diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 8eed696dd9..637e02d729 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -61,7 +61,7 @@ Here are the provisioned Windows apps in Windows 10 versions 1703, 1709, 1803 an | Microsoft.OneConnect | [Paid Wi-Fi & Cellular](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No | | Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No | | Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.SkreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | | | x | No | +| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | | | x | No | | Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No | | Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No | | Microsoft.VP9VideoExtensions | | | | | x | No | @@ -181,4 +181,4 @@ Here are the typical installed Windows apps in Windows 10 versions 1709, 1803, a | | Microsoft.VCLibs.140.00 | x | x | x | Yes | | | Microsoft.VCLibs.120.00.Universal | x | | | Yes | | | Microsoft.VCLibs.140.00.UWPDesktop | | x | | Yes | ---- \ No newline at end of file +--- diff --git a/windows/client-management/mdm/windowssecurityauditing-csp.md b/windows/client-management/mdm/windowssecurityauditing-csp.md index c7ebdf2171..74aa8f8b40 100644 --- a/windows/client-management/mdm/windowssecurityauditing-csp.md +++ b/windows/client-management/mdm/windowssecurityauditing-csp.md @@ -13,7 +13,7 @@ ms.date: 06/26/2017 # WindowsSecurityAuditing CSP -The WindowsSecurityAuditing configuration service provider (CSP) is used to enable logging of security audit events. This CSP was added in Windows 10, version 1511. +The WindowsSecurityAuditing configuration service provider (CSP) is used to enable logging of security audit events. This CSP was added in Windows 10, version 1511 for Mobile and Mobile Enterprise. Make sure to consult the [Configuration service provider reference](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference) to see if this CSP and others are supported on your Windows installation. The following diagram shows the WindowsSecurityAuditing configuration service provider in tree format. diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md index 289b0b5793..a966f7ad8e 100644 --- a/windows/deployment/upgrade/log-files.md +++ b/windows/deployment/upgrade/log-files.md @@ -55,7 +55,7 @@ Event logs: Generic rollbacks (0xC1900101) or unexpected reboots. ## Log entry structure -A setupact.log or setuperr.log (files are located at C:\Windows) entry includes the following elements: +A setupact.log or setuperr.log entry (files are located at C:\Windows) includes the following elements:
  1. The date and time - 2016-09-08 09:20:05. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index 461d86ca82..5350a7e35a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -59,7 +59,7 @@ The remainder of the provisioning includes Windows Hello for Business requesting > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization. > [!NOTE] -> Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889) provides synchronous certificate enrollment during hybrid certificate trust provisioning. With this update, users no longer need to wait for Azure AD Connect to sync their public key on-premises. Users enroll their certificate during provisioning and can use the certificate for sign-in immediately after completeling the provisioning. +> Windows Server 2016 update [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889) provides synchronous certificate enrollment during hybrid certificate trust provisioning. With this update, users no longer need to wait for Azure AD Connect to sync their public key on-premises. Users enroll their certificate during provisioning and can use the certificate for sign-in immediately after completeling the provisioning. The update needs to be installed on the federation servers. After a successful key registration, Windows creates a certificate request using the same key pair to request a certificate. Windows send the certificate request to the AD FS server for certificate enrollment. diff --git a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md index a7425d8dc2..06d22fc8d2 100644 --- a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md +++ b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md @@ -44,7 +44,7 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Use ### Default values -By default this setting is Administrators on domain controllers and on stand-alone servers. +By default, this setting is Administrators and NT SERVICE\WdiServiceHost on domain controllers and on stand-alone servers. The following table lists the actual and effective default policy values for the most recent supported versions of Windows. Default values are also listed on the policy’s property page. diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index 8522325f19..8b6d1d2ef7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: medium author: jsuther1974 -ms.date: 08/31/2018 +ms.date: 04/09/2019 --- # Microsoft recommended block rules @@ -76,7 +76,13 @@ These modules cannot be blocked by name or version, and therefore must be blocke For October 2017, we are announcing an update to system.management.automation.dll in which we are revoking older versions by hash values, instead of version rules. -Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet: +Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet. Beginning with the March 2019 quality update, each version of Windows requires blocking a specific version of the following files: + +- msxml3.dll +- msxml6.dll +- jscript9.dll + +Pick the correct version of each .dll for the Windows release you plan to support, and remove the other versions. ```xml @@ -137,7 +143,35 @@ Microsoft recommends that you block the following Microsoft-signed applications - + + + + + + + + --> + + + + --> + + + + --> + + + + --> + + + + --> @@ -842,8 +876,11 @@ Microsoft recommends that you block the following Microsoft-signed applications - - + + + + +