mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-21 09:47:22 +00:00
ce500fde9b
* Updated deployment-vdi-windows-defender-antivirus.md * Updated deployment-vdi-windows-defender-antivirus.md * Updated deployment-vdi-windows-defender-antivirus.md * updates for new vdi stuff * Adding important note to solve #3493 * Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Typo "<"→"<", ">"→">" https://docs.microsoft.com/en-us/windows/application-management/manage-windows-mixed-reality * Issue #2297 * Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Clarification * Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * update troubleshoot-np.md * update configure-endpoints-gp.md * Removing a part which is not supported * Name change * update troubleshoot-np.md * removed on-premises added -hello * Added link into Domain controller guide * Line corections * corrected formatting of xml code samples When viewing the page in Win 10/Edge, the xml code samples stretched across the page, running into the side menu. The lack of line breaks also made it hard to read. This update adds line breaks and syntax highlighting, replaces curly double quotes with standard double quotes, and adds a closing tag for <appv:appconnectiongroup>for each code sample * Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/deployment/update/waas-delivery-optimization-reference.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update windows/deployment/update/waas-delivery-optimization-reference.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * corrected formating of XML examples The XML samples here present the same formatting problems as in about-the-connection-group-file51.md (see https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3847/) Perhaps we should open an issue to see if we have more versions of this code sample in the docs * corrected formatting of XML example section In the XML example on this page, the whitespace had been stripped out, so there were no spaces between adjacent attribute values or keys. This made it hard to read, though the original formatting allowed for a scroll bar, so the text was not running into the side of the page (compare to https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3847 and https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3850, where the uncorrected formatting forced the text to run into the side menu). * update configure-endpoints-gp.md * Fixed error in registry path and improved description * Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Removing extra line in 25 Suggested by * update windows-analytics-azure-portal.md * re: broken links, credential-guard-considerations Context: * #3513, MVA is being retired and producing broken links * #3860 Microsoft Virtual Academy video links This page contains two links to deprecated video content on Microsoft Virtual Academy (MVA). MVA is being retired. In addition, the Deep Dive course the two links point to is already retired, and no replacement course exists. I removed the first link, as I could not find a similar video available describing which credentials are covered by credential guard. I replaced the second link with a video containing similar material, though it is not a "deep dive". Suggestions on handling this problem, as many pages contain similar links, would be appreciated,. * removed link to retired video re: #3867 Context: * #3513, MVA is being retired and producing broken links * #3867, Microsoft Virtual Academy video links This page contains a broken link to deprecated video content on Microsoft Virtual Academy (MVA). MVA is being retired. In addition, the Deep Dive course is already retired, and no replacement course exists. I removed the whole _See Also_ section, as I could not find a video narrowly or deeply addressing how to protect privelaged users with Credential Guard. The most likely candidate is too short and general: https://www.linkedin.com/learning/cism-cert-prep-1-information-security-governance/privileged-account-management * addressing broken mva links, #3817 Context: * #3513, MVA is being retired and producing broken links * #3817, Another broken link This page contains two links to deprecated video content on Microsoft Virtual Academy (MVA). MVA is being retired. In addition, the Deep Dive course the two links point to is already retired, and no replacement course exists. I removed the first link, as we no longer have a video with similar content for a similar audience. The most likely candidate is https://www.linkedin.com/learning/programming-foundations-web-security-2/types-of-credential-attacks, which is more general and for a less technical audience. I removed the second link and the _See Also_ section, as I could not find a similar video narrowly focused on which credentials are covered by Credential Guard. Most of the related material available now describes how to perform a task. * Update deployment-vdi-windows-defender-antivirus.md * typo fix re: #3876; DMSA -> DSMA * Addressing dead MVA links, #3818 This page, like its fellows in the mva-links label, contains links to a retired video course on a website that is retiring soon. The links listed by the user in issue #3818 were also on several other pages, related to Credentials Guard. These links were addressed in the pull requests #3875, #3872, and #3871 Credentials threat & lateral threat link: removed (see PR #3875 for reasoning) Virtualization link: replaced (see #3871 for reasoning) Credentials protected link: removed (see #3872 for reasoning) * Adding notes for known issue in script Solves #3869 * Updated the download link admx files Windows 10 Added link for April 2018 and Oct 2018 ADMX files. * added event logs path Referenced : https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard * Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md Suggestions applied. Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update deployment-vdi-windows-defender-antivirus.md * screenshot update * Add files via upload * update 4 scrrenshots * Update deployment-vdi-windows-defender-antivirus.md * Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> * Re: #3909 Top link is broken, #3909 > The link here does not work: > Applies to: Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) The link to the pdf describing MDATP was broken. Thankfully, PR #2897 updated the same link in another page some time ago, so I didn't have to go hunting for an equivalent * CI Update * Updated as per task 3405344 * Updated author * Update windows-analytics-azure-portal.md * added the example query * Updated author fields * Update office-csp.md * update video for testing * update video * Update surface-hub-site-readiness-guide.md line 134 Fixed video link MD formatting * fixing video url * updates from Albert * Bulk replaced author to manikadhiman * Bulk replaced ms.author to v-madhi * Latest content is published (#371) * Added 1903 policy DDF link and fixed a typo * Reverted the DDF version * Latest update (#375) * Update deployment-vdi-windows-defender-antivirus.md * Update deployment-vdi-windows-defender-antivirus.md
161 lines
9.4 KiB
Markdown
161 lines
9.4 KiB
Markdown
---
|
||
ms.localizationpriority: medium
|
||
ms.mktglfcycl: deploy
|
||
ms.pagetype: appcompat
|
||
description: Set up and turn on Enterprise Mode logging and data collection in your organization.
|
||
author: lomayor
|
||
ms.prod: ie11
|
||
ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
|
||
ms.reviewer:
|
||
manager: dansimp
|
||
ms.author: lomayor
|
||
title: Set up Enterprise Mode logging and data collection (Internet Explorer 11 for IT Pros)
|
||
ms.sitesec: library
|
||
ms.date: 07/27/2017
|
||
---
|
||
|
||
|
||
# Set up Enterprise Mode logging and data collection
|
||
|
||
**Applies to:**
|
||
|
||
- Windows 10
|
||
- Windows 8.1
|
||
- Windows 7
|
||
- Windows Server 2012 R2
|
||
- Windows Server 2008 R2 with Service Pack 1 (SP1)
|
||
|
||
Using Group Policy, you can turn on Enterprise Mode for Internet Explorer and then you can turn on local user control using the **Let users turn on and use Enterprise Mode from the Tools menu** setting, located in the `Administrative Templates\Windows Components\Internet Explorer` category path. After you turn this setting on, your users can turn on Enterprise Mode locally, from the IE **Tools** menu.
|
||
|
||
|
||
|
||
The **Let users turn on and use Enterprise Mode from the Tools menu** setting also lets you decide where to send the user reports (as a URL). We recommend creating a custom HTTP port 81 to let your incoming user information go to a dedicated site. A dedicated site is important so you can quickly pick out the Enterprise Mode traffic from your other website traffic.
|
||
|
||
|
||
|
||
Getting these reports lets you find out about sites that aren’t working right, so you can add them to your Enterprise Mode site list, without having to locate them all yourself. For more information about creating and using a site list, see the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) topic, based on your operating system.
|
||
|
||
## Using ASP to collect your data
|
||
When you turn logging on, you need a valid URL that points to a server that can be listened to for updates to a user’s registry key. This means you need to set up an endpoint server for the incoming POST messages, which are sent every time the user turns Enterprise Mode on or off from the **Tools** menu.
|
||
|
||
**To set up an endpoint server**
|
||
|
||
1. Configure an IIS server to work with your Enterprise Mode data collection process. If you’re unsure how to set up IIS, see the [IIS installation webpage](https://go.microsoft.com/fwlink/p/?LinkId=507609).
|
||
|
||
2. Open Internet Information Services (IIS) and turn on the ASP components from the **Add Roles and Features Wizard**, **Server Roles** page.<p>
|
||
This lets you create an ASP form that accepts the incoming POST messages.
|
||
|
||
3. Open the Internet Information Services (IIS) Manager, click **Bindings**, highlight **Port 81**, click **Edit**, and then change the website information to point to Port 81 so it matches your custom-created port.
|
||
|
||
|
||
|
||
4. Open the **Logging** feature, pick **W3C** for the format, and click **Select Fields** to open the **W3C Logging Fields** box.
|
||
|
||
|
||
|
||
5. Change the WC3 logging fields to include only the **Date**, **Client IP**, **User Name**, and **URI Query** standard fields, and then click **OK**.<p>
|
||
Using only these fields keeps the log file simple, giving you the date, client IP address, and the website URI information for any site changed by your users.
|
||
|
||
6. Apply these changes to your default website and close the IIS Manager.
|
||
|
||
7. Put your EmIE.asp file into the root of the web server, using this command:
|
||
|
||
```
|
||
<% @ LANGUAGE=javascript %>
|
||
<%
|
||
Response.AppendToLog(" ;" + Request.Form("URL") + " ;" + Request.Form("EnterpriseMode"));
|
||
%>
|
||
```
|
||
This code logs your POST fields to your IIS log file, where you can review all of the collected data.
|
||
|
||
|
||
### IIS log file information
|
||
This is what your log files will look like after you set everything up and at least one of your users has turned on Enterprise Mode locally from the **Tools** menu. You can see the URL of the problematic website and client IP address of the user that turned on Enterprise Mode.
|
||
|
||
|
||
|
||
|
||
## Using the GitHub sample to collect your data
|
||
Microsoft has created the [EMIE-Data-Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) that shows how to collect your Enterprise Mode reports. This sample only shows how to collect data, it doesn’t show how to aggregate the data into your Enterprise Mode site list.<p>
|
||
This sample starts with you turning on Enterprise Mode and logging (either through Group Policy, or by manually setting the EnterpriseMode registry key) so that your users can use Enterprise Mode locally. For the steps to do this, go to [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
|
||
|
||
**Note**<br>If you decide to manually change the registry key, you can change the **Enable** setting to `[deployment url]/api/records/`, which automatically sends your reports to this page.
|
||
|
||
### Setting up, collecting, and viewing reports
|
||
For logging, you’re going to need a valid URL that points to a server that can be listened to for updates to a user’s registry key. This means you need to set up an endpoint server for the incoming POST messages, which are sent every time the user turns Enterprise Mode on or off from the **Tools** menu. These POST messages go into your database, aggregating the report data by URL, giving you the total number of reports where users turned on Enterprise Mode, the total number of reports where users turned off Enterprise Mode, and the date of the last report.
|
||
|
||
**To set up the sample**
|
||
|
||
1. Set up a server to collect your Enterprise Mode information from your users.
|
||
|
||
2. Go to the Internet Explorer/[EMIE-Data_Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) page on GitHub and tap or click the **Download ZIP** button to download the complete project.
|
||
|
||
3. Open Microsoft Visual Studio 2013 with Update 2, and then open the PhoneHomeSample.sln file.
|
||
|
||
4. On the **Build** menu, tap or click **Build Solution**.<p>
|
||
The required packages are automatically downloaded and included in the solution.
|
||
|
||
**To set up your endpoint server**
|
||
|
||
5. Right-click on the name, PhoneHomeSample, and click **Publish**.
|
||
|
||
|
||
|
||
6. In the **Publish Web** wizard, pick the publishing target and options that work for your organization.
|
||
|
||
**Important**<br>
|
||
Make sure you have a database associated with your publishing target. Otherwise, your reports won’t be collected and you’ll have problems deploying the website.
|
||
|
||
|
||
|
||
After you finish the publishing process, you need to test to make sure the app deployed successfully.
|
||
|
||
**To test, deploy, and use the app**
|
||
|
||
7. Open a registry editor on the computer where you deployed the app, go to the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` key, and change the **Enable** string to:
|
||
|
||
``` "Enable"="https://<deploy_URL>/api/records/"
|
||
```
|
||
Where `<deploy_URL>` points to your deployment URL.
|
||
|
||
8. After you’re sure your deployment works, you can deploy it to your users using one of the following:
|
||
|
||
- Turn on the **Let users turn on and use Enterprise Mode from the Tools menu** Group Policy setting, putting your `<deploy_URL>` information into the **Options** box.
|
||
|
||
- Deploy the registry key in Step 3 using System Center or other management software.
|
||
|
||
9. Get your users to visit websites, turning Enterprise Mode on or off locally, as necessary.
|
||
|
||
**To view the report results**
|
||
|
||
- Go to `https://<deploy_URL>/List` to see the report results.<p>
|
||
If you’re already on the webpage, you’ll need to refresh the page to see the results.
|
||
|
||
|
||
|
||
|
||
### Troubleshooting publishing errors
|
||
If you have errors while you’re publishing your project, you should try to update your packages.
|
||
|
||
**To update your packages**
|
||
|
||
1. From the **Tools** menu of Microsoft Visual Studio, click **NuGet Package Manager**, and click **Manage NuGet Packages for Solution**.
|
||
|
||
|
||
|
||
2. Click **Updates** on the left side of the tool, and click the **Update All** button.<p>
|
||
You may need to do some additional package cleanup to remove older package versions.
|
||
|
||
## Related topics
|
||
- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
|
||
- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
|
||
- [What is Enterprise Mode?](what-is-enterprise-mode.md)
|
||
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
|
||
- [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
|
||
|
||
|
||
|
||
|
||
|
||
|