deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 21:03:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into live

Browse Source
This commit is contained in:
Brian Lich
2016-08-29 10:02:27 -07:00
parent e934ba71f2 47c3a03ad2
commit fc80774647
8 changed files with 36 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
View File

@ -26,12 +26,19 @@ The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to repo
The embedded Windows Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Windows Defender ATP cloud service.
The WinHTTP configuration setting is independent of the Windows Internet (WinINet) internet browsing proxy settings and can only discover a proxy server by using the following discovery method:
The WinHTTP configuration setting is independent of the Windows Internet (WinINet) internet browsing proxy settings and can only discover a proxy server by using the following discovery methods:
- Configure the proxy server manually using a static proxy
## Configure the proxy server manually using a static proxy
Configure a static proxy to allow only Windows Defender ATP sensor to report telemetry and communicate with Windows Defender ATP services if a computer is not be permitted to connect to the Internet.
- Auto-discovery methods:
- Transparent proxy
- Manual static proxy configuration
- WinHTTP configured using netsh command
- Registry based configuration
## Configure the proxy server manually using a registry-based static proxy
Configure a registry-based static proxy to allow only Windows Defender ATP sensor to report telemetry and communicate with Windows Defender ATP services if a computer is not be permitted to connect to the Internet.
The static proxy is configurable through Group Policy (GP). The group policy can be found under: **Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry**.
@ -46,6 +53,25 @@ For example: 10.0.0.6:8080
If the static proxy settings are configured after onboarding, then you must restart the PC to apply the proxy settings.
## Configure the proxy server manually using netsh command
Use netsh to configure a system-wide static proxy.
> [!NOTE]
> This will affect all applications including Windows services which use WinHTTP with default proxy.
1. Open an elevated command-line:
a. Go to **Start** and type **cmd**.
b. Right-click **Command prompt** and select **Run as administrator**.
4. Enter the following command and press **Enter**:
```
netsh winhttp set proxy <proxy>:<port>
```
For example: netsh winhttp set proxy 10.0.0.6:8080
## Enable access to Windows Defender ATP service URLs in the proxy server
If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service in port 80 and 443:

5
windows/keep-secure/manage-tpm-lockout.md
View File

@ -29,11 +29,12 @@ The industry standards from the Trusted Computing Group (TCG) specify that TPM m
**TPM 2.0**
TPM 2.0 devices have standardized lockout behavior which is configured by Windows. TPM 2.0 devices have a maximum count threshold and a healing time. Windows configures the maximum count to be 32 and the healing time to be 2 hours. This means that every continuous two hours of powered on operation without an event which increases the counter will cause the counter to decrease by 1.
If your TPM has entered lockout mode or is responding slowly to commands, you can reset the lockout value by using the following procedures. Resetting the TPM lockout requires the TPM owners authorization.
If your TPM has entered lockout mode or is responding slowly to commands, you can reset the lockout value by using the following procedures. Resetting the TPM lockout requires the TPM owners authorization. This value is no longer retained by default starting with Windows 10 version 1607.
## Reset the TPM lockout by using the TPM MMC
**Note:** This procedure is only available if you have configured Windows to retain the TPM Owner Password. By default, this password is not available in Windows 10 starting with version 1607.
The following procedure explains the steps to reset the TPM lockout by using the TPM MMC. Note that this procedure is only available if you have configured Windows to retain the TPM owner password. By default, this behavior is not available in Windows 10.
The following procedure explains the steps to reset the TPM lockout by using the TPM MMC.
**To reset the TPM lockout**