From ea9265fdf553e2fd4cb64c5092d5b9d4c7b00bc0 Mon Sep 17 00:00:00 2001 From: Paul Ivey <47188956+PaulIvey@users.noreply.github.com> Date: Tue, 25 Aug 2020 16:46:45 +0100 Subject: [PATCH 01/14] Update troubleshoot-bitlocker.md Corrected the BitLocker-API event path to include "API" --- .../bitlocker/troubleshoot-bitlocker.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md index 88e28e59eb..a272579323 100644 --- a/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md +++ b/windows/security/information-protection/bitlocker/troubleshoot-bitlocker.md @@ -24,8 +24,8 @@ This article addresses common issues in BitLocker and provides guidelines to tro Open Event Viewer and review the following logs under Applications and Services logs\\Microsoft\\Windows: - **BitLocker-API**. Review the Management log, the Operational log, and any other logs that are generated in this folder. The default logs have the following unique names: - - Microsoft-Windows-BitLocker/BitLocker Operational - - Microsoft-Windows-BitLocker/BitLocker Management + - Microsoft-Windows-BitLocker-API/BitLocker Operational + - Microsoft-Windows-BitLocker-API/BitLocker Management - **BitLocker-DrivePreparationTool**. Review the Admin log, the **Operational log, and any other logs that are generated in this folder. The default logs have the following unique names: - Microsoft-Windows-BitLocker-DrivePreparationTool/Operational From 0d1f7e1ad7db5d78c554214a1e0917b0f9fa5f67 Mon Sep 17 00:00:00 2001 From: Jose Sua Date: Mon, 31 Aug 2020 14:09:34 -0700 Subject: [PATCH 02/14] Update event-4698.md --- .../security/threat-protection/auditing/event-4698.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md index 2742b717ce..d848e88861 100644 --- a/windows/security/threat-protection/auditing/event-4698.md +++ b/windows/security/threat-protection/auditing/event-4698.md @@ -62,6 +62,17 @@ This event generates every time a new scheduled task is created. ``` +>[!NOTE] +> Windows 10 Versions 1903 and above augments the event with these additional properties: +> Event Version 1. +> ***Event XML:*** +>``` +> 5066549580796854 +> 3932 +> 5304 +> 0 +> DESKTOP-Name + ***Required Server Roles:*** None. From 7d40b987e2c6626112b57510123b064bb132e7e7 Mon Sep 17 00:00:00 2001 From: Jose Sua Date: Mon, 31 Aug 2020 17:24:32 -0700 Subject: [PATCH 03/14] updating Events Updation changes to events 4699. 4700 and more --- .../security/threat-protection/auditing/event-4699.md | 11 +++++++++++ .../security/threat-protection/auditing/event-4700.md | 11 +++++++++++ .../security/threat-protection/auditing/event-4701.md | 11 +++++++++++ .../security/threat-protection/auditing/event-4702.md | 11 +++++++++++ 4 files changed, 44 insertions(+) diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md index 35eccf157c..48148e6246 100644 --- a/windows/security/threat-protection/auditing/event-4699.md +++ b/windows/security/threat-protection/auditing/event-4699.md @@ -62,6 +62,17 @@ This event generates every time a scheduled task was deleted. ``` +>[!NOTE] +> Windows 10 Versions 1903 and above augments the event with these additional properties: +> Event Version 1. +> ***Event XML:*** +>``` +> 5066549580796854 +> 3932 +> 5304 +> 0 +> DESKTOP-Name + ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md index 7de372086e..8d39b0e38d 100644 --- a/windows/security/threat-protection/auditing/event-4700.md +++ b/windows/security/threat-protection/auditing/event-4700.md @@ -62,6 +62,17 @@ This event generates every time a scheduled task is enabled. ``` +>[!NOTE] +> Windows 10 Versions 1903 and above augments the event with these additional properties: +> Event Version 1. +> ***Event XML:*** +>``` +> 5066549580796854 +> 3932 +> 5304 +> 0 +> DESKTOP-Name + ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md index efe36fcc4d..ef24c397fc 100644 --- a/windows/security/threat-protection/auditing/event-4701.md +++ b/windows/security/threat-protection/auditing/event-4701.md @@ -62,6 +62,17 @@ This event generates every time a scheduled task is disabled. ``` +>[!NOTE] +> Windows 10 Versions 1903 and above augments the event with these additional properties: +> Event Version 1. +> ***Event XML:*** +>``` +> 5066549580796854 +> 3932 +> 5304 +> 0 +> DESKTOP-Name + ***Required Server Roles:*** None. diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md index 4ae828770c..393a0619d6 100644 --- a/windows/security/threat-protection/auditing/event-4702.md +++ b/windows/security/threat-protection/auditing/event-4702.md @@ -62,6 +62,17 @@ This event generates every time scheduled task was updated/changed. ``` +>[!NOTE] +> Windows 10 Versions 1903 and above augments the event with these additional properties: +> Event Version 1. +> ***Event XML:*** +>``` +> 5066549580796854 +> 3932 +> 5304 +> 0 +> DESKTOP-Name + ***Required Server Roles:*** None. From ad603259ee215afd2a917f169c2159ebee54c199 Mon Sep 17 00:00:00 2001 From: Rick Munck <33725928+jmunck@users.noreply.github.com> Date: Thu, 3 Sep 2020 13:15:29 -0500 Subject: [PATCH 04/14] Update security-compliance-toolkit-10.md Added 2 new tools and updated for Edge v85 --- .../security-compliance-toolkit-10.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index 9e241156a8..92358767c9 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -45,11 +45,13 @@ The Security Compliance Toolkit consists of: - Microsoft 365 Apps for enterprise (Sept 2019) - Microsoft Edge security baseline - - Version 80 + - Version 85 - Tools - Policy Analyzer tool - Local Group Policy Object (LGPO) tool + - Set Object Security tool + - GPO to PolicyRules tool - Scripts - Baseline-ADImport.ps1 @@ -81,3 +83,15 @@ It can export local policy to a GPO backup. It can export the contents of a Registry Policy file to the “LGPO text” format that can then be edited, and can build a Registry Policy file from an LGPO text file. Documentation for the LGPO tool can be found on the [Microsoft Security Baselines blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/lgpo-exe-local-group-policy-object-utility-v1-0/ba-p/701045) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319). + +## What is the Set Object Security tool? + +SetObjectSecurity.exe enables you to set the security descriptor for just about any type of Windows securable object (files, directories, registry keys, event logs, services, SMB shares, etc). For file system and registry objects, you can choose whether to apply inheritance rules. You can also choose to output the security descriptor in a .reg-file-compatible representation of the security descriptor for a REG_BINARY registry value. + +Documentation for the Set Object Security tool can be found on the [Microsoft Security Baselines blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/new-amp-updated-security-tools/ba-p/1631613) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319). + +## What is the GPO to Policy Rules tool? + +Automate the conversion of GPO backups to Policy Analyzer .PolicyRules files and skip the GUI. GPO2PolicyRules is a command-line tool that is included with the Policy Analyzer download. + +Documentation for the GPO to PolicyRules tool can be found on the [Microsoft Security Baselines blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/new-amp-updated-security-tools/ba-p/1631613) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319). From 3a63dc6c6e9bb4b41c0e8be16568746ba78e537e Mon Sep 17 00:00:00 2001 From: Angela Robertson Date: Mon, 7 Sep 2020 16:18:27 -0700 Subject: [PATCH 05/14] Update md-app-guard-overview.md Link to App Guard for Office content --- .../md-app-guard-overview.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md index 9a278e3b9b..c36370bd51 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 03/28/2019 +ms.date: 09/07/2020 ms.reviewer: manager: dansimp ms.custom: asr @@ -18,7 +18,7 @@ ms.custom: asr **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Microsoft Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. +Microsoft Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete. The documentation that follows describes Application Guard for Edge. For more information about Application Guard for Office, see [this article] (https://docs.microsoft.com/microsoft-365/security/office-365-security/install-app-guard). ## What is Application Guard and how does it work? From 7ba35480216c631cbcebf73d465006ba658c04e7 Mon Sep 17 00:00:00 2001 From: Steven Hosking Date: Tue, 8 Sep 2020 11:01:27 +1000 Subject: [PATCH 06/14] Updated the Domain Controller requirements: added minimum hash, and public key. --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 8df0ef33bb..4c672e4433 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -76,10 +76,12 @@ Certificate authorities write CRL distribution points in certificates as they ar Windows Hello for Business enforces the strict KDC validation security feature, which imposes more restrictive criteria that must be met by the Key Distribution Center (KDC). When authenticating using Windows Hello for Business, the Windows 10 client validates the reply from the domain controller by ensuring all of the following are met: - The domain controller has the private key for the certificate provided. -- The root CA that issued the domain controller's certificate is in the device's **Trusted Root Certificate Authorities**. +- The root CA that issued the domain controller's certificate is in the device's **Trusted Root Certificate Authorities**. - Use the **Kerberos Authentication certificate template** instead of any other older template. - The domain controller's certificate has the **KDC Authentication** enhanced key usage. - The domain controller's certificate's subject alternate name has a DNS Name that matches the name of the domain. +- The domain controller's certificate's signature hash algorithm is **sha256**. +- The domain controller's certificate's public key is **RSA (2048 Bits)**. > [!Tip] From 9bb25fd7afd300c3994b6c8bbcdb7f546d12dbeb Mon Sep 17 00:00:00 2001 From: Caroline Gitonga Date: Tue, 8 Sep 2020 22:17:21 +0300 Subject: [PATCH 07/14] Update values for activity history regkeys --- ...ows-operating-system-components-to-microsoft-services.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index f378372d1d..956ca7dc78 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1458,15 +1458,15 @@ To turn this Off in the UI: -OR- -- Create a REG_DWORD registry setting named **EnableActivityFeed** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 2 (two)** +- Create a REG_DWORD registry setting named **EnableActivityFeed** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)** -and- -- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 2 (two)** +- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)** -and- -- Create a REG_DWORD registry setting named **UploadUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 2 (two)** +- Create a REG_DWORD registry setting named **UploadUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)** ### 18.23 Voice Activation From 02e5649f791b60038efa8e9dce66dda098cef6bd Mon Sep 17 00:00:00 2001 From: EfiKliger <45028856+EfiKliger@users.noreply.github.com> Date: Wed, 9 Sep 2020 10:22:02 +0300 Subject: [PATCH 08/14] Update indicator-file.md --- .../microsoft-defender-atp/indicator-file.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md index c3312ea5e8..d350f89d1c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-file.md @@ -37,7 +37,7 @@ It's important to understand the following prerequisites prior to creating indic - This feature is available if your organization uses Windows Defender Antivirus and Cloud-based protection is enabled. For more information, see [Manage cloud-based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). - The Antimalware client version must be 4.18.1901.x or later. -- Supported on machines on Windows 10, version 1703 or later. +- Supported on machines on Windows 10, version 1703 or later, Windows server 2016 and 2019. - To start blocking files, you first need to [turn the **Block or allow** feature on](advanced-features.md) in Settings. - This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. @@ -76,4 +76,4 @@ Files automatically blocked by an indicator won't show up in the file's Action c - [Create indicators](manage-indicators.md) - [Create indicators for IPs and URLs/domains](indicator-ip-domain.md) - [Create indicators based on certificates](indicator-certificates.md) -- [Manage indicators](indicator-manage.md) \ No newline at end of file +- [Manage indicators](indicator-manage.md) From 0df6975412c9f04cfb48d6a1c24176d6d7a4c041 Mon Sep 17 00:00:00 2001 From: EfiKliger <45028856+EfiKliger@users.noreply.github.com> Date: Wed, 9 Sep 2020 10:23:43 +0300 Subject: [PATCH 09/14] Update indicator-certificates.md --- .../microsoft-defender-atp/indicator-certificates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md b/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md index a60e510583..298cbcee39 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md +++ b/windows/security/threat-protection/microsoft-defender-atp/indicator-certificates.md @@ -38,7 +38,7 @@ It's important to understand the following requirements prior to creating indica - This feature is available if your organization uses Windows Defender Antivirus and Cloud-based protection is enabled. For more information, see [Manage cloud-based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). - The Antimalware client version must be 4.18.1901.x or later. -- Supported on machines on Windows 10, version 1703 or later. +- Supported on machines on Windows 10, version 1703 or later, Windows server 2016 and 2019. - The virus and threat protection definitions must be up-to-date. - This feature currently supports entering .CER or .PEM file extensions. From fbe924c652cd81dbff18bd4a4a767aa87eb158fc Mon Sep 17 00:00:00 2001 From: rogersoMS <44718379+rogersoMS@users.noreply.github.com> Date: Thu, 10 Sep 2020 21:34:13 +1000 Subject: [PATCH 10/14] Removed paragraph about Autopilot self-deploying mode Autopilot self-deploying mode is NOT supported on LTSC 2019 (1809) as this is below the minimum OS requirement of 1903, as per https://docs.microsoft.com/en-us/mem/autopilot/self-deploying#requirements:~:text=.%20Since%20Windows%2010%20Enterprise%202019,on%20Windows%2010%20Enterprise%202019%20LTSC Hence removing all mention of self-deploying mode as it's N/A for LTSC 2019 --- windows/whats-new/ltsc/whats-new-windows-10-2019.md | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 8c41f40e80..2bdf71d019 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -259,17 +259,6 @@ Using Intune, Autopilot now enables locking the device during provisioning durin You can also apply an Autopilot deployment profile to your devices using Microsoft Store for Business. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the Autopilot deployment profile you applied to the device. For more information, see [Manage Windows device deployment with Windows Autopilot Deployment](https://docs.microsoft.com/microsoft-store/add-profile-to-devices). -#### Windows Autopilot self-deploying mode - -Windows Autopilot self-deploying mode enables a zero touch device provisioning experience. Simply power on the device, plug it into the Ethernet, and the device is fully configured automatically by Windows Autopilot. - -This self-deploying capability removes the current need to have an end user interact by pressing the “Next” button during the deployment process. - -You can utilize Windows Autopilot self-deploying mode to register the device to an AAD tenant, enroll in your organization’s MDM provider, and provision policies and applications, all with no user authentication or user interaction required. - -To learn more about Autopilot self-deploying mode and to see step-by-step instructions to perform such a deployment, [Windows Autopilot self-deploying mode](https://docs.microsoft.com/windows/deployment/windows-autopilot/self-deploying). - - #### Autopilot Reset IT Pros can use Autopilot Reset to quickly remove personal files, apps, and settings. A custom login screen is available from the lock screen that enables you to apply original settings and management enrollment (Azure Active Directory and device management) so that devices are returned to a fully configured, known, IT-approved state and ready to use. For more information, see [Reset devices with Autopilot Reset](https://docs.microsoft.com/education/windows/autopilot-reset). From b35872fa3c2af038d30da3e59c83c23097ab73ef Mon Sep 17 00:00:00 2001 From: isbrahm <43386070+isbrahm@users.noreply.github.com> Date: Thu, 10 Sep 2020 10:56:34 -0700 Subject: [PATCH 11/14] Write full name for MEM --- windows/client-management/mdm/applicationcontrol-csp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md index ea0defab04..2c64c89cd9 100644 --- a/windows/client-management/mdm/applicationcontrol-csp.md +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.technology: windows author: ManikaDhiman ms.reviewer: jsuther1974 -ms.date: 05/21/2019 +ms.date: 09/10/2020 --- # ApplicationControl CSP @@ -266,7 +266,7 @@ The following is an example of Delete command: ## PowerShell and WMI Bridge Usage Guidance -The ApplicationControl CSP can also be managed locally from PowerShell or via SCCM's task sequence scripting by leveraging the [WMI Bridge Provider](https://docs.microsoft.com/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider). +The ApplicationControl CSP can also be managed locally from PowerShell or via Microsoft Endpoint Manager Configuration Manager's (MEMCM, formerly known as SCCM) task sequence scripting by leveraging the [WMI Bridge Provider](https://docs.microsoft.com/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider). ### Setup for using the WMI Bridge From 1666e629d3e0ee843a75d10a478e39a8c24aa3b6 Mon Sep 17 00:00:00 2001 From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com> Date: Fri, 11 Sep 2020 10:53:56 +0200 Subject: [PATCH 12/14] Update manage-updates-baselines-microsoft-defender-antivirus.md Updating Known issues of 4.18.2001.10 The preview did not render the Important section... :( --- ...-updates-baselines-microsoft-defender-antivirus.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md index 6fca122159..d01da6b4dc 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md @@ -226,7 +226,7 @@ Support phase: **Technical upgrade Support (Only)** * Support platform updates when TMP is redirected to network path * Platform and engine versions are added to [WDSI](https://www.microsoft.com/wdsi/defenderupdates) * extend Emergency signature update to [passive mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility) -* Fix 4.18.1911.10 hang +* Fix 4.18.1911.3 hang ### Known Issues [**Fixed**] devices utilizing [modern standby mode](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby) may experience a hang with the Windows Defender filter driver that results in a gap of protection. Affected machines appear to the customer as having not updated to the latest antimalware platform. @@ -234,14 +234,17 @@ Support phase: **Technical upgrade Support (Only)** > [!IMPORTANT] > This updates is needed by RS1 devices running lower version of the platform to support SHA2.
This update has reboot flag for systems that are experiencing the hang issue.
the This update is re-released in April 2020 and will not be superseded by newer updates to keep future availability.
+> [!IMPORTANT] +> This update is categorized as an "update" due to its reboot requirement and will only be offered with a [Windows Update](https://support.microsoft.com/help/4027667/windows-10-update) +
- November-2019 (Platform: 4.18.1911.2 | Engine: 1.1.16600.7) + November-2019 (Platform: 4.18.1911.3 | Engine: 1.1.16600.7) Security intelligence update version: **1.307.13.0** Released: **December 7, 2019** -Platform: **4.18.1911.2** +Platform: **4.18.1911.3** Engine: **1.1.17000.7** Support phase: **No support** @@ -253,7 +256,7 @@ Support phase: **No support** * add MRT logs to support files ### Known Issues -No known issues +When this update is installed, the device needs the jump package 4.10.2001.10 to be able to update to the latest platform version.
From f99c5574374ee58af534b140f1fe3fa9b696445c Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Fri, 11 Sep 2020 08:46:09 -0700 Subject: [PATCH 13/14] pencil edit --- .../threat-protection/security-compliance-toolkit-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md index 92358767c9..4941242b47 100644 --- a/windows/security/threat-protection/security-compliance-toolkit-10.md +++ b/windows/security/threat-protection/security-compliance-toolkit-10.md @@ -86,7 +86,7 @@ Documentation for the LGPO tool can be found on the [Microsoft Security Baseline ## What is the Set Object Security tool? -SetObjectSecurity.exe enables you to set the security descriptor for just about any type of Windows securable object (files, directories, registry keys, event logs, services, SMB shares, etc). For file system and registry objects, you can choose whether to apply inheritance rules. You can also choose to output the security descriptor in a .reg-file-compatible representation of the security descriptor for a REG_BINARY registry value. +SetObjectSecurity.exe enables you to set the security descriptor for just about any type of Windows securable object (files, directories, registry keys, event logs, services, SMB shares, etc.). For file system and registry objects, you can choose whether to apply inheritance rules. You can also choose to output the security descriptor in a .reg-file-compatible representation of the security descriptor for a REG_BINARY registry value. Documentation for the Set Object Security tool can be found on the [Microsoft Security Baselines blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/new-amp-updated-security-tools/ba-p/1631613) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319). From be6f95eeec73a81f1295698ca24b40ead6c3fb92 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Fri, 11 Sep 2020 08:52:25 -0700 Subject: [PATCH 14/14] pencil edits --- .../whats-new/ltsc/whats-new-windows-10-2019.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 2bdf71d019..bc3df55a6f 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -46,7 +46,7 @@ This version of Window 10 includes security improvements for threat protection, #### Windows Defender ATP -The Windows Defender Advanced Threat Protection ([Windows Defender ATP](/windows/security/threat-protection/index)) platform inludes the security pillars shown in the following diagram. In this version of Windows, Windows Defender ATP includes powerful analytics, security stack integration, and centralized management for better detection, prevention, investigation, response, and management. +The Windows Defender Advanced Threat Protection ([Windows Defender ATP](/windows/security/threat-protection/index)) platform includes the security pillars shown in the following diagram. In this version of Windows, Windows Defender ATP includes powerful analytics, security stack integration, and centralized management for better detection, prevention, investigation, response, and management. ![Windows Defender ATP](../images/wdatp.png) @@ -99,7 +99,7 @@ Endpoint detection and response is improved. Enterprise customers can now take a - Upgraded detections of ransomware and other advanced attacks. - Historical detection capability ensures new detection rules apply to up to six months of stored data to detect previous attacks that might not have been noticed. - **Threat reponse** is improved when an attack is detected, enabling immediate action by security teams to contain a breach: + **Threat response** is improved when an attack is detected, enabling immediate action by security teams to contain a breach: - [Take response actions on a machine](/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection) - Quickly respond to detected attacks by isolating machines or collecting an investigation package. - [Take response actions on a file](/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection) - Quickly respond to detected attacks by stopping and quarantining files or blocking a file. @@ -185,7 +185,7 @@ Improvements have been added are to Windows Hello for Business and Credential Gu New features in Windows Hello enable a better device lock experience, using multifactor unlock with new location and user proximity signals. Using Bluetooth signals, you can configure your Windows 10 device to automatically lock when you walk away from it, or to prevent others from accessing the device when you are not present. -New features in [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification.md) inlcude: +New features in [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification.md) include: - You can now reset a forgotten PIN without deleting company managed data or apps on devices managed by [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). - For Windows Phone devices, an administrator is able to initiate a remote PIN reset through the Intune portal. - For Windows desktops, users are able to reset a forgotten PIN through **Settings > Accounts > Sign-in options**. For more details, check out [What if I forget my PIN?](/windows/security/identity-protection/hello-for-business/hello-features#pin-reset). @@ -208,7 +208,7 @@ Windows Defender Credential Guard has always been an optional feature, but Windo For more information, see [Credential Guard Security Considerations](/windows/access-protection/credential-guard/credential-guard-requirements#security-considerations). -### Other security improvments +### Other security improvements #### Windows security baselines @@ -402,7 +402,7 @@ If you wish to take advantage of [Kiosk capabilities in Edge](https://docs.micro ### Co-management -Intune and Microsoft Endpoint Configuration Manager policies have been added to enable hyrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management. +Intune and Microsoft Endpoint Configuration Manager policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management. For more information, see [What's New in MDM enrollment and management](https://docs.microsoft.com/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1803) @@ -445,7 +445,7 @@ Windows Update for Business now provides greater control over updates, with the The pause feature has been changed, and now requires a start date to set up. Users are now able to pause through **Settings > Update & security > Windows Update > Advanced options** in case a policy has not been configured. We have also increased the pause limit on quality updates to 35 days. You can find more information on pause in [Pause Feature Updates](/windows/deployment/update/waas-configure-wufb#pause-feature-updates) and [Pause Quality Updates](/windows/deployment/update/waas-configure-wufb#pause-quality-updates). -Windows Update for Business managed devices are now able to defer feature update installation by up to 365 days (it used to be 180 days). In settings, users are able to select their branch readiness level and update deferal periods. See [Configure devices for Current Branch (CB) or Current Branch for Business (CBB)](/windows/deployment/update/waas-configure-wufb#configure-devices-for-current-branch-or-current-branch-for-business), [Configure when devices receive Feature Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-feature-updates) and [Configure when devices receive Quality Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-quality-updates) for details. +Windows Update for Business managed devices are now able to defer feature update installation by up to 365 days (it used to be 180 days). In settings, users are able to select their branch readiness level and update deferral periods. See [Configure devices for Current Branch (CB) or Current Branch for Business (CBB)](/windows/deployment/update/waas-configure-wufb#configure-devices-for-current-branch-or-current-branch-for-business), [Configure when devices receive Feature Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-feature-updates) and [Configure when devices receive Quality Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-quality-updates) for details. WUfB now has additional controls available to manage Windows Insider Program enrollment through policies. For more information, see [Manage Windows Insider Program flights](https://docs.microsoft.com/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-windows-insider-preview-builds). @@ -454,7 +454,7 @@ Windows Update for Business now provides greater control over updates, with the The pause feature has been changed, and now requires a start date to set up. Users are now able to pause through **Settings > Update & security > Windows Update > Advanced options** in case a policy has not been configured. We have also increased the pause limit on quality updates to 35 days. You can find more information on pause in [Pause Feature Updates](/windows/deployment/update/waas-configure-wufb#pause-feature-updates) and [Pause Quality Updates](/windows/deployment/update/waas-configure-wufb#pause-quality-updates). -Windows Update for Business managed devices are now able to defer feature update installation by up to 365 days (it used to be 180 days). In settings, users are able to select their branch readiness level and update deferal periods. See [Configure devices for Current Branch (CB) or Current Branch for Business (CBB)](/windows/deployment/update/waas-configure-wufb#configure-devices-for-current-branch-or-current-branch-for-business), [Configure when devices receive Feature Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-feature-updates) and [Configure when devices receive Quality Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-quality-updates) for details. +Windows Update for Business managed devices are now able to defer feature update installation by up to 365 days (it used to be 180 days). In settings, users are able to select their branch readiness level and update deferral periods. See [Configure devices for Current Branch (CB) or Current Branch for Business (CBB)](/windows/deployment/update/waas-configure-wufb#configure-devices-for-current-branch-or-current-branch-for-business), [Configure when devices receive Feature Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-feature-updates) and [Configure when devices receive Quality Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-quality-updates) for details. WUfB now has additional controls available to manage Windows Insider Program enrollment through policies. For more information, see [Manage Windows Insider Program flights](https://docs.microsoft.com/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-windows-insider-preview-builds).