deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 22:07:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/Microsoft/win-cpub-itpro-docs into 8442312

Browse Source
This commit is contained in:
JanKeller1 2016-08-18 15:04:00 -07:00
commit 03a57c99ef
7 changed files with 171 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
browsers/internet-explorer/TOC.md
View File

@ -23,23 +23,23 @@
###[What is Enterprise Mode?](ie11-deploy-guide/what-is-enterprise-mode.md)
###[Set up Enterprise Mode logging and data collection](ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md)
###[Turn on Enterprise Mode and use a site list](ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md)
###[Enterprise Mode schema v.2 guidance for Windows 10 devices](ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md)
###[Enterprise Mode schema v.1 guidance for Windows 7 and Windows 8.1 devices](ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md)
###[Enterprise Mode schema v.2 guidance](ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md)
###[Enterprise Mode schema v.1 guidance](ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md)
###[Check for a new Enterprise Mode site list xml file](ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md)
###[Turn on local control and logging for Enterprise Mode](ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md)
###[Use the Enterprise Mode Site List Manager tool](ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md)
####[Add sites to the Enterprise Mode site list using the Windows 10 Enterprise Mode Site List Manager tool](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
####[Add sites to the Enterprise Mode site list using the Windows 7 and Windows 8.1 Enterprise Mode Site List Manager tool](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
####[Add multiple sites to the Enterprise Mode site list using a file and the Windows 10 Enterprise Mode Site List Manager tool](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
####[Add multiple sites to the Enterprise Mode site list using a file and the Windows 7 and Windows 8.1 Enterprise Mode Site List Manager tool](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
####[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager tool](ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md)
####[Fix validation problems using the Enterprise Mode Site List Manager tool](ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md)
####[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager tool](ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
####[Save your site list to XML in the Enterprise Mode Site List Manager tool](ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md)
####[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager tool](ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md)
####[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager tool](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md)
####[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager tool](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
####[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager tool](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
###[Use the Enterprise Mode Site List Manager](ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md)
####[Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
####[Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
####[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
####[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
####[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md)
####[Fix validation problems using the Enterprise Mode Site List Manager](ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md)
####[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
####[Save your site list to XML in the Enterprise Mode Site List Manager](ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md)
####[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md)
####[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md)
####[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
####[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
###[Using IE7 Enterprise Mode or IE8 Enterprise Mode](ie11-deploy-guide/using-enterprise-mode.md)
###[Fix web compatibility issues using document modes and the Enterprise Mode site list](ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md)
###[Remove sites from a local Enterprise Mode site list](ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md)

2
browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
View File

@ -14,6 +14,8 @@ This topic lists new and updated topics in the Internet Explorer 11 documentatio
## August 2016
|New or changed topic | Description |
|----------------------|-------------|
|[Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
|[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md)|Added the Understanding the returned reason codes section to the topic. |
## July 2016

23
browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
View File

@ -15,8 +15,9 @@ ms.sitesec: library
**Applies to:**
- Windows 8.1
- Windows 7
- Windows 10
- Windows 8.1
- Windows 7
Use the Enterprise Mode Site List Manager (schema v.1) to create and update your Enterprise Mode site list for devices running the v.1 version of the schema, or the Enterprise Mode Site List Manager (schema v.2) to create and update your Enterprise Mode site list for devices running the v.2 version of the schema. We strongly recommend moving to the new schema, v.2. For more info, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
@ -86,7 +87,19 @@ This table includes the elements used by the Enterprise Mode schema.
<emie>
<domain>contoso.com</domain>
</emie>
&lt;/rules>&gt;</pre></td>
&lt;/rules&gt;</pre>
<strong>-or-</strong>
<p>For IPv6 ranges:<pre class="syntax">&lt;rules version="205"&gt;
&lt;emie&gt;
&lt;domain&gt;[10.122.34.99]:8080&lt;/domain&gt;
&lt;/emie&gt;
&lt;/rules&gt;</pre>
<strong>-or-</strong>
<p>For IPv4 ranges:<pre class="syntax">&lt;rules version="205"&gt;
&lt;emie&gt;
&lt;domain&gt;10.122.34.99:8080&lt;/domain&gt;
&lt;/emie&gt;
&lt;/rules&gt;</pre></td>
<td>Internet Explorer 11 and Microsoft Edge</td>
</tr>
<tr>
@ -191,7 +204,6 @@ For example, say you want all of the sites in the contoso.com domain to open usi
We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
- Dont use protocols. For example, `http://`, `https://`, or custom protocols. They break parsing.
- Dont use wildcards.
- Don't use IP Addresses.
- Dont use query strings, ampersands break parsing.
## How to use trailing slashes
@ -283,5 +295,4 @@ If you want to target specific sites in your organization.
<li>contoso.com/about and everything underneath that node will load in Enterprise Mode, including contoso.com/about/business because the last rule is ignored.</li>
</ul>
</td></tr>
</table>
</table>

21
browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
View File

@ -118,7 +118,15 @@ This table includes the elements used by the v.2 version of the Enterprise Mode
&lt;site url="contoso.com"&gt;
&lt;compat-mode&gt;default&lt;/compat-mode&gt;
&lt;open-in&gt;none&lt;/open-in&gt;
&lt;/site&gt;</pre><p>
&lt;/site&gt;</pre>
<strong>-or-</strong>
<p>For IPv4 ranges:<pre class="syntax">&lt;site url="10.122.34.99:8080"&gt;
&lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
&lt;site&gt;</pre><p>
<strong>-or-</strong>
<p>For IPv6 ranges:<pre class="syntax">&lt;site url="[10.122.34.99]:8080"&gt;
&lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
&lt;site&gt;</pre><p>
You can also use the self-closing version, &lt;url="contoso.com" /&gt;, which also sets:
<ul>
<li>&lt;compat-mode&gt;default&lt;/compat-mode&gt;</li>
@ -133,7 +141,15 @@ You can also use the self-closing version, &lt;url="contoso.com" /&gt;, which al
<pre class="syntax">
&lt;site url="contoso.com"&gt;
&lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
&lt;/site&gt;</pre><p>
&lt;/site&gt;</pre>
<strong>-or-</strong>
<p>For IPv4 ranges:<pre class="syntax">&lt;site url="10.122.34.99:8080"&gt;
&lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
&lt;site&gt;</pre><p>
<strong>-or-</strong>
<p>For IPv6 ranges:<pre class="syntax">&lt;site url="[10.122.34.99]:8080"&gt;
&lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
&lt;site&gt;</pre><p>
Where:
<ul>
<li><b>IE8Enterprise.</b> Loads the site in IE8 Enterprise Mode.<br>This element is required for sites included in the <b>EmIE</b> section of the v.1 schema and is needed to load in IE8 Enterprise Mode.</li><p>
@ -260,7 +276,6 @@ We recommend that you not add any of the following items to your schema because
- Dont use protocols. For example, http://, https://, or custom protocols. They break parsing.
- Dont use wildcards.
- Don't use IP Addresses.
- Dont use query strings, ampersands break parsing.
## Related topics

145
windows/keep-secure/active-directory-security-groups.md
View File

@ -172,10 +172,10 @@ The following tables provide descriptions of the default groups that are located
<thead>
<tr class="header">
<th>Default Security Group</th>
<th>Windows Server 2016</th>
<th>Windows Server 2012 R2</th>
<th>Windows Server 2012</th>
<th>Windows Server 2008 R2</th>
<th>Windows Server 2008</th>
</tr>
</thead>
<tbody>
@ -183,7 +183,7 @@ The following tables provide descriptions of the default groups that are located
<td><p>[Access Control Assistance Operators](#bkmk-acasstops)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p></p></td>
<td><p>Yes</p></td>
<td><p></p></td>
</tr>
<tr class="even">
@ -232,7 +232,7 @@ The following tables provide descriptions of the default groups that are located
<td><p>[Cloneable Domain Controllers](#bkmk-cloneabledomaincontrollers)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p></p></td>
<td><p>Yes</p></td>
<td><p></p></td>
</tr>
<tr class="odd">
@ -327,7 +327,7 @@ The following tables provide descriptions of the default groups that are located
<td><p>Yes</p></td>
</tr>
<tr class="even">
<td><p>[Group Policy Creators Owners](#bkmk-gpcreatorsowners)</p></td>
<td><p>[Group Policy Creator Owners](#bkmk-gpcreatorsowners)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
@ -344,7 +344,7 @@ The following tables provide descriptions of the default groups that are located
<td><p>[Hyper-V Administrators](#bkmk-hypervadministrators)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p></p></td>
<td><p>Yes</p></td>
<td><p></p></td>
</tr>
<tr class="odd">
@ -362,143 +362,164 @@ The following tables provide descriptions of the default groups that are located
<td><p>Yes</p></td>
</tr>
<tr class="odd">
<td><p>[Key Admins](#key-admins)</p></td>
<td><p>Yes</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="even">
<td><p>[Network Configuration Operators](#bkmk-networkcfgoperators)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="even">
<tr class="odd">
<td><p>[Performance Log Users](#bkmk-perflogusers)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="odd">
<tr class="even">
<td><p>[Performance Monitor Users](#bkmk-perfmonitorusers)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="even">
<tr class="odd">
<td><p>[PreWindows 2000 Compatible Access](#bkmk-pre-ws2kcompataccess)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="odd">
<tr class="even">
<td><p>[Print Operators](#bkmk-printoperators)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="even">
<tr class="odd">
<td><p>[Protected Users](#bkmk-protectedusers)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="odd">
<tr class="even">
<td><p>[RAS and IAS Servers](#bkmk-rasandias)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="even">
<tr class="odd">
<td><p>[RDS Endpoint Servers](#bkmk-rdsendpointservers)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="odd">
<td><p>[RDS Management Servers](#bkmk-rdsmanagementservers)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="even">
<td><p>[RDS Remote Access Servers](#bkmk-rdsremoteaccessservers)</p></td>
<td><p>[RDS Management Servers](#bkmk-rdsmanagementservers)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="odd">
<td><p>[RDS Remote Access Servers](#bkmk-rdsremoteaccessservers)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p></p></td>
</tr>
<tr class="even">
<td><p>[Read-only Domain Controllers](#bkmk-rodc)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="even">
<tr class="odd">
<td><p>[Remote Desktop Users](#bkmk-remotedesktopusers)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="odd">
<tr class="even">
<td><p>[Remote Management Users](#bkmk-remotemanagementusers)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p></p></td>
<td><p>Yes</p></td>
<td><p></p></td>
</tr>
<tr class="even">
<tr class="odd">
<td><p>[Replicator](#bkmk-replicator)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="odd">
<tr class="even">
<td><p>[Schema Admins](#bkmk-schemaadmins)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="even">
<tr class="odd">
<td><p>[Server Operators](#bkmk-serveroperators)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="even">
<td><p>[Storage Replica Administrators](#storage-replica-administrators)</p></td>
<td><p>Yes</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="odd">
<td><p>[System Managed Accounts Group](#system-managed-accounts-group)</p></td>
<td><p>Yes</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="even">
<td><p>[Terminal Server License Servers](#bkmk-terminalserverlic)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="even">
<tr class="odd">
<td><p>[Users](#bkmk-users)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="odd">
<tr class="even">
<td><p>[Windows Authorization Access Group](#bkmk-winauthaccess)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="even">
<tr class="odd">
<td><p>[WinRMRemoteWMIUsers_](#bkmk-winrmremotewmiusers-)</p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p></p></td>
<td><p>Yes</p></td>
<td><p>Yes</p></td>
<td><p></p></td>
</tr>
</tbody>
@ -2196,7 +2217,24 @@ This security group has not changed since Windows Server 2008.
</tbody>
</table>
 
### Key Admins
Members of this group can perform administrative actions on key objects within the domain.
The Key Admins group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
| Attribute | Value |
|-----------|-------|
| Well-Known SID/RID | S-1-5-21-4195037842-338827918-94892514-526 |
| Type | Global |
| Default container | CN=Users, DC=&lt;domain&gt;, DC= |
| Default members | None |
| Default member of | None |
| Protected by ADMINSDHOLDER? | No |
| Safe to delegate management of this group to non-Service admins? | No |
| Default User Rights | None |
<!-- WHEN MORE INFO IS AVAILABLE, ADD LINES to the above table -- a line under the ADMINSDHOLDER line, "Safe to move out of default container?" -->
### <a href="" id="bkmk-networkcfgoperators"></a>Network Configuration Operators
@ -3299,7 +3337,44 @@ This security group has not changed since Windows Server 2008.
</tbody>
</table>
 
### Storage Replica Administrators
Members of this group have complete and unrestricted access to all features of Storage Replica.
The Storage Replica Administrators group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
| Attribute | Value |
|-----------|-------|
| Well-Known SID/RID | S-1-5-32-582 |
| Type | BuiltIn Local |
| Default container | CN=BuiltIn, DC=&lt;domain&gt;, DC= |
| Default members | None |
| Default member of | None |
| Protected by ADMINSDHOLDER? | No |
| Safe to delegate management of this group to non-Service admins? | No |
| Default User Rights | None |
<!-- WHEN MORE INFO IS AVAILABLE, ADD LINES to the above table -- a line under the ADMINSDHOLDER line, "Safe to move out of default container?" -->
### System Managed Accounts Group
Members of this group are managed by the system.
The System Managed Accounts group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
| Attribute | Value |
|-----------|-------|
| Well-Known SID/RID | S-1-5-32-581 |
| Type | BuiltIn Local |
| Default container | CN=BuiltIn, DC=&lt;domain&gt;, DC= |
| Default members | Users |
| Default member of | None |
| Protected by ADMINSDHOLDER? | No |
| Safe to delegate management of this group to non-Service admins? | No |
| Default User Rights | None |
<!-- WHEN MORE INFO IS AVAILABLE, ADD LINES to the above table -- a line under the ADMINSDHOLDER line, "Safe to move out of default container?" -->
### <a href="" id="bkmk-terminalserverlic"></a>Terminal Server License Servers

7
windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
View File

@ -26,7 +26,7 @@ The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to repo
The embedded Windows Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Windows Defender ATP cloud service.
The WinHTTP configuration setting is independent of the Windows Internet (WinINet) internet browsing proxy settings and can only discover a proxy server by using the following discovery methods:
The WinHTTP configuration setting is independent of the Windows Internet (WinINet) internet browsing proxy settings and can only discover a proxy server by using the following discovery method:
- Configure the proxy server manually using a static proxy
@ -47,7 +47,6 @@ For example: 10.0.0.6:8080
If the static proxy settings are configured after onboarding, then you must restart the PC to apply the proxy settings.
## Enable access to Windows Defender ATP service URLs in the proxy server
If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service in port 80 and 443:
Primary Domain Controller | .Microsoft.com DNS record
@ -60,6 +59,10 @@ Primary Domain Controller | .Microsoft.com DNS record
<br>
If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the above listed URLs.
If you selected US as your region, you should permit anonymous traffic for URLs listed in both Central US and East US (2).
If you selected EU as your region, you should permit anonymous traffic for URLs listed in both West Europe and North Europe.
## Verify client connectivity to Windows Defender ATP service URLs

5
windows/keep-secure/microsoft-passport-guide.md
View File

@ -16,7 +16,10 @@ localizationpriority: high
**Applies to**
- Windows 10
This guide describes the new Windows Hello and Microsoft Passport technologies that are part of the Windows 10 operating system. It highlights specific capabilities of these technologies that help mitigate threats from conventional credentials and provides guidance about how to design and deploy these technologies as part of your Windows 10 rollout.
This guide describes the new Windows Hello and Microsoft Passport technologies that are part of the Windows 10, version 1511 operating system. It highlights specific capabilities of these technologies that help mitigate threats from conventional credentials and provides guidance about how to design and deploy these technologies as part of your Windows 10 rollout.
>[!NOTE]
>For information about Windows Hello for Business in Windows 10, version 1607, see [Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md).
A fundamental assumption about information security is that a system can identify whos using it. In identifying a user, the system can decide whether the user has identified himself or herself appropriately (a process known as authentication), and then determine what that properly authenticated user should be able to do (a process known as authorization). The overwhelming majority of computer systems deployed throughout the world depend on user credentials as a means of making authentication and authorization decisions, and that means that these systems depend on reusable, user-created passwords for their security. The oft-cited maxim that authentication can involve “something you know, something you have, or something you are” neatly highlights the issue: a reusable password is an authentication factor all by itself, so anyone who knows the password can impersonate the user who owns it.