deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 15003: TIMNA public preview updates

Browse Source
This commit is contained in:
Dolcita Montemayor 2019-03-28 18:23:11 +00:00
commit f32735c20f
84 changed files with 449 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
browsers/enterprise-mode/add-employees-enterprise-mode-portal.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to add employees to the Enterprise Mode Site List Portal.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c
title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2).
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26
title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/administrative-templates-and-ie11.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: security
description: Administrative templates and Internet Explorer 11
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3
title: Administrative templates and Internet Explorer 11 (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

4
browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md
View File

@ -6,8 +6,8 @@ ms.prod: ie11
ms.mktglfcycl: deploy
ms.pagetype: appcompat
ms.sitesec: library
author: eross-msft
ms.author: lizross
author: jdeckerms
ms.author: dougkim
ms.date: 08/14/2017
ms.localizationpriority: low
---

2
browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
View File

@ -2,7 +2,7 @@
ms.localizationpriority: low
ms.mktglfcycl: deploy
description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
title: Collect data using Enterprise Site Discovery

2
browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to create a change request within the Enterprise Mode Site List Portal.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
description: Delete a single site from your global Enterprise Mode site list.
ms.pagetype: appcompat
ms.mktglfcycl: deploy
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a
title: Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea
title: Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the topics in this section to learn how to set up and use Enterprise Mode, Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal for your company.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e
title: Enterprise Mode for Internet Explorer 11 (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 7 or Windows 8.1 Update.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 17c61547-82e3-48f2-908d-137a71938823
title: Enterprise Mode schema v.1 guidance (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d
title: Export your Enterprise Mode site list from the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to clear all of the sites from your global Enterprise Mode site list.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 90f38a6c-e0e2-4c93-9a9e-c425eca99e97
title: Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to remove sites from a local compatibility view list.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9
title: Remove sites from a local compatibility view list (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to remove sites from a local Enterprise Mode site list.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2
title: Remove sites from a local Enterprise Mode site list (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a
title: Save your site list to XML in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: Schedule approved change requests for production using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Search to see if a specific site already appears in your global Enterprise Mode site list.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9
title: Search your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Set up and turn on Enterprise Mode logging and data collection in your organization.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
title: Set up Enterprise Mode logging and data collection (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/set-up-enterprise-mode-portal.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to set up the Enterprise Mode Site List Portal for your organization.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
browsers/enterprise-mode/turn-off-enterprise-mode.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: How to turn Enteprrise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3
title: Turn off Enterprise Mode (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Turn on local user control and logging for Enterprise Mode.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 6622ecce-24b1-497e-894a-e1fd5a8a66d1
title: Turn on local control and logging for Enterprise Mode (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Manager.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
title: Use the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/using-enterprise-mode.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: security
description: Use this section to learn about how to turn on and use IE7 Enterprise Mode or IE8 Enterprise Mode.
author: eross-msft
author: jdeckerms
ms.prod: ie11
ms.assetid: 238ead3d-8920-429a-ac23-02f089c4384a
title: Using IE7 Enterprise Mode or IE8 Enterprise Mode (Internet Explorer 11 for IT Pros)

2
browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to make sure your change request info is accurate within the pre-production environment of the Enterprise Mode Site List Portal.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how the Requester makes sure that the change request update is accurate within the production environment using the Enterprise Mode Site List Portal.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: Verify the change request update in the production environment using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md
View File

@ -3,7 +3,7 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to view the active Enterprise Mode Site List from the Enterprise Mode Site List Portal.
author: eross-msft
author: jdeckerms
ms.prod: ie11
title: View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library

2
devices/surface/surface-system-sku-reference.md
View File

@ -14,7 +14,7 @@ ms.date: 03/20/2019
# System SKU reference
This document provides a reference of System Model and System SKU names that you can use to quickly determine the machine state of a specific device using PowerShell, WMI,
This document provides a reference of System Model and System SKU names that you can use to quickly determine the machine state of a specific device using PowerShell or WMI.
System Model and System SKU are variables stored in System Management BIOS (SMBIOS) tables in the UEFI layer of Surface devices. The System SKU name is required to differentiate between devices with the same System Model name, such as Surface Pro and Surface Pro with LTE Advanced.

2
mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md
View File

@ -60,7 +60,7 @@ UE-V will roam the Outlook 2010 signature files between devices. However, the de
### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
We recommend that you install the 64-bit version of Microsoft Office for modern computers. To determine which version you you need, [click here](https://support.office.com/article/choose-between-the-64-bit-or-32-bit-version-of-office-2dee7807-8f95-4d0c-b5fe-6c6f49b8d261?ui=en-US&rs=en-US&ad=US#32or64Bit=Newer_Versions).
We recommend that you install the 64-bit version of Microsoft Office for modern computers. To determine which version you need, [click here](https://support.office.com/article/choose-between-the-64-bit-or-32-bit-version-of-office-2dee7807-8f95-4d0c-b5fe-6c6f49b8d261?ui=en-US&rs=en-US&ad=US#32or64Bit=Newer_Versions). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
**WORKAROUND:** None

2
windows/application-management/app-v/appv-about-appv.md
View File

@ -1,7 +1,7 @@
---
title: What's new in App-V for Windows 10, version 1703 and earlier (Windows 10)
description: Information about what's new in App-V for Windows 10, version 1703 and earlier.
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-auto-batch-sequencing.md
View File

@ -1,7 +1,7 @@
---
title: Automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
description: How to automatically sequence multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer).
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-auto-batch-updating.md
View File

@ -1,7 +1,7 @@
---
title: Automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
description: How to automatically update multiple apps at the same time using Microsoft Application Virtualization Sequencer (App-V Sequencer).
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-auto-clean-unpublished-packages.md
View File

@ -1,7 +1,7 @@
---
title: Automatically clean up unpublished packages on the App-V client (Windows 10)
description: How to automatically clean up any unpublished packages on your App-V client devices.
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-auto-provision-a-vm.md
View File

@ -1,7 +1,7 @@
---
title: Automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
description: How to automatically provision your sequencing environment using Microsoft Application Virtualization Sequencer (App-V Sequencer) PowerShell cmdlet or the user interface.
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-available-mdm-settings.md
View File

@ -1,7 +1,7 @@
---
title: Available Mobile Device Management (MDM) settings for App-V (Windows 10)
description: A list of the available MDM settings for App-V on Windows 10.
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-create-and-use-a-project-template.md
View File

@ -1,7 +1,7 @@
---
title: Create and apply an App-V project template to a sequenced App-V package (Windows 10)
description: Steps for how to create and apply an App-V project template (.appvt) to a sequenced App-V package.
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
View File

@ -1,7 +1,7 @@
---
title: Release Notes for App-V for Windows 10, version 1703 (Windows 10)
description: A list of known issues and workarounds for App-V running on Windows 10, version 1703.
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
View File

@ -1,7 +1,7 @@
---
title: Release Notes for App-V for Windows 10, version 1607 (Windows 10)
description: A list of known issues and workarounds for App-V running on Windows 10, version 1607.
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/application-management/app-v/appv-sequence-a-new-application.md
View File

@ -1,7 +1,7 @@
---
title: Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10)
description: How to manually sequence a new app using the App-V Sequencer
author: eross-msft
author: jdeckerms
ms.pagetype: mdop, appcompat, virtualization
ms.mktglfcycl: deploy
ms.sitesec: library

2
windows/client-management/mdm/policy-csp-authentication.md
View File

@ -296,6 +296,8 @@ Added in Windows 10, version 1607. Allows secondary authentication devices to w
The default for this policy must be on for consumer devices (defined as local or Microsoft account connected device) and off for enterprise devices (such as cloud domain-joined, cloud domain-joined in an on-premises only environment, cloud domain-joined in a hybrid environment, and BYOD).
In the next major release of Windows 10, the default for this policy for consumer devices will be changed to off. This will only affect users that have not already set up a secondary authentication device.
<!--/Description-->
<!--ADMXMapped-->
ADMX Info:

14
windows/client-management/mdm/policy-csp-restrictedgroups.md
View File

@ -113,8 +113,14 @@ Here is an example:
```
<groupmembership>
<accessgroup desc="Group SID for Administrators">
<member name = "S-188-5-5666-5-688"/>
<accessgroup desc="Administrators">
<member name="AzureAD\CSPTest@contoso.com" />
<member name="CSPTest22306\administrator" />
<member name = "AzureAD\patlewis@contoso.com" />
</accessgroup>
<accessgroup desc = "testcsplocal">
<member name = "CSPTEST22306\patlewis" />
<member name = "AzureAD\CSPTest@contoso.com" />
</accessgroup>
</groupmembership>
```
@ -125,6 +131,10 @@ Here is an example:
<!--/Policy-->
<hr/>
Take note:
* You must include the local administrator in the administrators group or the policy will fail
* Include the entire UPN after AzureAD
Footnote:
- 1 - Added in Windows 10, version 1607.

4
windows/configuration/cortana-at-work/cortana-at-work-crm.md
View File

@ -4,9 +4,9 @@ description: How to set up Cortana to help your salespeople get proactive insigh
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-feedback.md
View File

@ -4,9 +4,9 @@ description: How to send feedback to Microsoft about Cortana at work.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-o365.md
View File

@ -4,9 +4,9 @@ description: How to connect Cortana to Office 365 so your employees are notified
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
View File

@ -4,9 +4,9 @@ description: The list of Group Policy and mobile device management (MDM) policy
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
View File

@ -4,9 +4,9 @@ description: How to integrate Cortana with Power BI to help your employees get a
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
View File

@ -4,9 +4,9 @@ description: A test scenario walking you through signing in and managing the not
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
View File

@ -4,9 +4,9 @@ description: A test scenario about how to perform a quick search with Cortana at
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
View File

@ -4,9 +4,9 @@ description: A test scenario about how to set a location-based reminder using Co
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
View File

@ -4,9 +4,9 @@ description: A test scenario about how to use Cortana at work to find your upcom
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
View File

@ -4,9 +4,9 @@ description: A test scenario about how to use Cortana at work to send email to a
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
View File

@ -4,9 +4,9 @@ description: A test scenario about how to use Cortana with the Suggested reminde
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
View File

@ -4,9 +4,9 @@ description: An optional test scenario about how to use Cortana at work with Win
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
View File

@ -4,9 +4,9 @@ description: A list of suggested testing scenarios that you can use to test Cort
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

4
windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
View File

@ -4,9 +4,9 @@ description: How to create voice commands that use Cortana to perform voice-enab
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.author: lizross
ms.author: dougkim
ms.date: 10/05/2017
---

2
windows/configuration/manage-wifi-sense-in-enterprise.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: mobile
author: eross-msft
author: jdeckerms
ms.localizationpriority: medium
ms.date: 05/02/2018
ms.topic: article

2
windows/configuration/set-up-shared-or-guest-pc.md
View File

@ -187,7 +187,7 @@ On a desktop computer, navigate to **Settings** &gt; **Accounts** &gt; **Work ac
## Guidance for accounts on shared PCs
* We recommend no local admin accounts on the PC to improve the reliability and security of the PC.
* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account managment happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will also be deleted automatically at sign out.
* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account managment happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign out.
* On a Windows PC joined to Azure Active Directory:
* By default, the account that joined the PC to Azure AD will have an admin account on that PC. Global administrators for the Azure AD domain will also have admin accounts on the PC.
* With Azure AD Premium, you can specify which accounts have admin accounts on a PC using the **Additional administrators on Azure AD Joined devices** setting on the Azure portal.

2
windows/deployment/planning/act-technical-reference.md
View File

@ -6,7 +6,7 @@ ms.prod: w10
ms.mktglfcycl: plan
ms.pagetype: appcompat
ms.sitesec: library
author: eross-msft
author: jdeckerms
ms.date: 04/19/2017
ms.topic: article
---

19
windows/hub/release-information.md
View File

@ -11,24 +11,15 @@ author: lizap
ms.author: elizapo
ms.localizationpriority: high
---
# Windows 10 - Release information
# Windows 10 release information
>[!IMPORTANT]
> The URL for the release information page has changed - update your bookmark!
Feature updates for Windows 10 are released twice a year, targeting March and September, via the Semi-Annual Channel (SAC) and will be serviced with monthly quality updates for 18 months from the date of the release. We recommend that you begin deployment of each SAC release immediately to devices selected for early adoption and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible.
Microsoft has updated its servicing model. The Semi-Annual Channel (SAC) offers twice-per-year feature updates that release around March and September, with an 18-month servicing period for each release. Starting with Windows 10, version 1809, feature updates for Windows 10 Enterprise and Education editions with a targeted release month of September will be serviced for 30 months from their release date (more information can be found [here](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop/)).
Starting with Windows 10, version 1809, feature updates for Windows 10 Enterprise and Education editions with a targeted release month of September will be serviced for 30 months from their release date. For information about servicing timelines, see the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853).
If you are not using Windows Update for Business today, “Semi-Annual Channel (Targeted)” (SAC-T) has no impact on your devices (more information can be found [here](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-and-the-disappearing-SAC-T/ba-p/199747)), and we recommend you begin deployment of each Semi-Annual Channel release right away to devices selected for early adoption and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible.
>[!NOTE]
>If you are not using Windows Update for Business today, the "Semi-Annual Channel (Targeted)" servicing option has no impact on when your devices will be updated. It merely reflects a milestone for the semi-annual release, the period of time during which Microsoft recommends that your IT team make the release available to specific, "targeted" devices for the purpose of validating and generating data in order to get to a broad deployment decision. For more information, see [this blog post](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523).
If you are using Windows Update for Business today, refer to the table below to understand when your device will be updated, based on which deferral period you have configured, SAC -T or SAC.
**Notice: November 13, 2018:** All editions of Windows 10 October 2018 Update, version 1809, for Windows client and server have resumed. Customers currently running Windows 10, version 1809, will receive build 17763.134 as part of our regularly scheduled Update Tuesday servicing in November. If you update to the Window 10, version 1809, feature update you will receive build 17763.107. On the next automatic scan for updates, youll be taken to the latest cumulative update (build 17763.134 or higher).
November 13 marks the revised start of the servicing timeline for the Semi-Annual Channel ("Targeted") and Long-Term Servicing Channel (LTSC) release for Windows 10, version 1809, Windows Server 2019, and Windows Server, version 1809.
For information about the re-release and updates to the support lifecycle, refer to [John Cable's blog](https://blogs.windows.com/windowsexperience/2018/10/09/updated-version-of-windows-10-october-2018-update-released-to-windows-insiders/), [Windows 10 Update History](https://support.microsoft.com/help/4464619), and the [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853).
<br>
<div class="m-rich-content-block" data-grid="col-12">
<div id="winrelinfo" xmlns="http://www.w3.org/1999/xhtml"><iframe width="100%" height="866px" id="winrelinfo_iframe" src="https://winreleaseinfoprod.blob.core.windows.net/winreleaseinfoprod/en-US.html" frameborder="0" marginwidth="0" marginheight="0" scrolling="auto"></iframe></div>

2
windows/security/information-protection/tpm/manage-tpm-lockout.md
View File

@ -83,7 +83,7 @@ For information about mitigating dictionary attacks that use the lockout setting
## Use the TPM cmdlets
You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](https://technet.microsoft.com/library/jj603116.aspx).
You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/powershell/module/trustedplatformmodule/).
## Related topics

14
windows/security/threat-protection/TOC.md
View File

@ -127,10 +127,10 @@
### [Configure and manage capabilities](windows-defender-atp/onboard.md)
#### [Configure attack surface reduction](windows-defender-atp/configure-attack-surface-reduction.md)
####Hardware-based isolation
##### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
##### [Application isolation](windows-defender-application-guard/install-wd-app-guard.md)
###### [Configuration settings](windows-defender-application-guard/configure-wd-app-guard.md)
#####Hardware-based isolation
###### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md)
###### [Application isolation](windows-defender-application-guard/install-wd-app-guard.md)
####### [Configuration settings](windows-defender-application-guard/configure-wd-app-guard.md)
##### [Application control](windows-defender-application-control/windows-defender-application-control.md)
##### Device control
###### [Control USB devices](device-control/control-usb-devices-using-intune.md)
@ -139,7 +139,6 @@
######## [Hardware qualifications](windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
######## [Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
##### [Exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md)
###### [Customize exploit protection](windows-defender-exploit-guard/customize-exploit-protection.md)
###### [Import/export configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
##### [Network protection](windows-defender-exploit-guard/enable-network-protection.md)
##### [Controlled folder access](windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
@ -388,8 +387,8 @@
#####Rules
###### [Manage suppression rules](windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md)
###### [Manage automation allowed/blocked](windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
###### [Manage allowed/blocked](windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
###### [Manage automation allowed/blocked lists](windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
###### [Manage allowed/blocked lists](windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
###### [Manage automation file uploads](windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
###### [Manage automation folder exclusions](windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
@ -414,6 +413,7 @@
####Troubleshoot attack surface reduction
##### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md)
##### [Attack surface reduction rules](windows-defender-exploit-guard/troubleshoot-asr.md)
##### [Collect diagnostic data for files](windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md)
#### [Troubleshoot next generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)

1
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
View File

@ -35,7 +35,6 @@ Microsoft Defender ATP for Mac system requirements:
- macOS version: 10.14 (Mojave), 10.13 (High Sierra), 10.12 (Sierra)
- Disk space during preview: 1GB
- The following URLs must be accessible from the Mac device:
- ```https://fresno.blob.core.windows.net/preview/macos/wdav.pkg ```<br>
- ```https://cdn.x.cp.wd.microsoft.com/ ```<br>
- ```https://eu-cdn.x.cp.wd.microsoft.com/ ```<br>
- ```https://wu-cdn.x.cp.wd.microsoft.com/ ``` <br>

7
windows/security/threat-protection/windows-defender-atp/TOC.md
View File

@ -136,7 +136,6 @@
####### [Hardware qualifications](../windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md)
####### [Enable HVCI](../windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md)
#### [Exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md)
##### [Customize exploit protection](../windows-defender-exploit-guard/customize-exploit-protection.md)
##### [Import/export configurations](../windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md)
#### [Network protection](../windows-defender-exploit-guard/enable-network-protection.md)
#### [Controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md)
@ -375,8 +374,8 @@
####Rules
##### [Manage suppression rules](manage-suppression-rules-windows-defender-advanced-threat-protection.md)
##### [Manage automation allowed/blocked](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
##### [Manage allowed/blocked](manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
##### [Manage allowed/blocked lists](manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
##### [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
##### [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)
@ -403,5 +402,7 @@
###Troubleshoot attack surface reduction
#### [Network protection](../windows-defender-exploit-guard/troubleshoot-np.md)
#### [Attack surface reduction rules](../windows-defender-exploit-guard/troubleshoot-asr.md)
#### [Collect diagnostic data for files](../windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md)
### [Troubleshoot next generation protection](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md)

2
windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
View File

@ -43,7 +43,7 @@ For tenants created on or after Windows 10, version 1809 the automated investiga
## Block file
This feature is only available if your organization uses Windows Defender Antivirus as the active antimalware solution and that the cloud-based protection feature is enabled.
This feature is only available if your organization uses Windows Defender Antivirus as the active antimalware solution and that the cloud-based protection feature is enabled, see [Block files in your network](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection#block-files-in-your-network) for more details.
If your organization satisfies these conditions, the feature is enabled by default. This feature enables you to block potentially malicious files in your network. This operation will prevent it from being read, written, or executed on machines in your organization.

5
windows/security/threat-protection/windows-defender-atp/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md
View File

@ -44,6 +44,11 @@ A reinstalled or renamed machine will generate a new machine entity in Windows D
**Machine was offboarded**</br>
If the machine was offboarded it will still appear in machines list. After 7 days, the machine health state should change to inactive.
**Machine is not sending signals**
If the machine is not sending any signals for more than 7 days to any of the Windows Defender ATP channels for any reason including conditions that fall under misconfigured machines classification, a machine can be considered inactive.
Do you expect a machine to be in Active status? [Open a support ticket ticket](https://support.microsoft.com/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561).
## Misconfigured machines

5
windows/security/threat-protection/windows-defender-atp/manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md
View File

@ -55,6 +55,11 @@ On the top navigation you can:
5. Review the details in the Summary tab, then click **Save**.
>[!NOTE]
>Blocking IPs, domains, or URLs is currently available on limited preview only. This requires sending your custom list to [network protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection) to be enforeced. While the option is not yet generally available, it will only be used when identified during an investigation.
## Manage indicators
1. In the navigation pane, select **Settings** > **Allowed/blocked list**.

4
windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md
View File

@ -15,14 +15,11 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.date: 06/14/2018
---
# Manage automation allowed/blocked lists
**Applies to:**
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
@ -70,4 +67,5 @@ You can define the conditions for when entities are identified as malicious or s
## Related topics
- [Manage automation file uploads](manage-automation-file-uploads-windows-defender-advanced-threat-protection.md)
- [Manage allowed/blocked lists](manage-allowed-blocked-list-windows-defender-advanced-threat-protection.md)
- [Manage automation folder exclusions](manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md)

11
windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
View File

@ -11,6 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
ms.date: 03/26/2018
---
# Reduce attack surfaces with attack surface reduction rules
@ -235,6 +236,16 @@ SCCM name: Not applicable
GUID: 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c
## Review attack surface reduction events in Windows Event Viewer
You can review the Windows event log to see events that are created when attack surface rules block (or audit) an app:
Event ID | Description
5007 | Event when settings are changed
1121 | Event when an attack surface reduction rule fires in audit mode
1122 | Event when an attack surface reduction rule fires in block mode
## Related topics
- [Enable attack surface reduction rules](enable-attack-surface-reduction.md)

8
windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md
View File

@ -40,10 +40,10 @@ You can use Group Policy, PowerShell, and configuration service providers (CSPs)
Audit options | How to enable audit mode | How to view events
- | - | -
Audit applies to all events | [Enable controlled folder access](enable-controlled-folders-exploit-guard.md#enable-and-audit-controlled-folder-access) | [Controlled folder access events](controlled-folders-exploit-guard.md#review-controlled-folder-access-events-in-windows-event-viewer)
Audit applies to individual rules | [Enable attack surface reduction rules](enable-attack-surface-reduction.md) | [Attack surface reduction rule events](attack-surface-reduction-exploit-guard.md)
Audit applies to all events | [Enable network protection](enable-network-protection.md#enable-and-audit-network-protection) | [Network protection events](network-protection-exploit-guard.md#review-network-protection-events-in-windows-event-viewer)
Audit applies to individual mitigations | [Enable exploit protection](enable-exploit-protection.md#enable-and-audit-exploit-protection) | [Exploit protection events](exploit-protection-exploit-guard.md#review-exploit-protection-events-in-windows-event-viewer)
Audit applies to all events | [Enable controlled folder access](enable-controlled-folders-exploit-guard.md) | [Controlled folder access events](evaluate-controlled-folder-access.md#review-controlled-folder-access-events-in-windows-event-viewer)
Audit applies to individual rules | [Enable attack surface reduction rules](enable-attack-surface-reduction.md) | [Attack surface reduction rule events](attack-surface-reduction-exploit-guard.md#review-attack-surface-reduction-events-in-windows-event-viewer)
Audit applies to all events | [Enable network protection](enable-network-protection.md) | [Network protection events](evaluate-network-protection.md#review-network-protection-events-in-windows-event-viewer)
Audit applies to individual mitigations | [Enable exploit protection](enable-exploit-protection.md) | [Exploit protection events](exploit-protection-exploit-guard.md#review-exploit-protection-events-in-windows-event-viewer)
You can also use the a custom PowerShell script that enables the features in audit mode automatically:

4
windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md
View File

@ -42,13 +42,13 @@ Before attempting this process, ensure you have met all required pre-requisites
2. Navigate to the Windows Defender directory. By default, this is C:\Program Files\Windows Defender, as in the following example:
```Dos
```console
cd c:\program files\windows defender
```
3. Enter the following command and press **Enter**
```Dos
```console
mpcmdrun -getfiles
```

19
windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
ms.date: 11/16/2018
ms.date: 03/26/2019
---
# Customize exploit protection
@ -114,20 +114,10 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi
>[!NOTE]
>You may see a User Account Control window when changing some settings. Enter administrator credentials to apply the setting.
Changing some settings may required a restart, which will be indicated in red text underneath the setting.
Changing some settings may require a restart.
4. Repeat this for all the system-level mitigations you want to configure.
You can now [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) or continue on to configure app-specific mitigations.
Exporting the configuration as an XML file allows you to copy the configuration from one machine onto other machines.
### Configure app-specific mitigations with the Windows Security app
1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection settings** at the bottom of the screen.
3. Go to the **Program settings** section and choose the app you want to apply mitigations to:
1. If the app you want to configure is already listed, click it and then click **Edit**
@ -139,7 +129,8 @@ Exporting the configuration as an XML file allows you to copy the configuration
5. Repeat this for all the apps and mitigations you want to configure. Click **Apply** when you're done setting up your configuration.
You can now [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) or return to configure system-level mitigations.
You can now [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) or continue on to configure app-specific mitigations.
Exporting the configuration as an XML file allows you to copy the configuration from one machine onto other machines.
@ -165,7 +156,7 @@ Get-ProcessMitigation -Name processName.exe
>
>For app-level settings, `NOTSET` indicates the system-level setting for the mitigation will be applied.
>
>The default setting for each system-level mitigation can be seen in the Windows Security, as described in the [Configure system-level mitigations with the Windows Security app section above](#configure-system-level-mitigations-with-the-windows-defender-security-center-app).
>The default setting for each system-level mitigation can be seen in the Windows Security.
Use `Set` to configure each mitigation in the following format:

2
windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
View File

@ -38,7 +38,7 @@ You can enable controlled folder access with the Security Center app, Group Poli
>- System Center Endpoint Protection **Allow users to add exclusions and overrides**
>For more information about disabling local list merging, see [Prevent or allow users to locally modify Windows Defender AV policy settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus#configure-how-locally-and-globally-defined-threat-remediation-and-exclusions-lists-are-merged).
### Use the Windows Defender Security app to enable controlled folder access
## Windows Security app to enable controlled folder access
1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.

194
windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
ms.date: 02/14/2019
ms.date: 03/26/2019
---
# Enable exploit protection
@ -24,23 +24,192 @@ ms.date: 02/14/2019
Many features from the Enhanced Mitigation Experience Toolkit (EMET) are included in exploit protection.
## Enable and audit exploit protection
You can also set mitigations to [audit mode](evaluate-exploit-protection.md). Audit mode allows you to test how the mitigations would work (and review events) without impacting the normal use of the machine.
## Enable exploit protection
You enable and configure each exploit protection mitigation separately either by using the Windows Security app or PowerShell.
They are configured by default in Windows 10.
You can set each mitigation to on, off, or to its default value.
Some mitigations have additional options.
You can [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) and deploy it to other machines by using Group Policy.
### Windows Security app
1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection**.
3. Go to **Program settings** and choose the app you want to apply mitigations to:
1. If the app you want to configure is already listed, click it and then click **Edit**
2. If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app:
- Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
- Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
4. After selecting the app, you'll see a list of all the mitigations that can be applied. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows.
5. Repeat this for all the apps and mitigations you want to configure.
3. Under the **System settings** section, find the mitigation you want to configure and select one of the following. Apps that aren't configured individually in the **Program settings** section will use the settings configured here:
- **On by default** - The mitigation is *enabled* for apps that don't have this mitigation set in the app-specific **Program settings** section
- **Off by default** - The mitigation is *disabled* for apps that don't have this mitigation set in the app-specific **Program settings** section
- **Use default** - The mitigation is either enabled or disabled, depending on the default configuration that is set up by Windows 10 installation; the default value (**On** or **Off**) is always specified next to the **Use default** label for each mitigation
5. Repeat this for all the system-level mitigations you want to configure. Click **Apply** when you're done setting up your configuration.
If you add an app to the **Program settings** section and configure individual mitigation settings there, they will be honored above the configuration for the same mitigations specified in the **System settings** section. The following matrix and examples help to illustrate how defaults work:
Enabled in **Program settings** | Enabled in **System settings** | Behavior
:-: | :-: | :-:
[!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | As defined in **Program settings**
[!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | As defined in **Program settings**
[!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | As defined in **System settings**
[!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | Default as defined in **Use default** option
**Example 1**
Mikael configures **Data Execution Prevention (DEP)** in the **System settings** section to be **Off by default**.
Mikael then adds the app *test.exe* to the **Program settings** section. In the options for that app, under **Data Execution Prevention (DEP)**, he enables the **Override system settings** option and sets the switch to **On**. There are no other apps listed in the **Program settings** section.
The result will be that DEP only will be enabled for *test.exe*. All other apps will not have DEP applied.
**Example 2**
Josie configures **Data Execution Prevention (DEP)** in the **System settings** section to be **Off by default**.
Josie then adds the app *test.exe* to the **Program settings** section. In the options for that app, under **Data Execution Prevention (DEP)**, she enables the **Override system settings** option and sets the switch to **On**.
Josie also adds the app *miles.exe* to the **Program settings** section and configures **Control flow guard (CFG)** to **On**. She doesn't enable the **Override system settings** option for DEP or any other mitigations for that app.
The result will be that DEP will be enabled for *test.exe*. DEP will not be enabled for any other app, including *miles.exe*.
CFG will be enabled for *miles.exe*.
1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection**.
3. Go to **Program settings** and choose the app you want to apply mitigations to:
1. If the app you want to configure is already listed, click it and then click **Edit**
2. If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app:
- Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
- Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
4. After selecting the app, you'll see a list of all the mitigations that can be applied. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows.
5. Repeat this for all the apps and mitigations you want to configure. Click **Apply** when you're done setting up your configuration.
### PowerShell
You can use the PowerShell verb `Get` or `Set` with the cmdlet `ProcessMitigation`. Using `Get` will list the current configuration status of any mitigations that have been enabled on the device - add the `-Name` cmdlet and app exe to see mitigations for just that app:
```PowerShell
Get-ProcessMitigation -Name processName.exe
```
>[!IMPORTANT]
>System-level mitigations that have not been configured will show a status of `NOTSET`.
>
>For system-level settings, `NOTSET` indicates the default setting for that mitigation has been applied.
>
>For app-level settings, `NOTSET` indicates the system-level setting for the mitigation will be applied.
>
>The default setting for each system-level mitigation can be seen in the Windows Security.
Use `Set` to configure each mitigation in the following format:
```PowerShell
Set-ProcessMitigation -<scope> <app executable> -<action> <mitigation or options>,<mitigation or options>,<mitigation or options>
```
Where:
- \<Scope>:
- `-Name` to indicate the mitigations should be applied to a specific app. Specify the app's executable after this flag.
- `-System` to indicate the mitigation should be applied at the system level
- \<Action>:
- `-Enable` to enable the mitigation
- `-Disable` to disable the mitigation
- \<Mitigation>:
- The mitigation's cmdlet along with any suboptions (surrounded with spaces). Each mitigation is separated with a comma.
For example, to enable the Data Execution Prevention (DEP) mitigation with ATL thunk emulation and for an executable called *testing.exe* in the folder *C:\Apps\LOB\tests*, and to prevent that executable from creating child processes, you'd use the following command:
```PowerShell
Set-ProcessMitigation -Name c:\apps\lob\tests\testing.exe -Enable DEP, EmulateAtlThunks, DisallowChildProcessCreation
```
>[!IMPORTANT]
>Separate each mitigation option with commas.
If you wanted to apply DEP at the system level, you'd use the following command:
```PowerShell
Set-Processmitigation -System -Enable DEP
```
To disable mitigations, you can replace `-Enable` with `-Disable`. However, for app-level mitigations, this will force the mitigation to be disabled only for that app.
If you need to restore the mitigation back to the system default, you need to include the `-Remove` cmdlet as well, as in the following example:
```PowerShell
Set-Processmitigation -Name test.exe -Remove -Disable DEP
```
This table lists the PowerShell cmdlets (and associated audit mode cmdlet) that can be used to configure each mitigation.
Mitigation | Applies to | PowerShell cmdlets | Audit mode cmdlet
- | - | - | -
Control flow guard (CFG) | System and app-level | CFG, StrictCFG, SuppressExports | Audit not available
Data Execution Prevention (DEP) | System and app-level | DEP, EmulateAtlThunks | Audit not available
Force randomization for images (Mandatory ASLR) | System and app-level | ForceRelocateImages | Audit not available
Randomize memory allocations (Bottom-Up ASLR) | System and app-level | BottomUp, HighEntropy | Audit not available
Validate exception chains (SEHOP) | System and app-level | SEHOP, SEHOPTelemetry | Audit not available
Validate heap integrity | System and app-level | TerminateOnHeapError | Audit not available
Arbitrary code guard (ACG) | App-level only | DynamicCode | AuditDynamicCode
Block low integrity images | App-level only | BlockLowLabel | AuditImageLoad
Block remote images | App-level only | BlockRemoteImages | Audit not available
Block untrusted fonts | App-level only | DisableNonSystemFonts | AuditFont, FontAuditOnly
Code integrity guard | App-level only | BlockNonMicrosoftSigned, AllowStoreSigned | AuditMicrosoftSigned, AuditStoreSigned
Disable extension points | App-level only | ExtensionPoint | Audit not available
Disable Win32k system calls | App-level only | DisableWin32kSystemCalls | AuditSystemCall
Do not allow child processes | App-level only | DisallowChildProcessCreation | AuditChildProcess
Export address filtering (EAF) | App-level only | EnableExportAddressFilterPlus, EnableExportAddressFilter <a href="#r1" id="t1">\[1\]</a> | Audit not available
Import address filtering (IAF) | App-level only | EnableImportAddressFilter | Audit not available
Simulate execution (SimExec) | App-level only | EnableRopSimExec | Audit not available
Validate API invocation (CallerCheck) | App-level only | EnableRopCallerCheck | Audit not available
Validate handle usage | App-level only | StrictHandle | Audit not available
Validate image dependency integrity | App-level only | EnforceModuleDepencySigning | Audit not available
Validate stack integrity (StackPivot) | App-level only | EnableRopStackPivot | Audit not available
<a href="#t1" id="r1">\[1\]</a>: Use the following format to enable EAF modules for dlls for a process:
```PowerShell
Set-ProcessMitigation -Name processName.exe -Enable EnableExportAddressFilterPlus -EAFModules dllName1.dll,dllName2.dll
```
## Customize the notification
See the [Windows Security](../windows-defender-security-center/windows-defender-security-center.md#customize-notifications-from-the-windows-defender-security-center) topic for more information about customizing the notification when a rule is triggered and blocks an app or file.
You enable and configure each exploit protection mitigation separately. Some mitigations apply to the entire operating system, while others can be targeted towards specific apps.
The mitigations available in exploit protection are enabled or configured to their default values automatically in Windows 10. However, you can customize the configuration to suit your organization and then deploy that configuration across your network.
You can also set mitigations to [audit mode](audit-windows-defender-exploit-guard.md). Audit mode allows you to test how the mitigations would work (and review events) without impacting the normal use of the machine.
>[!WARNING]
>Some security mitigation technologies may have compatibility issues with some applications. You should test exploit protection in all target use scenarios by using audit mode before deploying in production.
You can also convert an existing EMET configuration file (in XML format) and import it into exploit protection. This is useful if you have been using EMET and have a customized series of policies and mitigations that you want to keep using.
See the following topics for instructions on configuring exploit protection mitigations and importing, exporting, and converting configurations:
1. [Configure the mitigations you want to enable or audit](customize-exploit-protection.md)
2. [Export the configuration to an XML file that you can use to deploy the configuration to multiple machines](import-export-exploit-protection-emet-xml.md).
## Related topics
@ -48,6 +217,3 @@ See the following topics for instructions on configuring exploit protection miti
- [Evaluate exploit protection](evaluate-exploit-protection.md)
- [Configure and audit exploit protection mitigations](customize-exploit-protection.md)
- [Import, export, and deploy exploit protection configurations](import-export-exploit-protection-emet-xml.md)

23
windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
ms.date: 02/14/2019
ms.date: 03/27/2019
---
# Enable network protection
@ -21,16 +21,19 @@ ms.date: 02/14/2019
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
[Network protection](network-protection-exploit-guard.md) helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
You can [audit network protection](evaluate-network-protection.md) in a test environment to see which apps would be blocked before you enable it.
You can enable network protection by using any of the these methods:
This topic describes how to enable network protection with Group Policy, PowerShell cmdlets, and configuration service providers (CSPs) for mobile device management (MDM).
- MDM
- Group Policy
- PowerShell cmdlets
## Enable and audit network protection
You can enable network protection in either audit or block mode with Group Policy, PowerShell, or MDM settings with CSP.
## MDM
For background information on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection) configuration service provider (CSP) to enable and configure network protection.
### Use Group Policy to enable or audit network protection
## Group Policy
1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
@ -47,7 +50,8 @@ For background information on how audit mode works, and when you might want to u
>[!IMPORTANT]
>To fully enable network protection, you must set the Group Policy option to **Enabled** and also select **Block** in the options drop-down menu.
### Use PowerShell to enable or audit network protection
## PowerShell
1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
2. Enter the following cmdlet:
@ -65,11 +69,6 @@ Set-MpPreference -EnableNetworkProtection AuditMode
Use `Disabled` insead of `AuditMode` or `Enabled` to turn the feature off.
### Use MDM CSPs to enable or audit network protection
Use the [./Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-enablenetworkprotection) configuration service provider (CSP) to enable and configure network protection.
## Related topics
- [Protect your network](network-protection-exploit-guard.md)

9
windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
View File

@ -45,7 +45,14 @@ Set-MpPreference -EnableControlledFolderAccess AuditMode
>If you want to fully audit how controlled folder access will work in your organization, you'll need to use a management tool to deploy this setting to machines in your network(s).
You can also use Group Policy, Intune, MDM, or System Center Configuration Manager to configure and deploy the setting, as described in the main [controlled folder access topic](controlled-folders-exploit-guard.md).
For further details on how audit mode works, and when you might want to use it, see the [audit Windows Defender Exploit Guard topic](audit-windows-defender-exploit-guard.md).
## Review controlled folder access events in Windows Event Viewer
The following controlled folder access events appear in Windows Event Viewer.
Event ID | Description
5007 | Event when settings are changed
1124 | Audited controlled folder access event
1123 | Blocked controlled folder access event
## Customize protected folders and apps

87
windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
ms.date: 11/16/2018
ms.date: 03/26/2019
---
# Evaluate exploit protection
@ -20,26 +20,89 @@ ms.date: 11/16/2018
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
[Exploit protection](exploit-protection-exploit-guard.md) helps protect devices from malware that uses exploits to spread and infect other devices.
It consists of a number of mitigations that can be applied to either the operating system or an individual app.
Many of the features that were part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/security/jj653751) are included in exploit protection.
Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/security/jj653751) are included in exploit protection.
This topic helps you evaluate exploit protection. For more information about what exploit protection does and how to configure it for real-world deployment, see [Exploit protection](exploit-protection-exploit-guard.md).
This topic helps you enable exploit protection in audit mode and review related events in Event Viewer.
You can enable audit mode for certain app-level mitigations to see how they will work in a test environment.
This lets you see a record of what *would* have happened if you had enabled the mitigation in production.
You can make sure it doesn't affect your line-of-business apps, and see which suspicious or malicious events occur.
>[!TIP]
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
>You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to see how exploit protection works.
## Use audit mode to measure impact
## Enable exploit protection in audit mode
You can enable exploit protection in audit mode. You can enable audit mode for individual mitigations.
You can set mitigations in audit mode for specific programs either by using the Windows Security app or PowerShell.
This lets you see a record of what *would* have happened if you had enabled the mitigation.
### Windows Security app
You might want to do this when testing how the feature will work in your organization, to ensure it doesn't affect your line-of-business apps, and to get an idea of how many suspicious or malicious events generally occur over a certain period.
1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
See the [**PowerShell reference** section in customize exploit protection](customize-exploit-protection.md#powershell-reference) for a list of which mitigations can be audited and instructions on enabling the mode.
2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection**.
For further details on how audit mode works, and when you might want to use it, see [audit Windows Defender Exploit Guard](audit-windows-defender-exploit-guard.md).
3. Go to **Program settings** and choose the app you want to apply mitigations to:
1. If the app you want to configure is already listed, click it and then click **Edit**
2. If the app is not listed, at the top of the list click **Add program to customize** and then choose how you want to add the app:
- Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
- Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
4. After selecting the app, you'll see a list of all the mitigations that can be applied. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows.
5. Repeat this for all the apps and mitigations you want to configure. Click **Apply** when you're done setting up your configuration.
### PowerShell
To set app-level mitigations to audit mode, use `Set-ProcessMitigation` with the **Audit mode** cmdlet.
Configure each mitigation in the following format:
```PowerShell
Set-ProcessMitigation -<scope> <app executable> -<action> <mitigation or options>,<mitigation or options>,<mitigation or options>
```
Where:
- \<Scope>:
- `-Name` to indicate the mitigations should be applied to a specific app. Specify the app's executable after this flag.
- \<Action>:
- `-Enable` to enable the mitigation
- `-Disable` to disable the mitigation
- \<Mitigation>:
- The mitigation's cmdlet as defined in the following table. Each mitigation is separated with a comma.
| Mitigation | Audit mode cmdlet |
| - | - |
|Arbitrary code guard (ACG) | AuditDynamicCode |
|Block low integrity images | AuditImageLoad |
|Block untrusted fonts | AuditFont, FontAuditOnly |
|Code integrity guard | AuditMicrosoftSigned, AuditStoreSigned |
|Disable Win32k system calls | AuditSystemCall |
|Do not allow child processes | AuditChildProcess |
For example, to enable Arbitrary Code Guard (ACG) in audit mode for an app named *testing.exe*, run the following command:
```PowerShell
Set-ProcesMitigation -Name c:\apps\lob\tests\testing.exe -Enable AuditDynamicCode
```
You can disable audit mode by replacing `-Enable` with `-Disable`.
## Review exploit protection audit events
To review which apps would have been blocked, open Event Viewer and filter for the following events in the Security-Mitigations log.
Feature | Provider/source | Event ID | Description
:-|:-|:-:|:-
Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 1 | ACG audit
Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 3 | Do not allow child processes audit
Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 5 | Block low integrity images audit
Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 7 | Block remote images audit
Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 9 | Disable win32k system calls audit
Exploit protection | Security-Mitigations (Kernel Mode/User Mode) | 11 | Code integrity guard audit
## Related topics
- [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md)

16
windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
View File

@ -12,7 +12,7 @@ ms.date: 04/16/2018
ms.localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
ms.date: 08/08/2018
ms.date: 03/26/2019
---
# View attack surface reduction events
@ -27,7 +27,7 @@ Reviewing the events is also handy when you are evaluating the features, as you
This topic lists all the events, their associated feature or setting, and describes how to create custom views to filter to specific events.
You can also get detailed reporting into events and blocks as part of Windows Security, which you gain access to if you have an E5 subscription and use [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md).
You can also get detailed reporting into events and blocks as part of Windows Security, which you access if you have an E5 subscription and use [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md).
## Use custom views to review attack surface reduction capabilities
@ -35,7 +35,7 @@ You can create custom views in the Windows Event Viewer to only see events for s
The easiest way to do this is to import a custom view as an XML file. You can copy the XML directly from this page.
You can also manually navigate to the event area that corresponds to the feature, see the [list of attack surface reduction events](#list-of-attack-surface-reduction-events) section at the end of this topic for more details.
You can also manually navigate to the event area that corresponds to the feature.
### Import an existing XML custom view
@ -43,11 +43,11 @@ You can also manually navigate to the event area that corresponds to the feature
- Controlled folder access events custom view: *cfa-events.xml*
- Exploit protection events custom view: *ep-events.xml*
- Attack surface reduction events custom view: *asr-events.xml*
- Network protection events custom view: *np-events.xml*
- Network/ protection events custom view: *np-events.xml*
1. Type **event viewer** in the Start menu and open the Windows **Event Viewer**.
1. Type **event viewer** in the Start menu and open **Event Viewer**.
3. On the left panel, under **Actions**, click **Import Custom View...**
3. Click **Action** > **Import Custom View...**
![Animation highlighting Import custom view on the left of the Even viewer window](images/events-import.gif)
@ -55,7 +55,7 @@ You can also manually navigate to the event area that corresponds to the feature
4. Click **Open**.
5. This will create a custom view that filters to only show the [events related to that feature](#list-of-all-windows-defender-exploit-guard-events).
5. This will create a custom view that filters to only show the events related to that feature.
### Copy the XML directly
@ -73,7 +73,7 @@ You can also manually navigate to the event area that corresponds to the feature
4. Click **OK**. Specify a name for your filter.
5. This will create a custom view that filters to only show the [events related to that feature](#list-of-all-windows-defender-exploit-guard-events).
5. This will create a custom view that filters to only show the events related to that feature.
### XML for attack surface reduction rule events

52
windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
ms.date: 11/29/2018
ms.date: 03/26/2018
---
# Protect devices from exploits
@ -20,47 +20,33 @@ ms.date: 11/29/2018
- [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Exploit protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.
Exploit protection automatically applies a number of exploit mitigation techniques to operating system processes and apps.
It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). Exploit protection is supported on Windows 10, version 1709 and later and Windows Server 2016, version 1803 or later.
It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). Exploit protection is supported beginning with Windows 10, version 1709 and Windows Server 2016, version 1803.
>[!TIP]
>You can visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
Exploit protection works best with [Windows Defender Advanced Threat Protection](../windows-defender-atp/windows-defender-advanced-threat-protection.md) - which gives you detailed reporting into exploit protection events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
You [configure these settings using the Windows Security app or PowerShell](customize-exploit-protection.md) on an individual machine, and then [export the configuration as an XML file that you can deploy to other machines](import-export-exploit-protection-emet-xml.md). You can use Group Policy to distribute the XML file to multiple devices at once.
You can [enable exploit protection](enable-exploit-protection.md) on an individual machine, and then use [Group Policy](import-export-exploit-protection-emet-xml.md) to distribute the XML file to multiple devices at once.
When a mitigation is encountered on the machine, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
When a mitigation is encountered on the machine, a notification will be displayed from the Action Center. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors.
You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evaluate how exploit protection would impact your organization if it were enabled.
You can also use [audit mode](evaluate-exploit-protection.md) to evaluate how exploit protection would impact your organization if it were enabled.
Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/security/jj653751) have been included in Exploit protection, and you can convert and import existing EMET configuration profiles into Exploit protection. See [Comparison between Enhanced Mitigation Experience Toolkit and Windows Defender Exploit Guard](emet-exploit-protection-exploit-guard.md) for more information on how Exploit protection supersedes EMET and what the benefits are when considering moving to exploit protection on Windows 10.
Many of the features in the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/security/jj653751) have been included in Exploit protection, and you can convert and import existing EMET configuration profiles into Exploit protection. See [Comparison between Enhanced Mitigation Experience Toolkit and Windows Defender Exploit Guard](emet-exploit-protection-exploit-guard.md) for more information on how Exploit protection supersedes EMET and what the benefits are when considering moving to exploit protection on Windows 10.
>[!IMPORTANT]
>If you are currently using EMET you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Windows 10. You can [convert an existing EMET configuration file into exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings.
>[!IMPORTANT]
>If you are currently using EMET you should be aware that [EMET reached end of life on July 31, 2018](https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/). You should consider replacing EMET with exploit protection in Windows 10. You can [convert an existing EMET configuration file into exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings.
>[!WARNING]
>Some security mitigation technologies may have compatibility issues with some applications. You should test exploit protection in all target use scenarios by using [audit mode](audit-windows-defender-exploit-guard.md) before deploying the configuration across a production environment or the rest of your network.
## Review exploit protection events in Windows Event Viewer
## Review exploit protection events in Windows Event Viewer
You can review the Windows event log to see events that are created when exploit protection blocks (or audits) an app:
1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the file *ep-events.xml* to an easily accessible location on the machine.
2. Type **Event viewer** in the Start menu to open the Windows Event Viewer.
3. On the left panel, under **Actions**, click **Import custom view...**
![Antimated GIF highlighting the import custom view button on the right pane ](images/events-import.gif)
4. Navigate to where you extracted *ep-events.xml* and select it. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
5. Click **OK**.
6. This will create a custom view that filters to only show the following events related to Exploit protection:
Provider/source | Event ID | Description
-|:-:|-
Security-Mitigations | 1 | ACG audit
@ -97,22 +83,8 @@ Win32K | 260 | Untrusted Font
>
>You can [convert an existing EMET configuration file into exploit protection](import-export-exploit-protection-emet-xml.md#convert-an-emet-configuration-file-to-an-exploit-protection-configuration-file) to make the migration easier and keep your existing settings.
This topic describes the differences between the Enhance Mitigation Experience Toolkit (EMET) and exploit protection in Windows Defender ATP.
Exploit protection in Windows Defender ATP is our successor to EMET and provides stronger protection, more customization, an easier user interface, and better configuration and management options.
EMET is a standalone product for earlier versions of Windows and provides some mitigation against older, known exploit techniques.
After July 31, 2018, it will not be supported.
For more information about the individual features and mitigations available in Windows Defender ATP, as well as how to enable, configure, and deploy them to better protect your network, see the following topics:
- [Protect devices from exploits](exploit-protection-exploit-guard.md)
- [Configure and audit Exploit protection mitigations](customize-exploit-protection.md)
## Feature comparison
The table in this section illustrates the differences between EMET and Windows Defender Exploit Guard.
This section compares exploit protection in Windows Defender ATP with the Enhance Mitigation Experience Toolkit (EMET) for reference.
The table in this section illustrates the differences between EMET and Windows Defender Exploit Guard.
&nbsp; | Windows Defender Exploit Guard | EMET
-|:-:|:-:

6
windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
ms.date: 08/09/2018
ms.date: 03/27/2019
---
# Troubleshoot network protection
@ -43,7 +43,7 @@ Network protection will only work on devices with the following conditions:
> - Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
> - [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) is enabled.
> - [Cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) is enabled.
> - Audit mode is not enabled. Use Group Policy to set the rule to **Disabled** (value: **0**) as described in the [Enable network protection topic](enable-network-protection.md#use-group-policy-to-enable-or-audit-network-protection).
> - Audit mode is not enabled. Use [Group Policy](enable-network-protection.md#group-policy) to set the rule to **Disabled** (value: **0**).
If these pre-requisites have all been met, proceed to the next step to test the rule in audit mode.
@ -60,7 +60,7 @@ If you encounter problems when running the evaluation scenario, check that the d
You can also use audit mode and then attempt to visit the site or IP (IPv4) address you do or don't want to block. Audit mode lets network protection report to the Windows event log as if it actually blocked the site or connection to an IP address, but will still allow the file to run.
1. Enable audit mode for network protection. Use Group Policy to set the rule to **Audit mode** as described in the [Enable network protection topic](enable-network-protection.md#use-group-policy-to-enable-or-audit-network-protection).
1. Enable audit mode for network protection. Use Group Policy to set the rule to **Audit mode** as described in the [Enable network protection topic](enable-network-protection.md#group-policy).
2. Perform the connection activity that is causing an issue (for example, attempt to visit the site, or connect to the IP address you do or don't want to block).
3. [Review the network protection event logs](network-protection-exploit-guard.md#review-network-protection-events-in-windows-event-viewer) to see if the feature would have blocked the connection if it had been set to **Enabled**.