windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md)
-
-
-####### [Machine Action](windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md)
-######## [List Machine Actions](windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection-new.md)
-######## [Get Machine Action](windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection-new.md)
-######## [Collect investigation package](windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection-new.md)
-######## [Get investigation package SAS URI](windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection-new.md)
-######## [Isolate machine](windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection-new.md)
-######## [Release machine from isolation](windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection-new.md)
-######## [Restrict app execution](windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection-new.md)
-######## [Remove app restriction](windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md)
-######## [Run antivirus scan](windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection-new.md)
-######## [Offboard machine](windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md)
-######## [Stop and quarantine file](windows-defender-atp/stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md)
-
####### [User](windows-defender-atp/user-windows-defender-advanced-threat-protection-new.md)
######## [Get user related alerts](windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection-new.md)
######## [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md)
@@ -329,8 +336,8 @@
###### [Enable SIEM integration](windows-defender-atp/enable-siem-integration-windows-defender-advanced-threat-protection.md)
###### [Configure Splunk to pull alerts](windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md)
###### [Configure HP ArcSight to pull alerts](windows-defender-atp/configure-arcsight-windows-defender-advanced-threat-protection.md)
-###### [Windows Defender ATP alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md)
-###### [Pull alerts using REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+###### [Windows Defender ATP SIEM alert API fields](windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md)
+###### [Pull alerts using SIEM REST API](windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
###### [Troubleshoot SIEM tool integration issues](windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
index f87f26230b..3856c87941 100644
--- a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
+++ b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md
@@ -18,29 +18,25 @@ ms.topic: article
The Microsoft Virus Initiative (MVI) helps organizations to get their products working and integrated with Windows.
-Like the [Virus Information Alliance (VIA)](virus-information-alliance-criteria.md) and the [Coordinated Malware Eradication (CME) program](coordinated-malware-eradication.md), MVI aims to share information about the threat landscape that can help your organization protect its customers.
+MVI members will receive access to Windows APIs (such as those used by Windows Defender Antivirus), and other technologies including IOAV, AMSI and Cloud Files, malware telemetry and samples, and invitations to security related events and conferences.
-MVI members will receive access to Windows APIs (such as those used by Windows Defender Security Center, IOAV, AMSI and Cloud Files), malware telemetry and samples, and invitations to security related events and conferences.
-
-MVI adds to VIA by requiring members to develop and own antimalware technology, and to be present in the antimalware industry community.
+MVI requires members to develop and own antimalware technology and to be present in the antimalware industry community.
## Join MVI
A request for membership is made by an individual as a representative of an organization that develops and produces antimalware or antivirus technology.
-The base criteria for MVI membership are the same as for VIA, but your organization must also offer an antimalware or antivirus product.
### Initial selection criteria
-Your organization must meet the following eligibility requirements to participate in the MVI program:
+Your organization must meet the following eligibility requirements to qualify for the MVI program:
1. Offer an antimalware or antivirus product that is one of the following:
* Your organization's own creation.
- * Licensed from another organization, but your organization adds value such as additional Security intelligence.
- * Developed by using an SDK (engine and other components) from another MVI Partner AM company and your organization adds a custom UI and/or other functionality (white box versions).
+ * Developed by using an SDK (engine and other components) from another MVI Partner company and your organization adds a custom UI and/or other functionality.
-2. Have your own malware research team unless you distribute a Whitebox product.
+2. Have your own malware research team unless you build a product based on an SDK.
3. Be active and have a positive reputation in the antimalware industry. Your organization is:
@@ -51,10 +47,10 @@ Your organization must meet the following eligibility requirements to participat
5. Be willing to sign a program license agreement.
-6. Be willing to adhere to program requirements for AM apps. These requirements define the behavior of AM apps necessary to ensure proper interaction with Windows.
+6. Be willing to adhere to program requirements for antimalware apps. These requirements define the behavior of antimalware apps necessary to ensure proper interaction with Windows.
-7. Submit your AM app to Microsoft for periodic performance testing.
+7. Submit your app to Microsoft for periodic performance testing.
### Apply now
-If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).
\ No newline at end of file
+If your organization meets these criteria and is interested in joining, [apply for membership now](https://www.microsoft.com/wdsi/alliances/apply-alliance-membership). If you have questions, [contact us for more information](https://www.microsoft.com/wdsi/alliances/collaboration-inquiry).
diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md
index 580a5b58bd..860ed64ab2 100644
--- a/windows/security/threat-protection/mbsa-removal-and-guidance.md
+++ b/windows/security/threat-protection/mbsa-removal-and-guidance.md
@@ -19,12 +19,12 @@ MBSA was largely used in situations where neither Microsoft Update nor a local W
## The Solution
A script can help you with an alternative to MBSA’s patch-compliance checking:
-- [Using WUA to Scan for Updates Offline](https://docs.microsoft.com/previous-versions/windows/desktop/aa387290(v=vs.85)), which includes a sample .vbs script.
+- [Using WUA to Scan for Updates Offline](https://docs.microsoft.com/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline), which includes a sample .vbs script.
For a PowerShell alternative, see [Using WUA to Scan for Updates Offline with PowerShell](https://gallery.technet.microsoft.com/Using-WUA-to-Scan-for-f7e5e0be).
For example:
-[](https://docs.microsoft.com/previous-versions/windows/desktop/aa387290(v=vs.85))
+[](https://docs.microsoft.com/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline)
[](https://gallery.technet.microsoft.com/Using-WUA-to-Scan-for-f7e5e0be)
The preceding scripts leverage the [WSUS offline scan file](https://support.microsoft.com/help/927745/detailed-information-for-developers-who-use-the-windows-update-offline) (wsusscn2.cab) to perform a scan and get the same information on missing updates as MBSA supplied. MBSA also relied on the wsusscn2.cab to determine which updates were missing from a given system without connecting to any online service or server. The wsusscn2.cab file is still available and there are currently no plans to remove or replace it.
diff --git a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
index 8a846cc675..787c9a85ad 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
@@ -45,6 +45,9 @@ There are specific network-connectivity requirements to ensure your endpoints ca
- **Send safe samples automatically**
- **Send all samples automatically**
+ >[!NOTE]
+ >**Send safe samples automatically** option means that most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation.
+
> [!WARNING]
> Setting to **Always Prompt** will lower the protection state of the device. Setting to **Never send** means the [Block at First Sight](configure-block-at-first-sight-windows-defender-antivirus.md) feature will not function.
@@ -73,6 +76,9 @@ See [How to create and deploy antimalware policies: Cloud-protection service](ht
1. **Send safe samples** (1)
2. **Send all samples** (3)
+ >[!NOTE]
+ >**Send safe samples automatically** option means that most samples will be sent automatically. Files that are likely to contain personal information will still prompt and require additional confirmation.
+
> [!WARNING]
> Setting to 0 (Always Prompt) will lower the protection state of the device. Setting to 2 (Never send) means the [Block at First Sight](configure-block-at-first-sight-windows-defender-antivirus.md) feature will not function.
diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-turn-on.png b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-turn-on.png
index 48aa702feb..1afbd303b0 100644
Binary files a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-turn-on.png and b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-turn-on.png differ
diff --git a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
index 8f6c1b0a34..092d966221 100644
--- a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
@@ -8,7 +8,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: justinha
ms.author: justinha
-ms.date: 01/16/2019
+ms.date: 03/15/2019
---
# Application Guard testing scenarios
@@ -25,7 +25,7 @@ You can see how an employee would use standalone mode with Application Guard.
**To test Application Guard in Standalone mode**
-1. Install Application Guard, using the [installation](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard) steps in this guide.
+1. [Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard).
2. Restart the device, start Microsoft Edge, and then click **New Application Guard window** from the menu.
@@ -46,7 +46,7 @@ How to install, set up, turn on, and configure Application Guard for Enterprise-
### Install, set up, and turn on Application Guard
Before you can use Application Guard in enterprise mode, you must install Windows 10 Enterprise edition, version 1709, which includes the functionality. Then, you must use Group Policy to set up the required settings.
-1. Install Application Guard, using the [installation](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard#install-application-guard) steps in this guide.
+1. [Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard#install-application-guard).
2. Restart the device and then start Microsoft Edge.
@@ -68,7 +68,7 @@ Before you can use Application Guard in enterprise mode, you must install Window
4. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Turn on Windows Defender Application Guard in Enterprise Mode** setting.
-5. Click **Enabled** and click **OK**.
+5. Click **Enabled**, choose Option **1**, and click **OK**.
diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md
index ef54564a38..5904aa5d30 100644
--- a/windows/security/threat-protection/windows-defender-atp/TOC.md
+++ b/windows/security/threat-protection/windows-defender-atp/TOC.md
@@ -232,11 +232,13 @@
###### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md)
-#### [Use the Windows Defender ATP exposed APIs](use-apis.md)
-##### Create your app
-###### [Get access on behalf of a user](exposed-apis-create-app-nativeapp.md)
-###### [Get access without a user](exposed-apis-create-app-webapp.md)
-##### [Supported Windows Defender ATP APIs](exposed-apis-list.md)
+#### [Windows Defender ATP API](use-apis.md)
+##### [Get started with Windows Defender ATP APIs](apis-intro.md)
+###### [Hello World](api-hello-world.md)
+###### [Get access with application context](exposed-apis-create-app-webapp.md)
+###### [Get access with user context](exposed-apis-create-app-nativeapp.md)
+##### [APIs](exposed-apis-list.md)
+
###### [Advanced Hunting](run-advanced-query-api.md)
###### [Alert](alerts-windows-defender-advanced-threat-protection-new.md)
@@ -250,24 +252,6 @@
####### [Get alert related machine information](get-alert-related-machine-info-windows-defender-advanced-threat-protection-new.md)
####### [Get alert related user information](get-alert-related-user-info-windows-defender-advanced-threat-protection-new.md)
-###### Domain
-####### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md)
-####### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection-new.md)
-####### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection-new.md)
-####### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md)
-
-###### [File](files-windows-defender-advanced-threat-protection-new.md)
-####### [Get file information](get-file-information-windows-defender-advanced-threat-protection-new.md)
-####### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection-new.md)
-####### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection-new.md)
-####### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection-new.md)
-
-###### IP
-####### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md)
-####### [Get IP related machines](get-ip-related-machines-windows-defender-advanced-threat-protection-new.md)
-####### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection-new.md)
-####### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection-new.md)
-
###### [Machine](machine-windows-defender-advanced-threat-protection-new.md)
####### [List machines](get-machines-windows-defender-advanced-threat-protection-new.md)
####### [Get machine by ID](get-machine-by-id-windows-defender-advanced-threat-protection-new.md)
@@ -288,6 +272,30 @@
####### [Run antivirus scan](run-av-scan-windows-defender-advanced-threat-protection-new.md)
####### [Offboard machine](offboard-machine-api-windows-defender-advanced-threat-protection-new.md)
####### [Stop and quarantine file](stop-and-quarantine-file-windows-defender-advanced-threat-protection-new.md)
+####### [Initiate investigation (preview)](initiate-autoir-investigation-windows-defender-advanced-threat-protection-new.md)
+
+###### [Indicators (preview)](ti-indicator-windows-defender-advanced-threat-protection-new.md)
+####### [Submit Indicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md)
+####### [List Indicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md)
+####### [Delete Indicator](delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md)
+
+###### Domain
+####### [Get domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md)
+####### [Get domain related machines](get-domain-related-machines-windows-defender-advanced-threat-protection-new.md)
+####### [Get domain statistics](get-domain-statistics-windows-defender-advanced-threat-protection-new.md)
+####### [Is domain seen in organization](is-domain-seen-in-org-windows-defender-advanced-threat-protection-new.md)
+
+###### [File](files-windows-defender-advanced-threat-protection-new.md)
+####### [Get file information](get-file-information-windows-defender-advanced-threat-protection-new.md)
+####### [Get file related alerts](get-file-related-alerts-windows-defender-advanced-threat-protection-new.md)
+####### [Get file related machines](get-file-related-machines-windows-defender-advanced-threat-protection-new.md)
+####### [Get file statistics](get-file-statistics-windows-defender-advanced-threat-protection-new.md)
+
+###### IP
+####### [Get IP related alerts](get-ip-related-alerts-windows-defender-advanced-threat-protection-new.md)
+####### [Get IP related machines](get-ip-related-machines-windows-defender-advanced-threat-protection-new.md)
+####### [Get IP statistics](get-ip-statistics-windows-defender-advanced-threat-protection-new.md)
+####### [Is IP seen in organization](is-ip-seen-org-windows-defender-advanced-threat-protection-new.md)
###### [User](user-windows-defender-advanced-threat-protection-new.md)
####### [Get user related alerts](get-user-related-alerts-windows-defender-advanced-threat-protection-new.md)
@@ -318,8 +326,8 @@
##### [Enable SIEM integration](enable-siem-integration-windows-defender-advanced-threat-protection.md)
##### [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
##### [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
-##### [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
-##### [Pull alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
+##### [Windows Defender ATP SIEM alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md)
+##### [Pull alerts using SIEM REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md)
##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md
index 3735e259ac..5ab62122e6 100644
--- a/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/add-or-remove-machine-tags-windows-defender-advanced-threat-protection-new.md
@@ -104,7 +104,6 @@ Content-type: application/json
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
- "isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2" ]
}
diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
index 938b358427..9ed8d6f32a 100644
--- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@@ -59,6 +59,10 @@ For more information, see [Investigate a user account](investigate-user-windows-
## Skype for Business integration
Enabling the Skype for Business integration gives you the ability to communicate with users using Skype for Business, email, or phone. This can be handy when you need to communicate with the user and mitigate risks.
+>[!NOTE]
+> When a machine is being isolated from the network, there's a pop-up where you can choose to enable Outlook and Skype communications which allows communications to the user while they are disconnected from the network. This setting applies to Skype and Outlook communication when machines are in isolation mode.
+
+
## Azure Advanced Threat Protection integration
The integration with Azure Advanced Threat Protection allows you to pivot directly into another Microsoft Identity security product. Azure Advanced Threat Protection augments an investigation with additional insights about a suspected compromised account and related resources. By enabling this feature, you'll enrich the machine-based investigation capability by pivoting across the network from an identify point of view.
diff --git a/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md
index 5043e422a5..da5c717e31 100644
--- a/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/alerts-windows-defender-advanced-threat-protection-new.md
@@ -14,16 +14,15 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 12/08/2017
---
# Alert resource type
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prereleaseinformation](prerelease.md)]
-Represents an alert entity in WDATP.
+Represents an alert entity in Windows Defender ATP.
# Methods
Method|Return Type |Description
diff --git a/windows/security/threat-protection/windows-defender-atp/api-hello-world.md b/windows/security/threat-protection/windows-defender-atp/api-hello-world.md
new file mode 100644
index 0000000000..9ee1dafbb9
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/api-hello-world.md
@@ -0,0 +1,189 @@
+---
+title: Advanced Hunting API
+description: Use this API to run advanced queries
+keywords: apis, supported apis, advanced hunting, query
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Windows Defender ATP API - Hello World
+
+**Applies to:**
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+
+
+## Get Alerts using a simple PowerShell script
+
+### How long it takes to go through this example?
+It only takes 5 minutes done in two steps:
+- Application registration
+- Use examples: only requires copy/paste of a short PowerShell script
+
+### Do I need a permission to connect?
+For the App registration stage, you must have a Global administrator role in your Azure Active Directory (Azure AD) tenant.
+
+### Step 1 - Create an App in Azure Active Directory
+
+1. Log on to [Azure](https://portal.azure.com) with your Global administrator user.
+
+2. Navigate to **Azure Active Directory** > **App registrations** > **New application registration**.
+
+ 
+
+3. In the registration form, enter the following information, then click **Create**.
+
+ - **Name:** Choose your own name.
+ - **Application type:** Web app / API
+ - **Redirect URI:** `https://127.0.0.1`
+
+ 
+
+4. Allow your App to access Windows Defender ATP and assign it 'Read all alerts' permission:
+
+ - Click **Settings** > **Required permissions** > **Add**.
+
+ 
+
+ - Click **Select an API** > **WindowsDefenderATP**, then click **Select**.
+
+ **Note**: WindowsDefenderATP does not appear in the original list. You need to start writing its name in the text box to see it appear.
+
+ 
+
+ - Click **Select permissions** > **Read all alerts** > **Select**.
+
+ 
+
+ - Click **Done**
+
+ 
+
+ - Click **Grant permissions**
+
+ **Note**: Every time you add permission you must click on **Grant permissions**.
+
+ 
+
+5. Create a key for your App:
+
+ - Click **Keys**, type a key name and click **Save**.
+
+ 
+
+6. Write down your App ID and your Tenant ID:
+
+ - App ID:
+
+ 
+
+ - Tenant ID: Navigate to **Azure Active Directory** > **Properties**
+
+ 
+
+
+Done! You have successfully registered an application!
+
+### Step 2 - Get a token using the App and use this token to access the API.
+
+- Copy the script below to PowerShell ISE or to a text editor, and save it as "**Get-Token.ps1**"
+- Running this script will generate a token and will save it in the working folder under the name "**Latest-token.txt**".
+
+```
+# That code gets the App Context Token and save it to a file named "Latest-token.txt" under the current directory
+# Paste below your Tenant ID, App ID and App Secret (App key).
+
+$tenantId = '' ### Paste your tenant ID here
+$appId = '' ### Paste your app ID here
+$appSecret = '' ### Paste your app key here
+
+$resourceAppIdUri = 'https://api.securitycenter.windows.com'
+$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token"
+$authBody = [Ordered] @{
+ resource = "$resourceAppIdUri"
+ client_id = "$appId"
+ client_secret = "$appSecret"
+ grant_type = 'client_credentials'
+}
+$authResponse = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $authBody -ErrorAction Stop
+$token = $authResponse.access_token
+Out-File -FilePath "./Latest-token.txt" -InputObject $token
+return $token
+
+```
+
+- Sanity Check:
+Run the script.
+In your browser go to: https://jwt.ms/
+Copy the token (the content of the Latest-token.txt file).
+Paste in the top box.
+Look for the "roles" section. Find the Alert.Read.All role.
+
+
+
+### Lets get the Alerts!
+
+- The script below will use **Get-Token.ps1** to access the API and will get the past 48 hours Alerts.
+- Save this script in the same folder you saved the previous script **Get-Token.ps1**.
+- The script creates two files (json and csv) with the data in the same folder as the scripts.
+
+```
+# Returns Alerts created in the past 48 hours.
+
+$token = ./Get-Token.ps1 #run the script Get-Token.ps1 - make sure you are running this script from the same folder of Get-Token.ps1
+
+# Get Alert from the last 48 hours. Make sure you have alerts in that time frame.
+$dateTime = (Get-Date).ToUniversalTime().AddHours(-48).ToString("o")
+
+# The URL contains the type of query and the time filter we create above
+# Read more about other query options and filters at Https://TBD- add the documentation link
+$url = "https://api.securitycenter.windows.com/api/alerts?`$filter=alertCreationTime ge $dateTime"
+
+# Set the WebRequest headers
+$headers = @{
+ 'Content-Type' = 'application/json'
+ Accept = 'application/json'
+ Authorization = "Bearer $token"
+}
+
+# Send the webrequest and get the results.
+$response = Invoke-WebRequest -Method Get -Uri $url -Headers $headers -ErrorAction Stop
+
+# Extract the alerts from the results.
+$alerts = ($response | ConvertFrom-Json).value | ConvertTo-Json
+
+# Get string with the execution time. We concatenate that string to the output file to avoid overwrite the file
+$dateTimeForFileName = Get-Date -Format o | foreach {$_ -replace ":", "."}
+
+# Save the result as json and as csv
+$outputJsonPath = "./Latest Alerts $dateTimeForFileName.json"
+$outputCsvPath = "./Latest Alerts $dateTimeForFileName.csv"
+
+Out-File -FilePath $outputJsonPath -InputObject $alerts
+($alerts | ConvertFrom-Json) | Export-CSV $outputCsvPath -NoTypeInformation
+
+```
+
+You’re all done! You have just successfully:
+- Created and registered and application
+- Granted permission for that application to read alerts
+- Connected the API
+- Used a PowerShell script to return alerts created in the past 48 hours
+
+
+
+## Related topic
+- [Windows Defender ATP APIs](exposed-apis-list.md)
+- [Access Windows Defender ATP with application context](exposed-apis-create-app-webapp.md)
+- [Access Windows Defender ATP with user context](exposed-apis-create-app-nativeapp.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
index 1cec1b5053..4520b214d1 100644
--- a/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md
@@ -18,7 +18,7 @@ ms.topic: article
ms.date: 10/16/2017
---
-# Windows Defender ATP alert API fields
+# Windows Defender ATP SIEM alert API fields
**Applies to:**
diff --git a/windows/security/threat-protection/windows-defender-atp/apis-intro.md b/windows/security/threat-protection/windows-defender-atp/apis-intro.md
index d1d2b0fceb..d05ecd0f1b 100644
--- a/windows/security/threat-protection/windows-defender-atp/apis-intro.md
+++ b/windows/security/threat-protection/windows-defender-atp/apis-intro.md
@@ -1,7 +1,7 @@
---
title: Windows Defender Advanced Threat Protection API overview
description: Learn how you can use APIs to automate workflows and innovate based on Windows Defender ATP capabilities
-keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file, advanced hunting, query
+keywords: apis, api, wdatp, open api, windows defender atp api, public api, supported apis, alerts, machine, user, domain, ip, file, advanced hunting, query
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -14,48 +14,52 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.date: 09/03/2018
---
# Windows Defender ATP API overview
-**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+**Applies to:**
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
-
-[!include[Prerelease information](prerelease.md)]
+> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
Windows Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
In general, you’ll need to take the following steps to use the APIs:
-- Create an app
-- Get an access token
+- Create an AAD application
+- Get an access token using this application
- Use the token to access Windows Defender ATP API
-As a developer, you decide which permissions for Windows Defender ATP your app requests. When a user signs in to your app they (or, in some cases, an administrator) are given a chance to give consent to these permissions. If the user provides consent, your app is given access to the resources and APIs that it has requested. For apps that don't take a signed-in user, permissions can be pre-approved to by an administrator when the app is installed or during sign-up.
+You can access Windows Defender ATP API with **Application Context** or **User Context**.
-## Delegated permissions, application permissions, and effective permissions
+- **Application Context: (Recommended)**
+ Used by apps that run without a signed-in user present. for example, apps that run as background services or daemons.
-Windows Defender ATP has two types of permissions: delegated permissions and application permissions.
+ Steps that need to be taken to access Windows Defender ATP API with application context:
-- **Delegated permissions**
- Used by apps that have a signed-in user present. For these apps either the user or an administrator provides consent to the permissions that the app requests and the app is delegated permission to act as the signed-in user when making calls to Windows Defender ATP. Some delegated permissions can be consented to by non-administrative users, but some higher-privileged permissions require administrator consent.
-- **Application permissions**
- Used by apps that run without a signed-in user present; for example, apps that run as background services or daemons. Application permissions can only be consented by an administrator.
+ 1. Create an AAD Web-Application.
+ 2. Assign the desired permission to the application, for example, 'Read Alerts', 'Isolate Machines'.
+ 3. Create a key for this Application.
+ 4. Get token using the application with its key.
+ 5. Use the token to access Windows Defender ATP API
-Effective permissions are permissions that your app will have when making requests to Windows Defender ATP. It is important to understand the difference between the delegated and application permissions that your app is granted and its effective permissions when making calls to Windows Defender ATP.
+ For more information, see [Get access with application context](exposed-apis-create-app-webapp.md).
-- For delegated permissions, the effective permissions of your app will be the least privileged intersection of the delegated permissions the app has been granted (via consent) and the privileges of the currently signed-in user. Your app can never have more privileges than the signed-in user. Within organizations, the privileges of the signed-in user may be determined by policy or by membership in one or more administrator roles. For more information about administrator roles, see [Assigning administrator roles in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-assign-admin-roles).
- For example, assume your app has been granted the `Machine.CollectForensics` delegated permission. This permission nominally grants your app permission to collect investigation package from a machine. If the signed-in user has 'Alerts Investigation' permission, your app will be able to collect investigation package from a machine, if the machine belongs to a group the user is exposed to. However, if the signed-in user doesn't have 'Alerts Investigation' permission, your app won't be able to collect investigation package from any machine.
+- **User Context:**
+ Used to perform actions in the API on behalf of a user.
-- For application permissions, the effective permissions of your app will be the full level of privileges implied by the permission. For example, an app that has the `Machine.CollectForensics` application permission can collect investigation package from any machine in the organization.
+ Steps that needs to be taken to access Windows Defender ATP API with application context:
+ 1. Create AAD Native-Application.
+ 2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc.
+ 3. Get token using the application with user credentials.
+ 4. Use the token to access Windows Defender ATP API
+
+ For more information, see [Get access with user context](exposed-apis-create-app-nativeapp.md).
## Related topics
-- [Supported Windows Defender ATP APIs](exposed-apis-list.md)
-- [Access Windows Defender ATP without a user](exposed-apis-create-app-webapp.md)
-- [Access Windows Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md)
\ No newline at end of file
+- [Windows Defender ATP APIs](exposed-apis-list.md)
+- [Access Windows Defender ATP with application context](exposed-apis-create-app-webapp.md)
+- [Access Windows Defender ATP with user context](exposed-apis-create-app-nativeapp.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
index 64a8b911a7..595b8af148 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md
@@ -165,6 +165,9 @@ If at least one of the connectivity options returns a (200) status, then the Win
However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Windows Defender ATP service URLs in the proxy server](#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure.
+> [!NOTE]
+> When the TelemetryProxyServer is set, in Registry or via Group Policy, Windows Defender ATP will fall back to direct if it can't access the defined proxy.
+
## Related topics
- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md)
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
index 04c596750a..239c4d95db 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md
@@ -22,7 +22,6 @@ ms.date: 10/16/2017
**Applies to:**
-
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
diff --git a/windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md
index 632b9691c5..4998ae8a80 100644
--- a/windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/windows-defender-atp/custom-detection-rules.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 10/29/2018
---
diff --git a/windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md
index e293b7a30d..6399e4f311 100644
--- a/windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md
@@ -1,6 +1,6 @@
---
-title: Delete Ti Indicator.
-description: Deletes Ti Indicator entity by ID.
+title: Delete Indicator API.
+description: Deletes Indicator entity by ID.
keywords: apis, public api, supported apis, delete, ti indicator, entity, id
search.product: eADQiWindows 10XVcnh
ms.prod: w10
@@ -14,33 +14,33 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 12/08/2017
---
-# Delete TI Indicator API
+# Delete Indicator API
+
+**Applies to:**
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prereleaseinformation](prerelease.md)]
>[!Note]
-> Currently this API is supported only for AppOnly context requests. (See [Get access without a user](exposed-apis-create-app-webapp.md) for more information)
+> Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-Retrieves a TI Indicator entity by ID.
+- Deletes an Indicator entity by ID.
## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
Application | Ti.ReadWrite | 'Read and write TI Indicators'
+Application | Ti.ReadWrite.All | 'Read and write Indicators'
## HTTP request
```
-Delete https://api.securitycenter.windows.com/api/tiindicators/{id}
+Delete https://api.securitycenter.windows.com/api/indicators/{id}
```
[!include[Improve request performance](improverequestperformance-new.md)]
@@ -57,8 +57,8 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
-If TI Indicator exist and deleted successfully - 204 OK without content.
-If TI Indicator with the specified id was not found - 404 Not Found.
+If Indicator exist and deleted successfully - 204 OK without content.
+If Indicator with the specified id was not found - 404 Not Found.
## Example
@@ -67,7 +67,7 @@ If TI Indicator with the specified id was not found - 404 Not Found.
Here is an example of the request.
```
-DELETE https://api.securitycenter.windows.com/api/tiindicators/220e7d15b0b3d7fac48f2bd61114db1022197f7f
+DELETE https://api.securitycenter.windows.com/api/indicators/220e7d15b0b3d7fac48f2bd61114db1022197f7f
```
**Response**
diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md
index 9109892c6d..56c66b472e 100644
--- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md
+++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp.md
@@ -19,33 +19,30 @@ ms.date: 09/03/2018
# Use Windows Defender ATP APIs
-**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Prerelease information](prerelease.md)]
-This page describe how to create an application to get programmatical access to Windows Defender ATP on behalf of a user.
+This page describes how to create an application to get programmatic access to Windows Defender ATP on behalf of a user.
-If you need programmatical access Windows Defender ATP without a user, refer to [Access Windows Defender ATP without a user](exposed-apis-create-app-webapp.md).
+If you need programmatic access Windows Defender ATP without a user, refer to [Access Windows Defender ATP with application context](exposed-apis-create-app-webapp.md).
If you are not sure which access you need, read the [Introduction page](apis-intro.md).
-Windows Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
+Windows Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate work flows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
In general, you’ll need to take the following steps to use the APIs:
-- Create an app
-- Get an access token
+- Create an AAD application
+- Get an access token using this application
- Use the token to access Windows Defender ATP API
-This page explains how to create an app, get an access token to Windows Defender ATP and validate the token includes the required permission.
+This page explains how to create an AAD application, get an access token to Windows Defender ATP and validate the token.
>[!NOTE]
-> When accessing Windows Defender ATP API on behalf of a user, you will need the correct app permission and user permission.
+> When accessing Windows Defender ATP API on behalf of a user, you will need the correct App permission and user permission.
> If you are not familiar with user permissions on Windows Defender ATP, see [Manage portal access using role-based access control](rbac-windows-defender-advanced-threat-protection.md).
>[!TIP]
@@ -53,7 +50,7 @@ This page explains how to create an app, get an access token to Windows Defender
## Create an app
-1. Log on to [Azure](https://portal.azure.com).
+1. Log on to [Azure](https://portal.azure.com) with user that has Global Administrator role.
2. Navigate to **Azure Active Directory** > **App registrations** > **New application registration**.
@@ -78,13 +75,10 @@ This page explains how to create an app, get an access token to Windows Defender
-6. Click **Select permissions** > check **Read alerts** and **Collect forensics** > **Select**.
+6. Click **Select permissions** > **Check the desired permissions** > **Select**.
>[!IMPORTANT]
>You need to select the relevant permissions. 'Read alerts' and 'Collect forensics' are only an example.
-
- 
-
For instance,
- To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission
@@ -92,6 +86,8 @@ This page explains how to create an app, get an access token to Windows Defender
To determine which permission you need, look at the **Permissions** section in the API you are interested to call.
+ 
+
7. Click **Done**
@@ -116,39 +112,51 @@ For more details on AAD token, refer to [AAD tutorial](https://docs.microsoft.co
### Using C#
-The code was below tested with nuget Microsoft.IdentityModel.Clients.ActiveDirectory 3.19.8
-
-- Create a new Console Application
-- Install Nuget [Microsoft.IdentityModel.Clients.ActiveDirectory](https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/)
-- Add the below using
+- Copy/Paste the below class in your application.
+- Use **AcquireUserTokenAsync** method with the your application ID, tenant ID, user name and password to acquire a token.
```
- using Microsoft.IdentityModel.Clients.ActiveDirectory;
- ```
+ namespace WindowsDefenderATP
+ {
+ using System.Net.Http;
+ using System.Text;
+ using System.Threading.Tasks;
+ using Newtonsoft.Json.Linq;
-- Copy/Paste the below code in your application (pay attention to the comments in the code)
+ public static class WindowsDefenderATPUtils
+ {
+ private const string Authority = "https://login.windows.net";
- ```
- const string authority = "https://login.windows.net";
- const string wdatpResourceId = "https://api.securitycenter.windows.com";
+ private const string WdatpResourceId = "https://api.securitycenter.windows.com";
- string tenantId = "00000000-0000-0000-0000-000000000000"; // Paste your own tenant ID here
- string appId = "11111111-1111-1111-1111-111111111111"; // Paste your own app ID here
+ public static async Task AcquireUserTokenAsync(string username, string password, string appId, string tenantId)
+ {
+ using (var httpClient = new HttpClient())
+ {
+ var urlEncodedBody = $"resource={WdatpResourceId}&client_id={appId}&grant_type=password&username={username}&password={password}";
- string username = "SecurityAdmin123@microsoft.com"; // Paste your username here
- string password = GetPasswordFromSafePlace(); // Paste your own password here for a test, and then store it in a safe place!
+ var stringContent = new StringContent(urlEncodedBody, Encoding.UTF8, "application/x-www-form-urlencoded");
- UserPasswordCredential userCreds = new UserPasswordCredential(username, password);
+ using (var response = await httpClient.PostAsync($"{Authority}/{tenantId}/oauth2/token", stringContent).ConfigureAwait(false))
+ {
+ response.EnsureSuccessStatusCode();
- AuthenticationContext auth = new AuthenticationContext($"{authority}/{tenantId}");
- AuthenticationResult authenticationResult = auth.AcquireTokenAsync(wdatpResourceId, appId, userCreds).GetAwaiter().GetResult();
- string token = authenticationResult.AccessToken;
+ var json = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
+
+ var jObject = JObject.Parse(json);
+
+ return jObject["access_token"].Value();
+ }
+ }
+ }
+ }
+ }
```
## Validate the token
Sanity check to make sure you got a correct token:
-- Copy/paste into [JWT](https://jwt.ms) the token you get in the previous step in order to decode it
+- Copy/paste into [JWT](https://jwt.ms) the token you got in the previous step in order to decode it
- Validate you get a 'scp' claim with the desired app permissions
- In the screenshot below you can see a decoded token acquired from the app in the tutorial:
@@ -168,12 +176,11 @@ Sanity check to make sure you got a correct token:
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
- var response = await httpClient.SendAsync(request).ConfigureAwait(false);
+ var response = httpClient.SendAsync(request).GetAwaiter().GetResult();
// Do something useful with the response
```
## Related topics
-- [Windows Defender ATP APIs](apis-intro.md)
-- [Supported Windows Defender ATP APIs](exposed-apis-list.md)
-- [Access Windows Defender ATP without a user](exposed-apis-create-app-webapp.md)
\ No newline at end of file
+- [Windows Defender ATP APIs](exposed-apis-list.md)
+- [Access Windows Defender ATP with application context](exposed-apis-create-app-webapp.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md
index a3afcae8bd..4d6b21364d 100644
--- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md
+++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-webapp.md
@@ -19,32 +19,30 @@ ms.date: 09/03/2018
# Create an app to access Windows Defender ATP without a user
-**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
-
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
[!include[Prerelease information](prerelease.md)]
-This page describes how to create an application to get programmatical access to Windows Defender ATP without a user.
+This page describes how to create an application to get programmatic access to Windows Defender ATP without a user.
-If you need programmatical access Windows Defender ATP on behalf of a user, see [Access Windows Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md)
+If you need programmatic access Windows Defender ATP on behalf of a user, see [Get access wtih user context](exposed-apis-create-app-nativeapp.md)
-If you are not sure which access you need, see [Use Windows Defender ATP APIs](apis-intro.md).
+If you are not sure which access you need, see [Get started](apis-intro.md).
Windows Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will help you automate workflows and innovate based on Windows Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
In general, you’ll need to take the following steps to use the APIs:
-- Create an app
-- Get an access token
+- Create an AAD application
+- Get an access token using this application
- Use the token to access Windows Defender ATP API
-This page explains how to create an app, get an access token to Windows Defender ATP and validate the token includes the required permission.
+This page explains how to create an AAD application, get an access token to Windows Defender ATP and validate the token.
## Create an app
-1. Log on to [Azure](https://portal.azure.com).
+1. Log on to [Azure](https://portal.azure.com) with user that has Global Administrator role.
2. Navigate to **Azure Active Directory** > **App registrations** > **New application registration**.
@@ -54,9 +52,9 @@ This page explains how to create an app, get an access token to Windows Defender
- - **Name:** WdatpEcosystemPartner
+ - **Name:** Choose your own name.
- **Application type:** Web app / API
- - **Redirect URI:** `https://WdatpEcosystemPartner.com` (The URL where user can sign in and use your app. You can change this URL later.)
+ - **Redirect URI:** `https://127.0.0.1`
4. Click **Settings** > **Required permissions** > **Add**.
@@ -69,18 +67,17 @@ This page explains how to create an app, get an access token to Windows Defender
-6. Click **Select permissions** > **Run advanced queries** > **Select**.
+6. Click **Select permissions** > **Check the desired permissions** > **Select**.
- **Important note**: You need to select the relevant permission. 'Run advanced queries' is only an example!
-
- 
+ **Important note**: You need to select the relevant permissions. 'Run advanced queries' is only an example!
For instance,
- To [run advanced queries](run-advanced-query-api.md), select 'Run advanced queries' permission
- To [isolate a machine](isolate-machine-windows-defender-advanced-threat-protection-new.md), select 'Isolate machine' permission
+ - To determine which permission you need, please look at the **Permissions** section in the API you are interested to call.
- To determine which permission you need, please look at the **Permissions** section in the API you are interested to call.
+ 
7. Click **Done**
@@ -94,7 +91,7 @@ This page explains how to create an app, get an access token to Windows Defender
-9. Click **Keys** and type a key name and click **Save**.
+9. Click **Keys**, type a key name and click **Save**.
**Important**: After you save, **copy the key value**. You won't be able to retrieve after you leave!
@@ -102,9 +99,9 @@ This page explains how to create an app, get an access token to Windows Defender
10. Write down your application ID.
- 
+ 
-11. Set your application to be multi-tenanted
+11. **For Windows Defender ATP Partners only** - Set your application to be multi-tenanted
This is **required** for 3rd party apps (for example, if you create an application that is intended to run in multiple customers tenant).
@@ -114,26 +111,54 @@ This page explains how to create an app, get an access token to Windows Defender
+ - Application consent for your multi-tenant App:
+
+ You need your application to be approved in each tenant where you intend to use it. This is because your application interacts with Windows Defender ATP application on behalf of your customer.
-## Application consent
-You need your application to be approved in each tenant where you intend to use it. This is because your application interacts with WDATP application on behalf of your customer.
+ You (or your customer if you are writing a 3rd party application) need to click the consent link and approve your application. The consent should be done with a user who has admin privileges in the active directory.
-You (or your customer if you are writing a 3rd party application) need to click the consent link and approve your application. The consent should be done with a user who has admin privileges in the active directory.
+ Consent link is of the form:
-Consent link is of the form:
+ ```
+ https://login.microsoftonline.com/common/oauth2/authorize?prompt=consent&client_id=00000000-0000-0000-0000-000000000000&response_type=code&sso_reload=true
+ ```
-```
-https://login.microsoftonline.com/common/oauth2/authorize?prompt=consent&client_id=00000000-0000-0000-0000-000000000000&response_type=code&sso_reload=true
-```
-
-where 00000000-0000-0000-0000-000000000000 should be replaced with your Azure application ID
+ where 00000000-0000-0000-0000-000000000000 should be replaced with your Azure application ID
-## Get an access token
+- **Done!** You have successfully registered an application!
+- See examples below for token acquisition and validation.
+
+## Get an access token examples:
For more details on AAD token, refer to [AAD tutorial](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-client-creds)
-### Using C#
+### Using PowerShell
+
+```
+# That code gets the App Context Token and save it to a file named "Latest-token.txt" under the current directory
+# Paste below your Tenant ID, App ID and App Secret (App key).
+
+$tenantId = '' ### Paste your tenant ID here
+$appId = '' ### Paste your app ID here
+$appSecret = '' ### Paste your app key here
+
+$resourceAppIdUri = 'https://api.securitycenter.windows.com'
+$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token"
+$authBody = [Ordered] @{
+ resource = "$resourceAppIdUri"
+ client_id = "$appId"
+ client_secret = "$appSecret"
+ grant_type = 'client_credentials'
+}
+$authResponse = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $authBody -ErrorAction Stop
+$token = $authResponse.access_token
+Out-File -FilePath "./Latest-token.txt" -InputObject $token
+return $token
+
+```
+
+### Using C#:
>The below code was tested with nuget Microsoft.IdentityModel.Clients.ActiveDirectory 3.19.8
@@ -161,9 +186,6 @@ For more details on AAD token, refer to [AAD tutorial](https://docs.microsoft.co
string token = authenticationResult.AccessToken;
```
-### Using PowerShell
-
-Refer to [Get token using PowerShell](run-advanced-query-sample-powershell.md#get-token)
### Using Python
@@ -177,7 +199,7 @@ Refer to [Get token using Python](run-advanced-query-sample-python.md#get-token)
- Open a command window
- Set CLIENT_ID to your Azure application ID
- Set CLIENT_SECRET to your Azure application secret
-- Set TENANT_ID to the Azure tenant ID of the customer that wants to use your application to access WDATP application
+- Set TENANT_ID to the Azure tenant ID of the customer that wants to use your application to access Windows Defender ATP application
- Run the below command:
```
@@ -195,7 +217,7 @@ You will get an answer of the form:
Sanity check to make sure you got a correct token:
- Copy/paste into [JWT](https://jwt.ms) the token you get in the previous step in order to decode it
- Validate you get a 'roles' claim with the desired permissions
-- In the screenshot below you can see a decoded token acquired from an app with permissions to all of Wdatp's roles:
+- In the screenshot below you can see a decoded token acquired from an app with permissions to all of Windows Defender ATP's roles:
@@ -213,12 +235,11 @@ Sanity check to make sure you got a correct token:
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
- var response = await httpClient.SendAsync(request).ConfigureAwait(false);
+ var response = httpClient.SendAsync(request).GetAwaiter().GetResult();
// Do something useful with the response
```
## Related topics
-- [Windows Defender ATP APIs](apis-intro.md)
- [Supported Windows Defender ATP APIs](exposed-apis-list.md)
- [Access Windows Defender ATP on behalf of a user](exposed-apis-create-app-nativeapp.md)
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md
index b65c98cd30..80c3f2dfdf 100644
--- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md
+++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md
@@ -19,7 +19,7 @@ ms.date: 09/24/2018
# Windows Defender ATP APIs using PowerShell
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
@@ -48,7 +48,7 @@ Set-ExecutionPolicy -ExecutionPolicy Bypass
- Run the below
> - $tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant)
-> - $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to WDATP)
+> - $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Windows Defender ATP)
> - $appSecret: Secret of your AAD app
> - $suspiciousUrl: The URL
diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md
index 581c198d4a..8892195292 100644
--- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md
+++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-odata-samples.md
@@ -64,7 +64,6 @@ Content-type: application/json
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "High",
- "isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
},
@@ -149,7 +148,6 @@ Content-type: application/json
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "High",
- "isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
},
@@ -191,7 +189,6 @@ Content-type: application/json
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "High",
- "isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
},
@@ -233,7 +230,6 @@ Content-type: application/json
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "High",
- "isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2", "ExampleTag" ]
},
@@ -278,5 +274,23 @@ Content-type: application/json
}
```
+### Example 7
+
+- Get the count of open alerts for a specific machine:
+
+```
+HTTP GET https://api.securitycenter.windows.com/api/machines/123321d0c675eaa415b8e5f383c6388bff446c62/alerts/$count?$filter=status ne 'Resolved'
+```
+
+**Response:**
+
+```
+HTTP/1.1 200 OK
+Content-type: application/json
+
+4
+
+```
+
## Related topic
- [Windows Defender ATP APIs](apis-intro.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md
index 6a846b32c3..0491fe98c9 100644
--- a/windows/security/threat-protection/windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/files-windows-defender-advanced-threat-protection-new.md
@@ -14,14 +14,15 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 12/08/2017
---
# File resource type
+**Applies to:**
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
-Represent a file entity in WDATP.
+Represent a file entity in Windows Defender ATP.
# Methods
Method|Return Type |Description
@@ -49,5 +50,5 @@ fileProductName | String | Product name.
signer | String | File signer.
issuer | String | File issuer.
signerHash | String | Hash of the signing certificate.
-isValidCertificate | Boolean | Was signing certificate successfully verified by WDATP agent.
+isValidCertificate | Boolean | Was signing certificate successfully verified by Windows Defender ATP agent.
diff --git a/windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md
index a3f532f281..687f9ab304 100644
--- a/windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/find-machines-by-ip-windows-defender-advanced-threat-protection-new.md
@@ -102,7 +102,6 @@ Content-type: application/json
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
- "isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2" ]
}
diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md
index 00bff8380f..c1136545a5 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection-new.md
@@ -98,7 +98,6 @@ Content-type: application/json
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
- "isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2" ]
},
@@ -117,7 +116,6 @@ Content-type: application/json
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
- "isAadJoined": false,
"aadDeviceId": null,
"machineTags": [ "test tag 1" ]
}
diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md
index bf738b355a..cf9e003f26 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection-new.md
@@ -98,7 +98,6 @@ Content-type: application/json
"healthStatus": "Active",
"rbacGroupId": 140,
"riskScore": "Low",
- "isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2" ]
},
@@ -116,7 +115,6 @@ Content-type: application/json
"healthStatus": "Inactive",
"rbacGroupId": 140,
"riskScore": "Low",
- "isAadJoined": false,
"aadDeviceId": null,
"machineTags": [ "test tag 1" ]
}
diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md
index 28d4703b18..e17c0a1457 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-ip-related-machines-windows-defender-advanced-threat-protection-new.md
@@ -98,7 +98,6 @@ Content-type: application/json
"rbacGroupId": 140,
"riskScore": "Low",
"rbacGroupName": "The-A-Team",
- "isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2" ]
},
@@ -117,7 +116,6 @@ Content-type: application/json
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
- "isAadJoined": false,
"aadDeviceId": null,
"machineTags": [ "test tag 1" ]
}
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md
index 3612531147..5a6a77b908 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection-new.md
@@ -99,7 +99,6 @@ Content-type: application/json
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
- "isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2" ]
}
diff --git a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md
index 907c5e5838..7e2ad2eaf1 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection-new.md
@@ -14,18 +14,16 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 12/08/2017
---
# List machines API
**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prereleaseinformation](prerelease.md)]
-- Retrieves a collection of machines that have communicated with WDATP cloud on the last 30 days.
+- Retrieves a collection of machines that have communicated with Windows Defender ATP cloud on the last 30 days.
- Get Machines collection API supports [OData V4 queries](https://www.odata.org/documentation/).
- The OData's Filter query is supported on: "Id", "ComputerDnsName", "LastSeen", "LastIpAddress", "HealthStatus", "OsPlatform", "RiskScore", "MachineTags" and "RbacGroupId".
- See examples at [OData queries with Windows Defender ATP](exposed-apis-odata-samples.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md
deleted file mode 100644
index ffef895d91..0000000000
--- a/windows/security/threat-protection/windows-defender-atp/get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md
+++ /dev/null
@@ -1,96 +0,0 @@
----
-title: Get Ti Indicator by ID API
-description: Retrieves Ti Indicator entity by ID.
-keywords: apis, public api, supported apis, get, ti indicator, entity, id
-search.product: eADQiWindows 10XVcnh
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-ms.author: macapara
-author: mjcaparas
-ms.localizationpriority: medium
-manager: dansimp
-audience: ITPro
-ms.collection: M365-security-compliance
-ms.topic: article
-ms.date: 12/08/2017
----
-
-# Get TI Indicator by ID API
-
-[!include[Prereleaseinformation](prerelease.md)]
-
->[!Note]
-> Currently this API is supported only for AppOnly context requests. (See [Get access without a user](exposed-apis-create-app-webapp.md) for more information)
-
-
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-Retrieves a TI Indicator entity by ID.
-
-## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
-
-Permission type | Permission | Permission display name
-:---|:---|:---
-Application | Ti.ReadWrite | 'Read and write TI Indicators'
-
-
-## HTTP request
-```
-GET https://api.securitycenter.windows.com/api/tiindicators/{id}
-```
-
-[!include[Improve request performance](improverequestperformance-new.md)]
-
-
-## Request headers
-
-Name | Type | Description
-:---|:---|:---
-Authorization | String | Bearer {token}. **Required**.
-
-
-## Request body
-Empty
-
-## Response
-If successful and TI Indicator exists - 200 OK with the [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity in the body.
-If TI Indicator with the specified id was not found - 404 Not Found.
-
-
-## Example
-
-**Request**
-
-Here is an example of the request.
-
-```
-GET https://api.securitycenter.windows.com/api/tiindicators/220e7d15b0b3d7fac48f2bd61114db1022197f7f
-```
-
-**Response**
-
-Here is an example of the response.
-
-
-```
-HTTP/1.1 200 OK
-Content-type: application/json
-{
- "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#TiIndicators/$entity",
- "indicator": "220e7d15b0b3d7fac48f2bd61114db1022197f7f",
- "indicatorType": "FileSha1",
- "title": "test",
- "creationTimeDateTimeUtc": "2018-10-24T10:54:23.2009016Z",
- "createdBy": "45097602-0cfe-4cc6-925f-9f453233e62c",
- "expirationTime": "2020-12-12T00:00:00Z",
- "action": "AlertAndBlock",
- "severity": "Informational",
- "description": "test",
- "recommendedActions": "TEST"
-}
-
-```
diff --git a/windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md
index c08f3eba3d..837155f677 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md
@@ -1,7 +1,7 @@
---
-title: List TiIndicators API
-description: Use this API to create calls related to get TiIndicators collection
-keywords: apis, public api, supported apis, TiIndicators collection
+title: List Indicators API
+description: Use this API to create calls related to get Indicators collection
+keywords: apis, public api, supported apis, Indicators collection
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -17,32 +17,32 @@ ms.topic: article
ms.date: 12/08/2017
---
-# List TiIndicators API
+# List Indicators API
+
+**Applies to:**
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prereleaseinformation](prerelease.md)]
>[!Note]
-> Currently this API is supported only for AppOnly context requests. (See [Get access without a user](exposed-apis-create-app-webapp.md) for more information)
+> Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
- Gets collection of TI Indicators.
- Get TI Indicators collection API supports [OData V4 queries](https://www.odata.org/documentation/).
+- Gets collection of TI Indicators.
+- Get TI Indicators collection API supports [OData V4 queries](https://www.odata.org/documentation/).
## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
-Application | Ti.ReadWrite | 'Read and write TI Indicators'
+Application | Ti.ReadWrite | 'Read and write Indicators'
+Application | Ti.ReadWrite.All | 'Read and write All Indicators'
## HTTP request
```
-GET https://api.securitycenter.windows.com/api/tiindicators
+GET https://api.securitycenter.windows.com/api/indicators
```
[!include[Improve request performance](improverequestperformance-new.md)]
@@ -58,20 +58,19 @@ Authorization | String | Bearer {token}. **Required**.
Empty
## Response
-If successful, this method returns 200, Ok response code with a collection of [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities.
+If successful, this method returns 200, Ok response code with a collection of [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities.
>[!Note]
-> The response will only include TI Indicators that submitted by the calling Application.
+> If the Application has 'Ti.ReadWrite.All' permission, it will be exposed to all Indicators. Otherwise, it will be exposed only to the Indicators it created.
-
-## Example
+## Example 1:
**Request**
-Here is an example of a request that gets all TI Indicators
+Here is an example of a request that gets all Indicators
```
-GET https://api.securitycenter.windows.com/api/tiindicators
+GET https://api.securitycenter.windows.com/api/indicators
```
**Response**
@@ -82,22 +81,23 @@ Here is an example of the response.
HTTP/1.1 200 Ok
Content-type: application/json
{
- "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#TiIndicators",
+ "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators",
"value": [
{
- "indicator": "12.13.14.15",
+ "indicatorValue": "12.13.14.15",
"indicatorType": "IpAddress",
"title": "test",
"creationTimeDateTimeUtc": "2018-10-24T11:15:35.3688259Z",
"createdBy": "45097602-1234-5678-1234-9f453233e62c",
"expirationTime": "2020-12-12T00:00:00Z",
- "action": "AlertAndBlock",
+ "action": "Alert",
"severity": "Informational",
"description": "test",
- "recommendedActions": "test"
+ "recommendedActions": "test",
+ "rbacGroupNames": []
},
{
- "indicator": "220e7d15b0b3d7fac48f2bd61114db1022197f7f",
+ "indicatorValue": "220e7d15b0b3d7fac48f2bd61114db1022197f7f",
"indicatorType": "FileSha1",
"title": "test",
"creationTimeDateTimeUtc": "2018-10-24T10:54:23.2009016Z",
@@ -106,8 +106,48 @@ Content-type: application/json
"action": "AlertAndBlock",
"severity": "Informational",
"description": "test",
- "recommendedActions": "TEST"
+ "recommendedActions": "TEST",
+ "rbacGroupNames": [ "Group1", "Group2" ]
}
+ ...
+ ]
+}
+```
+
+## Example 2:
+
+**Request**
+
+Here is an example of a request that gets all Indicators with 'AlertAndBlock' action
+
+```
+GET https://api.securitycenter.windows.com/api/indicators?$filter=action eq 'AlertAndBlock'
+```
+
+**Response**
+
+Here is an example of the response.
+
+```
+HTTP/1.1 200 Ok
+Content-type: application/json
+{
+ "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators",
+ "value": [
+ {
+ "indicatorValue": "220e7d15b0b3d7fac48f2bd61114db1022197f7f",
+ "indicatorType": "FileSha1",
+ "title": "test",
+ "creationTimeDateTimeUtc": "2018-10-24T10:54:23.2009016Z",
+ "createdBy": "45097602-1234-5678-1234-9f453233e62c",
+ "expirationTime": "2020-12-12T00:00:00Z",
+ "action": "AlertAndBlock",
+ "severity": "Informational",
+ "description": "test",
+ "recommendedActions": "TEST",
+ "rbacGroupNames": [ "Group1", "Group2" ]
+ }
+ ...
]
}
```
diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection-new.md
index c0f03256f8..75c9bc7f08 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection-new.md
@@ -14,17 +14,14 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 12/08/2017
---
# Get user information API
+**Applies to:**
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
Retrieve a User entity by key (user name).
## Permissions
diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md
index 85086a77ec..a3597ff7ac 100644
--- a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection-new.md
@@ -101,7 +101,6 @@ Content-type: application/json
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
- "isAadJoined": true,
"aadDeviceId": "80fe8ff8-2624-418e-9591-41f0491218f9",
"machineTags": [ "test tag 1", "test tag 2" ]
},
@@ -120,7 +119,6 @@ Content-type: application/json
"rbacGroupId": 140,
"rbacGroupName": "The-A-Team",
"riskScore": "Low",
- "isAadJoined": false,
"aadDeviceId": null,
"machineTags": [ "test tag 1" ]
}
diff --git a/windows/security/threat-protection/windows-defender-atp/images/api-jwt-ms.png b/windows/security/threat-protection/windows-defender-atp/images/api-jwt-ms.png
new file mode 100644
index 0000000000..c8a117dffe
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/api-jwt-ms.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/api-tenant-id.png b/windows/security/threat-protection/windows-defender-atp/images/api-tenant-id.png
new file mode 100644
index 0000000000..ebac0b0e34
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/api-tenant-id.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission-readalerts.png b/windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission-readalerts.png
new file mode 100644
index 0000000000..2872b71881
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/webapp-add-permission-readalerts.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-app-id1.png b/windows/security/threat-protection/windows-defender-atp/images/webapp-app-id1.png
new file mode 100644
index 0000000000..4c058c2f93
Binary files /dev/null and b/windows/security/threat-protection/windows-defender-atp/images/webapp-app-id1.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/images/webapp-create.png b/windows/security/threat-protection/windows-defender-atp/images/webapp-create.png
index a091db0189..dea9d8493d 100644
Binary files a/windows/security/threat-protection/windows-defender-atp/images/webapp-create.png and b/windows/security/threat-protection/windows-defender-atp/images/webapp-create.png differ
diff --git a/windows/security/threat-protection/windows-defender-atp/initiate-autoir-investigation-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/initiate-autoir-investigation-windows-defender-advanced-threat-protection-new.md
new file mode 100644
index 0000000000..7e91cf5285
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-atp/initiate-autoir-investigation-windows-defender-advanced-threat-protection-new.md
@@ -0,0 +1,98 @@
+---
+title: Initiate machine investigation API
+description: Use this API to create calls related to initiating an investigation on a machine.
+keywords: apis, graph api, supported apis, initiate AutoIR investigation
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance
+ms.topic: article
+---
+
+# Initiate machine investigation API (Preview)
+**Applies to:**
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+> [!IMPORTANT]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+Initiate AutoIR investigation on a machine.
+
+>[!Note]
+> This page focuses on performing an automated investigation on a machine. See [Automated Investigation](automated-investigations-windows-defender-advanced-threat-protection.md) for more information.
+
+## Limitations
+1. The number of executions is limited (up to 5 calls per hour).
+2. For Automated Investigation limitations, see [Automated Investigation](automated-investigations-windows-defender-advanced-threat-protection.md).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+
+Permission type | Permission | Permission display name
+:---|:---|:---
+Application | Alert.ReadWrite.All | 'Read and write all alerts'
+Delegated (work or school account) | Alert.ReadWrite | 'Read and write alerts'
+
+>[!Note]
+> When obtaining a token using user credentials:
+>- The user needs to have at least the following role permission: 'Alerts Investigation' (See [Create and manage roles](user-roles-windows-defender-advanced-threat-protection.md) for more information)
+>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
+
+## HTTP request
+```
+POST https://api.securitycenter.windows.com/api/machines/{id}/InitiateInvestigation
+```
+
+## Request headers
+
+Name | Type | Description
+:---|:---|:---
+Authorization | String | Bearer {token}. **Required**.
+Content-Type | string | application/json. **Required**.
+
+## Request body
+In the request body, supply a JSON object with the following parameters:
+
+Parameter | Type | Description
+:---|:---|:---
+Comment | String | Comment to associate with the action. **Required**.
+
+## Response
+If successful, this method returns 200 OK response code with object that holds the investigation ID in the "value" parameter. If machine was not found - 404 Not Found.
+
+## Example
+
+**Request**
+
+Here is an example of the request.
+
+[!include[Improve request performance](improverequestperformance-new.md)]
+
+```
+POST https://api.securitycenter.windows.com/api/machines/fb9ab6be3965095a09c057be7c90f0a2/InitiateInvestigation
+Content-type: application/json
+{
+ "Comment": "Initiate an investigation on machine fb9ab6be3965095a09c057be7c90f0a2"
+}
+```
+
+**Response**
+
+Here is an example of the response.
+
+```
+HTTP/1.1 200 Created
+Content-type: application/json
+{
+ "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Edm.Int64",
+ "value": 5146
+}
+
+```
diff --git a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
index c1e9c27b9c..01fe090eca 100644
--- a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
@@ -57,7 +57,7 @@ When accessing [Windows Defender Security Center](https://SecurityCenter.Windows
1. Each time you access the portal you will need to validate that you are authorized to access the product. This **Set up your permissions** step will only be available if you are not currently authorized to access the product.
- 
+ 
Once the authorization step is completed, the **Welcome** screen will be displayed.
diff --git a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md
index 653407fdf7..d983539915 100644
--- a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md
@@ -15,7 +15,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 05/08/2018
---
# Create and manage machine groups in Windows Defender ATP
@@ -34,6 +33,9 @@ In Windows Defender ATP, you can create machine groups and use them to:
- Limit access to related alerts and data to specific Azure AD user groups with [assigned RBAC roles](rbac-windows-defender-advanced-threat-protection.md)
- Configure different auto-remediation settings for different sets of machines
+>[!TIP]
+> For a comprehensive look into RBAC application, read: [Is your SOC running flat with RBAC](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Is-your-SOC-running-flat-with-limited-RBAC/ba-p/320015).
+
As part of the process of creating a machine group, you'll:
- Set the automated remediation level for that group. For more information on remediation levels, see [Use Automated investigation to investigate and remediate threats](automated-investigations-windows-defender-advanced-threat-protection.md).
- Specify the matching rule that determines which machine group belongs to the group based on the machine name, domain, tags, and OS platform. If a machine is also matched to other groups, it is added only to the highest ranked machine group.
@@ -44,6 +46,7 @@ As part of the process of creating a machine group, you'll:
>A machine group is accessible to all users if you don’t assign any Azure AD groups to it.
+
## Create a machine group
1. In the navigation pane, select **Settings** > **Machine groups**.
diff --git a/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md
index 72b05d4072..40687ef4f7 100644
--- a/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/machine-windows-defender-advanced-threat-protection-new.md
@@ -14,10 +14,11 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 11/11/2018
---
# Machine resource type
+**Applies to:**
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
# Methods
@@ -35,18 +36,17 @@ Property | Type | Description
:---|:---|:---
id | String | [machine](machine-windows-defender-advanced-threat-protection-new.md) identity.
computerDnsName | String | [machine](machine-windows-defender-advanced-threat-protection-new.md) fully qualified name.
-firstSeen | DateTimeOffset | First date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by WDATP.
-lastSeen | DateTimeOffset | Last date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by WDATP.
+firstSeen | DateTimeOffset | First date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by Windows Defender ATP.
+lastSeen | DateTimeOffset | Last date and time where the [machine](machine-windows-defender-advanced-threat-protection-new.md) was observed by Windows Defender ATP.
osPlatform | String | OS platform.
osVersion | String | OS Version.
lastIpAddress | String | Last IP on local NIC on the [machine](machine-windows-defender-advanced-threat-protection-new.md).
lastExternalIpAddress | String | Last IP through which the [machine](machine-windows-defender-advanced-threat-protection-new.md) accessed the internet.
-agentVersion | String | Version of WDATP agent.
+agentVersion | String | Version of Windows Defender ATP agent.
osBuild | Nullable long | OS build number.
healthStatus | Enum | [machine](machine-windows-defender-advanced-threat-protection-new.md) health status. Possible values are: "Active", "Inactive", "ImpairedCommunication", "NoSensorData" and "NoSensorDataImpairedCommunication"
rbacGroupId | Int | RBAC Group ID.
rbacGroupName | String | RBAC Group Name.
-riskScore | Nullable Enum | Risk score as evaluated by WDATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
-isAadJoined | Nullable Boolean | Is [machine](machine-windows-defender-advanced-threat-protection-new.md) AAD joined.
+riskScore | Nullable Enum | Risk score as evaluated by Windows Defender ATP. Possible values are: 'None', 'Low', 'Medium' and 'High'.
aadDeviceId | Nullable Guid | AAD Device ID (when [machine](machine-windows-defender-advanced-threat-protection-new.md) is Aad Joined).
machineTags | String collection | Set of [machine](machine-windows-defender-advanced-threat-protection-new.md) tags.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md
index 29d142c046..c4f16727e0 100644
--- a/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/machineaction-windows-defender-advanced-threat-protection-new.md
@@ -20,7 +20,7 @@ ms.date: 12/08/2017
# MachineAction resource type
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prereleaseinformation](prerelease.md)]
@@ -35,7 +35,7 @@ Method|Return Type |Description
[Restrict app execution](restrict-code-execution-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Restrict application execution.
[Remove app restriction](unrestrict-code-execution-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Remove application execution restriction.
[Run antivirus scan](run-av-scan-windows-defender-advanced-threat-protection-new.md) | [Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Run an AV scan using Windows Defender (when applicable).
-[Offboard machine](offboard-machine-api-windows-defender-advanced-threat-protection-new.md)|[Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Offboard [machine](machine-windows-defender-advanced-threat-protection-new.md) from WDATP.
+[Offboard machine](offboard-machine-api-windows-defender-advanced-threat-protection-new.md)|[Machine Action](machineaction-windows-defender-advanced-threat-protection-new.md) | Offboard [machine](machine-windows-defender-advanced-threat-protection-new.md) from Windows Defender ATP.
# Properties
Property | Type | Description
diff --git a/windows/security/threat-protection/windows-defender-atp/machineactionsnote.md b/windows/security/threat-protection/windows-defender-atp/machineactionsnote.md
index fcbd68ecec..3f4a20dcbc 100644
--- a/windows/security/threat-protection/windows-defender-atp/machineactionsnote.md
+++ b/windows/security/threat-protection/windows-defender-atp/machineactionsnote.md
@@ -3,4 +3,4 @@ ms.date: 08/28/2017
author: zavidor
---
>[!Note]
-> This page focuses on performing a machine action via API. See [take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) for more information about response actions functionality via WDATP.
+> This page focuses on performing a machine action via API. See [take response actions on a machine](respond-machine-alerts-windows-defender-advanced-threat-protection.md) for more information about response actions functionality via Windows Defender ATP.
diff --git a/windows/security/threat-protection/windows-defender-atp/management-apis.md b/windows/security/threat-protection/windows-defender-atp/management-apis.md
index f28e7a6997..c0408e9e5f 100644
--- a/windows/security/threat-protection/windows-defender-atp/management-apis.md
+++ b/windows/security/threat-protection/windows-defender-atp/management-apis.md
@@ -61,7 +61,7 @@ Managed security service provider | Get a quick overview on managed security ser
## Related topics
- [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md)
- [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md)
-- [Use the Windows Defender ATP exposed APIs](use-apis.md)
+- [Windows Defender ATP Public API](use-apis.md)
- [Pull alerts to your SIEM tools](configure-siem-windows-defender-advanced-threat-protection.md)
- [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
- [Role-based access control](rbac-windows-defender-advanced-threat-protection.md)
diff --git a/windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md
index a228a7ad08..50855b0351 100644
--- a/windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/offboard-machine-api-windows-defender-advanced-threat-protection-new.md
@@ -14,16 +14,15 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 12/08/2017
---
# Offboard machine API
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prereleaseinformation](prerelease.md)]
-Offboard machine from WDATP.
+Offboard machine from Windows Defender ATP.
[!include[Machine actions note](machineactionsnote.md)]
diff --git a/windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md
index 52645783c6..1116788ea1 100644
--- a/windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/post-ti-indicator-windows-defender-advanced-threat-protection-new.md
@@ -1,7 +1,7 @@
---
-title: Submit or Update Ti Indicator API
-description: Use this API to submit or Update Ti Indicator.
-keywords: apis, graph api, supported apis, submit, ti, ti indicator, update
+title: Submit or Update Indicator API
+description: Use this API to submit or Update Indicator.
+keywords: apis, graph api, supported apis, submit, ti, indicator, update
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -17,32 +17,32 @@ ms.topic: article
ms.date: 12/08/2017
---
-# Submit or Update TI Indicator API
+# Submit or Update Indicator API
+
+**Applies to:**
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
>[!Note]
-> Currently this API is supported only for AppOnly context requests. (See [Get access without a user](exposed-apis-create-app-webapp.md) for more information)
+> Currently this API is supported only for AppOnly context requests. (See [Get access with application context](exposed-apis-create-app-webapp.md) for more information)
-**Applies to:**
-
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-- Submits or Updates new [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
+- Submits or Updates new [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Get started](apis-intro.md)
Permission type | Permission | Permission display name
:---|:---|:---
-Application | Ti.ReadWrite | 'Read and write TI Indicators'
+Application | Ti.ReadWrite | 'Read and write Indicators'
+Application | Ti.ReadWrite.All | 'Read and write All Indicators'
## HTTP request
```
-POST https://api.securitycenter.windows.com/api/tiindicators
+POST https://api.securitycenter.windows.com/api/indicators
```
[!include[Improve request performance](improverequestperformance-new.md)]
@@ -60,10 +60,10 @@ In the request body, supply a JSON object with the following parameters:
Parameter | Type | Description
:---|:---|:---
-indicator | String | Identity of the [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. **Required**
+indicatorValue | String | Identity of the [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity. **Required**
indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url". **Required**
action | Enum | The action that will be taken if the indicator will be discovered in the organization. Possible values are: "Alert", "AlertAndBlock", and "Allowed". **Required**
-title | String | TI indicator alert title. **Optional**
+title | String | Indicator alert title. **Optional**
expirationTime | DateTimeOffset | The expiration time of the indicator. **Optional**
severity | Enum | The severity of the indicator. possible values are: "Informational", "Low", "Medium" and "High". **Optional**
description | String | Description of the indicator. **Optional**
@@ -71,8 +71,8 @@ recommendedActions | String | TI indicator alert recommended actions. **Optional
## Response
-- If successful, this method returns 200 - OK response code and the created / updated [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity in the response body.
-- If not successful: this method return 400 - Bad Request / 409 - Conflict with the failure reason. Bad request usually indicates incorrect body and Conflict can happen if you try to submit a TI Indicator with existing indicator value but with different Indicator type or Action.
+- If successful, this method returns 200 - OK response code and the created / updated [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity in the response body.
+- If not successful: this method return 400 - Bad Request / 409 - Conflict with the failure reason. Bad request usually indicates incorrect body and Conflict can happen if you try to submit an Indicator that conflicts with an existing Indicator type or Action.
## Example
@@ -81,10 +81,10 @@ recommendedActions | String | TI indicator alert recommended actions. **Optional
Here is an example of the request.
```
-POST https://api.securitycenter.windows.com/api/tiindicators
+POST https://api.securitycenter.windows.com/api/indicators
Content-type: application/json
{
- "indicator": "220e7d15b0b3d7fac48f2bd61114db1022197f7f",
+ "indicatorValue": "220e7d15b0b3d7fac48f2bd61114db1022197f7f",
"indicatorType": "FileSha1",
"title": "test",
"expirationTime": "2020-12-12T00:00:00Z",
@@ -103,8 +103,8 @@ Here is an example of the response.
HTTP/1.1 200 OK
Content-type: application/json
{
- "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#MachineActions/$entity",
- "indicator": "220e7d15b0b3d7fac48f2bd61114db1022197f7f",
+ "@odata.context": "https://api.securitycenter.windows.com/api/$metadata#Indicators/$entity",
+ "indicatorValue": "220e7d15b0b3d7fac48f2bd61114db1022197f7f",
"indicatorType": "FileSha1",
"title": "test",
"creationTimeDateTimeUtc": "2018-10-24T10:54:23.2009016Z",
@@ -113,7 +113,8 @@ Content-type: application/json
"action": "AlertAndBlock",
"severity": "Informational",
"description": "test",
- "recommendedActions": "TEST"
+ "recommendedActions": "TEST",
+ "rbacGroupNames": []
}
```
diff --git a/windows/security/threat-protection/windows-defender-atp/prerelease.md b/windows/security/threat-protection/windows-defender-atp/prerelease.md
index c910af7f12..f3b45c2b5a 100644
--- a/windows/security/threat-protection/windows-defender-atp/prerelease.md
+++ b/windows/security/threat-protection/windows-defender-atp/prerelease.md
@@ -1,6 +1,6 @@
---
ms.date: 08/28/2017
---
->[!IMPORTANT]
+>[!IMPORTANT]
>Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
index a29f67c9e1..22a8c2fd31 100644
--- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
ms.topic: article
---
-# Pull Windows Defender ATP alerts using REST API
+# Pull Windows Defender ATP alerts using SIEM REST API
**Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md
index b3d7d901b7..5077e43d6c 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md
+++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md
@@ -18,22 +18,19 @@ ms.date: 09/03/2018
---
# Advanced hunting API
-**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
[!include[Prerelease information](prerelease.md)]
-
-
This API allows you to run programmatic queries that you are used to running from [Windows Defender ATP Portal](https://securitycenter.windows.com/hunting).
## Limitations
-This API is a beta version only and is currently restricted to the following actions:
-1. You can only run a query on data from the last 30 days
+1. You can only run a query on data from the last 30 days
2. The results will include a maximum of 10,000 rows
-3. The number of executions is limited (up to 15 calls per minute, 15 minutes of running time every hour and 4 hours of running time a day)
+3. The number of executions is limited (up to 15 calls per minute, 15 minutes of running time every hour and 4 hours of running time a day)
+4. The maximal execution time of a single request is 10 minutes.
## Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Windows Defender ATP APIs](apis-intro.md)
@@ -45,7 +42,7 @@ Delegated (work or school account) | AdvancedQuery.Read | 'Run advanced queries'
>[!Note]
> When obtaining a token using user credentials:
->- The user needs to have 'Global Admin' AD role (note: will be updated soon to 'View Data')
+>- The user needs to have 'View Data' AD role
>- The user needs to have access to the machine, based on machine group settings (See [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md) for more information)
## HTTP request
@@ -135,7 +132,7 @@ Content-Type: application/json
## Troubleshoot issues
-- Error: (403) Forbidden
+- Error: (403) Forbidden / (401) Unauthorized
If you get this error when calling Windows Defender ATP API, your token might not include the necessary permission.
diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md
index 88eb22a167..547b531909 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md
+++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md
@@ -19,7 +19,7 @@ ms.date: 09/24/2018
# Advanced Hunting using PowerShell
**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[!include[Prerelease information](prerelease.md)]
@@ -65,7 +65,7 @@ $aadToken = $response.access_token
where
- $tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant)
-- $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to WDATP)
+- $appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Windows Defender ATP)
- $appSecret: Secret of your AAD app
## Run query
diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md
index 2b39edf624..e823425018 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md
+++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md
@@ -65,7 +65,7 @@ aadToken = jsonResponse["access_token"]
where
- tenantId: ID of the tenant on behalf of which you want to run the query (i.e., the query will be run on the data of this tenant)
-- appId: ID of your AAD app (the app must have 'Run advanced queries' permission to WDATP)
+- appId: ID of your AAD app (the app must have 'Run advanced queries' permission to Windows Defender ATP)
- appSecret: Secret of your AAD app
## Run query
diff --git a/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md b/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md
index e7d1f84fe2..63f5cf2f30 100644
--- a/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md
+++ b/windows/security/threat-protection/windows-defender-atp/ti-indicator-windows-defender-advanced-threat-protection-new.md
@@ -1,7 +1,7 @@
---
-title: TiIndicator resource type
-description: TiIndicator entity description.
-keywords: apis, supported apis, get, TiIndicator, recent
+title: Indicator resource type
+description: Indicator entity description.
+keywords: apis, supported apis, get, TiIndicator, Indicator, recent
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -17,33 +17,33 @@ ms.topic: article
ms.date: 12/08/2017
---
-# TI(threat intelligence) Indicator resource type
+# Indicator resource type
-**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+**Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP)
[!include[Prereleaseinformation](prerelease.md)]
Method|Return Type |Description
:---|:---|:---
-[List TI Indicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) | [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) Collection | List [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities.
-[Get TI Indicator by ID](get-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) | [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Gets the requested [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
-[Submit TI Indicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md) | [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Submits [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
-[Delete TI Indicator](delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) | No Content | Deletes [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
+[List Indicators](get-ti-indicators-collection-windows-defender-advanced-threat-protection-new.md) | [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) Collection | List [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entities.
+[Submit Indicator](post-ti-indicator-windows-defender-advanced-threat-protection-new.md) | [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) | Submits [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
+[Delete Indicator](delete-ti-indicator-by-id-windows-defender-advanced-threat-protection-new.md) | No Content | Deletes [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
+- See the corresponding [page](https://securitycenter.windows.com/preferences2/custom_ti_indicators/files) in the portal:
# Properties
Property | Type | Description
:---|:---|:---
-indicator | String | Identity of the [TI Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
+indicatorValue | String | Identity of the [Indicator](ti-indicator-windows-defender-advanced-threat-protection-new.md) entity.
indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url"
-title | String | Ti indicator alert title.
+title | String | Indicator alert title.
creationTimeDateTimeUtc | DateTimeOffset | The date and time when the indicator was created.
createdBy | String | Identity of the user/application that submitted the indicator.
expirationTime | DateTimeOffset | The expiration time of the indicator
action | Enum | The action that will be taken if the indicator will be discovered in the organization. Possible values are: "Alert", "AlertAndBlock", and "Allowed"
severity | Enum | The severity of the indicator. possible values are: "Informational", "Low", "Medium" and "High"
description | String | Description of the indicator.
-recommendedActions | String | TI indicator alert recommended actions.
+recommendedActions | String | Indicator alert recommended actions.
+rbacGroupNames | List of strings | RBAC group names where the indicator is exposed. Empty list in case it exposed to all groups.
diff --git a/windows/security/threat-protection/windows-defender-atp/use-apis.md b/windows/security/threat-protection/windows-defender-atp/use-apis.md
index 20e1451805..9104f53a2b 100644
--- a/windows/security/threat-protection/windows-defender-atp/use-apis.md
+++ b/windows/security/threat-protection/windows-defender-atp/use-apis.md
@@ -1,7 +1,7 @@
---
-title: Use the Windows Defender Advanced Threat Protection APIs
+title: Windows Defender ATP Public API
description: Use the exposed data and actions using a set of progammatic APIs that are part of the Microsoft Intelligence Security Graph.
-keywords: apis, graph api, supported apis, actor, alerts, machine, user, domain, ip, file
+keywords: apis, api, wdatp, open api, windows defender atp api, public api, alerts, machine, user, domain, ip, file
search.product: eADQiWindows 10XVcnh
ms.prod: w10
ms.mktglfcycl: deploy
@@ -17,14 +17,15 @@ ms.topic: conceptual
ms.date: 11/28/2018
---
-# Use the Windows Defender ATP exposed APIs
+# Windows Defender ATP Public API
-**Applies to:**
-- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+**Applies to:** [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+
+> Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
## In this section
Topic | Description
:---|:---
-Create your app | Learn how to create an application to get programmatical access to Windows Defender ATP [on behalf of a user](exposed-apis-create-app-nativeapp.md) or [without a user](exposed-apis-create-app-webapp.md).
-Supported Windows Defender ATP APIs | Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. Examples include APIs for [alert resource type](alerts-windows-defender-advanced-threat-protection-new.md), [domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md), or even actions such as [isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md).
+[Windows Defender ATP API overview](apis-intro.md) | Learn how to access to Windows Defender ATP Public API and on which context.
+[Supported Windows Defender ATP APIs](exposed-apis-list.md) | Learn more about the individual supported entities where you can run API calls to and details such as HTTP request values, request headers and expected responses. Examples include APIs for [alert resource type](alerts-windows-defender-advanced-threat-protection-new.md), [domain related alerts](get-domain-related-alerts-windows-defender-advanced-threat-protection-new.md), or even actions such as [isolate machine](isolate-machine-windows-defender-advanced-threat-protection-new.md).
How to use APIs - Samples | Learn how to use Advanced hunting APIs and multiple APIs such as PowerShell. Other examples include [schedule advanced hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md) or [OData queries](exposed-apis-odata-samples.md).
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
index eba904da4b..ea42cb4313 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -10,7 +10,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.date: 11/15/2018
+ms.date: 03/15/2019
---
# Enable virtualization-based protection of code integrity
@@ -215,6 +215,7 @@ This field indicates whether the Windows Defender Credential Guard or HVCI servi
| **0.** | No services configured. |
| **1.** | If present, Windows Defender Credential Guard is configured. |
| **2.** | If present, HVCI is configured. |
+| **3.** | If present, System Guard Secure Launch is configured. |
#### SecurityServicesRunning
@@ -225,7 +226,7 @@ This field indicates whether the Windows Defender Credential Guard or HVCI servi
| **0.** | No services running. |
| **1.** | If present, Windows Defender Credential Guard is running. |
| **2.** | If present, HVCI is running. |
-
+| **3.** | If present, System Guard Secure Launch is running. |
#### Version
diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md
index 3baeb61f1b..a4846edc0d 100644
--- a/windows/whats-new/whats-new-windows-10-version-1803.md
+++ b/windows/whats-new/whats-new-windows-10-version-1803.md
@@ -135,7 +135,7 @@ Portions of the work done during the offline phases of a Windows update have bee
### Co-management
-Intune and System Center Configuration Manager policies have been added to enable hyrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management.
+Intune and System Center Configuration Manager policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management.
For more information, see [What's New in MDM enrollment and management](https://docs.microsoft.com/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1803)