diff --git a/devices/hololens/hololens-setup.md b/devices/hololens/hololens-setup.md index c7007d172e..226a0c18ff 100644 --- a/devices/hololens/hololens-setup.md +++ b/devices/hololens/hololens-setup.md @@ -1,46 +1,75 @@ --- -title: Set up HoloLens (HoloLens) -description: The first time you set up HoloLens, you'll need a Wi-Fi network and either a Microsoft or Azure Active Directory account. +title: Set up a new HoloLens +description: This guide walks through first time set up. You'll need a Wi-Fi network and either a Microsoft (MSA) or Azure Active Directory (AAD) account. ms.prod: hololens ms.sitesec: library -author: dansimp -ms.author: dansimp -ms.topic: article +author: scooley +ms.author: scooley +ms.topic: quickstart ms.localizationpriority: medium -ms.date: 07/27/2017 -ms.reviewer: -manager: dansimp +ms.date: 07/14/2019 --- -# Set up HoloLens +# Set up HoloLens for the first time -Before you get started setting up your HoloLens, make sure you have a Wi-Fi network and a Microsoft account or an Azure Active Directory (Azure AD) account. +Follow along to set up a HoloLens for the first time. At the end of this quickstart, you'll be able to use HoloLens and navigate HoloLens settings on-device. -## Network connectivity requirements +This is a high level unboxing guide to become familiar with HoloLens. +See [Set up HoloLens in the enterprise](hololens-requirements.md) to configure HoloLens for scale enterprise deployment and ongoing device management. -The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. You need to connect HoloLens to a Wi-Fi network with Internet connectivity so that the user account can be authenticated. +## Prerequisites -- It can be an open Wi-Fi or password-protected Wi-Fi network. -- The Wi-Fi network cannot require certificates to connect. -- The Wi-Fi network does not need to provide access to enterprise resources or intranet sites. +- Internet access. + - Wi-Fi is the easiest way to do first set up on both HoloLens and HoloLens 2. It can be an open Wi-Fi or password-protected Wi-Fi network; the Wi-Fi network does not need to provide access to enterprise resources or intranet sites. + - HoloLens 2 can connect to the internet via ethernet and a USB-C adapter. +- a user account - Microsoft (MSA) or Azure Active Directory (AAD) -## HoloLens setup +## Prepare for first-boot -The HoloLens setup process combines a quick tutorial on using HoloLens with the steps needed to connect to the network and add an account. +Become familiar with the HoloLens hardware and prepare to turn your HoloLens on for the first time. -1. Be sure your HoloLens is [charged](https://support.microsoft.com/help/12627), then [adjust it](https://support.microsoft.com/help/12632) for a comfortable fit. -2. [Turn on HoloLens](https://support.microsoft.com/help/12642). You will be guided through a calibration procedure and how to perform [the gestures](https://support.microsoft.com/help/12644/hololens-use-gestures) that you will use to operate HoloLens. -3. Next, you'll be guided through connecting to a Wi-Fi network. -4. After HoloLens connects to the Wi-Fi network, you select between **My work or school owns it** and **I own it**. +1. Be sure your HoloLens is [charged](https://support.microsoft.com/help/12627) +1. [Adjust fit](https://support.microsoft.com/help/12632) for a comfortable fit. +1. [Turn on HoloLens](https://support.microsoft.com/help/12642). You will be guided through a calibration procedure and how to perform [the gestures](https://support.microsoft.com/help/12644/hololens-use-gestures) that you will use to operate HoloLens. + +## Set up your HoloLens + +Set up your HoloLens and your user account. + +1. Connect to the internet (select Wi-Fi). +1. Sign in to your user account. You'll choose between **My work or school owns it** and **I own it**. - When you choose **My work or school owns it**, you sign in with an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens will be enrolled in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). - 1. Enter your organizational account. + 1. Enter your organizational account. 2. Accept privacy statement. 3. Sign in using your Azure AD credentials. This may redirect to your organization's sign-in page. 4. Continue with device setup. - When you choose **I own it**, you sign in with a Microsoft account. After setup is complete, you can [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app). - 1. Enter your Microsoft account. - 2. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process. -5. The device sets your time zone based on information obtained from the Wi-Fi network. -6. Next, you learn how to perform the bloom gesture and how to select and place the Start screen. After you place the Start screen, setup is complete and you can begin using HoloLens. + 1. Enter your Microsoft account. + 2. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process. +1. The device sets your time zone based on information obtained from the Wi-Fi network. +1. Follow the first-start guides to learn how to interact with holograms, control the HoloLens with your voice, and access the start menu. +Congratulations! Setup is complete and you can begin using HoloLens. +## Explore HoloLens + +### Check out on-device settings and desktop + +HoloLens doesn't have an on-device command line. With that in mind, the settings section in HoloLens plays an important role in diagnosing problems on-device. Understanding the information available to HoloLens users will pay dividends when troubleshooting or configuring the device. + +Open settings by opening the start menu and clicking on the **Settings** in the top bar. You can also ask Cortana to open settings. + +Follow [this guide](https://docs.microsoft.com/en-us/windows/mixed-reality/navigating-the-windows-mixed-reality-home) to navigate around the HoloLens home. + +### Connect bluetooth devices + +Connecting a bluetooth keyboard makes typing on HoloLens as efficient as a Windows PC. + +[Connect a bluetooth keyboard or clicker](https://support.microsoft.com/en-us/help/12636). + +## Next steps + +Start planning for HoloLens at scale with HoloLens' enterprise management features. + +> [!div class="nextstepaction"] +> [HoloLens in the enterprise](hololens-requirements.md) \ No newline at end of file diff --git a/devices/hololens/images/hololens2-side-render.png b/devices/hololens/images/hololens2-side-render.png new file mode 100644 index 0000000000..143fb8fc50 Binary files /dev/null and b/devices/hololens/images/hololens2-side-render.png differ diff --git a/devices/hololens/index.md b/devices/hololens/index.md index e3790fbfb5..3320efb458 100644 --- a/devices/hololens/index.md +++ b/devices/hololens/index.md @@ -1,46 +1,51 @@ --- title: Microsoft HoloLens (HoloLens) -description: HoloLens provides extra features designed for business in the Commercial Suite. +description: Landing page for HoloLens commercial and enterprise management. ms.prod: hololens ms.sitesec: library -author: jdeckerms -ms.author: jdecker +author: scooley +ms.author: scooley ms.topic: article ms.localizationpriority: medium -ms.date: 07/27/2018 +ms.date: 07/14/2019 --- # Microsoft HoloLens - - +

Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10.

Microsoft HoloLens is available in the Development Edition, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the Commercial Suite, which runs Windows Holographic for Business when you apply the Enterprise license file to the device.

Hololens
+

Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10.

+ +

Now, with the introduction of HoloLens 2, every device provides commercial ready management enhanced by the reliability, security, and scalability of cloud and AI services from Microsoft.

+ +		![Hololens](images/hololens2-side-render.png)
-## In this section +## Guides in this section + +| Guide | Description | +| --- | --- | +| [Get started with HoloLens](hololens-setup.md) | Set up HoloLens for the first time. | +| [Set up HoloLens in the enterprise](hololens-requirements.md) | Configure HoloLens for scale enterprise deployment and ongoing device management. | +| [Install and manage applications on HoloLens](hololens-install-apps.md) |Install and manage important applications on HoloLens at scale. | +| [Recover and troubleshoot HoloLens issues](https://support.microsoft.com/products/hololens) | Learn how to gather logs from HoloLens, recover a misbehaving device, or reset HoloLens when necessary. | +| [Get support](https://support.microsoft.com/products/hololens) |Connect with Microsoft support resources for HoloLens in enterprise. | + +## Quick reference by topic | Topic | Description | | --- | --- | -| [What's new in Microsoft HoloLens](hololens-whats-new.md) | Discover the new features in the latest update. | -| [HoloLens in the enterprise: requirements](hololens-requirements.md) | Lists requirements for general use, Wi-Fi, and device management | -| [Set up HoloLens](hololens-setup.md) | How to set up HoloLens for the first time | -[Install localized version of HoloLens](hololens-install-localized.md) | Install the Chinese or Japanese version of HoloLens -| [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) | How to upgrade your Development Edition HoloLens to Windows Holographic for Business | -| [Enroll HoloLens in MDM](hololens-enroll-mdm.md) | Manage multiple HoloLens devices simultaneously using solutions like Microsoft Intune | -| [Manage updates to HoloLens](hololens-updates.md) | Use mobile device management (MDM) policies to configure settings for updates. | -| [Set up HoloLens in kiosk mode](hololens-kiosk.md) | Enable kiosk mode for HoloLens, which limits the user's ability to launch new apps or change the running app | -[Share HoloLens with multiple people](hololens-multiple-users.md) | Multiple users can shared a HoloLens device by using their Azure Active Directory accounts. | +| [What's new in Microsoft HoloLens](hololens-whats-new.md) | Discover new features in the latest updates. | | [Configure HoloLens using a provisioning package](hololens-provisioning.md) | Provisioning packages make it easy for IT administrators to configure HoloLens devices without imaging | -| [Install apps on HoloLens](hololens-install-apps.md) | Use Microsoft Store for Business, mobile device management (MDM), or the Windows Device Portal to install apps on HoloLens | -| [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | Learn how to use Bitlocker device encryption to protect files and information stored on the HoloLens | -| [Change history for Microsoft HoloLens documentation](change-history-hololens.md) | See new and updated topics in the HoloLens documentation library. | +| [HoloLens MDM support](hololens-enroll-mdm.md) | Manage multiple HoloLens devices simultaneously using Mobile Device Management (MDM) solutions like Microsoft Intune. | +| [HoloLens update management](hololens-updates.md) | Use mobile device management (MDM) policies to configure settings for updates. | +| [HoloLens user management](hololens-multiple-users.md) | Multiple users can shared a HoloLens device by using their Azure Active Directory accounts. | +| [HoloLens application access management](hololens-kiosk.md) | Manage application access for different user groups. | +| [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | Learn how to use Bitlocker device encryption to protect files and information stored on the HoloLens. | +| [Install localized version of HoloLens](hololens-install-localized.md) | Configure HoloLens for different locale. | ## Related resources -- [Help for using HoloLens](https://support.microsoft.com/products/hololens) - -- [Documentation for Holographic app development](https://developer.microsoft.com/windows/mixed-reality/development) - -- [HoloLens Commercial Suite](https://www.microsoft.com/microsoft-hololens/hololens-commercial) - -- [HoloLens release notes](https://developer.microsoft.com/en-us/windows/mixed-reality/release_notes) +* [Documentation for Holographic app development](https://developer.microsoft.com/windows/mixed-reality/development) +* [HoloLens Commercial Suite](https://www.microsoft.com/microsoft-hololens/hololens-commercial) +* [HoloLens release notes](https://developer.microsoft.com/en-us/windows/mixed-reality/release_notes) diff --git a/devices/surface-hub/docfx.json b/devices/surface-hub/docfx.json index 857f59487f..5f16f8d171 100644 --- a/devices/surface-hub/docfx.json +++ b/devices/surface-hub/docfx.json @@ -14,7 +14,9 @@ "resource": [ { "files": [ - "**/images/**" + "**/images/**", + "**/*.pptx", + "**/*.pdf" ], "exclude": [ "**/obj/**" diff --git a/devices/surface-hub/downloads/Guide-SurfaceHub 2S-Navigation.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Navigation.pptx similarity index 100% rename from devices/surface-hub/downloads/Guide-SurfaceHub 2S-Navigation.pptx rename to devices/surface-hub/downloads/Guide-SurfaceHub2S-Navigation.pptx diff --git a/devices/surface-hub/downloads/Guide-Surface Hub 2S-Office365.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Office365.pptx similarity index 100% rename from devices/surface-hub/downloads/Guide-Surface Hub 2S-Office365.pptx rename to devices/surface-hub/downloads/Guide-SurfaceHub2S-Office365.pptx diff --git a/devices/surface-hub/downloads/Training Guide-SurfaceHub2S-HelpDesk.pdf b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf similarity index 100% rename from devices/surface-hub/downloads/Training Guide-SurfaceHub2S-HelpDesk.pdf rename to devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf diff --git a/devices/surface-hub/surface-hub-2s-adoption-kit.md b/devices/surface-hub/surface-hub-2s-adoption-kit.md index 86b18eea48..dc4ea1a959 100644 --- a/devices/surface-hub/surface-hub-2s-adoption-kit.md +++ b/devices/surface-hub/surface-hub-2s-adoption-kit.md @@ -6,36 +6,45 @@ ms.prod: surface-hub ms.sitesec: library author: robmazz ms.author: robmazz +manager: laurawi audience: Admin ms.topic: article ms.date: 07/08/2019 ms.localizationpriority: Normal --- - # Surface Hub 2S adoption toolkit -Microsoft has developed downloadable materials that you can make available for your users to aid in adoption of Surface Hub 2S. +# Surface Hub 2S adoption toolkit + +Microsoft has developed downloadable materials that you can make available for your users to aid in adoption of Surface Hub 2S. ## Training guides -- Surface Hub adoption toolkit -- Training guide – end user -- Training guide – power user -- Training guide – help desk -- Training guide – Microsoft Teams desktop + +- [Surface Hub adoption toolkit](downloads/SurfaceHubAdoptionToolKit.pdf) +- [Training guide – end user](downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf) +- [Training guide – power user](downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf) +- [Training guide – help desk](downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf) +- [Training guide – Microsoft Teams desktop](downloads/Guide-SurfaceHub2S-Teams.pptx) + +[Download all training guides](http://download.microsoft.com/download/2/2/3/2234F70E-E65A-4790-93DF-F4C373A75B8E/SurfaceHub2S-TrainerGuides-July2019.zip) ## End user guides -- Guide to Navigation on Surface Hub our -- Guide to Office 365 on Surface Hub -- Guide to Microsoft Whiteboard on Surface Hub -- Guide to Microsoft Teams on Surface Hub -## Quick reference cards -- Connect your PC -- Join a Teams Meeting -- Manage a Teams meeting -- Navigation basics -- Schedule a Teams meeting -- Start a new Teams meeting -- Share or send a file -- Sign in to view meetings and files -- Whiteboard advanced -- Whiteboard tools +- [Guide to Navigation on Surface Hub](downloads/Guide-SurfaceHub2S-Navigation.pptx) +- [Guide to Office 365 on Surface Hub](downloads/Guide-SurfaceHub2S-Office365.pptx) +- [Guide to Microsoft Whiteboard on Surface Hub](downloads/Guide-SurfaceHub2S-Whiteboard.pptx) +- [Guide to Microsoft Teams on Surface Hub](downloads/Guide-SurfaceHub2S-Teams.pptx) + +## Quick reference cards + +- [Connect your PC](downloads/QRCConnectYourPC.pdf) +- [Join a Teams Meeting](downloads/QRCJoinTeamsMeeting.pdf) +- [Manage a Teams meeting](downloads/QRCManageTeamsMeeting.pdf) +- [Navigation basics](downloads/QRCNavigationBasics.pdf) +- [Schedule a Teams meeting](downloads/QRCScheduleTeamsMeeting.pdf) +- [Start a new Teams meeting](downloads/QRCStartNewTeamsMeeting.pdf) +- [Share or send a file](downloads/QRCShareSendFile.pdf) +- [Sign in to view meetings and files](downloads/QRCSignInToViewMeetingsFiles.pdf) +- [Whiteboard advanced](downloads/QRCWhiteboardAdvanced.pdf) +- [Whiteboard tools](downloads/QRCWhiteboardTools.pdf) + +[Download all user guides and quick reference cards](http://download.microsoft.com/download/E/7/F/E7FC6611-BB55-43E1-AF36-7BD5CE6E0FE0/SurfaceHub2S-EndUserGuides-July2019.zip) \ No newline at end of file diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index 2777f01ddd..d77896805e 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -55,6 +55,8 @@ ### [AllJoynManagement CSP](alljoynmanagement-csp.md) #### [AllJoynManagement DDF](alljoynmanagement-ddf.md) ### [APPLICATION CSP](application-csp.md) +### [ApplicationControl CSP](applicationcontrol-csp.md) +#### [ApplicationControl DDF file](applicationcontrol-csp-ddf.md) ### [AppLocker CSP](applocker-csp.md) #### [AppLocker DDF file](applocker-ddf-file.md) #### [AppLocker XSD](applocker-xsd.md) diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md new file mode 100644 index 0000000000..fa0bee9334 --- /dev/null +++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md @@ -0,0 +1,274 @@ +--- +title: ApplicationControl CSP +description: ApplicationControl CSP +ms.author: dansimp@microsoft.com +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: ManikaDhiman +ms.date: 07/10/2019 +--- + +# ApplicationControl CSP DDF + + +This topic shows the OMA DM device description framework (DDF) for the **ApplicationControl** configuration service provider. DDF files are used only with OMA DM provisioning XML. + +Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). + +### ApplicationControl CSP + +```xml + +]> + + 1.2 + + ApplicationControl + ./Vendor/MSFT + + + + + Root Node of the ApplicationControl CSP + + + + + + + + + + + + + + + Policies + + + + + Beginning of a Subtree that contains all policies. + + + + + + + + + + Policies + + + + + + + + + + + The GUID of the Policy + + + + + + + + + + Policy GUID + + + + + + Policy + + + + + + + + The policy binary encoded as base64 + + + + + + + + + + Policy + + + + + + + PolicyInfo + + + + + Information Describing the Policy indicated by the GUID + + + + + + + + + + PolicyInfo + + + + + + Version + + + + + Version of the Policy indicated by the GUID, as a string. When parsing use a uint64 as the containing data type + + + + + + + + + + Version + + text/plain + + + + + IsEffective + + + + + Whether the Policy indicated by the GUID is Effective on the system (loaded by the enforcement engine and in effect) + + + + + + + + + + IsEffective + + text/plain + + + + + IsDeployed + + + + + Whether the Policy indicated by the GUID is deployed on the system (on the physical machine) + + + + + + + + + + IsDeployed + + text/plain + + + + + IsAuthorized + + + + + Whether the Policy indicated by the GUID is authorized to be loaded by the enforcement engine on the system + + + + + + + + + + IsAuthorized + + text/plain + + + + + Status + + + + + The Current Status of the Policy Indicated by the Policy GUID + + + + + + + + + + Status + + text/plain + + + + + FriendlyName + + + + + The FriendlyName of the Policy Indicated by the Policy GUID + + + + + + + + + + FriendlyName + + text/plain + + + + + + + + +``` \ No newline at end of file diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md new file mode 100644 index 0000000000..4f5c622cc0 --- /dev/null +++ b/windows/client-management/mdm/applicationcontrol-csp.md @@ -0,0 +1,236 @@ +--- +title: ApplicationControl CSP +description: ApplicationControl CSP +ms.author: dansimp@microsoft.com +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: ManikaDhiman +ms.date: 05/21/2019 +--- + +# ApplicationControl CSP + +Windows Defender Application Control (WDAC) policies can be managed from an MDM server through ApplicationControl configuration service provider (CSP). This CSP provides expanded diagnostic capabilities and support for [multiple policies](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike [AppLocker CSP](applocker-csp.md), ApplicationControl CSP correctly detects the presence of no-reboot option and consequently does not schedule a reboot. +Existing WDAC policies deployed using AppLocker CSP’s CodeIntegrity node can now be deployed using ApplicationControl CSP URI. Although WDAC policy deployment via AppLocker CSP will continue to be supported, all new feature work will be done in ApplicationControl CSP only. + +ApplicationControl CSP was added in Windows 10, version 1903. + +The following diagram shows ApplicationControl CSP in tree format. + +![tree diagram for applicationcontrol csp](images/provisioning-csp-applicationcontrol.png) + +**./Vendor/MSFT/ApplicationControl** +Defines the root node for ApplicationControl CSP. + +Scope is permanent. Supported operation is Get. + +**ApplicationControl/Policies** +An interior node that contains all the policies, each identified by their globally unique identifier (GUID). + +Scope is permanent. Supported operation is Get. + +**ApplicationControl/Policies/_Policy GUID_** +ApplicationControl CSP enforces that the “ID” segment of a given policy URI is the same GUID as the policy ID in the policy blob. Each *Policy GUID* node contains a Policy node and a corresponding PolicyInfo node. + +Scope is dynamic. Supported operation is Get. + +**ApplicationControl/Policies/_Policy GUID_/Policy** +This node is the policy binary itself, which is encoded as base64. + +Scope is dynamic. Supported operations are Get, Add, Delete, and Replace. + +Value type is b64. Supported value is any well-formed WDAC policy, i.e. the base64-encoded content output by the ConvertFrom-CIPolicy cmdlet. + +Default value is empty. + +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo** +An interior node that contains the nodes that describe the policy indicated by the GUID. + +Scope is dynamic. Supported operation is Get. + +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Version** +This node provides the version of the policy indicated by the GUID. Stored as a string, but when parsing use a uint64 as the containing data type. + +Scope is dynamic. Supported operation is Get. + +Value type is char. + +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsEffective** +This node specifies whether a policy is actually loaded by the enforcement engine and is in effect on a system. + +Scope is dynamic. Supported operation is Get. + +Value type is bool. Supported values are as follows: +- True — Indicates that the policy is actually loaded by the enforcement engine and is in effect on a system. +- False — Indicates that the policy is not loaded by the enforcement engine and is not in effect on a system. This is the default. + +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsDeployed** +This node specifies whether a policy is deployed on the system and is present on the physical machine. + +Scope is dynamic. Supported operation is Get. + +Value type is bool. Supported values are as follows: +- True — Indicates that the policy is deployed on the system and is present on the physical machine. +- False — Indicates that the policy is not deployed on the system and is not present on the physical machine. This is the default. + +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsAuthorized** +This node specifies whether the policy is authorized to be loaded by the enforcement engine on the system. If not authorized, a policy cannot take effect on the system. + +Scope is dynamic. Supported operation is Get. + +Value type is bool. Supported values are as follows: +- True — Indicates that the policy is authorized to be loaded by the enforcement engine on the system. +- False — Indicates that the policy is not authorized to be loaded by the enforcement engine on the system. This is the default. + +The following table provides the result of this policy based on different values of IsAuthorized, IsDeployed, and IsEffective nodes: + +|IsAuthorized | IsDeployed | IsEffective | Resultant | +|------------ | ---------- | ----------- | --------- | +|True|True|True|Policy is currently running and in effect.| +|True|True|False|Policy requires a reboot to take effect.| +|True|False|True|Policy requires a reboot to unload from CI.| +|False|True|True|Not Reachable.| +|True|False|False|*Not Reachable.| +|False|True|False|*Not Reachable.| +|False|False|True|Not Reachable.| +|False|False|False|*Not Reachable.| + +`*` denotes a valid intermediary state; however, if an MDM transaction results in this state configuration, the END_COMMAND_PROCESSING will result in a fail. + +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status** +This node specifies whether the deployment of the policy indicated by the GUID was successful. + +Scope is dynamic. Supported operation is Get. + +Value type is integer. Default value is 0 == OK. + +**ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName** +This node provides the friendly name of the policy indicated by the policy GUID. + +Scope is dynamic. Supported operation is Get. + +Value type is char. + +## Usage guidance + +To use ApplicationControl CSP, you must: +- Know a generated policy’s GUID, which can be found in the policy xml as ``. +- Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned. +- Create a policy node (a Base64-encoded blob of the binary policy representation) using the [certutil -encode](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)#BKMK_encode) command line tool. + +Here is a sample certutil invocation: +``` +certutil -encode WinSiPolicy.p7b WinSiPolicy.cer +``` +An alternative to using certutil would be to use the following PowerShell invocation: +``` +[Convert]::ToBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path )) +``` +If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI +functionality to apply the Code Integrity policy. + +### Deploy policies +To deploy a new base policy using the CSP, perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data}. Refer to the the Format section in the Example 1 below. + +To deploy base policy and supplemental policies: +- Perform an ADD on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** using the Base64-encoded policy node as {Data} with the GUID and policy data for the base policy. +- Repeat for each base or supplemental policy (with its own GUID and data). + +The following example shows the deployment of two base policies and a supplemental policy (which already specifies the base policy it supplements and does not need that reflected in the ADD). + +**Example 1: Add first base policy** +```xml + + 1 + + + ./Vendor/MSFT/ApplicationControl/Policies/{Base1GUID}/Policy + + + b64 + + {Base1Data} + + +``` +**Example 2: Add second base policy** +```xml + + 1 + + + ./Vendor/MSFT/ApplicationControl/Policies/{Base2GUID}/Policy + + + b64 + + {Base2Data} + + +``` +**Example 3: Add supplemental policy** +```xml + + 1 + + + ./Vendor/MSFT/ApplicationControl/Policies/{Supplemental1GUID}/Policy + + + b64 + + {Supplemental1Data} + + +``` +### Get policies + +Perform a GET using a deployed policy’s GUID to interrogate/inspect the policy itself or information about it. + +The following table displays the result of Get operation on different nodes: + +|Nodes | Get Results| +|------------- | ------| +|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy|raw p7b| +|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Version|Policy version| +|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsEffective|Is the policy in effect| +|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsDeployed|Is the policy on the system| +|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/IsAuthorized|Is the policy authorized on the system| +|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/Status|Was the deployment successful| +|./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/PolicyInfo/FriendlyName|Friendly name per the policy| + +The following is an example of Get command: +```xml + + 1 + + + ./Vendor/MSFT/ApplicationControl/Policies/{PolicyGUID}/Policy + + + +``` + +### Delete policies +To delete an unsigned policy, perform a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy**. + +> [!Note] +> Only signed things should be able to update signed policies. Hence, performing a DELETE on **./Vendor/MSFT/ApplicationControl/Policies/_Policy GUID_/Policy** is not sufficient to delete a signed policy. + +To delete a signed policy: +1. Replace it with a signed update allowing unsigned policy. +2. Deploy another update with unsigned policy. +3. Perform delete. + +The following is an example of Delete command: +```xml + + 1 + + + ./Vendor/MSFT/ApplicationControl/Policies/{PolicyGUID}/Policy + + + +``` \ No newline at end of file diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 06824c4c4a..a282ba8384 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -172,6 +172,34 @@ Additional lists: + +[ApplicationControl CSP](applicationcontrol-csp.md) + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
check mark6check mark6check mark6check mark6check mark6check mark6check mark6
+ + + + [AppLocker CSP](applocker-csp.md) diff --git a/windows/client-management/mdm/images/provisioning-csp-applicationcontrol.png b/windows/client-management/mdm/images/provisioning-csp-applicationcontrol.png new file mode 100644 index 0000000000..012b0b392b Binary files /dev/null and b/windows/client-management/mdm/images/provisioning-csp-applicationcontrol.png differ diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index c7dde016cf..61350998ce 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -142,6 +142,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s EnrollmentStatusTracking CSP

Added new CSP in Windows 10, version 1903.

+ +ApplicationControl CSP +

Added new CSP in Windows 10, version 1903.

+ @@ -1887,6 +1891,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o |New or updated topic | Description| |--- | ---| +|[ApplicationControl CSP](applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.| |[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies:
LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock| |Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:
Create a custom configuration service provider
Design a custom configuration service provider
IConfigServiceProvider2
IConfigServiceProvider2::ConfigManagerNotification
IConfigServiceProvider2::GetNode
ICSPNode
ICSPNode::Add
ICSPNode::Clear
ICSPNode::Copy
ICSPNode::DeleteChild
ICSPNode::DeleteProperty
ICSPNode::Execute
ICSPNode::GetChildNodeNames
ICSPNode::GetProperty
ICSPNode::GetPropertyIdentifiers
ICSPNode::GetValue
ICSPNode::Move
ICSPNode::SetProperty
ICSPNode::SetValue
ICSPNodeTransactioning
ICSPValidate
Samples for writing a custom configuration service provider| diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md index 5ef4bd2feb..7058bc777e 100644 --- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md +++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md @@ -28,19 +28,19 @@ Windows Autopilot depends on specific capabilities available in Windows 10, Azur - Windows 10 version 1703 (semi-annual channel) or higher is required. - The following editions are supported: - - Windows 10 Pro - - Windows 10 Pro Education - - Windows 10 Pro for Workstations - - Windows 10 Enterprise - - Windows 10 Education - - Windows 10 Enterprise 2019 LTSC + - Windows 10 Pro + - Windows 10 Pro Education + - Windows 10 Pro for Workstations + - Windows 10 Enterprise + - Windows 10 Education + - Windows 10 Enterprise 2019 LTSC ## Networking requirements Windows Autopilot depends on a variety of internet-based services. Access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following: -- Ensure DNS name resolution for internet DNS names -- Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP) +- Ensure DNS name resolution for internet DNS names +- Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP) In environments that have more restrictive Internet access, or for those that require authentication before internet access can be obtained, additional configuration may be required to whitelist access to the required services. For additional details about each of these services and their specific requirements, review the following details: @@ -60,7 +60,7 @@ If the Delivery Optimization Service is inaccessible, the AutoPilot process will Network Time Protocol (NTP) SyncWhen a Windows device starts up, it will talk to a network time server to ensure that the time on the device is accurate. Ensure that UDP port 123 to time.windows.com is accessible. Domain Name Services (DNS)To resolve DNS names for all services, the device communicates with a DNS server, typically provided via DHCP.  This DNS server must be able to resolve internet names. -Diagnostics dataTo enable Windows Analytics and related diagnostics capabilities, see Configure Windows diagnostic data in your organization.
+Diagnostics dataStarting in Windows 10, 1903, diagnostic data collection will be enabled by default. To disable Windows Analytics and related diagnostics capabilities, see Manage enterprise diagnostic data level.
If diagnostic data cannot be sent, the Autopilot process will still continue, but services that depend on diagnostic data, such as Windows Analytics, will not work. Network Connection Status Indicator (NCSI)Windows must be able to tell that the device is able to access the internet. For more information, see Network Connection Status Indicator (NCSI). diff --git a/windows/hub/TOC.md b/windows/hub/TOC.md index a811ff7119..1b9bb407c6 100644 --- a/windows/hub/TOC.md +++ b/windows/hub/TOC.md @@ -1,4 +1,4 @@ -# [Windows 10 and Windows 10 Mobile](index.md) +# [Windows 10](index.md) ## [What's new](/windows/whats-new) ## [Release information](/windows/release-information) ## [Deployment](/windows/deployment) @@ -8,4 +8,4 @@ ## [Security](/windows/security) ## [Privacy](/windows/privacy) ## [Troubleshooting](/windows/client-management/windows-10-support-solutions) -## [Other Windows client versions](https://docs.microsoft.com/previous-versions/windows) \ No newline at end of file +## [Previous Windows versions](https://docs.microsoft.com/previous-versions/windows) diff --git a/windows/hub/index.md b/windows/hub/index.md index 805d3fa7cd..c9bfdfd89d 100644 --- a/windows/hub/index.md +++ b/windows/hub/index.md @@ -1,19 +1,22 @@ --- -title: Windows 10 and Windows 10 Mobile (Windows 10) -description: Find the latest how to and support content that IT pros need to evaluate, plan, deploy, secure and manage devices running Windows 10 or Windows 10 Mobile. +title: Windows 10 +description: Find the latest how to and support content that IT pros need to evaluate, plan, deploy, secure and manage devices running Windows 10. ms.assetid: 345A4B4E-BC1B-4F5C-9E90-58E647D11C60 ms.prod: w10 ms.localizationpriority: high -author: greg-lindsay ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -ms.date: 10/02/2018 +ms.date: 07/16/2019 +ms.author: dansimp +ms.date: 09/03/2018 +ms.reviewer: dansimp +manager: dansimp --- -# Windows 10 and Windows 10 Mobile +# Windows 10 -Find the latest how to and support content that IT pros need to evaluate, plan, deploy, secure and manage devices running Windows 10 or Windows 10 Mobile. +Find the latest how to and support content that IT pros need to evaluate, plan, deploy, secure and manage devices running Windows 10.   @@ -26,28 +29,28 @@ Find the latest how to and support content that IT pros need to evaluate, plan, Read what's new in Windows 10
What's New?
- + Configure Windows 10 in your enterprise
Configuration
- + Windows 10 deployment
Deployment
-
+
Manage applications in your Windows 10 enterprise deployment -
Application Management +
App Management -
+
Windows 10 client management
Client Management -
+
Windows 10 security
Security @@ -59,20 +62,8 @@ Find the latest how to and support content that IT pros need to evaluate, plan, ## Get to know Windows as a Service (WaaS) -![Get to know Windows as a Service (WaaS)](images/w10-WaaS-poster.png) - The Windows 10 operating system introduces a new way to build, deploy, and service Windows: Windows as a service. Microsoft has reimagined each part of the process, to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time. -- [Read more about Windows as a Service](/windows/deployment/update/waas-overview) - - -## Related topics -[Windows 10 TechCenter](https://go.microsoft.com/fwlink/?LinkId=620009) - - -  - - -  +- [Read more about Windows as a Service](/windows/deployment/update/waas-overview) \ No newline at end of file diff --git a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md index 12db0fe2fe..b9d06453a0 100644 --- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md +++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md @@ -196,7 +196,7 @@ Microsoft believes in and practices information minimization. We strive to gathe ### Enterprise management -Sharing diagnostic data with Microsoft provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the diagnostic data level and managing specific components is the best option. +Sharing diagnostic data with Microsoft is enabled by default on Windows 10, 1903 and later. Sharing this data provides many benefits to enterprises, so we do not recommend turning it off. For most enterprise customers, simply adjusting the diagnostic data level and managing specific components is the best option. Customers can set the diagnostic data level in both the user interface and with existing management tools. Users can change the diagnostic data level in the **Diagnostic data** setting. In the **Settings** app, in **Privacy** > **Diagnostics & feedback**. They can choose between Basic and Full. The Enhanced level will only be displayed as an option when Group Policy or Mobile Device Management (MDM) are invoked with this level. The Security level is not available. diff --git a/windows/release-information/resolved-issues-windows-10-1607.yml b/windows/release-information/resolved-issues-windows-10-1607.yml index 3ad444b3d0..f7a7113111 100644 --- a/windows/release-information/resolved-issues-windows-10-1607.yml +++ b/windows/release-information/resolved-issues-windows-10-1607.yml @@ -32,6 +32,7 @@ sections: - type: markdown text: " + @@ -70,6 +71,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusDate resolved
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

See details >		OS Build 14393.2941

April 25, 2019
KB4493473		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

See details >		OS Build 14393.2969

May 14, 2019
KB4494440		Resolved
KB4507460		July 09, 2019
10:00 AM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 14393.2999

May 23, 2019
KB4499177		Resolved
KB4509475		June 27, 2019
02:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved
KB4503294		June 18, 2019
02:00 PM PT
+ diff --git a/windows/release-information/resolved-issues-windows-10-1703.yml b/windows/release-information/resolved-issues-windows-10-1703.yml index 57777605fe..30427c2a53 100644 --- a/windows/release-information/resolved-issues-windows-10-1703.yml +++ b/windows/release-information/resolved-issues-windows-10-1703.yml @@ -48,8 +48,6 @@ sections: - -
DetailsOriginating updateStatusHistory
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of KB4493473 on the server. Applications that may exhibit this behavior use an IFRAME during non-interactive authentication requests and receive X-Frame Options set to DENY.

Affected platforms:
  • Server: Windows Server 2016
Resolution: This issue was resolved in KB4507459.

Back to top		OS Build 14393.2941

April 25, 2019
KB4493473		Resolved
KB4507459		Resolved:
July 16, 2019
10:00 AM PT

Opened:
June 04, 2019
05:55 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499177. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4509475.

Back to top		OS Build 14393.2999

May 23, 2019
KB4499177		Resolved
KB4509475		Resolved:
June 27, 2019
02:00 PM PT

Opened:
June 20, 2019
04:46 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4503294.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved
KB4503294		Resolved:
June 18, 2019
02:00 PM PT

Opened:
June 12, 2019
11:11 AM PT
Opening Internet Explorer 11 may fail
Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607
  • Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4503267.

Back to top		OS Build 14393.2999

May 23, 2019
KB4499177		Resolved
KB4503267		Resolved:
June 11, 2019
10:00 AM PT

Opened:
June 05, 2019
05:49 PM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

See details >		OS Build 15063.1631

February 12, 2019
KB4487020		Resolved
KB4487011		February 19, 2019
02:00 PM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Resolved
KB4487020		February 12, 2019
10:00 AM PT
Webpages become unresponsive in Microsoft Edge
Microsoft Edge users report difficulty browsing and loading webpages.

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Resolved
KB4487020		February 12, 2019
10:00 AM PT
SqlConnection instantiation exception on .NET 4.6 and later
Instantiation of SqlConnection can throw an exception after certain updates have been installed.

See details >		OS Build 15063.1292

August 30, 2018
KB4343889		Resolved
KB4480959		January 15, 2019
10:00 AM PT
Unable to access hotspots with third-party applications
Third-party applications may have difficulty authenticating hotspots.

See details >		OS Build 15063.1563

January 08, 2019
KB4480973		Resolved
KB4480959		January 15, 2019
10:00 AM PT
" @@ -113,15 +111,5 @@ sections:
First character of the Japanese era name not recognized as an abbreviation
After installing KB4480959, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487011.

Back to topOS Build 15063.1596

January 15, 2019
KB4480959Resolved
KB4487011Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 15, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

Affected platforms:
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487020.

Back to topOS Build 15063.1563

January 08, 2019
KB4480973Resolved
KB4487020Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Webpages become unresponsive in Microsoft Edge
After installing KB4480973, some Microsoft Edge users report that they:
  • Cannot load web pages using a local IP address.
  • Cannot load web pages on the Internet using a VPN connection.
Browsing fails or the web page may become unresponsive.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue is resolved in KB4486996

Back to topOS Build 15063.1563

January 08, 2019
KB4480973Resolved
KB4487020Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT -
Unable to access hotspots with third-party applications
After installing KB4480973, third-party applications may have difficulty authenticating hotspots.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4480959.

Back to topOS Build 15063.1563

January 08, 2019
KB4480973Resolved
KB4480959Resolved:
January 15, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT - - " - -- title: August 2018 -- items: - - type: markdown - text: " - -
DetailsOriginating updateStatusHistory
SqlConnection instantiation exception on .NET 4.6 and later
After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception.

For more information about this issue, see the following article in the Microsoft Knowledge Base:
4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.

Affected platforms:
  • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
Resolution: This issue is resolved in KB4480959.

Back to top		OS Build 15063.1292

August 30, 2018
KB4343889		Resolved
KB4480959		Resolved:
January 15, 2019
10:00 AM PT

Opened:
August 30, 2018
05:00 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1709.yml b/windows/release-information/resolved-issues-windows-10-1709.yml index 850dcb03d2..b80a28eec7 100644 --- a/windows/release-information/resolved-issues-windows-10-1709.yml +++ b/windows/release-information/resolved-issues-windows-10-1709.yml @@ -49,8 +49,6 @@ sections:
Internet Explorer may fail to load images
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

See details >OS Build 16299.967

February 12, 2019
KB4486996Resolved
KB4487021February 19, 2019
02:00 PM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >OS Build 16299.904

January 08, 2019
KB4480978Resolved
KB4486996February 12, 2019
10:00 AM PT
Webpages become unresponsive in Microsoft Edge
Microsoft Edge users report difficulty browsing and loading webpages.

See details >OS Build 16299.904

January 08, 2019
KB4480978Resolved
KB4486996February 12, 2019
10:00 AM PT -
SqlConnection instantiation exception on .NET 4.6 and later
Instantiation of SqlConnection can throw an exception after certain updates have been installed.

See details >OS Build 16299.637

August 30, 2018
KB4343893Resolved
KB4480967January 15, 2019
10:00 AM PT -
Unable to access hotspots with third-party applications
Third-party applications may have difficulty authenticating hotspots.

See details >OS Build 16299.904

January 08, 2019
KB4480978Resolved
KB4480967January 15, 2019
10:00 AM PT " @@ -123,15 +121,5 @@ sections:
First character of the Japanese era name not recognized as an abbreviation
After installing KB4480967, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487021.

Back to topOS Build 16299.936

January 15, 2019
KB4480967Resolved
KB4487021Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 15, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format.”

Affected platforms:
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4486996.

Back to topOS Build 16299.904

January 08, 2019
KB4480978Resolved
KB4486996Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Webpages become unresponsive in Microsoft Edge
After installing KB4480978, some Microsoft Edge users report that they:
  • Cannot load web pages using a local IP address. 
  • Cannot load web pages on the Internet using a VPN connection.  
Browsing fails or the web page may become unresponsive. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue is resolved in KB4486996.

Back to topOS Build 16299.904

January 08, 2019
KB4480978Resolved
KB4486996Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT -
Unable to access hotspots with third-party applications
After installing KB4480978, third-party applications may have difficulty authenticating hotspots.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4480967.

Back to topOS Build 16299.904

January 08, 2019
KB4480978Resolved
KB4480967Resolved:
January 15, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT - - " - -- title: August 2018 -- items: - - type: markdown - text: " - -
DetailsOriginating updateStatusHistory
SqlConnection instantiation exception on .NET 4.6 and later
After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception.

For more information about this issue, see the following article in the Microsoft Knowledge Base:
4470809 SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.

Affected platforms:
  • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
Resolution: This issue is resolved in KB4480967.

Back to top		OS Build 16299.637

August 30, 2018
KB4343893		Resolved
KB4480967		Resolved:
January 15, 2019
10:00 AM PT

Opened:
August 30, 2018
05:00 PM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1803.yml b/windows/release-information/resolved-issues-windows-10-1803.yml index df8d35b361..3353facc94 100644 --- a/windows/release-information/resolved-issues-windows-10-1803.yml +++ b/windows/release-information/resolved-issues-windows-10-1803.yml @@ -49,8 +49,6 @@ sections:
Internet Explorer may fail to load images
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

See details >OS Build 17134.590

February 12, 2019
KB4487017Resolved
KB4487029February 19, 2019
02:00 PM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

See details >OS Build 17134.523

January 08, 2019
KB4480966Resolved
KB4487017February 12, 2019
10:00 AM PT
Webpages become unresponsive in Microsoft Edge
Microsoft Edge users report difficulty browsing and loading webpages.

See details >OS Build 17134.523

January 08, 2019
KB4480966Resolved
KB4487017February 12, 2019
10:00 AM PT -
SqlConnection instantiation exception on .NET 4.6 and later
After you install the August Preview of Quality Rollup or the September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception.

See details >OS Build 17134.285

September 11, 2018
KB4457128Resolved
KB4480976January 15, 2019
10:00 AM PT -
Unable to access hotspots with third-party applications
Third-party applications may have difficulty authenticating hotspots.

See details >OS Build 17134.523

January 08, 2019
KB4480966Resolved
KB4480976January 15, 2019
10:00 AM PT " @@ -122,7 +120,6 @@ sections:
MSXML6 may cause applications to stop responding
After installing KB4480966, MSXML6 causes applications to stop responding if an exception was thrown during node operations, such as appendChild(), insertBefore(), and moveNode().

The Group Policy editor may stop responding when editing a Group Policy Object (GPO) that contains Group Policy Preferences (GPP) for Internet Explorer 10 settings.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue was resolved in KB4493464

Back to topOS Build 17134.523

January 08, 2019
KB4480966Resolved
KB4493464Resolved:
April 09, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487017.

Back to topOS Build 17134.523

January 08, 2019
KB4480966Resolved
KB4487017Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT
Webpages become unresponsive in Microsoft Edge
After installing KB4480966, some Microsoft Edge users report that they: 
  • Cannot load web pages using a local IP address. 
  • Cannot load web pages on the Internet using a VPN connection.  
Browsing fails or the web page may become unresponsive. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709
Resolution: This issue is resolved in KB4487017

Back to topOS Build 17134.523

January 08, 2019
KB4480966Resolved
KB4487017Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT -
Unable to access hotspots with third-party applications
After installing KB4480966, third-party applications may have difficulty authenticating hotspots.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4480976

Back to topOS Build 17134.523

January 08, 2019
KB4480966Resolved
KB4480976Resolved:
January 15, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT " @@ -134,12 +131,3 @@ sections:
Cannot pin a web link on the Start menu or the taskbar
After installing KB4471324, some users cannot pin a web link on the Start menu or the taskbar. 

Affected platforms:
  • Client: Windows 10, version 1803
  • Server: Windows Server, version 1803
Resolution: This issue is resolved in KB4487029

Back to topOS Build 17134.471

December 11, 2018
KB4471324Resolved
KB4487029Resolved:
February 19, 2019
02:00 PM PT

Opened:
December 11, 2018
10:00 AM PT " - -- title: September 2018 -- items: - - type: markdown - text: " - - -
DetailsOriginating updateStatusHistory
SqlConnection instantiation exception on .NET 4.6 and later
After you install the August Preview of Quality Rollup or September 11, 2018 .NET Framework update, instantiation of SqlConnection can throw an exception.  

For more information about this issue, see the following article in the Microsoft Knowledge Base: 4470809, SqlConnection instantiation exception on .NET 4.6 and later after August-September 2018 .NET Framework updates.

Affected platforms:
  • Client: Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016
Resolution: This issue is resolved in KB4480976

Back to top		OS Build 17134.285

September 11, 2018
KB4457128		Resolved
KB4480976		Resolved:
January 15, 2019
10:00 AM PT

Opened:
September 11, 2018
10:00 AM PT
- " diff --git a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml index b5d57f8c65..c3b5e984d1 100644 --- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml +++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml @@ -58,7 +58,7 @@ sections:
First character of the Japanese era name not recognized
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >OS Build 17763.316

February 12, 2019
KB4487044Resolved
KB4482887March 01, 2019
10:00 AM PT
Shared albums may not sync with iCloud for Windows
Upgrade block: Apple has identified an incompatibility with iCloud for Windows (version 7.7.0.27) where users may experience issues updating or synching Shared Albums.

See details >OS Build 17763.134

November 13, 2018
KB4467708Resolved
KB4482887March 01, 2019
10:00 AM PT
Intel Audio Display (intcdaud.sys) notification during Windows 10 Setup
Upgrade block: Users may see an Intel Audio Display (intcdaud.sys) notification during setup for devices with certain Intel Display Audio Drivers.

See details >OS Build 17763.134

November 13, 2018
KB4467708Resolved
KB4482887March 01, 2019
10:00 AM PT -
F5 VPN clients losing network connectivity
Upgrade block: After updating to Window 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.

See details >OS Build 17763.134

November 13, 2018
KB4467708Resolved
KB4482887March 01, 2019
10:00 AM PT +
F5 VPN clients losing network connectivity
Upgrade block: After updating to Windows 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.

See details >OS Build 17763.134

November 13, 2018
KB4467708Resolved
KB4482887March 01, 2019
10:00 AM PT
Webpages become unresponsive in Microsoft Edge
Microsoft Edge users report difficulty browsing and loading webpages.

See details >OS Build 17763.253

January 08, 2019
KB4480116Resolved
KB4487044February 12, 2019
10:00 AM PT
Issues with lock screen and Microsoft Edge tabs for certain AMD Radeon video cards
Upgrade block: Devices utilizing AMD Radeon HD2000 or HD4000 series video cards may experience issues with the lock screen and Microsoft Edge tabs.

See details >OS Build 17763.134

November 13, 2018
KB4467708Resolved
KB4487044February 12, 2019
10:00 AM PT
Trend Micro OfficeScan and Worry-Free Business Security AV software not compatible
Upgrade block: Microsoft and Trend Micro identified a compatibility issue with the Trend Micro business endpoint security solutions OfficeScan and Worry-Free Business Security.

See details >OS Build 17763.134

November 13, 2018
KB4467708Resolved
February 01, 2019
09:00 AM PT @@ -152,10 +152,10 @@ sections: text: " - + - - + +
DetailsOriginating updateStatusHistory
Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort
Upgrade block: Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows. 
 
As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers.
Note: This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously documented.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019 
Next steps: Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update. For more information, see the Intel Customer Support article.

Resolution: Microsoft has removed the safeguard hold.



Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
Resolved:
May 21, 2019
07:42 AM PT

Opened:
November 13, 2018
10:00 AM PT
Shared albums may not sync with iCloud for Windows
Upgrade block: Users who attempt to install iCloud for Windows (version 7.7.0.27) will see a message displayed that this version iCloud for Windows isn't supported and the install will fail.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
To ensure a seamless experience, Microsoft is blocking devices with iCloud for Windows (version 7.7.0.27) software installed from being offered Window 10, version 1809 until this issue has been resolved. 

We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool from the Microsoft software download website until this issue is resolved. 
 
Resolution: Apple has released an updated version of iCloud for Windows (version 7.8.1) that resolves compatibility issues encountered when updating or synching Shared Albums after updating to Windows 10, version 1809. We recommend that you update your iCloud for Windows to version 7.8.1 when prompted before attempting to upgrade to Windows 10, version 1809. You can also manually download the latest version of iCloud for Windows by visiting https://support.apple.com/HT204283.

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		Resolved:
March 01, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
Shared albums may not sync with iCloud for Windows
Upgrade block: Users who attempt to install iCloud for Windows (version 7.7.0.27) will see a message displayed that this version iCloud for Windows isn't supported and the install will fail.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
To ensure a seamless experience, Microsoft is blocking devices with iCloud for Windows (version 7.7.0.27) software installed from being offered Windows 10, version 1809 until this issue has been resolved. 

We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool from the Microsoft software download website until this issue is resolved. 
 
Resolution: Apple has released an updated version of iCloud for Windows (version 7.8.1) that resolves compatibility issues encountered when updating or synching Shared Albums after updating to Windows 10, version 1809. We recommend that you update your iCloud for Windows to version 7.8.1 when prompted before attempting to upgrade to Windows 10, version 1809. You can also manually download the latest version of iCloud for Windows by visiting https://support.apple.com/HT204283.

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		Resolved:
March 01, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
Intel Audio Display (intcdaud.sys) notification during Windows 10 Setup
Upgrade block: Microsoft and Intel have identified a compatibility issue with a range of Intel Display Audio device drivers (intcdaud.sys, versions 10.25.0.3 - 10.25.0.8) that may result in excessive processor demand and reduced battery life. As a result, the update process to the Windows 10 October 2018 Update (Windows 10, version 1809) will fail and affected devices will automatically revert to the previous working configuration. 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
If you see a \"What needs your attention\" notification during installation of the October 2018 Update, you have one of these affected drivers on your system. On the notification, click Back to remain on your current version of Windows 10. 
 
To ensure a seamless experience, we are blocking devices from being offered the October 2018 Update until updated Intel device drivers are installed on your current operating system. We recommend that you do not attempt to manually update to Windows 10, version 1809, using the Update Now button or the Media Creation Tool from the Microsoft Software Download Center until newer Intel device drivers are available with the update. You can either wait for newer drivers to be installed automatically through Windows Update or check with your computer manufacturer for the latest device driver software availability and installation procedures. For more information about this issue, see Intel's customer support guidance.
 
Resolution: This issue was resolved in KB4482887 and the upgrade block removed. 

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		Resolved:
March 01, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
F5 VPN clients losing network connectivity
Upgrade block: After updating to Window 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Resolution: This issue was resolved in KB4482887 and the upgrade block removed. 

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		Resolved:
March 01, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
Issues with lock screen and Microsoft Edge tabs for certain AMD Radeon video cards
Note: AMD no longer supports Radeon HD2000 and HD4000 series graphic processor units (GPUs).
 
Upgrade block: After updating to Window 10, version 1809, Microsoft Edge tabs may stop working when a device is configured with AMD Radeon HD2000 or HD4000 series video cards. Customers may get the following error code: \"INVALID_POINTER_READ_c0000005_atidxx64.dll\". 
 
Some users may also experience performance issues with the lock screen or the ShellExperienceHost. (The lock screen hosts widgets, and the ShellExperienceHost is responsible for assorted shell functionality.) 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Resolution: This issue was resolved in KB4487044, and the block was removed.

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4487044		Resolved:
February 12, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
F5 VPN clients losing network connectivity
Upgrade block: After updating to Windows 10, version 1809, F5 VPN clients may lose network connectivity when the VPN service is in a split tunnel configuration.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Resolution: This issue was resolved in KB4482887 and the upgrade block removed. 

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4482887		Resolved:
March 01, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
Issues with lock screen and Microsoft Edge tabs for certain AMD Radeon video cards
Note: AMD no longer supports Radeon HD2000 and HD4000 series graphic processor units (GPUs).
 
Upgrade block: After updating to Windows 10, version 1809, Microsoft Edge tabs may stop working when a device is configured with AMD Radeon HD2000 or HD4000 series video cards. Customers may get the following error code: \"INVALID_POINTER_READ_c0000005_atidxx64.dll\". 
 
Some users may also experience performance issues with the lock screen or the ShellExperienceHost. (The lock screen hosts widgets, and the ShellExperienceHost is responsible for assorted shell functionality.) 

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019
Resolution: This issue was resolved in KB4487044, and the block was removed.

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
KB4487044		Resolved:
February 12, 2019
10:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
Trend Micro OfficeScan and Worry-Free Business Security AV software not compatible
Upgrade block: Microsoft and Trend Micro have identified a compatibility issue with Trend Micro's OfficeScan and Worry-Free Business Security software when attempting to update to Windows 10, version 1809.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019
  • Server: Windows Server, version 1809; Windows Server 2019 
Resolution: Trend Micro has released a new version of these products that resolves the issue. To download them, please visit the Trend Micro Business Support Portal.

Once you have updated your version of Trend Micro's OfficeScan or Worry-Free Business Security software, you will be offered Windows 10, version 1809 automatically. 

Back to top		OS Build 17763.134

November 13, 2018
KB4467708		Resolved
Resolved:
February 01, 2019
09:00 AM PT

Opened:
November 13, 2018
10:00 AM PT
" diff --git a/windows/release-information/resolved-issues-windows-10-1903.yml b/windows/release-information/resolved-issues-windows-10-1903.yml index 31e68e050d..6b4eeb59c5 100644 --- a/windows/release-information/resolved-issues-windows-10-1903.yml +++ b/windows/release-information/resolved-issues-windows-10-1903.yml @@ -64,10 +64,10 @@ sections: - type: markdown text: " - - - - + + + + diff --git a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml index 45706d7e3c..a4428a3d64 100644 --- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml +++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml @@ -51,7 +51,6 @@ sections: -
DetailsOriginating updateStatusHistory
Loss of functionality in Dynabook Smartphone Link app
Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.

To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Window 10, version 1903.

Back to top		OS Build 18362.116

May 20, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:54 PM PT

Opened:
May 24, 2019
03:10 PM PT
Audio not working with Dolby Atmos headphones and home theater
After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.
 
This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.
 
To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Window 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:16 AM PT
Error attempting to update with external USB device or memory card attached
If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.

Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H).

Note The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.

To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Window 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:38 AM PT
Duplicate folders and documents showing in user profile directory
If you have redirected known folders (e.g. Desktop, Documents, or Pictures folders) you may see an empty folder with the same name in your %userprofile% directories after updating to Windows 10, version 1903. This may occur if known folders were redirected when you chose to back up your content to OneDrive using the OneDrive wizard, or if you chose to back up your content during the Windows Out-of-Box-Experience (OOBE). This may also occur if you redirected your known folders manually through the Properties dialog box in File Explorer. ​This issue does not cause any user files to be deleted and a solution is in progress.

To safeguard your update experience, we have applied a quality hold on devices with redirected known folders from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4497935 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Window 10, version 1903.
(Posted June 11, 2019)

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4497935		Resolved:
May 29, 2019
02:00 PM PT

Opened:
May 21, 2019
07:16 AM PT
Loss of functionality in Dynabook Smartphone Link app
Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.

To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 20, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:54 PM PT

Opened:
May 24, 2019
03:10 PM PT
Audio not working with Dolby Atmos headphones and home theater
After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.
 
This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.
 
To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:16 AM PT
Error attempting to update with external USB device or memory card attached
If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.

Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H).

Note The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.

To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:38 AM PT
Duplicate folders and documents showing in user profile directory
If you have redirected known folders (e.g. Desktop, Documents, or Pictures folders) you may see an empty folder with the same name in your %userprofile% directories after updating to Windows 10, version 1903. This may occur if known folders were redirected when you chose to back up your content to OneDrive using the OneDrive wizard, or if you chose to back up your content during the Windows Out-of-Box-Experience (OOBE). This may also occur if you redirected your known folders manually through the Properties dialog box in File Explorer. ?This issue does not cause any user files to be deleted and a solution is in progress.

To safeguard your update experience, we have applied a quality hold on devices with redirected known folders from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue was resolved in KB4497935 and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.
(Posted June 11, 2019)

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4497935		Resolved:
May 29, 2019
02:00 PM PT

Opened:
May 21, 2019
07:16 AM PT
Older versions of BattlEye anti-cheat software incompatible
Microsoft and BattlEye have identified a compatibility issue with some games that use older versions of BattlEye anti-cheat software. When launching a game that uses an older, impacted version of BattlEye anti-cheat software on a device running Windows 10, version 1903, the device may experience a system crash.

To safeguard your gaming experience, we have applied a compatibility hold on devices with the impacted versions of BattlEye software used by games installed on your PC. This will prevent Windows 10, version 1903 from being offered until the incompatible version of BattlEye software is no longer installed on the device. 

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: Before updating your machine, we recommend you do one or more of the following:

  • Verify that your game is up to date with the latest available version of BattlEye software. Some game platforms allow you to validate your game files, which can confirm that your installation is fully up to date.
  • Restart your system and open the game again.
  • Uninstall BattlEye using https://www.battleye.com/downloads/UninstallBE.exe, and then reopen your game.
  • Uninstall and reinstall your game.
Resolution: This issue was resolved externally by BattlEye for all known impacted games. For a list of recent games that use BattlEye, go to https://www.battleye.com/. We recommend following the workaround before updating to Windows 10, version 1903, as games with incompatible versions of BattleEye may fail to open after updating Windows. If you have confirmed your game is up to date and you have any issues with opening games related to a BattlEye error, please see https://www.battleye.com/support/faq/.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
June 07, 2019
04:26 PM PT

Opened:
May 21, 2019
07:34 AM PT
AMD RAID driver incompatibility
Microsoft and AMD have identified an incompatibility with AMD RAID driver versions earlier than 9.2.0.105. When you attempt to install the Windows 10, version 1903 update on a Windows 10-based computer with an affected driver version, the installation process stops and you get a message like the following:

AMD Ryzen™ or AMD Ryzen™ Threadripper™ configured in SATA or NVMe RAID mode.

“A driver is installed that causes stability problems on Windows. This driver will be disabled. Check with your software/driver provider for an updated version that runs on this version of Windows.”

 
To safeguard your update experience, we have applied a compatibility hold on devices with these AMD drivers from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue has been resolved externally by AMD. To resolve this issue, you will need to download the latest AMD RAID drivers directly from AMD at https://www.amd.com/en/support/chipsets/amd-socket-tr4/x399. The drivers must be version 9.2.0.105 or later. Install the drivers on the affected computer, and then restart the installation process for the Windows 10, version 1903 feature update.
 
Note The safeguard hold will remain in place on machines with the older AMD RAID drivers. We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
June 06, 2019
11:06 AM PT

Opened:
May 21, 2019
07:12 AM PT
D3D applications and games may fail to enter full-screen mode on rotated displays
Some Direct3D (D3D) applications and games (e.g., 3DMark) may fail to enter full-screen mode on displays where the display orientation has been changed from the default (e.g., a landscape display in portrait mode).

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Resolution: This issue was resolved in KB4497935

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
KB4497935		Resolved:
May 29, 2019
02:00 PM PT

Opened:
May 21, 2019
07:05 AM PT
First character of the Japanese era name not recognized as an abbreviation
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >		January 15, 2019
KB4480969		Resolved
KB4487016		February 19, 2019
02:00 PM PT
Internet Explorer may fail to load images
Internet Explorer may fail to load images with a backslash (\\) in their relative source path.

See details >		February 12, 2019
KB4487000		Resolved
KB4487016		February 19, 2019
02:00 PM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >		January 08, 2019
KB4480963		Resolved
KB4487000		February 12, 2019
10:00 AM PT
Unable to access hotspots with third-party applications
Third-party applications may have difficulty authenticating hotspots.

See details >		January 08, 2019
KB4480963		Resolved
KB4480969		January 15, 2019
10:00 AM PT
" @@ -126,6 +125,5 @@ sections:
Virtual machines fail to restore
After installing KB4480963, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, “Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).”

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4490512.

Back to topJanuary 08, 2019
KB4480963Resolved
KB4490512Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
First character of the Japanese era name not recognized as an abbreviation
After installing KB4480969, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4487016.

Back to topJanuary 15, 2019
KB4480969Resolved
KB4487016Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 15, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, “Unrecognized Database Format”.

Affected platforms: 
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2 
Resolution: This issue is resolved in KB4487000.

Back to topJanuary 08, 2019
KB4480963Resolved
KB4487000Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT -
Unable to access hotspots with third-party applications
After installing KB4480963, third-party applications may have difficulty authenticating hotspots.

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4480969.

Back to topJanuary 08, 2019
KB4480963Resolved
KB4480969Resolved:
January 15, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT " diff --git a/windows/release-information/resolved-issues-windows-server-2012.yml b/windows/release-information/resolved-issues-windows-server-2012.yml index 15736d25c5..678c8e0517 100644 --- a/windows/release-information/resolved-issues-windows-server-2012.yml +++ b/windows/release-information/resolved-issues-windows-server-2012.yml @@ -49,7 +49,6 @@ sections:
First character of the Japanese era name not recognized as an abbreviation
The first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

See details >January 15, 2019
KB4480971Resolved
KB4487024February 19, 2019
02:00 PM PT
Applications using Microsoft Jet database and Access 95 file format stop working
Applications that use a Microsoft Jet database with the Microsoft Access 95 file format may randomly stop working.

See details >February 12, 2019
KB4487025Resolved
KB4487024February 19, 2019
02:00 PM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if column names are greater than 32 characters.

See details >January 08, 2019
KB4480975Resolved
KB4487025February 12, 2019
10:00 AM PT -
Unable to access hotspots with third-party applications
Third-party applications may have difficulty authenticating hotspots.

See details >January 08, 2019
KB4480975Resolved
KB4480971January 15, 2019
10:00 AM PT " @@ -121,7 +120,6 @@ sections:
Virtual machines fail to restore
After installing KB4480975, virtual machines (VM) may fail to restore successfully if the VM has been saved and restored once before. The error message is, \"Failed to restore the virtual machine state: Cannot restore this virtual machine because the saved state data cannot be read. Delete the saved state data and then try to start the virtual machine. (0xC0370027).\"

This affects AMD Bulldozer Family 15h, AMD Jaguar Family 16h, and AMD Puma Family 16h (second generation) microarchitectures.

Affected platforms: 
  • Client: Windows 8.1; Windows 7 SP1 
  • Server: Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4490516.

Back to topJanuary 08, 2019
KB4480975Resolved
KB4490516Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 08, 2019
10:00 AM PT
First character of the Japanese era name not recognized as an abbreviation
After installing KB4480971, the first character of the Japanese era name is not recognized as an abbreviation and may cause date parsing issues.

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487024.

Back to topJanuary 15, 2019
KB4480971Resolved
KB4487024Resolved:
February 19, 2019
02:00 PM PT

Opened:
January 15, 2019
10:00 AM PT
Applications using Microsoft Jet database fail to open
Applications that use a Microsoft Jet database with the Microsoft Access 97 file format may fail to open if the database has column names greater than 32 characters. The database will fail to open with the error, \"Unrecognized Database Format\".

Affected platforms: 
  • Client: Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1; Windows 7 SP1 
  • Server: Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue is resolved in KB4487025.

Back to topJanuary 08, 2019
KB4480975Resolved
KB4487025Resolved:
February 12, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT -
Unable to access hotspots with third-party applications
After installing KB4480975, third-party applications may have difficulty authenticating hotspots.

Affected platforms: 
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1 
  • Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012
Resolution: This issue is resolved in KB4480971.

Back to topJanuary 08, 2019
KB4480975Resolved
KB4480971Resolved:
January 15, 2019
10:00 AM PT

Opened:
January 08, 2019
10:00 AM PT " diff --git a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml index 7c920cf6b5..02443f7e42 100644 --- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml +++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml @@ -61,11 +61,11 @@ sections: text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -93,7 +93,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) may fail to start with error \"0xc0000001.\"

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Mitigated
July 10, 2019
07:09 PM PT
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

See details >		OS Build 14393.2941

April 25, 2019
KB4493473		Mitigated
June 07, 2019
04:25 PM PT
Cluster service may fail if the minimum password length is set to greater than 14
The cluster service may fail to start with the error “2245 (NERR_PasswordTooShort)” if the Group Policy “Minimum Password Length” is configured with greater than 14 characters.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Mitigated
April 25, 2019
02:00 PM PT
SCVMM cannot enumerate and manage logical switches deployed on the host
For hosts managed by System Center Virtual Machine Manager (VMM), VMM cannot enumerate and manage logical switches deployed on the host.

See details >		OS Build 14393.2639

November 27, 2018
KB4467684		Mitigated
April 25, 2019
02:00 PM PT
Certain operations performed on a Cluster Shared Volume may fail
Certain operations, such as rename, performed on files or folders on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\".

See details >		OS Build 14393.2724

January 08, 2019
KB4480961		Mitigated
April 25, 2019
02:00 PM PT
Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM
Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.

See details >		OS Build 14393.2608

November 13, 2018
KB4467691		Mitigated
February 19, 2019
10:00 AM PT
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016)

See details >		OS Build 14393.2941

April 25, 2019
KB4493473		Resolved
KB4507459		July 16, 2019
10:00 AM PT
Devices with Hyper-V enabled may receive BitLocker error 0xC0210000
Some devices with Hyper-V enabled may start into BitLocker recovery with error 0xC0210000.

See details >		OS Build 14393.2969

May 14, 2019
KB4494440		Resolved
KB4507460		July 09, 2019
10:00 AM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.

See details >		OS Build 14393.2999

May 23, 2019
KB4499177		Resolved
KB4509475		June 27, 2019
02:00 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view or create Custom Views in Event Viewer, you may receive an error and the app may stop responding or close.

See details >		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved
KB4503294		June 18, 2019
02:00 PM PT
- +
DetailsOriginating updateStatusHistory
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of KB4493473 on the server. Applications that may exhibit this behavior use an IFRAME during non-interactive authentication requests and receive X-Frame Options set to DENY.

Affected platforms:
  • Server: Windows Server 2016
Workaround: You can use the Allow-From value of the header if the IFRAME is only accessing pages from a single-origin URL. On the affected server, open a PowerShell window as an administrator and run the following command: set-AdfsResponseHeaders -SetHeaderName X-Frame-Options -SetHeaderValue \"allow-from https://example.com\"

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 14393.2941

April 25, 2019
KB4493473		Mitigated
Last updated:
June 07, 2019
04:25 PM PT

Opened:
June 04, 2019
05:55 PM PT
Some applications may fail to run as expected on clients of AD FS 2016
Some applications may fail to run as expected on clients of Active Directory Federation Services 2016 (AD FS 2016) after installation of KB4493473 on the server. Applications that may exhibit this behavior use an IFRAME during non-interactive authentication requests and receive X-Frame Options set to DENY.

Affected platforms:
  • Server: Windows Server 2016
Resolution: This issue was resolved in KB4507459.

Back to top		OS Build 14393.2941

April 25, 2019
KB4493473		Resolved
KB4507459		Resolved:
July 16, 2019
10:00 AM PT

Opened:
June 04, 2019
05:55 PM PT
Difficulty connecting to some iSCSI-based SANs
Devices may have issues connecting to some Storage Area Network (SAN) devices using Internet Small Computer System Interface (iSCSI) after installing KB4499177. You may also receive an error in the System log section of Event Viewer with Event ID 43 from iScsiPrt and a description of “Target failed to respond in time for a login request.”

Affected platforms:
  • Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016
  • Server: Windows Server 2019; Windows Server 2016
Resolution: This issue was resolved in KB4509475.

Back to top		OS Build 14393.2999

May 23, 2019
KB4499177		Resolved
KB4509475		Resolved:
June 27, 2019
02:00 PM PT

Opened:
June 20, 2019
04:46 PM PT
Event Viewer may close or you may receive an error when using Custom Views
When trying to expand, view, or create Custom Views in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using Filter Current Log in the Action menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1
  • Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2
Resolution: This issue was resolved in KB4503294.

Back to top		OS Build 14393.3025

June 11, 2019
KB4503267		Resolved
KB4503294		Resolved:
June 18, 2019
02:00 PM PT

Opened:
June 12, 2019
11:11 AM PT
diff --git a/windows/release-information/status-windows-10-1903.yml b/windows/release-information/status-windows-10-1903.yml index 1eab01cae5..88fff57f7a 100644 --- a/windows/release-information/status-windows-10-1903.yml +++ b/windows/release-information/status-windows-10-1903.yml @@ -21,8 +21,8 @@ sections: Find information on known issues for Windows 10, version 1903 and Windows Server, version 1903. Looking for a specific issue? Press CTRL + F (or Command + F if you are using a Mac) and enter your search term(s). -
Current status as of June 18, 2019:
-
Windows 10, version 1903 is available for any user who manually selects “Check for updates” via Windows Update for all devices that do not have a safeguard hold. If you are not offered the update, please check below for any known issues that may affect your device. The recommended servicing status is Semi-Annual Channel.

We are now beginning to build and train the machine learning (ML) based rollout process to update devices running the April 2018 Update, and earlier versions of Windows 10, to ensure we can continue to service these devices and provide the latest updates, security updates and improvements.

Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard.
+		Current status as of July 16, 2019:
+
We are initiating the Windows 10 May 2019 Update for customers with devices that are at or nearing end of service and have not yet updated their device. Keeping these devices both supported and receiving monthly updates is critical to device security and ecosystem health. Based on the large number of devices running the April 2018 Update, that will reach the end of 18 months of service on November 12, 2019, we are starting the update process now for Home and Pro editions to help ensure adequate time for a smooth update process.

Our update rollout process takes into consideration the scale and complexity of the Windows 10 ecosystem, with the many hardware, software, and app configuration options users have, to provide a seamless update experience for all users. We closely monitor update feedback to allow us to prioritize those devices likely to have a good update experience and quickly put safeguards on other devices while we address known issues. Windows 10 Home and Pro edition users will have the ability to pause the update for up to 35 days so they can choose a convenient time.

The Windows 10 May 2019 Update is available for any user who manually selects “Check for updates” via Windows Update on a device that does not have a safeguard hold for issues already detected. If you are not offered the update, please check below for any known issues that may affect your device.

We recommend commercial customers running earlier versions of Windows 10 begin targeted deployments of Windows 10, version 1903 to validate that the apps, devices, and infrastructure used by their organizations work as expected with the new release and features.

Note Follow @WindowsUpdate to find out when new content is published to the release information dashboard.
@@ -66,7 +66,7 @@ sections: - type: markdown text: "
This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.

- + @@ -96,7 +96,7 @@ sections: - type: markdown text: "
SummaryOriginating updateStatusLast updated
The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
Some apps or games that needs to perform graphics intensive operations may close or fail to open on Surface Book 2 devices with Nvidia dGPU.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Acknowledged
July 12, 2019
04:20 PM PT
The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
Some apps or games that needs to perform graphics intensive operations may close or fail to open on Surface Book 2 devices with Nvidia dGPU.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
July 16, 2019
09:04 AM PT
Initiating a Remote Desktop connection may result in black screen
When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen.

See details >		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
July 12, 2019
04:42 PM PT
Windows Sandbox may fail to start with error code “0x80070002”
Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language was changed between updates

See details >		OS Build 18362.116

May 20, 2019
KB4505057		Investigating
June 10, 2019
06:06 PM PT
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers.

See details >		OS Build 18362.116

May 21, 2019
KB4505057		Investigating
May 21, 2019
04:47 PM PT
- +
DetailsOriginating updateStatusHistory
The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing unit (dGPU). After updating to Window 10, version 1903 (May 2019 Feature Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.

To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPUs from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: To mitigate the issue if you are already on Windows 10, version 1903, you can restart the device or select the Scan for hardware changes button in the Action menu or on the toolbar in Device Manager.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Acknowledged
Last updated:
July 12, 2019
04:20 PM PT

Opened:
July 12, 2019
04:20 PM PT
The dGPU may occasionally disappear from device manager on Surface Book 2 with dGPU
Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing unit (dGPU). After updating to Windows 10, version 1903 (May 2019 Feature Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.

To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPUs from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: To mitigate the issue if you are already on Windows 10, version 1903, you can restart the device or select the Scan for hardware changes button in the Action menu or on the toolbar in Device Manager.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
July 16, 2019
09:04 AM PT

Opened:
July 12, 2019
04:20 PM PT
Initiating a Remote Desktop connection may result in black screen
When initiating a Remote Desktop connection to devices with some older GPU drivers, you may receive a black screen. Any version of Windows may encounter this issue when initiating a Remote Desktop connection to a Windows 10, version 1903 device which is running an affected display driver, including the drivers for the Intel 4 series chipset integrated GPU (iGPU).

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Next steps: We are working on a resolution that will be made available in upcoming release.

Back to top		OS Build 18362.145

May 29, 2019
KB4497935		Investigating
Last updated:
July 12, 2019
04:42 PM PT

Opened:
July 12, 2019
04:42 PM PT
Devices starting using PXE from a WDS or SCCM servers may fail to start
Devices that start up using Preboot Execution Environment (PXE) images from Windows Deployment Services (WDS) or System Center Configuration Manager (SCCM) may fail to start with the error \"Status: 0xc0000001, Info: A required device isn't connected or can't be accessed\" after installing KB4503293 on a WDS server.

Affected platforms:
  • Server: Windows Server 2008 SP2; Windows Server 2008 R2 SP1; Windows Server 2012; Windows Server 2012 R2; Windows Server 2016; Windows Server, version 1803; Windows Server 2019; Windows Server, version 1809; Windows Server, version 1903
Workaround:
To mitigate this issue on an SCCM server:
  1. Verify Variable Window Extension is enabled.
  2. Set the values of TFTP block size to 4096 and TFTP window size to 1. For guidance on how to configure them, see Customize the RamDisk TFTP block and window sizes on PXE-enabled distribution points.
Note Try the default values for TFTP block size and TFTP window size first but depending on your environment and overall settings, you may need to adjust them for your setup. You can also try the Enable a PXE responder without Windows Deployment Service setting. For more information on this setting, see Install and configure distribution points in Configuration Manager.

To mitigate this issue on a WDS server without SCCM:
  1. In WDS TFTP settings, verify Variable Window Extension is enabled.
  2. In the Boot Configuration Data (BCD) of the imported image, set RamDiskTFTPBlockSize to 1456.
  3. In the BCD of the imported image, set RamDiskTFTPWindowSize to 4.
Note Try the default values for RamDiskTFTPBlockSize and RamDiskTFTPWindowSize first but depending on your environment and overall settings, you may need to adjust them for your setup.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.175

June 11, 2019
KB4503293		Mitigated
Last updated:
July 10, 2019
07:09 PM PT

Opened:
July 10, 2019
02:51 PM PT
@@ -118,14 +118,14 @@ sections: text: " - + - - - + + +
DetailsOriginating updateStatusHistory
Windows Sandbox may fail to start with error code “0x80070002”
Windows Sandbox may fail to start with \"ERROR_FILE_NOT_FOUND (0x80070002)\" on devices in which the operating system language is changed during the update process when installing Windows 10, version 1903.

Affected platforms:
  • Client: Windows 10, version 1903
Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.116

May 20, 2019
KB4505057		Investigating
Last updated:
June 10, 2019
06:06 PM PT

Opened:
May 24, 2019
04:20 PM PT
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Window 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.

To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: Restart your device to apply changes to brightness.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution that will be made available in upcoming release.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Investigating
Last updated:
May 21, 2019
04:47 PM PT

Opened:
May 21, 2019
07:56 AM PT
Display brightness may not respond to adjustments
Microsoft and Intel have identified a driver compatibility issue on devices configured with certain Intel display drivers. After updating to Windows 10, version 1903, brightness settings may sometime appear as if changes applied took effect, yet the actual display brightness doesn't change.

To safeguard your update experience, we have applied a compatibility hold on devices with certain Intel drivers from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: Restart your device to apply changes to brightness.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution that will be made available in upcoming release.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Investigating
Last updated:
May 21, 2019
04:47 PM PT

Opened:
May 21, 2019
07:56 AM PT
Gamma ramps, color profiles, and night light settings do not apply in some cases
Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.

Microsoft has identified some scenarios where night light settings may stop working, for example:
  • Connecting to (or disconnecting from) an external monitor, dock, or projector
  • Rotating the screen
  • Updating display drivers or making other display mode changes
  • Closing full screen applications
  • Applying custom color profiles
  • Running applications that rely on custom gamma ramps
Affected platforms:
  • Client: Windows 10, version 1903
Workaround: If you find that your night light has stopped working, try turning the night light off and on, or restarting your computer. For other color setting issues, restart your computer to correct the issue.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
Last updated:
May 24, 2019
11:02 AM PT

Opened:
May 21, 2019
07:28 AM PT
Unable to discover or connect to Bluetooth devices
Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek and Qualcomm. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek or Qualcomm Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.

Affected platforms:
  • Client: Windows 10, version 1903
  • Server: Windows Server, version 1903
Workaround: Check with your device manufacturer (OEM) to see if an updated driver is available and install it.

  • For Qualcomm drivers, you will need to install a driver version greater than 10.0.1.11.
  • For Realtek drivers, you will need to install a driver version greater than 1.5.1011.0.
Note Until an updated driver has been installed, we recommend you do not attempt to manually update using the Update now button or the Media Creation Tool. 

Next steps: Microsoft is working with Realtek and Qualcomm to release new drivers for all affected system via Windows Update.  


Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
Last updated:
May 21, 2019
04:48 PM PT

Opened:
May 21, 2019
07:29 AM PT
Intel Audio displays an intcdaud.sys notification
Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain. If you see an intcdaud.sys notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).
  
To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until updated device drivers have been installed.

Affected platforms:
  • Client: Windows 10, version 1903; Windows 10, version 1809
Workaround:
On the “What needs your attention\" notification, click the Back button to remain on your current version of Windows 10. (Do not click Confirm as this will proceed with the update and you may experience compatibility issues.) Affected devices will automatically revert to the previous working configuration.

For more information, see Intel's customer support guidance and the Microsoft knowledge base article KB4465877.

Note We recommend you do not attempt to update your devices until newer device drivers are installed.

Next steps: You can opt to wait for newer drivers to be installed automatically through Windows Update or check with the computer manufacturer for the latest device driver software availability and installation procedures.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
Last updated:
May 21, 2019
04:47 PM PT

Opened:
May 21, 2019
07:22 AM PT
Cannot launch Camera app
Microsoft and Intel have identified an issue affecting Intel RealSense SR300 and Intel RealSense S200 cameras when using the Camera app. After updating to the Windows 10 May 2019 Update and launching the Camera app, you may get an error message stating:

\"Close other apps, error code: 0XA00F4243.”


To safeguard your update experience, we have applied a protective hold on machines with Intel RealSense SR300 or Intel RealSense S200 cameras installed from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: To temporarily resolve this issue, perform one of the following:

  • Unplug your camera and plug it back in.

or

  • Disable and re-enable the driver in Device Manager. In the Search box, type \"Device Manager\" and press Enter. In the Device Manager dialog box, expand Cameras, then right-click on any RealSense driver listed and select Disable device. Right click on the driver again and select Enable device.

or

  • Restart the RealSense service. In the Search box, type \"Task Manager\" and hit Enter. In the Task Manager dialog box, click on the Services tab, right-click on RealSense, and select Restart
Note This workaround will only resolve the issue until your next system restart.

Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until this issue has been resolved.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
Last updated:
May 21, 2019
04:47 PM PT

Opened:
May 21, 2019
07:20 AM PT
Intermittent loss of Wi-Fi connectivity
Some older computers may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).

To safeguard your upgrade experience, we have applied a hold on devices with this Qualcomm driver from being offered Windows 10, version 1903, until the updated driver is installed.

Affected platforms:
  • Client: Windows 10, version 1903
Workaround: Download and install an updated Wi-Fi driver from your device manufacturer (OEM).
 
Note We recommend that you do not attempt to manually update using the Update now button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 feature update has been automatically offered to you.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Mitigated
Last updated:
May 21, 2019
04:46 PM PT

Opened:
May 21, 2019
07:13 AM PT
Loss of functionality in Dynabook Smartphone Link app
Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.

To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Window 10, version 1903.

Back to top		OS Build 18362.116

May 20, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:54 PM PT

Opened:
May 24, 2019
03:10 PM PT
Audio not working with Dolby Atmos headphones and home theater
After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.
 
This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.
 
To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Window 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:16 AM PT
Error attempting to update with external USB device or memory card attached
If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.

Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H).

Note The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.

To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Window 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:38 AM PT
Loss of functionality in Dynabook Smartphone Link app
Some users may experience a loss of functionality after updating to Windows 10, version 1903 when using the Dynabook Smartphone Link application on Windows devices. Loss of functionality may affect the display of phone numbers in the Call menu and the ability to answer phone calls on the Windows PC.

To safeguard your update experience, we have applied a compatibility hold on devices with Dynabook Smartphone Link from being offered Windows 10, version 1903, until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 20, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:54 PM PT

Opened:
May 24, 2019
03:10 PM PT
Audio not working with Dolby Atmos headphones and home theater
After updating to Windows 10, version 1903, you may experience loss of audio with Dolby Atmos for home theater (free extension) or Dolby Atmos for headphones (paid extension) acquired through the Microsoft Store due to a licensing configuration error.
 
This occurs due to an issue with a Microsoft Store licensing component, where license holders are not able to connect to the Dolby Access app and enable Dolby Atmos extensions.
 
To safeguard your update experience, we have applied protective hold on devices from being offered Windows 10, version 1903 until this issue is resolved. This configuration error will not result in loss of access for the acquired license once the problem is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:16 AM PT
Error attempting to update with external USB device or memory card attached
If you have an external USB device or SD memory card attached when installing Windows 10, version 1903, you may get an error message stating \"This PC can't be upgraded to Windows 10.\" This is caused by inappropriate drive reassignment during installation.

Sample scenario: An update to Windows 10, version 1903 is attempted on a computer that has a thumb drive inserted into its USB port. Before the update, the thumb drive is mounted in the system as drive G based on the existing drive configuration. After the feature update is installed; however, the device is reassigned a different drive letter (e.g., drive H).

Note The drive reassignment is not limited to removable drives. Internal hard drives may also be affected.

To safeguard your update experience, we have applied a hold on devices with an external USB device or SD memory card attached from being offered Windows 10, version 1903 until this issue is resolved.

Affected platforms:
  • Client: Windows 10, version 1903
Resolution: This issue is now resolved and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to Windows 10, version 1903.

Back to top		OS Build 18362.116

May 21, 2019
KB4505057		Resolved
Resolved:
July 11, 2019
01:53 PM PT

Opened:
May 21, 2019
07:38 AM PT
" diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md index da365a7f4e..b7cb9450d8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md @@ -52,6 +52,9 @@ The trust model determines how you want users to authenticate to the on-premises * The certificate-trust model is for enterprise that *do* want to issue end-entity certificates to their users and have the benefits of certificate expiration and renewal, similar to how smart cards work today. * The certificate trust model also supports enterprises which are not ready to deploy Windows Server 2016 Domain Controllers. +>[!NOTE] +>RDP does not support authentication with Windows Hello for business key trust deployments. RDP is only supported with certificate trust deployments at this time. + Following are the various deployment guides included in this topic: - [Hybrid Azure AD Joined Key Trust Deployment](hello-hybrid-key-trust.md) - [Hybrid Azure AD Joined Certificate Trust Deployment](hello-hybrid-cert-trust.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.md b/windows/security/identity-protection/hello-for-business/hello-faq.md index 116bff8b92..107b3b238b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.md +++ b/windows/security/identity-protection/hello-for-business/hello-faq.md @@ -27,6 +27,9 @@ Windows Hello for Business is the modern, two-factor credential for Windows 10. ## What about convenience PIN? Microsoft is committed to its vision of a world without passwords. We recognize the *convenience* provided by convenience PIN, but it stills uses a password for authentication. Microsoft recommends customers using Windows 10 and convenience PINs should move to Windows Hello for Business. New Windows 10 deployments should deploy Windows Hello for Business and not convenience PINs. Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business. +## Can I use Windows Hello for Business key trust and RDP? +RDP currently does not support key based authentication and does not support self signed certificates. RDP with Windows Hello for Business is currently only supported with certificate based deployments. + ## Can I deploy Windows Hello for Business using System Center Configuration Manager? Windows Hello for Business deployments using System Center Configuration Manager need to move to the hybrid deployment model that uses Active Directory Federation Services. Deployments using System Center Configuration Manager will no longer be supported after November 2018. diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index cd6424eb47..295be4d248 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -92,7 +92,9 @@ For details, see [How Windows Hello for Business works](hello-how-it-works.md). ## Comparing key-based and certificate-based authentication -Windows Hello for Business can use either keys (hardware or software) or certificates in hardware or software. Enterprises that have a public key infrastructure (PKI) for issuing and managing certificates can continue to use PKI in combination with Windows Hello. Enterprises that do not use PKI or want to reduce the effort associated with managing certificates can rely on key-based credentials for Windows Hello but still use certificates on their domain controllers as a root of trust. +Windows Hello for Business can use either keys (hardware or software) or certificates in hardware or software. Enterprises that have a public key infrastructure (PKI) for issuing and managing end user certificates can continue to use PKI in combination with Windows Hello. Enterprises that do not use PKI or want to reduce the effort associated with managing user certificates can rely on key-based credentials for Windows Hello but still use certificates on their domain controllers as a root of trust. + +Windows Hello for Business with a key does not support RDP. RDP does not support authentication with a key or a self signed certificate. RDP with Windows Hello for Business is supported with certificate based deployments. ## Learn more diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 97ceac8319..c61e51d04e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -80,6 +80,9 @@ The key trust type does not require issuing authentication certificates to end u The certificate trust type issues authentication certificates to end users. Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience. Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers (but still requires [Windows Server 2016 Active Directory schema](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs#directories)). Users can use their certificate to authenticate to any Windows Server 2008 R2, or later, domain controller. +>[!NOTE] +>RDP does not support authentication with Windows Hello for business key trust deployments. RDP is only supported with certificate trust deployments at this tim + #### Device registration All devices included in the Windows Hello for Business deployment must go through device registration. Device registration enables devices to authenticate to identity providers. For cloud only and hybrid deployment, the identity provider is Azure Active Directory. For on-premises deployments, the identity provider is the on-premises server running the Windows Server 2016 Active Directory Federation Services (AD FS) role. diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index c0304043d6..4e7cc95c8e 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -1,441 +1,492 @@ # [Threat protection](index.md) -## [Microsoft Defender Advanced Threat Protection](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) +## [Overview]() +### [What is Microsoft Defender Advanced Threat Protection?](microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md) +### [Overview of Microsoft Defender ATP capabilities](microsoft-defender-atp/overview.md) +### [Attack surface reduction]() +#### [Hardware-based isolation]() +##### [Hardware-based isolation in Windows 10](microsoft-defender-atp/overview-hardware-based-isolation.md) -### [Overview](microsoft-defender-atp/overview.md) -#### [Attack surface reduction](microsoft-defender-atp/overview-attack-surface-reduction.md) -##### [Hardware-based isolation](microsoft-defender-atp/overview-hardware-based-isolation.md) -###### [Application isolation](windows-defender-application-guard/wd-app-guard-overview.md) -####### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md) -###### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) -##### [Application control](windows-defender-application-control/windows-defender-application-control.md) -##### [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md) -##### [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md) -##### [Controlled folder access](windows-defender-exploit-guard/controlled-folders-exploit-guard.md) -##### [Attack surface reduction](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md) -##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md) -#### [Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) -#### [Endpoint detection and response](microsoft-defender-atp/overview-endpoint-detection-response.md) -##### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md) +##### [Application isolation]() +###### [Application guard overview](windows-defender-application-guard/wd-app-guard-overview.md) +###### [System requirements](windows-defender-application-guard/reqs-wd-app-guard.md) -##### [Incidents queue](microsoft-defender-atp/incidents-queue.md) -###### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md) -###### [Manage incidents](microsoft-defender-atp/manage-incidents.md) -###### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md) +##### [System integrity](windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) +#### [Application control](windows-defender-application-control/windows-defender-application-control.md) +#### [Exploit protection](windows-defender-exploit-guard/exploit-protection-exploit-guard.md) +#### [Network protection](windows-defender-exploit-guard/network-protection-exploit-guard.md) +#### [Controlled folder access](windows-defender-exploit-guard/controlled-folders-exploit-guard.md) +#### [Attack surface reduction](windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md) +#### [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md) +### [Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) -##### Alerts queue -###### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md) -###### [Manage alerts](microsoft-defender-atp/manage-alerts.md) -###### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md) -###### [Investigate files](microsoft-defender-atp/investigate-files.md) -###### [Investigate machines](microsoft-defender-atp/investigate-machines.md) -###### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md) -###### [Investigate a domain](microsoft-defender-atp/investigate-domain.md) -###### [Investigate a user account](microsoft-defender-atp/investigate-user.md) +### [Endpoint detection and response]() +#### [Endpoint detection and response overview](microsoft-defender-atp/overview-endpoint-detection-response.md) +#### [Security operations dashboard](microsoft-defender-atp/security-operations-dashboard.md) + +#### [Incidents queue]() +##### [View and organize the Incidents queue](microsoft-defender-atp/view-incidents-queue.md) +##### [Manage incidents](microsoft-defender-atp/manage-incidents.md) +##### [Investigate incidents](microsoft-defender-atp/investigate-incidents.md) + +#### [Alerts queue]() +##### [View and organize the Alerts queue](microsoft-defender-atp/alerts-queue.md) +##### [Manage alerts](microsoft-defender-atp/manage-alerts.md) +##### [Investigate alerts](microsoft-defender-atp/investigate-alerts.md) +##### [Investigate files](microsoft-defender-atp/investigate-files.md) +##### [Investigate machines](microsoft-defender-atp/investigate-machines.md) +##### [Investigate an IP address](microsoft-defender-atp/investigate-ip.md) +##### [Investigate a domain](microsoft-defender-atp/investigate-domain.md) +##### [Investigate a user account](microsoft-defender-atp/investigate-user.md) -##### Machines list -###### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md) -###### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md) -###### [Alerts related to this machine](microsoft-defender-atp/investigate-machines.md#alerts-related-to-this-machine) -###### [Machine timeline](microsoft-defender-atp/investigate-machines.md#machine-timeline) -####### [Search for specific events](microsoft-defender-atp/investigate-machines.md#search-for-specific-events) -####### [Filter events from a specific date](microsoft-defender-atp/investigate-machines.md#filter-events-from-a-specific-date) -####### [Export machine timeline events](microsoft-defender-atp/investigate-machines.md#export-machine-timeline-events) -####### [Navigate between pages](microsoft-defender-atp/investigate-machines.md#navigate-between-pages) +#### [Machines list]() +##### [View and organize the Machines list](microsoft-defender-atp/machines-view-overview.md) +##### [Manage machine group and tags](microsoft-defender-atp/machine-tags.md) +##### [Alerts related to this machine](microsoft-defender-atp/investigate-machines.md#alerts-related-to-this-machine) +##### [Machine timeline]() +###### [View machine profile](microsoft-defender-atp/investigate-machines.md#machine-timeline) +###### [Search for specific events](microsoft-defender-atp/investigate-machines.md#search-for-specific-events) +###### [Filter events from a specific date](microsoft-defender-atp/investigate-machines.md#filter-events-from-a-specific-date) +###### [Export machine timeline events](microsoft-defender-atp/investigate-machines.md#export-machine-timeline-events) +###### [Navigate between pages](microsoft-defender-atp/investigate-machines.md#navigate-between-pages) -##### [Take response actions](microsoft-defender-atp/response-actions.md) -###### [Take response actions on a machine](microsoft-defender-atp/respond-machine-alerts.md) -####### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines) -####### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines) -####### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution) -####### [Remove app restriction](microsoft-defender-atp/respond-machine-alerts.md#remove-app-restriction) -####### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network) -####### [Release machine from isolation](microsoft-defender-atp/respond-machine-alerts.md#release-machine-from-isolation) +#### [Take response actions]() +##### [Take response actions on a machine]() +###### [Response actions on machines](microsoft-defender-atp/respond-machine-alerts.md) +###### [Collect investigation package](microsoft-defender-atp/respond-machine-alerts.md#collect-investigation-package-from-machines) +###### [Run antivirus scan](microsoft-defender-atp/respond-machine-alerts.md#run-windows-defender-antivirus-scan-on-machines) +###### [Restrict app execution](microsoft-defender-atp/respond-machine-alerts.md#restrict-app-execution) +###### [Remove app restriction](microsoft-defender-atp/respond-machine-alerts.md#remove-app-restriction) +###### [Isolate machines from the network](microsoft-defender-atp/respond-machine-alerts.md#isolate-machines-from-the-network) +###### [Release machine from isolation](microsoft-defender-atp/respond-machine-alerts.md#release-machine-from-isolation) ####### [Check activity details in Action center](microsoft-defender-atp/respond-machine-alerts.md#check-activity-details-in-action-center) -###### [Take response actions on a file](microsoft-defender-atp/respond-file-alerts.md) -####### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network) -####### [Remove file from quarantine](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-quarantine) -####### [Block files in your network](microsoft-defender-atp/respond-file-alerts.md#block-files-in-your-network) -####### [Remove file from blocked list](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-blocked-list) -####### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center) -####### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis) -####### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis) -####### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports) +##### [Take response actions on a file]() +###### [Response actions on files](microsoft-defender-atp/respond-file-alerts.md) +###### [Stop and quarantine files in your network](microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network) +###### [Remove file from quarantine](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-quarantine) +###### [Block files in your network](microsoft-defender-atp/respond-file-alerts.md#block-files-in-your-network) +###### [Remove file from blocked list](microsoft-defender-atp/respond-file-alerts.md#remove-file-from-blocked-list) +###### [Check activity details in Action center](microsoft-defender-atp/respond-file-alerts.md#check-activity-details-in-action-center) +###### [Deep analysis](microsoft-defender-atp/respond-file-alerts.md#deep-analysis) +###### [Submit files for analysis](microsoft-defender-atp/respond-file-alerts.md#submit-files-for-analysis) +###### [View deep analysis reports](microsoft-defender-atp/respond-file-alerts.md#view-deep-analysis-reports) ####### [Troubleshoot deep analysis](microsoft-defender-atp/respond-file-alerts.md#troubleshoot-deep-analysis) - -###### [Investigate entities using Live response](microsoft-defender-atp/live-response.md) -#######[Live response command examples](microsoft-defender-atp/live-response-command-examples.md) -#### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md) -##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md) +##### [Investigate entities using Live response]() +###### [Investigate entities on machines](microsoft-defender-atp/live-response.md) +######[Live response command examples](microsoft-defender-atp/live-response-command-examples.md) + +### [Automated investigation and remediation]() +#### [Automated investigation and remediation overview](microsoft-defender-atp/automated-investigations.md) +#### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md) #####[Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md) +### [Secure score](microsoft-defender-atp/overview-secure-score.md) +### [Threat analytics](microsoft-defender-atp/threat-analytics.md) -#### [Secure score](microsoft-defender-atp/overview-secure-score.md) -#### [Threat analytics](microsoft-defender-atp/threat-analytics.md) +### [Advanced hunting]() +#### [Advanced hunting overview](microsoft-defender-atp/overview-hunting.md) +#### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md) +##### [Advanced hunting reference](microsoft-defender-atp/advanced-hunting-reference.md) +##### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md) -#### [Advanced hunting](microsoft-defender-atp/overview-hunting.md) -##### [Query data using Advanced hunting](microsoft-defender-atp/advanced-hunting.md) -###### [Advanced hunting reference](microsoft-defender-atp/advanced-hunting-reference.md) -###### [Advanced hunting query language best practices](microsoft-defender-atp/advanced-hunting-best-practices.md) -##### [Custom detections](microsoft-defender-atp/overview-custom-detections.md) -###### [Create custom detections rules](microsoft-defender-atp/custom-detection-rules.md) +#### [Custom detections]() +##### [Understand custom detection rules](microsoft-defender-atp/overview-custom-detections.md) +##### [Create custom detections rules](microsoft-defender-atp/custom-detection-rules.md) - - -#### [Management and APIs](microsoft-defender-atp/management-apis.md) +#### [Management and APIs]() +##### [Overview of management and APIs](microsoft-defender-atp/management-apis.md) ##### [Understand threat intelligence concepts](microsoft-defender-atp/threat-indicator-concepts.md) ##### [Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md) ##### [Managed security service provider support](microsoft-defender-atp/mssp-support.md) -#### [Microsoft threat protection](microsoft-defender-atp/threat-protection-integration.md) +#### [Integrations]() +##### [Microsoft Defender ATP integrations](microsoft-defender-atp/threat-protection-integration.md) ##### [Protect users, data, and devices with conditional access](microsoft-defender-atp/conditional-access.md) ##### [Microsoft Cloud App Security integration overview](microsoft-defender-atp/microsoft-cloud-app-security-integration.md) -##### [Information protection in Windows overview](microsoft-defender-atp/information-protection-in-windows-overview.md) -###### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md) + +#### [Information protection in Windows overview]() +##### [Windows integration](microsoft-defender-atp/information-protection-in-windows-overview.md) +##### [Use sensitivity labels to prioritize incident response](microsoft-defender-atp/information-protection-investigation.md) + +### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md) + +### [Portal overview](microsoft-defender-atp/portal-overview.md) +## [Get started]() +### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md) +### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md) +### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md) +### [Preview features](microsoft-defender-atp/preview.md) +### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md) +### [Assign user access to the portal](microsoft-defender-atp/assign-portal-access.md) -#### [Microsoft Threat Experts](microsoft-defender-atp/microsoft-threat-experts.md) - - - -#### [Portal overview](microsoft-defender-atp/portal-overview.md) - - - -### [Get started](microsoft-defender-atp/get-started.md) -#### [What's new in Microsoft Defender ATP](microsoft-defender-atp/whats-new-in-microsoft-defender-atp.md) -#### [Minimum requirements](microsoft-defender-atp/minimum-requirements.md) -#### [Validate licensing and complete setup](microsoft-defender-atp/licensing.md) -#### [Preview features](microsoft-defender-atp/preview.md) -#### [Data storage and privacy](microsoft-defender-atp/data-storage-privacy.md) -#### [Assign user access to the portal](microsoft-defender-atp/assign-portal-access.md) - - -#### [Microsoft Defender ATP in Azure Government ](microsoft-defender-atp/commercial-gov.md) - - -#### [Evaluate Microsoft Defender ATP](microsoft-defender-atp/evaluate-atp.md) -#####Evaluate attack surface reduction -###### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md) -###### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md) -###### [Exploit protection](windows-defender-exploit-guard/evaluate-exploit-protection.md) -###### [Network Protection](windows-defender-exploit-guard/evaluate-network-protection.md) -###### [Controlled folder access](windows-defender-exploit-guard/evaluate-controlled-folder-access.md) -###### [Attack surface reduction](windows-defender-exploit-guard/evaluate-attack-surface-reduction.md) -###### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) +### [Evaluate Microsoft Defender ATP]() +#### [Attack surface reduction and next-generation capability evaluation]() +##### [Attack surface reduction and nex-generation evaluation overview](microsoft-defender-atp/evaluate-atp.md) +##### [Hardware-based isolation](windows-defender-application-guard/test-scenarios-wd-app-guard.md) +##### [Application control](windows-defender-application-control/audit-windows-defender-application-control-policies.md) +##### [Exploit protection](windows-defender-exploit-guard/evaluate-exploit-protection.md) +##### [Network Protection](windows-defender-exploit-guard/evaluate-network-protection.md) +##### [Controlled folder access](windows-defender-exploit-guard/evaluate-controlled-folder-access.md) +##### [Attack surface reduction](windows-defender-exploit-guard/evaluate-attack-surface-reduction.md) +##### [Network firewall](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) ##### [Evaluate next generation protection](windows-defender-antivirus/evaluate-windows-defender-antivirus.md) -#### [Access the Windows Defender Security Center Community Center](microsoft-defender-atp/community.md) +### [Access the Windows Defender Security Center Community Center](microsoft-defender-atp/community.md) -### [Configure and manage capabilities](microsoft-defender-atp/onboard.md) -#### [Configure attack surface reduction](microsoft-defender-atp/configure-attack-surface-reduction.md) -#####Hardware-based isolation -###### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md) -###### [Application isolation](windows-defender-application-guard/install-wd-app-guard.md) -####### [Configuration settings](windows-defender-application-guard/configure-wd-app-guard.md) -##### [Application control](windows-defender-application-control/windows-defender-application-control.md) -##### Device control -###### [Control USB devices](device-control/control-usb-devices-using-intune.md) -###### [Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) -####### [Memory integrity](windows-defender-exploit-guard/memory-integrity.md) -######## [Hardware qualifications](windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md) -######## [Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md) -##### [Exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md) -###### [Import/export configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md) -##### [Network protection](windows-defender-exploit-guard/enable-network-protection.md) -##### [Controlled folder access](windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md) -##### [Attack surface reduction controls](windows-defender-exploit-guard/enable-attack-surface-reduction.md) -###### [Customize attack surface reduction](windows-defender-exploit-guard/customize-attack-surface-reduction.md) -##### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md) +## [Configure and manage capabilities]() +### [Configure attack surface reduction]() +#### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md) +#### [Hardware-based isolation]() +##### [System isolation](windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md) +##### [Application isolation]() +###### [Install Windows Defender Application Guard](windows-defender-application-guard/install-wd-app-guard.md) +###### [Configuration settings](windows-defender-application-guard/configure-wd-app-guard.md) -#### [Configure next generation protection](windows-defender-antivirus/configure-windows-defender-antivirus-features.md) -##### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md) -###### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) -###### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md) -###### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md) -###### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md) -###### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md) -##### [Configure behavioral, heuristic, and real-time protection](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md) -###### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) -###### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) -##### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md) -##### [Antivirus compatibility](windows-defender-antivirus/windows-defender-antivirus-compatibility.md) -###### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md) +#### [Application control](windows-defender-application-control/windows-defender-application-control.md) -##### [Deploy, manage updates, and report on antivirus](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md) -###### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md) -####### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md) -###### [Report on antivirus protection](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md) -####### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md) -###### [Manage updates and apply baselines](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md) -####### [Manage protection and definition updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md) -####### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md) -####### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md) -####### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md) -####### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md) +#### [Device control]() +##### [Control USB devices](device-control/control-usb-devices-using-intune.md) -##### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) -###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) -####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) -####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) -####### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) -###### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) -###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) -###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) -###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md) -###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) -###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md) +##### [Device Guard]() +###### [Code integrity](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) + +###### [Memory integrity]() +####### [Understand memory integrity](windows-defender-exploit-guard/memory-integrity.md) +####### [Hardware qualifications](windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md) +####### [Enable HVCI](windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md) + +#### [Exploit protection]() +##### [Enable exploit protection](windows-defender-exploit-guard/enable-exploit-protection.md) +##### [Import/export configurations](windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md) + +#### [Network protection](windows-defender-exploit-guard/enable-network-protection.md) +#### [Controlled folder access](windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md) + +#### [Attack surface reduction controls]() +##### [Enable attack surface reduction rules](windows-defender-exploit-guard/enable-attack-surface-reduction.md) +##### [Customize attack surface reduction](windows-defender-exploit-guard/customize-attack-surface-reduction.md) +#### [Network firewall](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md) + +### [Configure next generation protection]() +#### [Configure Windows Defender Antivirus features](windows-defender-antivirus/configure-windows-defender-antivirus-features.md) +#### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md) +##### [Enable cloud-delivered protection](windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) +##### [Specify the cloud-delivered protection level](windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md) +##### [Configure and validate network connections](windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md) +##### [Enable Block at first sight](windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md) +##### [Configure the cloud block timeout period](windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md) + +#### [Configure behavioral, heuristic, and real-time protection]() +##### [Configuration overview](windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md) +##### [Detect and block Potentially Unwanted Applications](windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) +##### [Enable and configure always-on protection and monitoring](windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) + +#### [Antivirus on Windows Server 2016](windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md) + +#### [Antivirus compatibility]() +##### [Compatibility charts](windows-defender-antivirus/windows-defender-antivirus-compatibility.md) +##### [Use limited periodic antivirus scanning](windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md) + +#### [Deploy, manage updates, and report on antivirus]() +##### [Preparing to deploy](windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md) +##### [Deploy and enable antivirus](windows-defender-antivirus/deploy-windows-defender-antivirus.md) +###### [Deployment guide for VDI environments](windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md) + +##### [Report on antivirus protection]() +###### [Review protection status and alerts](windows-defender-antivirus/report-monitor-windows-defender-antivirus.md) +###### [Troubleshoot antivirus reporting in Update Compliance](windows-defender-antivirus/troubleshoot-reporting.md) + +##### [Manage updates and apply baselines]() +###### [Learn about the different kinds of updates](windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md) +###### [Manage protection and definition updates](windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md) +###### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md) +###### [Manage updates for endpoints that are out of date](windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md) +###### [Manage event-based forced updates](windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md) +###### [Manage updates for mobile devices and VMs](windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md) + +#### [Customize, initiate, and review the results of scans and remediation]() +##### [Configuration overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) + +##### [Configure and validate exclusions in antivirus scans]() +###### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) +###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) +###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) +###### [Configure antivirus exclusions Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) + +##### [Configure scanning antivirus options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) +##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) +##### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) +##### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md) +##### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) +##### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md) + +#### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) + +#### [Manage antivirus in your business]() +##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) +##### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) +##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) +##### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) +##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md) +##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) + +#### [Manage scans and remediation]() +##### [Management overview](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) + +##### [Configure and validate exclusions in antivirus scans]() +###### [Exclusions overview](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) +###### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) +###### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) +###### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) + +##### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) + +#### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) +##### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) +##### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) +##### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md) +##### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) +##### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md) ##### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) -##### [Manage antivirus in your business](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) -###### [Use Group Policy settings to configure and manage antivirus](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) -###### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) -###### [Use PowerShell cmdlets to configure and manage antivirus](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) -###### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md) -###### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) -##### [Manage scans and remediation](windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) -###### [Configure and validate exclusions in antivirus scans](windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) -####### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) -####### [Configure and validate exclusions for files opened by processes](windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) -####### [Configure antivirus exclusions on Windows Server 2016](windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) -###### [Configure scanning options](windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) -###### [Configure remediation for scans](windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) -###### [Configure scheduled scans](windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) -###### [Configure and run scans](windows-defender-antivirus/run-scan-windows-defender-antivirus.md) -###### [Review scan results](windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) -###### [Run and review the results of an offline scan](windows-defender-antivirus/windows-defender-offline.md) -###### [Restore quarantined files](windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) -##### [Manage next generation protection in your business](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) -###### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) -###### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) -###### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) -###### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md) -###### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) +#### [Manage next generation protection in your business]() +##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) +##### [Management overview](windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) +##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) +##### [Use Group Policy settings to manage next generation protection](windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) +##### [Use PowerShell cmdlets to manage next generation protection](windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) +##### [Use Windows Management Instrumentation (WMI) to manage next generation protection](windows-defender-antivirus/use-wmi-windows-defender-antivirus.md) +##### [Use the mpcmdrun.exe command line tool to manage next generation protection](windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) + +### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md) + +### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md) + +### [Management and API support]() +#### [Onboard devices to the service]() +##### [Onboard machines to Microsoft Defender ATP](microsoft-defender-atp/onboard-configure.md) +##### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md) +##### [Onboard Windows 10 machines]() +###### [Onboarding tools and methods](microsoft-defender-atp/configure-endpoints.md) +###### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md) +###### [Onboard machines using System Center Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md) +###### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md) +###### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md) +###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md) + +##### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md) +##### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md) +##### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md) +##### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md) +##### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md) +##### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md) + +##### [Troubleshoot onboarding issues]() +###### [Troubleshoot issues during onboarding](microsoft-defender-atp/troubleshoot-onboarding.md) +###### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md) + +#### [Microsoft Defender ATP API]() +##### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md) +##### [Get started with Microsoft Defender ATP APIs]() +###### [Introduction](microsoft-defender-atp/apis-intro.md) +###### [Hello World](microsoft-defender-atp/api-hello-world.md) +###### [Get access with application context](microsoft-defender-atp/exposed-apis-create-app-webapp.md) +###### [Get access with user context](microsoft-defender-atp/exposed-apis-create-app-nativeapp.md) + +##### [APIs]() +###### [Supported Microsoft Defender ATP query APIs](microsoft-defender-atp/exposed-apis-list.md) +###### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md) + +###### [Alert]() +####### [Alert methods and properties](microsoft-defender-atp/alerts.md) +####### [List alerts](microsoft-defender-atp/get-alerts.md) +####### [Create alert](microsoft-defender-atp/create-alert-by-reference.md) +####### [Update Alert](microsoft-defender-atp/update-alert.md) +####### [Get alert information by ID](microsoft-defender-atp/get-alert-info-by-id.md) +####### [Get alert related domains information](microsoft-defender-atp/get-alert-related-domain-info.md) +####### [Get alert related file information](microsoft-defender-atp/get-alert-related-files-info.md) +####### [Get alert related IPs information](microsoft-defender-atp/get-alert-related-ip-info.md) +####### [Get alert related machine information](microsoft-defender-atp/get-alert-related-machine-info.md) +####### [Get alert related user information](microsoft-defender-atp/get-alert-related-user-info.md) + +###### [Machine]() +####### [Machine methods and properties](microsoft-defender-atp/machine.md) +####### [List machines](microsoft-defender-atp/get-machines.md) +####### [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md) +####### [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md) +####### [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md) +####### [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md) +####### [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md) + +###### [Machine Action]() +####### [Machine Action methods and properties](microsoft-defender-atp/machineaction.md) +####### [List Machine Actions](microsoft-defender-atp/get-machineactions-collection.md) +####### [Get Machine Action](microsoft-defender-atp/get-machineaction-object.md) +####### [Collect investigation package](microsoft-defender-atp/collect-investigation-package.md) +####### [Get investigation package SAS URI](microsoft-defender-atp/get-package-sas-uri.md) +####### [Isolate machine](microsoft-defender-atp/isolate-machine.md) +####### [Release machine from isolation](microsoft-defender-atp/unisolate-machine.md) +####### [Restrict app execution](microsoft-defender-atp/restrict-code-execution.md) +####### [Remove app restriction](microsoft-defender-atp/unrestrict-code-execution.md) +####### [Run antivirus scan](microsoft-defender-atp/run-av-scan.md) +####### [Offboard machine](microsoft-defender-atp/offboard-machine-api.md) +####### [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md) +####### [Initiate investigation (preview)](microsoft-defender-atp/initiate-autoir-investigation.md) + +###### [Indicators]() +####### [Indicators methods and properties](microsoft-defender-atp/ti-indicator.md) +####### [Submit Indicator](microsoft-defender-atp/post-ti-indicator.md) +####### [List Indicators](microsoft-defender-atp/get-ti-indicators-collection.md) +####### [Delete Indicator](microsoft-defender-atp/delete-ti-indicator-by-id.md) + +###### [Domain]() +####### [Get domain related alerts](microsoft-defender-atp/get-domain-related-alerts.md) +####### [Get domain related machines](microsoft-defender-atp/get-domain-related-machines.md) +####### [Get domain statistics](microsoft-defender-atp/get-domain-statistics.md) +####### [Is domain seen in organization](microsoft-defender-atp/is-domain-seen-in-org.md) + +###### [File]() +####### [File methods and properties](microsoft-defender-atp/files.md) +####### [Get file information](microsoft-defender-atp/get-file-information.md) +####### [Get file related alerts](microsoft-defender-atp/get-file-related-alerts.md) +####### [Get file related machines](microsoft-defender-atp/get-file-related-machines.md) +####### [Get file statistics](microsoft-defender-atp/get-file-statistics.md) + +###### [IP]() +####### [Get IP related alerts](microsoft-defender-atp/get-ip-related-alerts.md) +####### [Get IP related machines](microsoft-defender-atp/get-ip-related-machines.md) +####### [Get IP statistics](microsoft-defender-atp/get-ip-statistics.md) +####### [Is IP seen in organization](microsoft-defender-atp/is-ip-seen-org.md) + +###### [User]() +####### [User methods](microsoft-defender-atp/user.md) +####### [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md) +####### [Get user related machines](microsoft-defender-atp/get-user-related-machines.md) + +##### [How to use APIs - Samples]() +###### [Advanced Hunting API]() +####### [Schedule advanced Hunting using Microsoft Flow](microsoft-defender-atp/run-advanced-query-sample-ms-flow.md) +####### [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md) +####### [Advanced Hunting using Python](microsoft-defender-atp/run-advanced-query-sample-python.md) +####### [Create custom Power BI reports](microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md) + +###### [Multiple APIs]() +####### [PowerShell](microsoft-defender-atp/exposed-apis-full-sample-powershell.md) + +###### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md) + +#### [Windows updates (KB) info]() +##### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md) + +#### [Common Vulnerabilities and Exposures (CVE) to KB map]() +##### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md) + +#### [API for custom alerts (Deprecated)]() +##### [Enable the custom threat intelligence application (Deprecated)](microsoft-defender-atp/enable-custom-ti.md) +##### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md) +##### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md) +##### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md) +##### [Python code examples (Deprecated)](microsoft-defender-atp/python-example-code.md) +##### [Experiment with custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/experiment-custom-ti.md) +##### [Troubleshoot custom threat intelligence issues (Deprecated)](microsoft-defender-atp/troubleshoot-custom-ti.md) + +#### [Pull alerts to your SIEM tools]() +##### [Learn about different ways to pull alerts](microsoft-defender-atp/configure-siem.md) +##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md) +##### [Configure Splunk to pull alerts](microsoft-defender-atp/configure-splunk.md) +##### [Configure HP ArcSight to pull alerts](microsoft-defender-atp/configure-arcsight.md) +##### [Microsoft Defender ATP SIEM alert API fields](microsoft-defender-atp/api-portal-mapping.md) +##### [Pull alerts using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md) +##### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md) + +#### [Reporting]() +##### [Create and build Power BI reports using Microsoft Defender ATP data](microsoft-defender-atp/powerbi-reports.md) +##### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md) +##### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md) + +#### [Interoperability]() +##### [Partner applications](microsoft-defender-atp/partner-applications.md) + +#### [Role-based access control]() +##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md) +##### [Create and manage roles](microsoft-defender-atp/user-roles.md) +##### [Create and manage machine groups]() +###### [Using machine groups](microsoft-defender-atp/machine-groups.md) +###### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md) + +#### [Configure managed security service provider (MSSP) support](microsoft-defender-atp/configure-mssp-support.md) + +### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md) + +### [Configure Microsoft threat protection integration]() +#### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md) +#### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md) +#### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md) + +### [Configure portal settings]() +#### [General]() +##### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md) +##### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md) +##### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md) +##### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md) +##### [Configure advanced features](microsoft-defender-atp/advanced-features.md) + +#### [Permissions]() +##### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md) +##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md) +###### [Create and manage roles](microsoft-defender-atp/user-roles.md) +###### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md) +####### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md) + +#### [APIs]() +##### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md) +##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md) + +#### [Rules]() +##### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md) +##### [Manage automation allowed/blocked lists](microsoft-defender-atp/manage-automation-allowed-blocked-list.md) +##### [Manage indicators](microsoft-defender-atp/manage-indicators.md) +##### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md) +##### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md) + +#### [Machine management]() +##### [Onboarding machines](microsoft-defender-atp/onboard-configure.md) +##### [Offboarding machines](microsoft-defender-atp/offboard-machines.md) + +#### [Configure Windows Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md) -#### [Configure Secure score dashboard security controls](microsoft-defender-atp/secure-score-dashboard.md) +## [Troubleshoot Microsoft Defender ATP]() +### [Troubleshoot sensor state]() +#### [Check sensor state](microsoft-defender-atp/check-sensor-status.md) +#### [Fix unhealthy sensors](microsoft-defender-atp/fix-unhealthy-sensors.md) +#### [Inactive machines](microsoft-defender-atp/fix-unhealthy-sensors.md#inactive-machines) +#### [Misconfigured machines](microsoft-defender-atp/fix-unhealthy-sensors.md#misconfigured-machines) +#### [Review sensor events and errors on machines with Event Viewer](microsoft-defender-atp/event-error-codes.md) +### [Troubleshoot Microsoft Defender ATP service issues]() +#### [Troubleshoot service issues](microsoft-defender-atp/troubleshoot-mdatp.md) +#### [Check service health](microsoft-defender-atp/service-status.md) -#### Management and API support -##### [Onboard machines](microsoft-defender-atp/onboard-configure.md) -###### [Onboard previous versions of Windows](microsoft-defender-atp/onboard-downlevel.md) -###### [Onboard Windows 10 machines](microsoft-defender-atp/configure-endpoints.md) -####### [Onboard machines using Group Policy](microsoft-defender-atp/configure-endpoints-gp.md) -####### [Onboard machines using System Center Configuration Manager](microsoft-defender-atp/configure-endpoints-sccm.md) -####### [Onboard machines using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md) -######## [Onboard machines using Microsoft Intune](microsoft-defender-atp/configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune) -####### [Onboard machines using a local script](microsoft-defender-atp/configure-endpoints-script.md) -####### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](microsoft-defender-atp/configure-endpoints-vdi.md) -###### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md) -###### [Onboard non-Windows machines](microsoft-defender-atp/configure-endpoints-non-windows.md) -###### [Onboard machines without Internet access](microsoft-defender-atp/onboard-offline-machines.md) -###### [Run a detection test on a newly onboarded machine](microsoft-defender-atp/run-detection-test.md) -###### [Run simulated attacks on machines](microsoft-defender-atp/attack-simulations.md) -###### [Configure proxy and Internet connectivity settings](microsoft-defender-atp/configure-proxy-internet.md) -###### [Troubleshoot onboarding issues](microsoft-defender-atp/troubleshoot-onboarding.md) -####### [Troubleshoot subscription and portal access issues](microsoft-defender-atp/troubleshoot-onboarding-error-messages.md) - -##### [Microsoft Defender ATP API](microsoft-defender-atp/use-apis.md) -###### [Microsoft Defender ATP API license and terms](microsoft-defender-atp/api-terms-of-use.md) -###### [Get started with Microsoft Defender ATP APIs](microsoft-defender-atp/apis-intro.md) -####### [Hello World](microsoft-defender-atp/api-hello-world.md) -####### [Get access with application context](microsoft-defender-atp/exposed-apis-create-app-webapp.md) -####### [Get access with user context](microsoft-defender-atp/exposed-apis-create-app-nativeapp.md) -###### [APIs](microsoft-defender-atp/exposed-apis-list.md) +### [Troubleshoot live response issues]() +#### [Troubleshoot issues related to live response](microsoft-defender-atp/troubleshoot-live-response.md) -####### [Advanced Hunting](microsoft-defender-atp/run-advanced-query-api.md) - -####### [Alert](microsoft-defender-atp/alerts.md) -######## [List alerts](microsoft-defender-atp/get-alerts.md) -######## [Create alert](microsoft-defender-atp/create-alert-by-reference.md) -######## [Update Alert](microsoft-defender-atp/update-alert.md) -######## [Get alert information by ID](microsoft-defender-atp/get-alert-info-by-id.md) -######## [Get alert related domains information](microsoft-defender-atp/get-alert-related-domain-info.md) -######## [Get alert related file information](microsoft-defender-atp/get-alert-related-files-info.md) -######## [Get alert related IPs information](microsoft-defender-atp/get-alert-related-ip-info.md) -######## [Get alert related machine information](microsoft-defender-atp/get-alert-related-machine-info.md) -######## [Get alert related user information](microsoft-defender-atp/get-alert-related-user-info.md) - -####### [Machine](microsoft-defender-atp/machine.md) -######## [List machines](microsoft-defender-atp/get-machines.md) -######## [Get machine by ID](microsoft-defender-atp/get-machine-by-id.md) -######## [Get machine log on users](microsoft-defender-atp/get-machine-log-on-users.md) -######## [Get machine related alerts](microsoft-defender-atp/get-machine-related-alerts.md) -######## [Add or Remove machine tags](microsoft-defender-atp/add-or-remove-machine-tags.md) -######## [Find machines by IP](microsoft-defender-atp/find-machines-by-ip.md) - -####### [Machine Action](microsoft-defender-atp/machineaction.md) -######## [List Machine Actions](microsoft-defender-atp/get-machineactions-collection.md) -######## [Get Machine Action](microsoft-defender-atp/get-machineaction-object.md) -######## [Collect investigation package](microsoft-defender-atp/collect-investigation-package.md) -######## [Get investigation package SAS URI](microsoft-defender-atp/get-package-sas-uri.md) -######## [Isolate machine](microsoft-defender-atp/isolate-machine.md) -######## [Release machine from isolation](microsoft-defender-atp/unisolate-machine.md) -######## [Restrict app execution](microsoft-defender-atp/restrict-code-execution.md) -######## [Remove app restriction](microsoft-defender-atp/unrestrict-code-execution.md) -######## [Run antivirus scan](microsoft-defender-atp/run-av-scan.md) -######## [Offboard machine](microsoft-defender-atp/offboard-machine-api.md) -######## [Stop and quarantine file](microsoft-defender-atp/stop-and-quarantine-file.md) -######## [Initiate investigation (preview)](microsoft-defender-atp/initiate-autoir-investigation.md) - -####### [Indicators](microsoft-defender-atp/ti-indicator.md) -######## [Submit Indicator](microsoft-defender-atp/post-ti-indicator.md) -######## [List Indicators](microsoft-defender-atp/get-ti-indicators-collection.md) -######## [Delete Indicator](microsoft-defender-atp/delete-ti-indicator-by-id.md) - -####### Domain -######## [Get domain related alerts](microsoft-defender-atp/get-domain-related-alerts.md) -######## [Get domain related machines](microsoft-defender-atp/get-domain-related-machines.md) -######## [Get domain statistics](microsoft-defender-atp/get-domain-statistics.md) -######## [Is domain seen in organization](microsoft-defender-atp/is-domain-seen-in-org.md) - -####### [File](microsoft-defender-atp/files.md) -######## [Get file information](microsoft-defender-atp/get-file-information.md) -######## [Get file related alerts](microsoft-defender-atp/get-file-related-alerts.md) -######## [Get file related machines](microsoft-defender-atp/get-file-related-machines.md) -######## [Get file statistics](microsoft-defender-atp/get-file-statistics.md) - -####### IP -######## [Get IP related alerts](microsoft-defender-atp/get-ip-related-alerts.md) -######## [Get IP related machines](microsoft-defender-atp/get-ip-related-machines.md) -######## [Get IP statistics](microsoft-defender-atp/get-ip-statistics.md) -######## [Is IP seen in organization](microsoft-defender-atp/is-ip-seen-org.md) - -####### [User](microsoft-defender-atp/user.md) -######## [Get user related alerts](microsoft-defender-atp/get-user-related-alerts.md) -######## [Get user related machines](microsoft-defender-atp/get-user-related-machines.md) - - -###### How to use APIs - Samples -####### Advanced Hunting API -######## [Schedule advanced Hunting using Microsoft Flow](microsoft-defender-atp/run-advanced-query-sample-ms-flow.md) -######## [Advanced Hunting using PowerShell](microsoft-defender-atp/run-advanced-query-sample-powershell.md) -######## [Advanced Hunting using Python](microsoft-defender-atp/run-advanced-query-sample-python.md) -######## [Create custom Power BI reports](microsoft-defender-atp/run-advanced-query-sample-power-bi-app-token.md) -####### Multiple APIs -######## [PowerShell](microsoft-defender-atp/exposed-apis-full-sample-powershell.md) -####### [Using OData Queries](microsoft-defender-atp/exposed-apis-odata-samples.md) - - -#####Windows updates (KB) info -###### [Get KbInfo collection](microsoft-defender-atp/get-kbinfo-collection.md) -#####Common Vulnerabilities and Exposures (CVE) to KB map -###### [Get CVE-KB map](microsoft-defender-atp/get-cvekbmap-collection.md) +### [Troubleshoot attack surface reduction]() +#### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md) +#### [Attack surface reduction rules](windows-defender-exploit-guard/troubleshoot-asr.md) - -##### API for custom alerts (Deprecated) -###### [Enable the custom threat intelligence application (Deprecated)](microsoft-defender-atp/enable-custom-ti.md) -###### [Use the threat intelligence API to create custom alerts (Deprecated)](microsoft-defender-atp/use-custom-ti.md) -###### [Create custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/custom-ti-api.md) -###### [PowerShell code examples (Deprecated)](microsoft-defender-atp/powershell-example-code.md) -###### [Python code examples (Deprecated)](microsoft-defender-atp/python-example-code.md) -###### [Experiment with custom threat intelligence alerts (Deprecated)](microsoft-defender-atp/experiment-custom-ti.md) -###### [Troubleshoot custom threat intelligence issues (Deprecated)](microsoft-defender-atp/troubleshoot-custom-ti.md) - - -##### [Pull alerts to your SIEM tools](microsoft-defender-atp/configure-siem.md) -###### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md) -###### [Configure Splunk to pull alerts](microsoft-defender-atp/configure-splunk.md) -###### [Configure HP ArcSight to pull alerts](microsoft-defender-atp/configure-arcsight.md) -###### [Microsoft Defender ATP SIEM alert API fields](microsoft-defender-atp/api-portal-mapping.md) -###### [Pull alerts using SIEM REST API](microsoft-defender-atp/pull-alerts-using-rest-api.md) -###### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md) +### [Troubleshoot next generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md) -##### Reporting -###### [Create and build Power BI reports using Microsoft Defender ATP data](microsoft-defender-atp/powerbi-reports.md) -###### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md) -###### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md) - -##### Interoperability -###### [Partner applications](microsoft-defender-atp/partner-applications.md) - - -##### Role-based access control -###### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md) -####### [Create and manage roles](microsoft-defender-atp/user-roles.md) -####### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md) -######## [Create and manage machine tags](microsoft-defender-atp/machine-tags.md) - - -##### [Configure managed security service provider (MSSP) support](microsoft-defender-atp/configure-mssp-support.md) - - -#### [Configure and manage Microsoft Threat Experts capabilities](microsoft-defender-atp/configure-microsoft-threat-experts.md) - - - -#### Configure Microsoft threat protection integration -##### [Configure conditional access](microsoft-defender-atp/configure-conditional-access.md) -##### [Configure Microsoft Cloud App Security integration](microsoft-defender-atp/microsoft-cloud-app-security-config.md) -##### [Configure information protection in Windows](microsoft-defender-atp/information-protection-in-windows-config.md) - - - - -#### [Configure Windows Defender Security Center settings](microsoft-defender-atp/preferences-setup.md) -##### General -###### [Update data retention settings](microsoft-defender-atp/data-retention-settings.md) -###### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md) -###### [Enable and create Power BI reports using Windows Defender Security center data](microsoft-defender-atp/powerbi-reports.md) -###### [Enable Secure score security controls](microsoft-defender-atp/enable-secure-score.md) -###### [Configure advanced features](microsoft-defender-atp/advanced-features.md) - -##### Permissions -###### [Use basic permissions to access the portal](microsoft-defender-atp/basic-permissions.md) -###### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md) -####### [Create and manage roles](microsoft-defender-atp/user-roles.md) -####### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md) -######## [Create and manage machine tags](microsoft-defender-atp/machine-tags.md) - -##### APIs -###### [Enable Threat intel (Deprecated)](microsoft-defender-atp/enable-custom-ti.md) -###### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md) - -#####Rules -###### [Manage suppression rules](microsoft-defender-atp/manage-suppression-rules.md) -###### [Manage automation allowed/blocked lists](microsoft-defender-atp/manage-automation-allowed-blocked-list.md) -###### [Manage indicators](microsoft-defender-atp/manage-indicators.md) -###### [Manage automation file uploads](microsoft-defender-atp/manage-automation-file-uploads.md) -###### [Manage automation folder exclusions](microsoft-defender-atp/manage-automation-folder-exclusions.md) - -#####Machine management -###### [Onboarding machines](microsoft-defender-atp/onboard-configure.md) -###### [Offboarding machines](microsoft-defender-atp/offboard-machines.md) - -##### [Configure Windows Defender Security Center time zone settings](microsoft-defender-atp/time-settings.md) - - -### [Troubleshoot Microsoft Defender ATP](microsoft-defender-atp/troubleshoot-overview.md) -####Troubleshoot sensor state -##### [Check sensor state](microsoft-defender-atp/check-sensor-status.md) -##### [Fix unhealthy sensors](microsoft-defender-atp/fix-unhealthy-sensors.md) -##### [Inactive machines](microsoft-defender-atp/fix-unhealthy-sensors.md#inactive-machines) -##### [Misconfigured machines](microsoft-defender-atp/fix-unhealthy-sensors.md#misconfigured-machines) -##### [Review sensor events and errors on machines with Event Viewer](microsoft-defender-atp/event-error-codes.md) - -#### [Troubleshoot Microsoft Defender ATP service issues](microsoft-defender-atp/troubleshoot-mdatp.md) -##### [Check service health](microsoft-defender-atp/service-status.md) - - -#### [Troubleshoot live response issues]() -##### [Troubleshoot issues related to live response](microsoft-defender-atp/troubleshoot-live-response.md) - - -####Troubleshoot attack surface reduction -##### [Network protection](windows-defender-exploit-guard/troubleshoot-np.md) -##### [Attack surface reduction rules](windows-defender-exploit-guard/troubleshoot-asr.md) -##### [Collect diagnostic data for files](windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md) - -#### [Troubleshoot next generation protection](windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md) ## [Security intelligence](intelligence/index.md) ### [Understand malware & other threats](intelligence/understanding-malware.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md index 55acfa866d..0233da71e9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md +++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-reference.md @@ -72,7 +72,6 @@ To effectively build queries that span multiple tables, you need to understand t | Ipv6Dhcp | string | IPv6 address of DHCP server | | IsAzureADJoined | boolean | Boolean indicator of whether machine is joined to the Azure Active Directory | | IsAzureInfoProtectionApplied | boolean | Indicates whether the file is encrypted by Azure Information Protection | -| IsWindowsInfoProtectionApplied | boolean | Indicates whether Windows Information Protection (WIP) policies apply to the file | | LocalIP | string | IP address assigned to the local machine used during communication | | LocalPort | int | TCP port on the local machine used during communication | | LocalIPType | string | Type of IP address, for example Public, Private, Reserved, Loopback, Teredo, FourToSixMapping, and Broadcast | diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md index 3507beb090..3387e07476 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md @@ -1,5 +1,5 @@ --- -title: Onboard Windows 10 machines on Microsoft Defender ATP +title: Onboarding tools and methods for Windows 10 machines description: Onboard Windows 10 machines so that they can send sensor data to the Microsoft Defender ATP sensor keywords: Onboard Windows 10 machines, group policy, system center configuration manager, mobile device management, local script, gp, sccm, mdm, intune search.product: eADQiWindows 10XVcnh @@ -15,10 +15,9 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 07/12/2018 --- -# Onboard Windows 10 machines +# Onboarding tools and methods for Windows 10 machines **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md index 9b0a3173f6..d6b0b6bed5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md @@ -14,7 +14,7 @@ ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: procedural +ms.topic: article --- # Optimize ASR rule deployment and detections diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md index f09ddf1096..70cfffed50 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md @@ -14,7 +14,7 @@ ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: procedural +ms.topic: article --- # Get machines onboarded to Microsoft Defender ATP diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md index d91d24bb04..14dbc385d6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md @@ -14,7 +14,7 @@ ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: procedural +ms.topic: article --- # Increase compliance to the Microsoft Defender ATP security baseline @@ -41,6 +41,9 @@ The Windows Intune security baseline provides a comprehensive set of recommended Both baselines are maintained so that they complement one another and have identical values for shared settings. Deploying both baselines to the same machine will not result in conflicts. Ideally, machines onboarded to Microsoft Defender ATP are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Microsoft Defender ATP security baseline layered on top to optimally configure the Microsoft Defender ATP security controls. +>[!NOTE] +>The Microsoft Defender ATP security baseline has been optimized for physical devices and is currently not recommended for use on virtual machines (VMs) or VDI endpoints. Certain baseline settings can impact remote interactive sessions on virtualized environments. + ## Get permissions to manage security baselines in Intune By default, only users who have been assigned the Global Administrator or the Intune Service Administrator role on Azure AD can manage security baseline profiles. If you haven’t been assigned either role, work with a Global Administrator or an Intune Service Administrator to [create a custom role in Intune](https://docs.microsoft.com/intune/create-custom-role#to-create-a-custom-role) with full permissions to security baselines and then assign that role to your Azure AD group. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md index 31fbc743c6..cce444980a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md @@ -14,7 +14,7 @@ ms.localizationpriority: medium manager: dansimp audience: ITPro ms.collection: M365-security-compliance -ms.topic: procedural +ms.topic: conceptual --- # Ensure your machines are configured properly diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/timeline-machine.png b/windows/security/threat-protection/microsoft-defender-atp/images/timeline-machine.png index 6a13d4d007..146dca1470 100644 Binary files a/windows/security/threat-protection/microsoft-defender-atp/images/timeline-machine.png and b/windows/security/threat-protection/microsoft-defender-atp/images/timeline-machine.png differ diff --git a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md index 216cc284d1..c79fa83c94 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md +++ b/windows/security/threat-protection/microsoft-defender-atp/investigate-machines.md @@ -109,7 +109,7 @@ To see a full page view of an alert including incident graph and process tree, s The **Timeline** section provides a chronological view of the events and associated alerts that have been observed on the machine. This can help you correlate any events, files, and IP addresses in relation to the machine. -Timeline also enables you to selectively drill down into events that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a selected time period. To further control your view, you can filter by event groups or customize the columns. +The timeline also enables you to selectively drill down into events that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a selected time period. To further control your view, you can filter by event groups or customize the columns. >[!NOTE] > For firewall events to be displayed, you'll need to enable the audit policy, see [Audit Filtering Platform connection](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-filtering-platform-connection). @@ -131,15 +131,15 @@ Some of the functionality includes: - Export detailed machine timeline events - Export the machine timeline for the current date or a specified date range up to seven days. -Along with event time and users, one of the main categories on the timeline is "Details". They describe what happened in the events. The list of possible details are: +More details about certain events are provided in the **Additional information** section. These details vary depending on the type of event, for example: -- Contained by Application Guard -- Active threat detected - when the detection happened, the threat was executing (i.e. it was running) -- Remediation unsuccessful - remediation was invoked but failed -- Remediation successful - the threat was stopped and cleaned up -- Warning bypassed by user - SmartScreen warning appeared but the user dismissed it -- Suspicious script detected -- Alert category (e.g. lateral movement)- if the event is correlated to an alert, the tag will show the alert category +- Contained by Application Guard - the web browser event was restricted by an isolated container +- Active threat detected - the threat detection occurred while the threat was running +- Remediation unsuccessful - an attempt to remediate the detected threat was invoked but failed +- Remediation successful - the detected threat was stopped and cleaned +- Warning bypassed by user - the SmartScreen warning was dismissed and overridden by a user +- Suspicious script detected - a potentially malicious script was found running +- The alert category - if the event led to the generation of an alert, the alert category ("Lateral Movement", for example) is provided You can also use the [Artifact timeline](investigate-alerts.md#artifact-timeline) feature to see the correlation between alerts and events on a specific machine. diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md index 9a0cc2d05f..3113e4b4f9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-alerts.md @@ -74,6 +74,7 @@ Create custom rules to control when alerts are suppressed, or resolved. You can * Folder path - wildcard supported * IP address * URL - wildcard supported + * Command line - wildcard supported 3. Select the **Trigerring IOC**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/TOC.md b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.md similarity index 70% rename from windows/security/threat-protection/microsoft-defender-atp/TOC.md rename to windows/security/threat-protection/microsoft-defender-atp/oldTOC.md index bcc613d70d..e716d3a9e1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/TOC.md +++ b/windows/security/threat-protection/microsoft-defender-atp/oldTOC.md @@ -1,7 +1,9 @@ # [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md) -## [Overview](overview.md) -### [Threat & Vulnerability Management](next-gen-threat-and-vuln-mgt.md) +## [Overview]() +### [Overview of Microsoft Defender ATP capabilities](overview.md) +### [Threat & Vulnerability Management]() +#### [Next-generation capabilities](next-gen-threat-and-vuln-mgt.md) #### [What's in the dashboard and what it means for my organization](tvm-dashboard-insights.md) #### [Exposure score](tvm-exposure-score.md) #### [Configuration score](configuration-score.md) @@ -12,29 +14,39 @@ #### [Scenarios](threat-and-vuln-mgt-scenarios.md) -### [Attack surface reduction](overview-attack-surface-reduction.md) -#### [Hardware-based isolation](overview-hardware-based-isolation.md) -##### [Application isolation](../windows-defender-application-guard/wd-app-guard-overview.md) +### [Attack surface reduction]() +#### [Hardware-based isolation]() +##### [Hardware-based isolation in Windows 10](overview-hardware-based-isolation.md) + +##### [Application isolation]() +###### [Application guard overview](../windows-defender-application-guard/wd-app-guard-overview.md) ###### [System requirements](../windows-defender-application-guard/reqs-wd-app-guard.md) + ##### [System integrity](../windows-defender-system-guard/system-guard-how-hardware-based-root-of-trust-helps-protect-windows.md) -#### [Application control](../windows-defender-application-control/windows-defender-application-control.md) + +#### [Application control]() +##### [Windows Defender Application Guard](../windows-defender-application-control/windows-defender-application-control.md) + #### [Exploit protection](../windows-defender-exploit-guard/exploit-protection-exploit-guard.md) #### [Network protection](../windows-defender-exploit-guard/network-protection-exploit-guard.md) #### [Controlled folder access](../windows-defender-exploit-guard/controlled-folders-exploit-guard.md) #### [Attack surface reduction](../windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md) #### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security.md) + + ### [Next generation protection](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md) -### [Endpoint detection and response](overview-endpoint-detection-response.md) + + +### [Endpoint detection and response]() +#### [Endpoint detection and response overview](overview-endpoint-detection-response.md) #### [Security operations dashboard](security-operations-dashboard.md) - -#### [Incidents queue](incidents-queue.md) +#### [Incidents queue]() ##### [View and organize the Incidents queue](view-incidents-queue.md) ##### [Manage incidents](manage-incidents.md) ##### [Investigate incidents](investigate-incidents.md) - -#### Alerts queue +#### [Alerts queue]() ##### [View and organize the Alerts queue](alerts-queue.md) ##### [Manage alerts](manage-alerts.md) ##### [Investigate alerts](investigate-alerts.md) @@ -44,16 +56,18 @@ ##### [Investigate a domain](investigate-domain.md) ##### [Investigate a user account](investigate-user.md) -#### [Machines list](machines-view-overview.md) -##### [Investigate machines](investigate-machines.md#machine-timeline) +#### [Machines list]() +##### [View and organize the Machines list](machines-view-overview.md) + +##### [Investigate machines]() ###### [Machine details](investigate-machines.md#machine-details) ###### [Response actions](investigate-machines.md#response-actions) ###### [Cards](investigate-machines.md#cards) ###### [Tabs](investigate-machines.md#tabs) - -#### [Take response actions](response-actions.md) -##### [Take response actions on a machine](respond-machine-alerts.md) +#### [Take response actions]() +##### [Take response actions on a machine]() +###### [Understand response actions](respond-machine-alerts.md) ###### [Manage tags](respond-machine-alerts.md#manage-tags) ###### [Initiate Automated Investigation](respond-machine-alerts.md#initiate-automated-investigation) ###### [Initiate Live Response Session](respond-machine-alerts.md#initiate-live-response-session) @@ -63,46 +77,60 @@ ###### [Isolate machines from the network](respond-machine-alerts.md#isolate-machines-from-the-network) ###### [Check activity details in Action center](respond-machine-alerts.md#check-activity-details-in-action-center) -##### [Take response actions on a file](respond-file-alerts.md) +##### [Take response actions on a file]() +###### [Understand response actions](respond-file-alerts.md) ###### [Stop and quarantine files in your network](respond-file-alerts.md#stop-and-quarantine-files-in-your-network) -###### [Remove file from quarantine](respond-file-alerts.md#remove-file-from-quarantine) -###### [Block files in your network](respond-file-alerts.md#block-files-in-your-network) -###### [Remove file from blocked list](respond-file-alerts.md#remove-file-from-blocked-list) -###### [Check activity details in Action center](respond-file-alerts.md#check-activity-details-in-action-center) +###### [Restore file from quarantine](respond-file-alerts.md#restore-file-from-quarantine) +###### [Add an indicator to block or allow a file](respond-file-alerts.md#add-indicator-to-block-or-allow-a-file) ###### [Deep analysis](respond-file-alerts.md#deep-analysis) - -##### [Investigate entities using Live response](live-response.md) +##### [Live response]() +###### [Investigate entities on machines](live-response.md) ###### [Live response command examples](live-response-command-examples.md) -### [Automated investigation and remediation](automated-investigations.md) + +### [Automated investigation and remediation]() +#### [Understand Automated investigations](automated-investigations.md) #### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md) #### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md) ### [Secure score](overview-secure-score.md) + + ### [Threat analytics](threat-analytics.md) + ### [Microsoft Threat Experts](microsoft-threat-experts.md) -### [Advanced hunting](overview-hunting.md) -#### [Query data using Advanced hunting](advanced-hunting.md) + +### [Advanced hunting]() +#### [Advanced hunting overview](overview-hunting.md) + +#### [Query data using Advanced hunting]() +##### [Data querying basics](advanced-hunting.md) ##### [Advanced hunting reference](advanced-hunting-reference.md) ##### [Advanced hunting query language best practices](advanced-hunting-best-practices.md) -#### [Custom detections](overview-custom-detections.md) + +#### [Custom detections]() +##### [Understand custom detection rules](overview-custom-detections.md) ##### [Create custom detections rules](custom-detection-rules.md) -### [Management and APIs](management-apis.md) +### [Management and APIs]() +#### [Overview of management and APIs](management-apis.md) #### [Understand threat intelligence concepts](threat-indicator-concepts.md) #### [Microsoft Defender ATP APIs](apis-intro.md) #### [Managed security service provider support](mssp-support.md) -### [Microsoft Threat Protection](threat-protection-integration.md) -#### [Protect users, data, and devices with Conditional Access](conditional-access.md) -#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md) -#### [Information protection in Windows overview](information-protection-in-windows-overview.md) -##### [Use sensitivity labels to prioritize incident response](information-protection-investigation.md) +### [Integrations]() +#### [Microsoft Defender ATP integrations](threat-protection-integration.md) +#### [Conditional Access integration overview](conditional-access.md) +#### [Microsoft Cloud App Security in Windows overview](microsoft-cloud-app-security-integration.md) + +#### [Information protection in Windows overview]() +##### [Windows integration](information-protection-in-windows-overview.md) +##### [Use sensitivity labels to prioritize incident response](information-protection-investigation.md) ### [Microsoft Threat Experts](microsoft-threat-experts.md) @@ -111,7 +139,8 @@ ### [Portal overview](portal-overview.md) -## [Get started](get-started.md) + +## [Get started]() ### [What's new in Microsoft Defender ATP](whats-new-in-microsoft-defender-atp.md) ### [Minimum requirements](minimum-requirements.md) ### [Validate licensing and complete setup](licensing.md) @@ -119,95 +148,137 @@ ### [Data storage and privacy](data-storage-privacy.md) ### [Assign user access to the portal](assign-portal-access.md) -### [Microsoft Defender ATP in Azure Government ](commercial-gov.md) +### [Evaluate Microsoft Defender ATP capabilities]() +#### [Evaluate attack surface reduction]() - -### [Evaluate Microsoft Defender ATP](evaluate-atp.md) -#### Evaluate attack surface reduction -##### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md) -##### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md) -##### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md) -##### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md) -##### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md) -##### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md) -##### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) -#### [Evaluate next generation protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md) +##### [Evaluate attack surface reduction and next-generation capabilities](evaluate-atp.md) +###### [Hardware-based isolation](../windows-defender-application-guard/test-scenarios-wd-app-guard.md) +###### [Application control](../windows-defender-application-control/audit-windows-defender-application-control-policies.md) +###### [Exploit protection](../windows-defender-exploit-guard/evaluate-exploit-protection.md) +###### [Network Protection](../windows-defender-exploit-guard/evaluate-network-protection.md) +###### [Controlled folder access](../windows-defender-exploit-guard/evaluate-controlled-folder-access.md) +###### [Attack surface reduction](../windows-defender-exploit-guard/evaluate-attack-surface-reduction.md) +###### [Network firewall](../windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md) +##### [Evaluate next generation protection](../windows-defender-antivirus/evaluate-windows-defender-antivirus.md) ### [Access the Microsoft Defender Security Center Community Center](community.md) -## [Configure and manage capabilities](onboard.md) +## [Configure and manage capabilities]() + ### [Configure attack surface reduction](configure-attack-surface-reduction.md) -### Hardware-based isolation + +### [Hardware-based isolation]() #### [System integrity](../windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md) -#### [Application isolation](../windows-defender-application-guard/install-wd-app-guard.md) + +#### [Application isolation]() +##### [Install Windows Defender Application Guard](../windows-defender-application-guard/install-wd-app-guard.md) ##### [Configuration settings](../windows-defender-application-guard/configure-wd-app-guard.md) + #### [Application control](../windows-defender-application-control/windows-defender-application-control.md) -#### Device control + +#### [Device control]() ##### [Control USB devices](../device-control/control-usb-devices-using-intune.md) -##### [Device Guard](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) -###### [Memory integrity](../windows-defender-exploit-guard/memory-integrity.md) + +##### [Device Guard]() +###### [Code integrity](../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md) + +###### [Memory integrity]() +####### [Understand memory integrity](../windows-defender-exploit-guard/memory-integrity.md) ####### [Hardware qualifications](../windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md) ####### [Enable HVCI](../windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity.md) -#### [Exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md) + +#### [Exploit protection]() +##### [Enable exploit protection](../windows-defender-exploit-guard/enable-exploit-protection.md) ##### [Import/export configurations](../windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md) + #### [Network protection](../windows-defender-exploit-guard/enable-network-protection.md) -#### [Controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md) + +#### [Controlled folder access]() +##### [Enable controlled folder access](../windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md) ##### [Customize controlled folder access](../windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md) -#### [Attack surface reduction controls](../windows-defender-exploit-guard/enable-attack-surface-reduction.md) + +#### [Attack surface reduction controls]() +##### [Enable attack surface reduction rules](../windows-defender-exploit-guard/enable-attack-surface-reduction.md) +##### [Customize attack surface reduction rules](../windows-defender-exploit-guard/customize-attack-surface-reduction.md) + #### [Network firewall](../windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md) - -### [Configure next generation protection](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) -#### [Utilize Microsoft cloud-delivered protection](../windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md) +### [Configure next generation protection]() +#### [Configure Windows Defender Antivirus features](../windows-defender-antivirus/configure-windows-defender-antivirus-features.md) +#### [Utilize Microsoft cloud-delivered protection]() +##### [Understand cloud-delivered protection](../windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md) ##### [Enable cloud-delivered protection](../windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md) ##### [Specify the cloud-delivered protection level](../windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md) ##### [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md) ##### [Enable Block at first sight](../windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md) ##### [Configure the cloud block timeout period](../windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md) -#### [Configure behavioral, heuristic, and real-time protection](../windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md) + +#### [Configure behavioral, heuristic, and real-time protection]() +##### [Configuration overview](../windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md) ##### [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md) ##### [Enable and configure always-on protection and monitoring](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) + #### [Antivirus on Windows Server 2016](../windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md) -#### [Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md) + +#### [Antivirus compatibility]() +##### [Compatibility charts](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md) ##### [Use limited periodic antivirus scanning](../windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md) -#### [Deploy, manage updates, and report on antivirus](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md) -##### [Deploy and enable antivirus](../windows-defender-antivirus/deploy-windows-defender-antivirus.md) +#### [Deploy, manage updates, and report on antivirus]() +##### [Using Windows Defender Antivirus](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md) + +##### [Deploy and enable antivirus]() +###### [Preparing to deploy](../windows-defender-antivirus/deploy-windows-defender-antivirus.md) ###### [Deployment guide for VDI environments](../windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md) -##### [Report on antivirus protection](../windows-defender-antivirus/report-monitor-windows-defender-antivirus.md) + +##### [Report on antivirus protection]() +###### [Review protection status and aqlerts](../windows-defender-antivirus/report-monitor-windows-defender-antivirus.md) ###### [Troubleshoot antivirus reporting in Update Compliance](../windows-defender-antivirus/troubleshoot-reporting.md) -##### [Manage updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md) + +##### [Manage updates and apply baselines]() +###### [Learn about the different kinds of updates](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md) ###### [Manage protection and Security intelligence updates](../windows-defender-antivirus/manage-protection-updates-windows-defender-antivirus.md) ###### [Manage when protection updates should be downloaded and applied](../windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md) ###### [Manage updates for endpoints that are out of date](../windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md) ###### [Manage event-based forced updates](../windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md) ###### [Manage updates for mobile devices and VMs](../windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md) -#### [Customize, initiate, and review the results of scans and remediation](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) -##### [Configure and validate exclusions in antivirus scans](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) +#### [Customize, initiate, and review the results of scans and remediation]() +##### [Configuration overview](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) + +##### [Configure and validate exclusions in antivirus scans]() +###### [Exclusions overview](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) ###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) ###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) ###### [Configure antivirus exclusions Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) + ##### [Configure antivirus scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) ##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) ##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) ##### [Configure and run scans](../windows-defender-antivirus/run-scan-windows-defender-antivirus.md) ##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) ##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md) + #### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) -#### [Manage antivirus in your business](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) + +#### [Manage antivirus in your business]() +##### [Management overview](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) ##### [Use Group Policy settings to configure and manage antivirus](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) ##### [Use System Center Configuration Manager and Microsoft Intune to configure and manage antivirus](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) ##### [Use PowerShell cmdlets to configure and manage antivirus](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) ##### [Use Windows Management Instrumentation (WMI) to configure and manage antivirus](../windows-defender-antivirus/use-wmi-windows-defender-antivirus.md) ##### [Use the mpcmdrun.exe commandline tool to configure and manage antivirus](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) -#### [Manage scans and remediation](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) -##### [Configure and validate exclusions in antivirus scans](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) +#### [Manage scans and remediation]() +##### [Management overview](../windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md) + +##### [Configure and validate exclusions in antivirus scans]() +###### [Exclusions overview](../windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md) ###### [Configure and validate exclusions based on file name, extension, and folder location](../windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md) ###### [Configure and validate exclusions for files opened by processes](../windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md) ###### [Configure antivirus exclusions on Windows Server 2016](../windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md) + ##### [Configure scanning options](../windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md) ##### [Configure remediation for scans](../windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md) ##### [Configure scheduled scans](../windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md) @@ -215,7 +286,9 @@ ##### [Review scan results](../windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md) ##### [Run and review the results of an offline scan](../windows-defender-antivirus/windows-defender-offline.md) ##### [Restore quarantined files](../windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md) -#### [Manage next generation protection in your business](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) + +#### [Manage next generation protection in your business]() +##### [Management overview](../windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md) ##### [Use Microsoft Intune and System Center Configuration Manager to manage next generation protection](../windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md) ##### [Use Group Policy settings to manage next generation protection](../windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md) ##### [Use PowerShell cmdlets to manage next generation protection](../windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md) @@ -223,41 +296,56 @@ ##### [Use the mpcmdrun.exe command line tool to manage next generation protection](../windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md) -### [Configure Secure score dashboard security controls](secure-score-dashboard.md) +### [Configure Secure score dashboard security controls](secure-score-dashboard.md) + ### [Configure and manage Microsoft Threat Experts capabilities](configure-microsoft-threat-experts.md) -### Management and API support -#### [Onboard machines](onboard-configure.md) + +### [Endpoint detection and response management and API support]() + +#### [Onboard machines]() +##### [Onboarding overview](onboard-configure.md) ##### [Onboard previous versions of Windows](onboard-downlevel.md) -##### [Onboard Windows 10 machines](configure-endpoints.md) + +##### [Onboard Windows 10 machines]() +###### [Ways to onboard](configure-endpoints.md) ###### [Onboard machines using Group Policy](configure-endpoints-gp.md) ###### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm.md) -###### [Onboard machines using Mobile Device Management tools](configure-endpoints-mdm.md) + +###### [Onboard machines using Mobile Device Management tools]() +####### [Overview](configure-endpoints-mdm.md) ####### [Onboard machines using Microsoft Intune](configure-endpoints-mdm.md#onboard-machines-using-microsoft-intune) ###### [Onboard machines using a local script](configure-endpoints-script.md) ###### [Onboard non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi.md) + ##### [Onboard servers](configure-server-endpoints.md) ##### [Onboard non-Windows machines](configure-endpoints-non-windows.md) ##### [Onboard machines without Internet access](onboard-offline-machines.md) ##### [Run a detection test on a newly onboarded machine](run-detection-test.md) ##### [Run simulated attacks on machines](attack-simulations.md) ##### [Configure proxy and Internet connectivity settings](configure-proxy-internet.md) -##### [Troubleshoot onboarding issues](troubleshoot-onboarding.md) + +##### [Troubleshoot onboarding issues]() +###### [Troubleshooting basics](troubleshoot-onboarding.md) ###### [Troubleshoot subscription and portal access issues](troubleshoot-onboarding-error-messages.md) - -#### [Microsoft Defender ATP API](use-apis.md) +#### [Microsoft Defender ATP API]() +##### [Understand Microsoft Defender ATP APIs](use-apis.md) ##### [Microsoft Defender ATP API license and terms](api-terms-of-use.md) -##### [Get started with Microsoft Defender ATP APIs](apis-intro.md) + +##### [Get started with Microsoft Defender ATP APIs]() +###### [Introduction](apis-intro.md) ###### [Hello World](api-hello-world.md) ###### [Get access with application context](exposed-apis-create-app-webapp.md) ###### [Get access with user context](exposed-apis-create-app-nativeapp.md) -##### [APIs](exposed-apis-list.md) +##### [APIs]() +###### [Supported Microsoft Defender ATP query APIs](exposed-apis-list.md) ###### [Advanced Hunting](run-advanced-query-api.md) -###### [Alert](alerts.md) +###### [Alert]() +####### [Methods, properties, and JSON representation](alerts.md) ####### [List alerts](get-alerts.md) ####### [Create alert](create-alert-by-reference.md) ####### [Update Alert](update-alert.md) @@ -268,7 +356,8 @@ ####### [Get alert related machine information](get-alert-related-machine-info.md) ####### [Get alert related user information](get-alert-related-user-info.md) -###### [Machine](machine.md) +###### [Machine]() +####### [Methods and properties](machine.md) ####### [List machines](get-machines.md) ####### [Get machine by ID](get-machine-by-id.md) ####### [Get machine log on users](get-machine-log-on-users.md) @@ -276,7 +365,8 @@ ####### [Add or Remove machine tags](add-or-remove-machine-tags.md) ####### [Find machines by IP](find-machines-by-ip.md) -###### [Machine Action](machineaction.md) +###### [Machine Action]() +####### [Methods and properties](machineaction.md) ####### [List Machine Actions](get-machineactions-collection.md) ####### [Get Machine Action](get-machineaction-object.md) ####### [Collect investigation package](collect-investigation-package.md) @@ -290,45 +380,49 @@ ####### [Stop and quarantine file](stop-and-quarantine-file.md) ####### [Initiate investigation (preview)](initiate-autoir-investigation.md) -###### [Indicators](ti-indicator.md) +###### [Indicators]() +####### [Methods and properties](ti-indicator.md) ####### [Submit Indicator](post-ti-indicator.md) ####### [List Indicators](get-ti-indicators-collection.md) ####### [Delete Indicator](delete-ti-indicator-by-id.md) -###### Domain +###### [Domain]() ####### [Get domain related alerts](get-domain-related-alerts.md) ####### [Get domain related machines](get-domain-related-machines.md) ####### [Get domain statistics](get-domain-statistics.md) ####### [Is domain seen in organization](is-domain-seen-in-org.md) -###### [File](files.md) +###### [File]() +####### [Methods and properties](files.md) ####### [Get file information](get-file-information.md) ####### [Get file related alerts](get-file-related-alerts.md) ####### [Get file related machines](get-file-related-machines.md) ####### [Get file statistics](get-file-statistics.md) -###### IP +###### [IP]() ####### [Get IP related alerts](get-ip-related-alerts.md) ####### [Get IP related machines](get-ip-related-machines.md) ####### [Get IP statistics](get-ip-statistics.md) ####### [Is IP seen in organization](is-ip-seen-org.md) -###### [User](user.md) +###### [User]() +####### [Methods](user.md) ####### [Get user related alerts](get-user-related-alerts.md) ####### [Get user related machines](get-user-related-machines.md) -##### How to use APIs - Samples -###### Advanced Hunting API +##### [How to use APIs - Samples]() +###### [Advanced Hunting API]() ####### [Schedule advanced Hunting using Microsoft Flow](run-advanced-query-sample-ms-flow.md) ####### [Advanced Hunting using PowerShell](run-advanced-query-sample-powershell.md) ####### [Advanced Hunting using Python](run-advanced-query-sample-python.md) ####### [Create custom Power BI reports](run-advanced-query-sample-power-bi-app-token.md) -###### Multiple APIs + +###### [Multiple APIs]() ####### [PowerShell](exposed-apis-full-sample-powershell.md) + ###### [Using OData Queries](exposed-apis-odata-samples.md) - -#### API for custom alerts +#### [API for custom alerts]() ##### [Enable the custom threat intelligence application](enable-custom-ti.md) ##### [Use the threat intelligence API to create custom alerts](use-custom-ti.md) ##### [Create custom threat intelligence alerts](custom-ti-api.md) @@ -337,8 +431,8 @@ ##### [Experiment with custom threat intelligence alerts](experiment-custom-ti.md) ##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti.md) - -#### [Pull alerts to your SIEM tools](configure-siem.md) +#### [Pull alerts to your SIEM tools]() +##### [Learn about different ways to pull alerts](configure-siem.md) ##### [Enable SIEM integration](enable-siem-integration.md) ##### [Configure Splunk to pull alerts](configure-splunk.md) ##### [Configure HP ArcSight to pull alerts](configure-arcsight.md) @@ -346,88 +440,94 @@ ##### [Pull alerts using SIEM REST API](pull-alerts-using-rest-api.md) ##### [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md) - -#### Reporting +#### [Reporting]() ##### [Create and build Power BI reports using Microsoft Defender ATP data](powerbi-reports.md) ##### [Threat protection reports](threat-protection-reports.md) ##### [Machine health and compliance reports](machine-reports.md) - -#### Interoperability +#### [Interoperability]() ##### [Partner applications](partner-applications.md) -#### [Manage machine configuration](configure-machines.md) +#### [Manage machine configuration]() +##### [Ensure your machines are configured properly](configure-machines.md) ##### [Monitor and increase machine onboarding](configure-machines-onboarding.md) ##### [Increase compliance to the security baseline](configure-machines-security-baseline.md) ##### [Optimize ASR rule deployment and detections](configure-machines-asr.md) -#### Role-based access control -##### [Manage portal access using RBAC](rbac.md) +#### [Role-based access control]() + +##### [Manage portal access using RBAC]() +###### [Using RBAC](rbac.md) ###### [Create and manage roles](user-roles.md) -###### [Create and manage machine groups](machine-groups.md) + +###### [Create and manage machine groups]() +####### [Using machine groups](machine-groups.md) ####### [Create and manage machine tags](machine-tags.md) #### [Configure managed security service provider (MSSP) support](configure-mssp-support.md) -### Configure Microsoft Threat Protection integration + +### [Configure Microsoft threat protection integration]() #### [Configure Conditional Access](configure-conditional-access.md) #### [Configure Microsoft Cloud App Security in Windows](microsoft-cloud-app-security-config.md) #### [Configure information protection in Windows](information-protection-in-windows-config.md) -### [Configure Microsoft Defender Security Center settings](preferences-setup.md) -#### General +### [Configure portal settings]() +#### [Set up preferences](preferences-setup.md) + +#### [General]() ##### [Update data retention settings](data-retention-settings.md) ##### [Configure alert notifications](configure-email-notifications.md) ##### [Enable and create Power BI reports using Windows Security app data](powerbi-reports.md) ##### [Enable Secure score security controls](enable-secure-score.md) ##### [Configure advanced features](advanced-features.md) - -#### Permissions + +#### [Permissions]() ##### [Use basic permissions to access the portal](basic-permissions.md) ##### [Manage portal access using RBAC](rbac.md) ###### [Create and manage roles](user-roles.md) ###### [Create and manage machine groups](machine-groups.md) ####### [Create and manage machine tags](machine-tags.md) - -#### APIs + +#### [APIs]() ##### [Enable Threat intel](enable-custom-ti.md) ##### [Enable SIEM integration](enable-siem-integration.md) - -#### Rules + +#### [Rules]() ##### [Manage suppression rules](manage-suppression-rules.md) ##### [Manage automation allowed/blocked lists](manage-automation-allowed-blocked-list.md) ##### [Manage indicators](manage-indicators.md) ##### [Manage automation file uploads](manage-automation-file-uploads.md) ##### [Manage automation folder exclusions](manage-automation-folder-exclusions.md) - -#### Machine management + +#### [Machine management]() ##### [Onboarding machines](onboard-configure.md) ##### [Offboarding machines](offboard-machines.md) - -#### [Configure Windows Security app time zone settings](time-settings.md) - + +#### [Configure time zone settings](time-settings.md) -## [Troubleshoot Microsoft Defender ATP](troubleshoot-overview.md) -### Troubleshoot sensor state + +## [Troubleshoot Microsoft Defender ATP]() + +### [Troubleshoot sensor state]() #### [Check sensor state](check-sensor-status.md) #### [Fix unhealthy sensors](fix-unhealthy-sensors.md) #### [Inactive machines](fix-unhealthy-sensors.md#inactive-machines) #### [Misconfigured machines](fix-unhealthy-sensors.md#misconfigured-machines) #### [Review sensor events and errors on machines with Event Viewer](event-error-codes.md) -### [Troubleshoot Microsoft Defender ATP service issues](troubleshoot-mdatp.md) + +### [Troubleshoot service issues]() +#### [Troubleshooting issues](troubleshoot-mdatp.md) #### [Check service health](service-status.md) -### [Troubleshoot live response issues]() -#### [Troubleshoot issues related to live response](troubleshoot-live-response.md) - -### Troubleshoot attack surface reduction +### [Troubleshoot attack surface reduction issues]() #### [Network protection](../windows-defender-exploit-guard/troubleshoot-np.md) #### [Attack surface reduction rules](../windows-defender-exploit-guard/troubleshoot-asr.md) #### [Collect diagnostic data for files](../windows-defender-exploit-guard/troubleshoot-np.md) -### [Troubleshoot next generation protection](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md) +### [Troubleshoot next generation protection issues](../windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md) diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/admintemplates.png b/windows/security/threat-protection/windows-defender-antivirus/images/admintemplates.png new file mode 100644 index 0000000000..e95c44f251 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-antivirus/images/admintemplates.png differ diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/baselines.png b/windows/security/threat-protection/windows-defender-antivirus/images/baselines.png new file mode 100644 index 0000000000..d08380470f Binary files /dev/null and b/windows/security/threat-protection/windows-defender-antivirus/images/baselines.png differ diff --git a/windows/security/threat-protection/windows-defender-antivirus/images/bluetooth.png b/windows/security/threat-protection/windows-defender-antivirus/images/bluetooth.png new file mode 100644 index 0000000000..f4f5e4804b Binary files /dev/null and b/windows/security/threat-protection/windows-defender-antivirus/images/bluetooth.png differ diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md index 5c90d72b3d..8d774b3037 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-resources.md @@ -116,8 +116,3 @@ In the Microsoft Defender ATP portal, you'll see two categories of information: - Computer model - Processor architecture - Whether the device is a virtual machine - -## Known issues - -- Full Microsoft Defender ATP integration is not available yet. -- Centrally managed uninstall via Intune is still in development. As an alternative, manually uninstall Microsoft Defender ATP for Mac from each client device. diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md index 92f683ebdf..b9d60523ba 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md @@ -108,6 +108,6 @@ Guidance for how to configure the product in enterprise environments is availabl ## Resources -- For more information about logging, uninstalling, or known issues, see the [Resources](microsoft-defender-atp-mac-resources.md) page. +- For more information about logging, uninstalling, or other topics, see the [Resources](microsoft-defender-atp-mac-resources.md) page. - [Privacy for Microsoft Defender ATP for Mac](microsoft-defender-atp-mac-privacy.md)