Merge branch 'master' of https://cpubwin.visualstudio.com/it-client/_git/it-client

2025-05-15 23:07:23 +00:00 · 2019-01-18 09:14:35 -08:00 · 2019-01-18 09:14:35 -08:00 · 013616be77
commit 013616be77
parent ac032e732d 13112e3a20
10 changed files with 60 additions and 46 deletions
--- a/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md
+++ b/mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md
@ -13,32 +13,37 @@ ms.date: 2/16/2018
 # Upgrading to MBAM 2.5 SP1 from MBAM 2.5
 This topic describes the process for upgrading the Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 and the MBAM Client from 2.5 to MBAM 2.5 SP1.
-### Before you begin, download the September 2017 servicing release
+### Before you begin
-[Desktop Optimization Pack](https://www.microsoft.com/en-us/download/details.aspx?id=56126)
+#### Download the July 2018 servicing release
 [Desktop Optimization Pack](https://www.microsoft.com/download/details.aspx?id=57157)
 #### Verify the installation documentaion
 Verify you have a current documentation of your MBAM environment, including all server names, database names, service accounts and their passwords.
 ### Upgrade steps
 #### Steps to upgrade the MBAM Database (SQL Server)
-1. Using the MBAM Configurator; remove the Reports roll from the SQL server, or wherever the SSRS database is housed (Could be on the same server or  different one, depending on your environment)
+1. Using the MBAM Configurator; remove the Reports role from the SQL server, or wherever the SSRS database is hosted. Depending on your environment, this can be the same server or a separate one.
 Note: You will not see an option to remove the Databases; this is expected.  
 2. Install 2.5 SP1 (Located with MDOP - Microsoft Desktop Optimization Pack 2015 from the Volume Licensing Service Center site:  <https://www.microsoft.com/Licensing/servicecenter/default.aspx>
 3. Do not configure it at this time 
-4. Install the September Rollup: https://www.microsoft.com/en-us/download/details.aspx?id=56126
+4. Install the July 2018 Rollup: https://www.microsoft.com/download/details.aspx?id=57157
-5. Using the MBAM Configurator; re-add the Reports rollup
+5. Using the MBAM Configurator; re-add the Reports role
 6. This will configure the SSRS connection using the latest MBAM code from the rollup 
-7. Using the MBAM Configurator; re-add the SQL Database roll on the SQL Server.
+7. Using the MBAM Configurator; re-add the SQL Database role on the SQL Server.
- At the end, you will be warned that the DBs already exist and  weren’t created, but this is  expected.
+- At the end, you will be warned that the DBs already exist and  weren’t created, but this is expected.
 - This process updates the existing databases to the current version  being installed                  
 #### Steps to upgrade the MBAM Server (Running MBAM and IIS)
 1. Using the MBAM Configurator; remove the Admin and Self Service Portals from  the IIS server
 2. Install MBAM 2.5 SP1
 3. Do not configure it at this time  
-4. Install the September 2017 Rollup on the IIS server(https://www.microsoft.com/en-us/download/details.aspx?id=56126)
+4. Install the July 2018 Rollup on the IIS server(https://www.microsoft.com/download/details.aspx?id=57157)
 5. Using the MBAM Configurator; re-add the Admin and Self Service Portals to the IIS server 
-6. This will configure the sites using the latest MBAM code from the June  Rollup
+6. This will configure the sites using the latest MBAM code from the July 2018 Rollup
 - Open an elevated command prompt, Type: **IISRESET** and Hit Enter.
 #### Steps to upgrade the MBAM Clients/Endpoints
 1. Uninstall the 2.5 Agent from client endpoints
 2. Install the 2.5 SP1 Agent on the client endpoints
-3. Push out the September Rollup Client update to clients running the 2.5 SP1 Agent 
+3. Push out the July 2018 Rollup Client update to clients running the 2.5 SP1 Agent 
-4. There is no need to uninstall existing client prior to installing the September Rollup.  
+4. There is no need to uninstall the existing client prior to installing the July 2018 Rollup.  
--- a/windows/deployment/deploy-m365.md
+++ b/windows/deployment/deploy-m365.md
@ -59,7 +59,7 @@ Examples of these two deployment advisors are shown below.
 ## Related Topics
 [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)<br>
-[Modern Destop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home)
+[Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home)
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
@ -76,7 +76,7 @@ This section will show you how to populate the MDT deployment share with the Win
 MDT supports adding both full source Windows 10 DVDs (ISOs) and custom images that you have created. In this case, you create a reference image, so you add the full source setup files from Microsoft.
->[!OTE]  
+>[!NOTE]  
 >Due to the Windows limits on path length, we are purposely keeping the operating system destination directory short, using the folder name W10EX64RTM rather than a more descriptive name like Windows 10 Enterprise x64 RTM.
 ### Add Windows 10 Enterprise x64 (full source)
@ -134,8 +134,8 @@ You also can customize the Office installation using a Config.xml file. But we r
    Figure 5. The Install - Microsoft Office 2013 Pro Plus - x86 application properties.
-    **Note**  
+    >[!NOTE] 
-    If you don't see the Office Products tab, verify that you are using a volume license version of Office. If you are deploying Office 365, you need to download the Admin folder from Microsoft.
+    >If you don't see the Office Products tab, verify that you are using a volume license version of Office. If you are deploying Office 365, you need to download the Admin folder from Microsoft.
 3.  In the Office Customization Tool dialog box, select the Create a new Setup customization file for the following product option, select the Microsoft Office Professional Plus 2013 (32-bit) product, and click OK.
 4.  Use the following settings to configure the Office 2013 setup to be fully unattended:
@ -156,8 +156,8 @@ You also can customize the Office installation using a Config.xml file. But we r
        -   In the **Microsoft Office 2013** node, expand **Privacy**, select **Trust Center**, and enable the Disable Opt-in Wizard on first run setting.
 5.  From the **File** menu, select **Save**, and save the configuration as 0\_Office2013ProPlusx86.msp in the **E:\\MDTBuildLab\\Applications\\Install - Microsoft Office 2013 Pro Plus - x86\\Updates** folder.
-    **Note**  
+    >[!NOTE] 
-    The reason for naming the file with a 0 (zero) at the beginning is that the Updates folder also handles Microsoft Office updates, and they are installed in alphabetical order. The Office 2013 setup works best if the customization file is installed before any updates.
+    >The reason for naming the file with a 0 (zero) at the beginning is that the Updates folder also handles Microsoft Office updates,          and they are installed in alphabetical order. The Office 2013 setup works best if the customization file is installed before any updates.
 6.  Close the Office Customization Tool, click Yes in the dialog box, and in the **Install - Microsoft Office 2013 Pro Plus - x86 Properties** window, click **OK**.
@ -333,8 +333,8 @@ The steps below walk you through the process of editing the Windows 10 referenc
        2.  Select the operating system for which roles are to be installed: Windows 10
        3.  Select the roles and features that should be installed: .NET Framework 3.5 (includes .NET 2.0 and 3.0)
-        **Important**  
+        >[!IMPORTANT]
-        This is probably the most important step when creating a reference image. Many applications need the .NET Framework, and we strongly recommend having it available in the image. The one thing that makes this different from other components is that .NET Framework 3.5.1 is not included in the WIM file. It is installed from the **Sources\\SxS** folder on the media, and that makes it more difficult to add after the image has been deployed.
+        >This is probably the most important step when creating a reference image. Many applications need the .NET Framework, and we strongly recommend having it available in the image. The one thing that makes this different from other components is that .NET Framework 3.5.1 is not included in the WIM file. It is installed from the **Sources\\SxS** folder on the media, and that makes it more difficult to add after the image has been deployed.
        ![figure 7](../images/fig8-cust-tasks.png)
@ -456,8 +456,8 @@ For that reason, add only a minimal set of rules to Bootstrap.ini, such as which
    Figure 12. The boot image rules for the MDT Build Lab deployment share.
-    **Note**  
+    >[!NOTE]  
-    For security reasons, you normally don't add the password to the Bootstrap.ini file; however, because this deployment share is for creating reference image builds only, and should not be published to the production network, it is acceptable to do so in this situation.
+    >For security reasons, you normally don't add the password to the Bootstrap.ini file; however, because this deployment share is for creating reference image builds only, and should not be published to the production network, it is acceptable to do so in this situation.
 4.  In the **Windows PE** tab, in the **Platform** drop-down list, select **x86**.
 5.  In the **Lite Touch Boot Image Settings** area, configure the following settings:
@ -514,8 +514,8 @@ So, what are these settings?
 -   **DeployRoot.** This is the location of the deployment share. Normally, this value is set by MDT, but you need to update the DeployRoot value if you move to another server or other share. If you don't specify a value, the Windows Deployment Wizard prompts you for a location.
 -   **UserDomain, UserID, and UserPassword.** These values are used for automatic log on to the deployment share. Again, if they are not specified, the wizard prompts you.
-    **Note**  
+    >[!WARNING]  
-    Caution is advised. These values are stored in clear text on the boot image. Use them only for the MDT Build Lab deployment share and not for the MDT Production deployment share that you learn to create in the next topic.
+    >Caution is advised. These values are stored in clear text on the boot image. Use them only for the MDT Build Lab deployment share and not for the MDT Production deployment share that you learn to create in the next topic.
 -   **SkipBDDWelcome.** Even if it is nice to be welcomed every time we start a deployment, we prefer to skip the initial welcome page of the Windows Deployment Wizard.
--- a/windows/deployment/update/windows-as-a-service.md
+++ b/windows/deployment/update/windows-as-a-service.md
@ -6,6 +6,7 @@ ms.topic: landing-page
 ms.manager: elizapo
 author: lizap
 ms.author: elizapo  
 ms.date: 01/17/2019
 ms.localizationpriority: high
 ---
 # Windows as a service
@ -16,13 +17,14 @@ Find the tools and resources you need to help deploy and support Windows as a se
 Find the latest and greatest news on Windows 10 deployment and servicing.
-**Windows 10 monthly updates**
+**Working to WIndows updates clear and transparent**
-> [!VIDEO https://www.youtube-nocookie.com/embed/BwB10v55WSk]      
+> [!VIDEO https://www.youtube-nocookie.com/embed/u5P20y39DrA]
-Windows 10 is the most secure version of Windows yet. Learn what updates we release and when we release them, so you understand the efforts we take to keep your digital life safe and secure.
+Everyone wins when transparency is a top priority. We want you to know when updates are available, as well as alert you to any potential issues you may encounter during or after you install an update. The Windows update history page is for anyone looking to gain an immediate, precise understanding of particular Windows update issues. 
 The latest news:
 <ul compact style="list-style: none"> 
 <li><a href="https://blogs.windows.com/windowsexperience/2019/01/15/application-compatibility-in-the-windows-ecosystem/#A8urpp1QEp6DHzmP.97">Application compatibility in the Windows ecosystem</a> - January 15, 2019</li>
 <li><a href="https://blogs.windows.com/windowsexperience/2018/12/10/windows-monthly-security-and-quality-updates-overview/#UJJpisSpvyLokbHm.97">Windows monthly security and quality updates overview</a> - January 10, 2019</li>
 <li><a href="https://blogs.windows.com/windowsexperience/2018/12/19/driver-quality-in-the-windows-ecosystem/#ktuodfovWAMAkssM.97">Driver quality in the Windows ecosystem</a> - December 19, 2018</li>
 <li><a href="http://m365mdp.mpsn.libsynpro.com/001-windows-10-monthly-quality-updates">Modern Desktop Podcast - Episode 001 – Windows 10 Monthly Quality Updates</a> - December 18, 2018</li>
@ -40,6 +42,7 @@ The latest news:
 <li><a href="https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop/">Helping customers shift to a modern desktop</a> - September 6, 2018</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-amp-Windows-Analytics-a-real-world/ba-p/242417#M228">Windows Update for Business & Windows Analytics: a real-world experience</a> - September 5, 2018</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-next-for-Windows-10-and-Windows-Server-quality-updates/ba-p/229461">What's next for Windows 10 and Windows Server quality updates</a> - August 16, 2018
 <li><a href="https://www.youtube-nocookie.com/watch/BwB10v55WSk">Windows 10 monthly updates</a> - August 1, 2018 (**video**)</li>
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376">Windows 10 update servicing cadence</a> - August 1, 2018
 <li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426">Windows 10 quality updates explained and the end of delta updates</a> - July 11, 2018
 <li><a href="https://blogs.windows.com/windowsexperience/2018/06/14/ai-powers-windows-10-april-2018-update-rollout/#67LrSyWdwgTyciSG.97">AI Powers Windows 10 April 2018 Update Rollout</a> - June 14, 2018
--- a/windows/deployment/windows-autopilot/bitlocker.md
+++ b/windows/deployment/windows-autopilot/bitlocker.md
@ -18,23 +18,28 @@ With Windows Autopilot, you can configure the BitLocker encryption settings to b
 The BitLocker encryption algorithm is used when BitLocker is first enabled, and sets the strength to which full volume encryption should occur. Available encryption algorithms are: AES-CBC 128-bit, AES-CBC 256-bit, XTS-AES 128-bit or XTS-AES 256-bit encryption. The default value is XTS-AES 128-bit encryption. See [BitLocker CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/bitlocker-csp) for information about the recommended encryption algorithms to use.
 An example of encryption settings is shown below.
   ![BitLocker encryption settings](images/bitlocker-encryption.png)
 Note that a device which is encrypted automatically will need to be decrypted prior to changing the encyption algorithm.
 To ensure the desired BitLocker encryption algorithm is set before automatic encryption occurs for Autopilot devices:
 1. Configure the [encryption method settings](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-encryption) in the Windows 10 Endpoint Protection profile to the desired encryption algorithm. 
 2. [Assign the policy](https://docs.microsoft.com/intune/device-profile-assign) to your Autopilot device group. 
    - **IMPORTANT**: The encryption policy must be assigned to **devices** in the group, not users.
-3. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices. This is a critical step because if the ESP is not enabled, the policy will not apply when the device boots.
+3. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices. 
- 
+    - **IMPORTANT**: If the ESP is not enabled, the policy will not apply before encryption starts.
 An example of Microsoft Intune Windows Encryption settings is shown below.
   ![BitLocker encryption settings](images/bitlocker-encryption.png)
 Note that a device which is encrypted automatically will need to be decrypted prior to changing the encyption algorithm.
 The settings are available under Device Configuration -> Profiles -> Create profile -> Platform = Windows 10 and later, Profile type = Endpoint protection -> Configure -> Windows Encryption -> BitLocker base settings, Configure encryption methods = Enable.
 Note: It is also recommended to set Windows Encryption -> Windows Settings -> Encrypt = **Require**.
 ## Requirements
 Windows 10, version 1809 or later.
 ## See also
-[Bitlocker overview](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview)
+[Bitlocker overview](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview)
--- a/windows/deployment/windows-autopilot/images/bitlocker-encryption.png
+++ b/windows/deployment/windows-autopilot/images/bitlocker-encryption.png
--- a/windows/privacy/Microsoft-DiagnosticDataViewer.md
+++ b/windows/privacy/Microsoft-DiagnosticDataViewer.md
@ -148,6 +148,9 @@ By default, the tool will show you up to 1GB or 30 days of data (whichever comes
   >[!IMPORTANT]
   >Modifying the maximum amount of diagnostic data viewable by the tool may come with performance impacts to your machine.
   >[!IMPORTANT]
   >If you modify the maximum data history size from a larger value to a lower value, you must turn off data viewing and turn it back on in order to reclaim disk space. 
 You can change the maximum data history size (in megabytes) that you can view. For example, to set the maximum data history size to 2048MB (2GB), you can run the following command. 
 ```powershell
@ -174,6 +177,7 @@ To reset the maximum data history size back to its original 1GB default value, r
 PS C:\> Set-DiagnosticStoreCapacity -Size 1024 -Time 720 
 ```
 When resetting the size of your data history to a lower value, be sure to turn off data viewing and turn it back on in order to reclaim disk space.
 ## Related Links
 - [Module in PowerShell Gallery](https://www.powershellgallery.com/packages/Microsoft.DiagnosticDataViewer)
--- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
@ -10,7 +10,6 @@ ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
 ms.localizationpriority: medium
 ms.date: 10/03/2018
 ---
 # Onboard non-Windows machines
@ -37,7 +36,7 @@ You'll need to take the following steps to onboard non-Windows machines:
 1. In the navigation pane, select **Settings** > **Onboarding**. Make sure the third-party solution is listed.
-2. 	Select Mac and Linux as the operating system.
+2. 	Select **Linux, macOS, iOS and Android** as the operating system.
 3. Turn on the third-party solution integration.
--- a/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/user-roles-windows-defender-advanced-threat-protection.md
@ -1,6 +1,6 @@
 ---
 title: Create and manage roles for role-based access control
-description: Create roles and define the permissions assigned to the role as part of the role-based access control implimentation 
+description: Create roles and define the permissions assigned to the role as part of the role-based access control implementation 
 keywords: user roles, roles, access rbac
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@ -11,7 +11,6 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: medium
 ms.date: 09/03/2018
 ---
 # Create and manage roles for role-based access control
@ -25,7 +24,7 @@ ms.date: 09/03/2018
 ## Create roles and assign the role to an Azure Active Directory group
 The following steps guide you on how to create roles in Windows Defender Security Center. It assumes that you have already created Azure Active Directory user groups.
-1.	In the navigation pane, select **Settings > Role based access control > Roles**.
+1.	In the navigation pane, select **Settings > Roles**.
 2.	Click **Add role**. 
@ -37,9 +36,8 @@ The following steps guide you on how to create roles in Windows Defender Securit
 	 - **Permissions**
 		  - **View data** - Users can view information in the portal.
-		  - **Investigate alerts** - Users can manage alerts, initiate automated investigations, collect investigation packages, manage machine tags, and export machine timeline.
+		  - **Alerts investigation** - Users can manage alerts, initiate automated investigations, collect investigation packages, manage machine tags, and export machine timeline.
-		  - **Approve or take action** - Users can take response actions and approve or dismiss pending remediation actions.
+		  - **Active remediation actions** - Users can take response actions and approve or dismiss pending remediation actions.
 		  - **Manage system settings** - Users can configure settings, SIEM and threat intel API settings, advanced settings, preview features, and automated file uploads.
 		  - **Manage security settings** - Users can configure alert suppression settings, manage allowed/blocked lists for automation, manage folder exclusions for automation, onboard and offboard machines, and manage email notifications.
 4.	Click **Next** to assign the role to an Azure AD group.
--- a/windows/whats-new/whats-new-windows-10-version-1809.md
+++ b/windows/whats-new/whats-new-windows-10-version-1809.md
@ -65,7 +65,7 @@ This feature will soon be enabled on Olympia Corp as an optional feature.
 ####  Delivering BitLocker policy to AutoPilot devices during OOBE 
-You can choose which encryption algorithm to apply automatic BitLocker encryption to capable devices, rather than automatically having those devices encrypt themselves with the default algorithm. This allows the encryption algorithm (and other BitLocker policies that must be applied prior to encryption), to be delivered before automatic BitLocker encryption begins. 
+You can choose which encryption algorithm to apply to BitLocker encryption capable devices, rather than automatically having those devices encrypt themselves with the default algorithm. This allows the encryption algorithm (and other BitLocker policies that must be applied prior to encryption), to be delivered before BitLocker encryption begins. 
 For example, you can choose the XTS-AES 256 encryption algorithm, and have it applied to devices that would normally encrypt themselves automatically with the default XTS-AES 128 algorithm during OOBE.
@ -74,8 +74,8 @@ To achieve this:
 1. Configure the [encryption method settings](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-encryption) in the Windows 10 Endpoint Protection profile to the desired encryption algorithm. 
 2. [Assign the policy](https://docs.microsoft.com/intune/device-profile-assign) to your Autopilot device group. 
    - **IMPORTANT**: The encryption policy must be assigned to **devices** in the group, not users.
-1. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices. This is also important because if the ESP is not enabled, the policy will not apply when the device boots.
+3. Enable the Autopilot [Enrollment Status Page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status) (ESP) for these devices. 
-
+    - **IMPORTANT**: If the ESP is not enabled, the policy will not apply before encryption starts.
 ### Windows Defender Application Guard Improvements