From 69e092289bf399e1301a32686f2b38d0e823b775 Mon Sep 17 00:00:00 2001 From: Deland Han Date: Fri, 28 Feb 2020 16:35:03 +0800 Subject: [PATCH 01/21] finish --- .../testing-scenarios-for-wip.md | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index 7cb66960c1..0ef906a2b3 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -172,17 +172,7 @@ You can try any of the processes included in these scenarios, but you should foc - - Stop Google Drive from syncing WIP protected files and folders. - - - - + >[!NOTE] From 4b21e71daed030782217b90791701303e80dc7f8 Mon Sep 17 00:00:00 2001 From: Ele O Date: Fri, 27 Mar 2020 15:58:12 +0000 Subject: [PATCH 02/21] Add explanation for when to use the 2 methods earlier in page clarify high stakes testing vs lower stakes testing --- education/windows/take-tests-in-windows-10.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md index fed3ff8374..cb3fa4d144 100644 --- a/education/windows/take-tests-in-windows-10.md +++ b/education/windows/take-tests-in-windows-10.md @@ -34,8 +34,12 @@ Many schools use online testing for formative and summative assessments. It's cr ![Set up and user flow for the Take a Test app](images/take_a_test_flow_dark.png) -There are several ways to configure devices for assessments. You can: -- **Configure an assessment URL and a dedicated testing account** +There are several ways to configure devices for assessments depending on your use case: + +- For higher stakes testsing such as mid-term exams, you can setup a device with a dedicated testing account and URL. +- For lower stakes assessments such as a quick quiz in a class, you can quickly create and distribute the assessment URL through any method of your choosing. + +1. **Configure an assessment URL and a dedicated testing account** In this configuration, a user signs into in to the account and the **Take a Test** app automatically launches the pre-configured assessment URL in Microsoft Edge in a single-app, kiosk mode. A student will never have access to the desktop in this configuration. We recommend this configuration for high stakes testing. @@ -58,9 +62,9 @@ There are several ways to configure devices for assessments. You can: For more info about these methods, see [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md). -- **Distribute the assessment URL through the web, email, OneNote, or any other method of your choosing. You can also create shortcuts to distribute the link** +2. **Create the assessment URL and the distribute it through the web, email, OneNote, or any other method of your choosing. You can also create shortcuts to distribute the link** - This allows teachers and test administrators an easier way to deploy assessments. We recommend this method for lower stakes assessments. + This allows teachers and test administrators an easier way to deploy assessments quickly and simply. We recommend this method for lower stakes assessments. You can enable this using a schema activation. From b3fcad5cf54b7a1302f86b4a0a9749b8bd853676 Mon Sep 17 00:00:00 2001 From: Ele O Date: Fri, 27 Mar 2020 16:06:08 +0000 Subject: [PATCH 03/21] Spelling fix --- education/windows/take-tests-in-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md index cb3fa4d144..9ada227df4 100644 --- a/education/windows/take-tests-in-windows-10.md +++ b/education/windows/take-tests-in-windows-10.md @@ -36,7 +36,7 @@ Many schools use online testing for formative and summative assessments. It's cr There are several ways to configure devices for assessments depending on your use case: -- For higher stakes testsing such as mid-term exams, you can setup a device with a dedicated testing account and URL. +- For higher stakes testing such as mid-term exams, you can setup a device with a dedicated testing account and URL. - For lower stakes assessments such as a quick quiz in a class, you can quickly create and distribute the assessment URL through any method of your choosing. 1. **Configure an assessment URL and a dedicated testing account** From 8829a33dd860d421532131bfa9bc72b9f1d97226 Mon Sep 17 00:00:00 2001 From: Ele O Date: Mon, 30 Mar 2020 17:55:15 +0100 Subject: [PATCH 04/21] Adjust heading for #2 option Based on blocking pull request merge feedback. Headings don't have a period, --- education/windows/take-tests-in-windows-10.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md index 9ada227df4..fca8f8fb88 100644 --- a/education/windows/take-tests-in-windows-10.md +++ b/education/windows/take-tests-in-windows-10.md @@ -62,9 +62,9 @@ There are several ways to configure devices for assessments depending on your us For more info about these methods, see [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md). -2. **Create the assessment URL and the distribute it through the web, email, OneNote, or any other method of your choosing. You can also create shortcuts to distribute the link** +2. **Create and distribute the assessment URL through the web, email, OneNote, or any other method** - This allows teachers and test administrators an easier way to deploy assessments quickly and simply. We recommend this method for lower stakes assessments. + This allows teachers and test administrators an easier way to deploy assessments quickly and simply. We recommend this method for lower stakes assessments. You can also create shortcuts to distribute the link You can enable this using a schema activation. From a96e4e8d7decd3cbb562697863dd8ae8f752f515 Mon Sep 17 00:00:00 2001 From: Ele O Date: Mon, 30 Mar 2020 17:56:17 +0100 Subject: [PATCH 05/21] Adding a period --- education/windows/take-tests-in-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md index fca8f8fb88..eda6eff5f8 100644 --- a/education/windows/take-tests-in-windows-10.md +++ b/education/windows/take-tests-in-windows-10.md @@ -64,7 +64,7 @@ There are several ways to configure devices for assessments depending on your us 2. **Create and distribute the assessment URL through the web, email, OneNote, or any other method** - This allows teachers and test administrators an easier way to deploy assessments quickly and simply. We recommend this method for lower stakes assessments. You can also create shortcuts to distribute the link + This allows teachers and test administrators an easier way to deploy assessments quickly and simply. We recommend this method for lower stakes assessments. You can also create shortcuts to distribute the link. You can enable this using a schema activation. From 99ab517f5a40373c34c46d23051e6e873b9e592c Mon Sep 17 00:00:00 2001 From: Jreeds001 Date: Tue, 31 Mar 2020 15:05:54 -0700 Subject: [PATCH 06/21] Update apps-in-windows-10.md --- .../apps-in-windows-10.md | 90 +++++++++---------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 7b5828d9c2..acb8409b0a 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -44,51 +44,51 @@ Here are the provisioned Windows apps in Windows 10 versions 1703, 1709, 1803 an
-| Package name | App name | 1703 | 1709 | 1803 | 1809 | Uninstall through UI? | -|----------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:| -| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | x | | | | Yes | -| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | Via Settings App | -| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | | | x | No | -| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.MicrosoftOfficeHub | [My Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | | | x | No | -| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Office.OneNote | [OneNote](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.OneConnect | [Paid Wi-Fi & Cellular](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | | | x | No | -| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No | -| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.VP9VideoExtensions | | | | | x | No | -| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | | | x | x | No | -| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | | | x | No | -| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | No | -| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Xbox.TCUI | [Xbox TCUI](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.XboxApp | [Xbox](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxGameOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxGamingOverlay | [Xbox Gaming Overlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | | | x | x | No | -| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | No | -| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | | | x | No | -| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | No | - +| Package name | App name | 1709 | 1803 | 1809 | 1909 | Uninstall through UI? | +|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:| +| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | Yes | +| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | Yes | +| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | Via Settings App | +| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | | x | x | No | +| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.MicrosoftOfficeHub | [My Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes | +| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | Yes | +| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | | x | x | No | +| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Office.OneNote | [OneNote](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes | +| Microsoft.OneConnect | [Paid Wi-Fi & Cellular](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Outlook.DesktopIntegrationServices | | | | | x | | +| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | | x | x | No | +| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No | +| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.VP9VideoExtensions | | | | x | x | No | +| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | | x | x | x | No | +| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | | x | x | No | +| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | No | +| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.Xbox.TCUI | [Xbox TCUI](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.XboxApp | [Xbox](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.XboxGameOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.XboxGamingOverlay | [Xbox Gaming Overlay](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | | x | x | x | No | +| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | No | +| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | | x | x | No | +| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | No | +| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | No | >[!NOTE] >The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it. From 24eb61e4cf15a5ff59818e9398343c21022b25d3 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 31 Mar 2020 15:28:38 -0700 Subject: [PATCH 07/21] added prereq procedures --- ...dows-10-using-pxe-and-configuration-manager.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md index 19ebb6ea7b..d6532cfde0 100644 --- a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md +++ b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md @@ -21,7 +21,16 @@ ms.topic: article - Windows 10 -In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Configuration Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) machine named PC0001. +In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Configuration Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) machine named PC0001. An existing Configuration Manager infrastructure that is integrated with MDT is used for the procedures in this topic. + +This topic assumes that you have completed the following prerequisite procedures: +- [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) +- [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md) +- [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md) +- [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) +- [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md) +- [Create a task sequence with Configuration Manager and MDT](create-a-task-sequence-with-configuration-manager-and-mdt.md) +- [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md) For the purposes of this guide, we will use a minimum of two server computers (DC01 and CM01) and one client computer (PC0001). - DC01 is a domain controller and DNS server for the contoso.com domain. DHCP services are also available and optionally installed on DC01 or another server. Note: DHCP services are required for the client (PC0001) to connect to the Windows Deployment Service (WDS). @@ -36,10 +45,8 @@ All servers are running Windows Server 2019. However, an earlier, supported vers All server and client computers referenced in this guide are on the same subnet. This is not required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates. -An existing Configuration Manager infrastructure that is integrated with MDT is used for the following procedures. For more information about the setup for this article, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md). - >[!NOTE] ->No WDS console configuration required for PXE to work. Everything is done with the Configuration Manager console. +>No WDS console configuration is required for PXE to work. Everything is done with the Configuration Manager console. ## Procedures From defcade7a1ddbd36b857dc4ccfb5225ba739f950 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 31 Mar 2020 15:47:39 -0700 Subject: [PATCH 08/21] Removed unnecessary bullet in a note --- windows/application-management/apps-in-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index acb8409b0a..1eb4d1d50b 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -149,7 +149,7 @@ System apps are integral to the operating system. Here are the typical system ap > [!NOTE] -> - The Contact Support app changed to Get Help in version 1709. Get Help is a provisioned app (instead of system app like Contact Support). +> The Contact Support app changed to Get Help in version 1709. Get Help is a provisioned app (instead of system app like Contact Support). ## Installed Windows apps From 0e8d2c0f62fbf45fd9c459d186a9b88a5b00cf26 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 31 Mar 2020 16:02:56 -0700 Subject: [PATCH 09/21] reorg toc --- windows/deployment/TOC.md | 7 ++++--- windows/deployment/deploy-windows-cm/TOC.md | 7 ++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md index 391961e1bd..9919334e09 100644 --- a/windows/deployment/TOC.md +++ b/windows/deployment/TOC.md @@ -103,15 +103,16 @@ ##### [Use Orchestrator runbooks with MDT](deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md) ### Deploy Windows 10 with Microsoft Endpoint Configuration Manager -#### [Prepare for Windows 10 deployment with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) - -#### Deploy Windows 10 with Configuration Manager +#### Prepare for Windows 10 deployment with Configuration Manager +##### [Prepare for Zero Touch Installation with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) ##### [Create a custom Windows PE boot image with Configuration Manager](deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md) ##### [Add a Windows 10 operating system image using Configuration Manager](deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md) ##### [Create an application to deploy with Windows 10 using Configuration Manager](deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) ##### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md) ##### [Create a task sequence with Configuration Manager and MDT](deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md) ##### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md) + +#### Deploy Windows 10 with Configuration Manager ##### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md) ##### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) ##### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) diff --git a/windows/deployment/deploy-windows-cm/TOC.md b/windows/deployment/deploy-windows-cm/TOC.md index daaec1091b..b26445c4ab 100644 --- a/windows/deployment/deploy-windows-cm/TOC.md +++ b/windows/deployment/deploy-windows-cm/TOC.md @@ -1,13 +1,14 @@ # Deploy Windows 10 with Microsoft Endpoint Configuration Manager -## [Prepare for Windows 10 deployment with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) - -## Deploy Windows 10 with Configuration Manager +## Prepare for Windows 10 deployment with Configuration Manager +### [Prepare for Zero Touch Installation with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) ### [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md) ### [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md) ### [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) ### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md) ### [Create a task sequence with Configuration Manager and MDT](create-a-task-sequence-with-configuration-manager-and-mdt.md) ### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md) + +## Deploy Windows 10 with Configuration Manager ### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md) ### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) ### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) From 8fab4dabc51564f3f5c0a4a082dd027a3f81520e Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 31 Mar 2020 16:19:13 -0700 Subject: [PATCH 10/21] small edit --- .../deploy-windows-10-using-pxe-and-configuration-manager.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md index d6532cfde0..a5ea3f78c2 100644 --- a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md +++ b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md @@ -21,7 +21,7 @@ ms.topic: article - Windows 10 -In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Configuration Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) machine named PC0001. An existing Configuration Manager infrastructure that is integrated with MDT is used for the procedures in this topic. +In this topic, you will learn how to deploy Windows 10 using Microsoft Endpoint Configuration Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) computer named PC0001. An existing Configuration Manager infrastructure that is integrated with MDT is used for the procedures in this topic. This topic assumes that you have completed the following prerequisite procedures: - [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) @@ -59,7 +59,7 @@ All server and client computers referenced in this guide are on the same subnet. * Install the Windows 10 operating system. * Install the Configuration Manager client and the client hotfix. - * Join the machine to the domain. + * Join the computer to the domain. * Install the application added to the task sequence. >[!NOTE] From 51b27ffddc8d79591e5f68f4a3c961b84de72371 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Tue, 31 Mar 2020 16:34:52 -0700 Subject: [PATCH 11/21] Add more troubleshooting --- .../linux-exclusions.md | 111 ++++++++++++++++++ .../linux-static-proxy-configuration.md | 2 +- .../linux-support-connectivity.md | 91 ++++++++++++++ .../linux-support-perf.md | 77 ++++++++++++ .../microsoft-defender-atp/mac-exclusions.md | 2 +- 5 files changed, 281 insertions(+), 2 deletions(-) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md create mode 100644 windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md new file mode 100644 index 0000000000..3ef8924477 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md @@ -0,0 +1,111 @@ +--- +title: Configure and validate exclusions for Microsoft Defender ATP for Linux +description: Provide and validate exclusions for Microsoft Defender ATP for Linux. Exclusions can be set for files, folders, and processes. +keywords: microsoft, defender, atp, linux, exclusions, scans, antivirus +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Configure and validate exclusions for Microsoft Defender ATP for Linux + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md) + +This article provides information on how to define exclusions that apply to on-demand scans, and real-time protection and monitoring. + +>[!IMPORTANT] +>The exclusions described in this article don't apply to other Microsoft Defender ATP for Linux capabilities, including endpoint detection and response (EDR). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. + +You can exclude certain files, folders, processes, and process-opened files from Microsoft Defender ATP for Linux scans. + +Exclusions can be useful to avoid incorrect detections on files or software that are unique or customized to your organization. They can also be useful for mitigating performance issues caused by Microsoft Defender ATP for Linux. + +>[!WARNING] +>Defining exclusions lowers the protection offered by Microsoft Defender ATP for Linux. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you are confident are not malicious. + +## Supported exclusion types + +The follow table shows the exclusion types supported by Microsoft Defender ATP for Linux. + +Exclusion | Definition | Examples +---|---|--- +File extension | All files with the extension, anywhere on the machine | .test +File | A specific file identified by the full path | /var/log/test.log +Folder | All files under the specified folder | /var/log/ +Process | A specific process (specified either by the full path or file name) and all files opened by it | /bin/cat
cat + +## How to configure the list of exclusions + +### From the management console + +For more information on how to configure exclusions from Puppet, Ansible, or another management console, see [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md). + +### From the command-line + +Run the following command to see the available switches for managing exclusions: + +```bash +$ mdatp --exclusion +``` + +Examples: + +- Add an exclusion for a file extension: + + ```bash + $ mdatp --exclusion --add-extension .txt + Configuration updated successfully + ``` + +- Add an exclusion for a file: + + ```bash + $ mdatp --exclusion --add-folder /var/log/dummy.log + Configuration updated successfully + ``` + +- Add an exclusion for a folder: + + ```bash + $ mdatp --exclusion --add-folder /var/log/ + Configuration updated successfully + ``` + +- Add an exclusion for a process: + + ```bash + $ mdatp --exclusion --add-process cat + Configuration updated successfully + ``` + +## Validate exclusions lists with the EICAR test file + +You can validate that your exclusion lists are working by using `curl` to download a test file. + +In the following Bash snippet, replace *test.txt* with a file that conforms to your exclusion rules. For example, if you have excluded the *.testing extension*, replace *test.txt* with *test.testing*. If you are testing a path, ensure that you run the command within that path. + +```bash +$ curl -o test.txt https://www.eicar.org/download/eicar.com.txt +``` + +If Microsoft Defender ATP for Linux reports malware, then the rule is not working. If there is no report of malware, and the downloaded file exists, then the exclusion is working. You can open the file to confirm that the contents are the same as what is described on the [EICAR test file website](http://2016.eicar.org/86-0-Intended-use.html). + +If you do not have Internet access, you can create your own EICAR test file. Write the EICAR string to a new text file with the following Bash command: + +```bash +echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > test.txt +``` + +You can also copy the string into a blank text file and attempt to save it with the file name or in the folder you are attempting to exclude. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md index c2505dae33..0ac647a0b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-static-proxy-configuration.md @@ -18,7 +18,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual --- -# Configuring Microsoft Defender ATP for static proxy discovery +# Configure Microsoft Defender ATP for Linux for static proxy discovery **Applies to:** diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md new file mode 100644 index 0000000000..67eca39929 --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md @@ -0,0 +1,91 @@ +--- +title: Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux +ms.reviewer: +description: Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux +keywords: microsoft, defender, atp, linux, cloud, connectivity, communication +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md) + +## Run the connectivity test + +To test if Microsoft Defender ATP for Linux can communicate to the cloud with the current network settings, run a connectivity test from the command line: + +```bash +$ mdatp --connectivity-test +``` + +If the connectivity test fails, check if the machine has Internet access and if [any of the endpoints required by the product](microsoft-defender-atp-linux.md#network-connections) are blocked by a proxy or firewall. + +## Troubleshooting steps for environments without proxy or with transparent proxy + +To test that a connection is not blocked in an environment without a proxy or with a transparent proxy, run the following command in the terminal: + +```bash +curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping' +``` + +The output from this command should be similar to the following: + +``` +OK https://x.cp.wd.microsoft.com/api/report +OK https://cdn.x.cp.wd.microsoft.com/ping +``` + +## Troubleshooting steps for environments with static proxy + +> [!WARNING] +> PAC, WPAD, and authenticated proxies are not supported. Ensure that only a static proxy or transparent proxy is being used. +> +> Intercepting proxies are also not supported for security reasons. Configure your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. + +If a static proxy is required, add a proxy parameter to the above command, where `proxy_address:port` correspond to the proxy address and port: + +```bash +$ curl -x http://proxy_address:port -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping' +``` + +Ensure that you use the same proxy address and port as configured in the `/lib/system/system/mdatp.service` file. Check your proxy configuration if there are errors from the above commands. + +To use a static proxy, the `mdatp.service` file must be modified. Ensure the leading leading `#` is removed to un-comment the following line from `/lib/systemd/system/mdatp.service`: + +```bash +#Environment="HTTPS_PROXY=http://address:port" +``` + +Also ensure that the correct static proxy address is filled in to replace `address:port`. + +If this file is correct, try running the following command in the terminal to re-load Microsoft Defender ATP for Linux and propagate the setting: + +```bash +$ sudo systemctl daemon-reload; sudo systemctl restart mdatp +``` + +Upon success, attempt another connectivity test from the command-line: + +```bash +$ mdatp --connectivity-test +``` + +If the problem persists, reach out to customer support. + +## Resources + +- For more information about how to configure the product to use a static proxy, see [Configure Microsoft Defender ATP for static proxy discovery](linux-static-proxy-configuration.md). \ No newline at end of file diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md new file mode 100644 index 0000000000..620441841d --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md @@ -0,0 +1,77 @@ +--- +title: Troubleshoot performance issues for Microsoft Defender ATP for Linux +description: Troubleshoot performance issues in Microsoft Defender ATP for Linux. +keywords: microsoft, defender, atp, linux, performance +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: dansimp +author: dansimp +ms.localizationpriority: medium +manager: dansimp +audience: ITPro +ms.collection: M365-security-compliance +ms.topic: conceptual +--- + +# Troubleshoot performance issues for Microsoft Defender ATP for Linux + +**Applies to:** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Linux](microsoft-defender-atp-linux.md) + +This topic provides some general steps that can be used to narrow down performance issues related to Microsoft Defender ATP for Linux. + +Real-time protection (RTP) is a feature of Microsoft Defender ATP for Linux that continuously monitors and protects your device against threats. It consists of file and process monitoring and other heuristics. + +Depending on the applications that you are running and your device characteristics, you may experience suboptimal performance when running Microsoft Defender ATP for Linux. In particular, applications or system processes that access many resources over a short timespan can lead to performance issues in Microsoft Defender ATP for Linux. + +The following steps can be used to troubleshoot and mitigate these issues: + +1. Disable real-time protection using one of the following methods and observe whether the performance improves. This approach helps narrow down whether Microsoft Defender ATP for Linux is contributing to the performance issues. + + If your device is not managed by your organization, real-time protection can be disabled from the command-line: + + ```bash + $ mdatp --config realTimeProtectionEnabled false + ``` + + If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md). + +2. To find the applications that are triggering the most scans, you can use real time statistics gathered by Microsoft Defender ATP for Linux. This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command-line: + +```bash +$ mdatp config real_time_protection_statistics_enabled on +``` + +This feature requires real-time protection to be enabled. To check the status of real-time protection, run the following command: + +```bash +$ mdatp health +``` + +Verify that the `real_time_protection_enabled` entry is `true`. Otherwise, run the following command to enable it: + +```bash +$ mdatp --config realTimeProtectionEnabled true +``` + +To collect current statistics, run: + +```bash +$ mdatp diagnostic real_time_protection_statistics # you can use ‘> stat.log’ to redirect to file +``` + +The output of this command will show all processes and their associated scan activity. To improve the performance of Microsoft Defender ATP for Linux, locate the one with the highest number under the `Total files scanned` row and add an exclusion for it. See [Configure and validate exclusions for Microsoft Defender ATP for Linux](linux-exclusions.md) for more information on how to add exclusions. + +[!NOTE] +> The application stores statistics in memory and only keeps track of file activity since it was started and real time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted. + +3. Use the `top` command-line tool and analyze which applications are using the resources on your system. Typical examples include software updaters and compilers. + +4. Configure Microsoft Defender ATP for Linux with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection. + + See [Configure and validate exclusions for Microsoft Defender ATP for Linux](linux-exclusions.md) for details. diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md index 4a410131e3..2aa1d5554a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md @@ -72,7 +72,7 @@ $ curl -o test.txt https://www.eicar.org/download/eicar.com.txt If Microsoft Defender ATP for Mac reports malware, then the rule is not working. If there is no report of malware, and the downloaded file exists, then the exclusion is working. You can open the file to confirm that the contents are the same as what is described on the [EICAR test file website](http://2016.eicar.org/86-0-Intended-use.html). -If you do not have internet access, you can create your own EICAR test file. Write the EICAR string to a new text file with the following Bash command: +If you do not have Internet access, you can create your own EICAR test file. Write the EICAR string to a new text file with the following Bash command: ```bash echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > test.txt From 461859c61ab6efcaaef4849850b8512b316b5888 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Tue, 31 Mar 2020 16:42:03 -0700 Subject: [PATCH 12/21] Update TOC --- windows/security/threat-protection/TOC.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index ac15e0c03b..3eca661850 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -332,8 +332,12 @@ ###### [Ansible based deployment](microsoft-defender-atp/linux-install-with-ansible.md) ##### [Update](microsoft-defender-atp/linux-updates.md) ##### [Configure]() +###### [Configure and validate exclusions](microsoft-defender-atp/linux-exclusions.md) ###### [Static proxy configuration](microsoft-defender-atp/linux-static-proxy-configuration.md) ###### [Set preferences](microsoft-defender-atp/linux-preferences.md) +##### [Troubleshoot]() +###### [Troubleshoot cloud connectivity issues](microsoft-defender-atp/linux-support-connectivity.md) +###### [Troubleshoot performance issues](microsoft-defender-atp/linux-support-perf.md) ##### [Resources](microsoft-defender-atp/linux-resources.md) From cdbc1b5899b7b277dae17a28589bc15212530f8c Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Tue, 31 Mar 2020 16:56:19 -0700 Subject: [PATCH 13/21] Make Acrolinx happy --- .../microsoft-defender-atp/linux-exclusions.md | 4 ++-- .../linux-support-connectivity.md | 10 +++++----- .../microsoft-defender-atp/linux-support-perf.md | 10 +++++----- .../microsoft-defender-atp/mac-exclusions.md | 2 +- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md index 3ef8924477..df21f73158 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md @@ -52,7 +52,7 @@ Process | A specific process (specified either by the full path or file name) an For more information on how to configure exclusions from Puppet, Ansible, or another management console, see [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md). -### From the command-line +### From the command line Run the following command to see the available switches for managing exclusions: @@ -94,7 +94,7 @@ Examples: You can validate that your exclusion lists are working by using `curl` to download a test file. -In the following Bash snippet, replace *test.txt* with a file that conforms to your exclusion rules. For example, if you have excluded the *.testing extension*, replace *test.txt* with *test.testing*. If you are testing a path, ensure that you run the command within that path. +In the following Bash snippet, replace `test.txt` with a file that conforms to your exclusion rules. For example, if you have excluded the `.testing` extension, replace `test.txt` with `test.testing`. If you are testing a path, ensure that you run the command within that path. ```bash $ curl -o test.txt https://www.eicar.org/download/eicar.com.txt diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md index 67eca39929..d34c004a38 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md @@ -42,7 +42,7 @@ To test that a connection is not blocked in an environment without a proxy or wi curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping' ``` -The output from this command should be similar to the following: +The output from this command should be similar to: ``` OK https://x.cp.wd.microsoft.com/api/report @@ -64,7 +64,7 @@ $ curl -x http://proxy_address:port -w ' %{url_effective}\n' 'https://x.cp.wd.mi Ensure that you use the same proxy address and port as configured in the `/lib/system/system/mdatp.service` file. Check your proxy configuration if there are errors from the above commands. -To use a static proxy, the `mdatp.service` file must be modified. Ensure the leading leading `#` is removed to un-comment the following line from `/lib/systemd/system/mdatp.service`: +To use a static proxy, the `mdatp.service` file must be modified. Ensure the leading `#` is removed to uncomment the following line from `/lib/systemd/system/mdatp.service`: ```bash #Environment="HTTPS_PROXY=http://address:port" @@ -72,19 +72,19 @@ To use a static proxy, the `mdatp.service` file must be modified. Ensure the lea Also ensure that the correct static proxy address is filled in to replace `address:port`. -If this file is correct, try running the following command in the terminal to re-load Microsoft Defender ATP for Linux and propagate the setting: +If this file is correct, try running the following command in the terminal to reload Microsoft Defender ATP for Linux and propagate the setting: ```bash $ sudo systemctl daemon-reload; sudo systemctl restart mdatp ``` -Upon success, attempt another connectivity test from the command-line: +Upon success, attempt another connectivity test from the command line: ```bash $ mdatp --connectivity-test ``` -If the problem persists, reach out to customer support. +If the problem persists, contact customer support. ## Resources diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md index 620441841d..8a18f9e40b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md @@ -33,7 +33,7 @@ The following steps can be used to troubleshoot and mitigate these issues: 1. Disable real-time protection using one of the following methods and observe whether the performance improves. This approach helps narrow down whether Microsoft Defender ATP for Linux is contributing to the performance issues. - If your device is not managed by your organization, real-time protection can be disabled from the command-line: + If your device is not managed by your organization, real-time protection can be disabled from the command line: ```bash $ mdatp --config realTimeProtectionEnabled false @@ -41,7 +41,7 @@ The following steps can be used to troubleshoot and mitigate these issues: If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md). -2. To find the applications that are triggering the most scans, you can use real time statistics gathered by Microsoft Defender ATP for Linux. This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command-line: +2. To find the applications that are triggering the most scans, you can use real time statistics gathered by Microsoft Defender ATP for Linux. This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command line: ```bash $ mdatp config real_time_protection_statistics_enabled on @@ -65,12 +65,12 @@ To collect current statistics, run: $ mdatp diagnostic real_time_protection_statistics # you can use ‘> stat.log’ to redirect to file ``` -The output of this command will show all processes and their associated scan activity. To improve the performance of Microsoft Defender ATP for Linux, locate the one with the highest number under the `Total files scanned` row and add an exclusion for it. See [Configure and validate exclusions for Microsoft Defender ATP for Linux](linux-exclusions.md) for more information on how to add exclusions. +The output of this command will show all processes and their associated scan activity. To improve the performance of Microsoft Defender ATP for Linux, locate the one with the highest number under the `Total files scanned` row and add an exclusion for it. For more information, see [Configure and validate exclusions for Microsoft Defender ATP for Linux](linux-exclusions.md). [!NOTE] -> The application stores statistics in memory and only keeps track of file activity since it was started and real time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted. +> The application stores statistics in memory and only keeps track of file activity since it was started and real-time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted. -3. Use the `top` command-line tool and analyze which applications are using the resources on your system. Typical examples include software updaters and compilers. +3. Use the `top` command line tool and analyze which applications are using the resources on your system. Typical examples include software updaters and compilers. 4. Configure Microsoft Defender ATP for Linux with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection. diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md index 2aa1d5554a..4ac890ab74 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/mac-exclusions.md @@ -64,7 +64,7 @@ Select the type of exclusion that you wish to add and follow the prompts. You can validate that your exclusion lists are working by using `curl` to download a test file. -In the following Bash snippet, replace *test.txt* with a file that conforms to your exclusion rules. For example, if you have excluded the *.testing extension*, replace *test.txt* with *test.testing*. If you are testing a path, ensure that you run the command within that path. +In the following Bash snippet, replace `test.txt` with a file that conforms to your exclusion rules. For example, if you have excluded the `.testing` extension, replace `test.txt` with `test.testing`. If you are testing a path, ensure that you run the command within that path. ```bash $ curl -o test.txt https://www.eicar.org/download/eicar.com.txt From b13721a9838b6e68973872a65904fad3b32910aa Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Tue, 31 Mar 2020 16:58:46 -0700 Subject: [PATCH 14/21] More Acrolinx --- .../microsoft-defender-atp/linux-support-perf.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md index 8a18f9e40b..813deecbe9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md @@ -41,7 +41,7 @@ The following steps can be used to troubleshoot and mitigate these issues: If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md). -2. To find the applications that are triggering the most scans, you can use real time statistics gathered by Microsoft Defender ATP for Linux. This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command line: +2. To find the applications that are triggering the most scans, you can use real-time statistics gathered by Microsoft Defender ATP for Linux. This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command line: ```bash $ mdatp config real_time_protection_statistics_enabled on @@ -70,7 +70,7 @@ The output of this command will show all processes and their associated scan act [!NOTE] > The application stores statistics in memory and only keeps track of file activity since it was started and real-time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted. -3. Use the `top` command line tool and analyze which applications are using the resources on your system. Typical examples include software updaters and compilers. +3. Use the `top` command-line tool and analyze which applications are using the resources on your system. Typical examples include software updaters and compilers. 4. Configure Microsoft Defender ATP for Linux with exclusions for the processes or disk locations that contribute to the performance issues and re-enable real-time protection. From 9f3d49fac5a5b0d89ae10acbaa086af9c035b4ed Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Tue, 31 Mar 2020 17:49:20 -0700 Subject: [PATCH 15/21] Indentation --- .../linux-support-perf.md | 44 +++++++++---------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md index 813deecbe9..32c69ec98c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md @@ -43,32 +43,32 @@ The following steps can be used to troubleshoot and mitigate these issues: 2. To find the applications that are triggering the most scans, you can use real-time statistics gathered by Microsoft Defender ATP for Linux. This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command line: -```bash -$ mdatp config real_time_protection_statistics_enabled on -``` + ```bash + $ mdatp config real_time_protection_statistics_enabled on + ``` -This feature requires real-time protection to be enabled. To check the status of real-time protection, run the following command: + This feature requires real-time protection to be enabled. To check the status of real-time protection, run the following command: -```bash -$ mdatp health -``` - -Verify that the `real_time_protection_enabled` entry is `true`. Otherwise, run the following command to enable it: + ```bash + $ mdatp health + ``` -```bash -$ mdatp --config realTimeProtectionEnabled true -``` + Verify that the `real_time_protection_enabled` entry is `true`. Otherwise, run the following command to enable it: -To collect current statistics, run: - -```bash -$ mdatp diagnostic real_time_protection_statistics # you can use ‘> stat.log’ to redirect to file -``` - -The output of this command will show all processes and their associated scan activity. To improve the performance of Microsoft Defender ATP for Linux, locate the one with the highest number under the `Total files scanned` row and add an exclusion for it. For more information, see [Configure and validate exclusions for Microsoft Defender ATP for Linux](linux-exclusions.md). - -[!NOTE] -> The application stores statistics in memory and only keeps track of file activity since it was started and real-time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted. + ```bash + $ mdatp --config realTimeProtectionEnabled true + ``` + + To collect current statistics, run: + + ```bash + $ mdatp diagnostic real_time_protection_statistics # you can use ‘> stat.log’ to redirect to file + ``` + + The output of this command will show all processes and their associated scan activity. To improve the performance of Microsoft Defender ATP for Linux, locate the one with the highest number under the `Total files scanned` row and add an exclusion for it. For more information, see [Configure and validate exclusions for Microsoft Defender ATP for Linux](linux-exclusions.md). + + >[!NOTE] + > The application stores statistics in memory and only keeps track of file activity since it was started and real-time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted. 3. Use the `top` command-line tool and analyze which applications are using the resources on your system. Typical examples include software updaters and compilers. From f4a04974d1225019d2fb1d5b408e6c64f6c3feb5 Mon Sep 17 00:00:00 2001 From: Deland-Han Date: Wed, 1 Apr 2020 18:41:41 +0800 Subject: [PATCH 16/21] update --- devices/hololens/hololens-connect-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens-connect-devices.md b/devices/hololens/hololens-connect-devices.md index fd770fd0cc..7926dab884 100644 --- a/devices/hololens/hololens-connect-devices.md +++ b/devices/hololens/hololens-connect-devices.md @@ -32,7 +32,7 @@ HoloLens (1st gen) supports the following classes of Bluetooth devices: - HoloLens (1st gen) clicker > [!NOTE] -> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may be listed as available in HoloLens settings. However, these devices aren't supported on HoloLens (1st gen). For more information, see [I'm having problems pairing or using a Bluetooth device](hololens-FAQ.md#im-having-problems-pairing-or-using-a-bluetooth-device). +> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may be listed as available in HoloLens settings. However, these devices aren't supported on HoloLens (1st gen). For more information, see [HoloLens Settings lists devices as available, but the devices don't work](hololens-FAQ.md#hololens-settings-lists-devices-as-available-but-the-devices-dont-work). ### Pair a Bluetooth keyboard or mouse From 8334d9fc9c45bdd7168d23f53f3c8277a6b715af Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 1 Apr 2020 07:09:37 -0700 Subject: [PATCH 17/21] add sentence --- .../microsoft-defender-atp/manage-indicators.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md index ae1856f3eb..ed7b91f290 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md +++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md @@ -122,7 +122,7 @@ It's important to understand the following prerequisites prior to creating indic >[!IMPORTANT] > Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. -> For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages Network Protection (link) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS):
+> For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](network-protection.md) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS). For all other processes, web protection scenarios leverage Network Protection for inspection and enforcement:
> NOTE: >- IP is supported for all three protocols >- Encrypted URLs (full path) can only be blocked on first party browsers From 8b0b549734bd1ea942f7fc6c6de2fe8eef81e658 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 1 Apr 2020 08:09:41 -0700 Subject: [PATCH 18/21] pencil edits --- education/windows/take-tests-in-windows-10.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md index eda6eff5f8..7e016c22c0 100644 --- a/education/windows/take-tests-in-windows-10.md +++ b/education/windows/take-tests-in-windows-10.md @@ -34,9 +34,9 @@ Many schools use online testing for formative and summative assessments. It's cr ![Set up and user flow for the Take a Test app](images/take_a_test_flow_dark.png) -There are several ways to configure devices for assessments depending on your use case: +There are several ways to configure devices for assessments, depending on your use case: -- For higher stakes testing such as mid-term exams, you can setup a device with a dedicated testing account and URL. +- For higher stakes testing such as mid-term exams, you can set up a device with a dedicated testing account and URL. - For lower stakes assessments such as a quick quiz in a class, you can quickly create and distribute the assessment URL through any method of your choosing. 1. **Configure an assessment URL and a dedicated testing account** From 409585a70e6279a96d50ee6621d4931527c5f767 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Wed, 1 Apr 2020 09:21:47 -0700 Subject: [PATCH 19/21] Link to troubleshooting page from main page --- .../microsoft-defender-atp-linux.md | 20 +------------------ 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 2819fb191f..aa08dca96f 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -117,25 +117,7 @@ Microsoft Defender ATP can discover a proxy server by using the following discov If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. For transparent proxies, no additional configuration is needed for Microsoft Defender ATP. For static proxy, follow the steps in [Manual Static Proxy Configuration](linux-static-proxy-configuration.md). -## Validating cloud connectivity - -To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping](https://cdn.x.cp.wd.microsoft.com/ping) in a browser. - -If you prefer the command line, you can also check the connection by running the following command in Terminal: - -```bash -$ curl -w ' %{url_effective}\n' 'https://x.cp.wd.microsoft.com/api/report' 'https://cdn.x.cp.wd.microsoft.com/ping' -``` - -The output from this command should be similar to the following: - -> `OK https://x.cp.wd.microsoft.com/api/report` -> `OK https://cdn.x.cp.wd.microsoft.com/ping` - -Once Microsoft Defender ATP is installed, connectivity can be validated by running the following command in Terminal: -```bash -$ mdatp --connectivity-test -``` +For troubleshooting steps, see the [Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux](linux-support-connectivity.md) page. ## How to update Microsoft Defender ATP for Linux From 7d5754601085bce2ffb504c660e68ed376117d39 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Wed, 1 Apr 2020 09:43:41 -0700 Subject: [PATCH 20/21] Add note on min version for scan activity stats --- .../microsoft-defender-atp/linux-exclusions.md | 8 ++++---- .../microsoft-defender-atp/linux-support-perf.md | 9 +++++++-- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md index df21f73158..088b47a20c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md @@ -25,15 +25,15 @@ ms.topic: conceptual This article provides information on how to define exclusions that apply to on-demand scans, and real-time protection and monitoring. ->[!IMPORTANT] ->The exclusions described in this article don't apply to other Microsoft Defender ATP for Linux capabilities, including endpoint detection and response (EDR). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. +> [!IMPORTANT] +> The exclusions described in this article don't apply to other Microsoft Defender ATP for Linux capabilities, including endpoint detection and response (EDR). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. You can exclude certain files, folders, processes, and process-opened files from Microsoft Defender ATP for Linux scans. Exclusions can be useful to avoid incorrect detections on files or software that are unique or customized to your organization. They can also be useful for mitigating performance issues caused by Microsoft Defender ATP for Linux. ->[!WARNING] ->Defining exclusions lowers the protection offered by Microsoft Defender ATP for Linux. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you are confident are not malicious. +> [!WARNING] +> Defining exclusions lowers the protection offered by Microsoft Defender ATP for Linux. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you are confident are not malicious. ## Supported exclusion types diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md index 32c69ec98c..55da60a602 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-perf.md @@ -41,7 +41,12 @@ The following steps can be used to troubleshoot and mitigate these issues: If your device is managed by your organization, real-time protection can be disabled by your administrator using the instructions in [Set preferences for Microsoft Defender ATP for Linux](linux-preferences.md). -2. To find the applications that are triggering the most scans, you can use real-time statistics gathered by Microsoft Defender ATP for Linux. This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command line: +2. To find the applications that are triggering the most scans, you can use real-time statistics gathered by Microsoft Defender ATP for Linux. + + > [!NOTE] + > This feature is available in version 100.90.70 or newer. + + This feature is enabled by default on the `Dogfood` and `InsisderFast` channels. If you're using a different update channel, this feature can be enabled from the command line: ```bash $ mdatp config real_time_protection_statistics_enabled on @@ -67,7 +72,7 @@ The following steps can be used to troubleshoot and mitigate these issues: The output of this command will show all processes and their associated scan activity. To improve the performance of Microsoft Defender ATP for Linux, locate the one with the highest number under the `Total files scanned` row and add an exclusion for it. For more information, see [Configure and validate exclusions for Microsoft Defender ATP for Linux](linux-exclusions.md). - >[!NOTE] + > [!NOTE] > The application stores statistics in memory and only keeps track of file activity since it was started and real-time protection was enabled. Processes that were launched before or during periods when real time protection was off are not counted. Additionally, only events which triggered scans are counted. 3. Use the `top` command-line tool and analyze which applications are using the resources on your system. Typical examples include software updaters and compilers. From 3ca714c8c65fdcec4afd3c2f8fb0b735b0b77202 Mon Sep 17 00:00:00 2001 From: arcarley <52137849+arcarley@users.noreply.github.com> Date: Wed, 1 Apr 2020 10:12:08 -0700 Subject: [PATCH 21/21] Update waas-manage-updates-wufb.md --- windows/deployment/update/waas-manage-updates-wufb.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-manage-updates-wufb.md b/windows/deployment/update/waas-manage-updates-wufb.md index 2486006471..0e9f6ba908 100644 --- a/windows/deployment/update/waas-manage-updates-wufb.md +++ b/windows/deployment/update/waas-manage-updates-wufb.md @@ -52,7 +52,7 @@ You can control when updates are applied, for example by deferring when an updat Windows Update for Business offers you the ability to turn on or off both driver and Microsoft product updates. -- Drivers (on/off): When "on," this policy will not include drivers with Windows Update. +- Disable Drivers (on/off): When "on," this policy will not include drivers with Windows Update. - Microsoft product updates (on/off): When "on" this policy will install updates for other Microsoft products.