From a41e782b47ed3f7049dd009ed53528422d4329fb Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 23 Nov 2022 01:57:13 +0530 Subject: [PATCH 1/4] Update enable-virtualization-based-protection-of-code-integrity.md Made changes to the document as *Win32\_DeviceGuard* WMI class is available in Win 11 pro. @vinaypamnani-msft I have not been able to check with win10 pro though. However, the user states that it appears to be present. fixes #https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10998 --- .../enable-virtualization-based-protection-of-code-integrity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index 634bbc6d29..8e5b846c1c 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -205,7 +205,7 @@ Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windo ``` > [!NOTE] -> The *Win32\_DeviceGuard* WMI class is only available on the Enterprise edition of Windows 10 and Windows 11. +> The *Win32\_DeviceGuard* WMI class is only available on the Professional & Enterprise edition of Windows 10 and Windows 11. > [!NOTE] > Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1803 and Windows 11 version 21H2. From e0b4a3aab67721d90ed68cb9bcc35900ccdbb93a Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 23 Nov 2022 16:51:17 +0530 Subject: [PATCH 2/4] Update windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../enable-virtualization-based-protection-of-code-integrity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index 8e5b846c1c..1078f160f2 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -205,7 +205,7 @@ Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windo ``` > [!NOTE] -> The *Win32\_DeviceGuard* WMI class is only available on the Professional & Enterprise edition of Windows 10 and Windows 11. +> The *Win32\_DeviceGuard* WMI class is only available on the Professional and Enterprise editions of Windows 10 and Windows 11. > [!NOTE] > Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1803 and Windows 11 version 21H2. From e82efe9be8ea6fde8d48c296169a03764d8de90d Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 23 Nov 2022 17:00:33 +0530 Subject: [PATCH 3/4] Update hello-deployment-rdp-certs.md Made changes to Subject Alternative Name fixes #https://github.com/MicrosoftDocs/windows-itpro-docs/issues/11053 --- .../hello-for-business/hello-deployment-rdp-certs.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md index 282264de1e..62a2a4eb41 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md @@ -139,7 +139,7 @@ This section describes how to configure a SCEP policy in Intune. Similar steps c | --- | --- | |*Certificate Type*| User | |*Subject name format* | `CN={{UserPrincipalName}}` | - |*Subject alternative name* |From the dropdown, select **User principal name (UPN)** with a value of `CN={{UserPrincipalName}}` + |*Subject alternative name* |From the dropdown, select **User principal name (UPN)** with a value of `{{UserPrincipalName}}` |*Certificate validity period* | Configure a value of your choosing| |*Key storage provider (KSP)* | **Enroll to Windows Hello for Business, otherwise fail (Windows 10 and later)** |*Key usage*| **Digital Signature**| @@ -198,4 +198,4 @@ After obtaining a certificate, users can RDP to any Windows devices in the same [MEM-5]: /mem/intune/protect/certificates-trusted-root [MEM-6]: /mem/intune/protect/certificate-authority-add-scep-overview -[HTTP-1]: https://www.powershellgallery.com/packages/Generate-CertificateRequest \ No newline at end of file +[HTTP-1]: https://www.powershellgallery.com/packages/Generate-CertificateRequest From e0babf5136244eebb2ba18a0faf518e8154b2838 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 23 Nov 2022 21:37:04 +0530 Subject: [PATCH 4/4] Update enable-virtualization-based-protection-of-code-integrity.md Made change per author. --- ...enable-virtualization-based-protection-of-code-integrity.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index 1078f160f2..b322223819 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -204,9 +204,6 @@ Windows 10, Windows 11, and Windows Server 2016 have a WMI class for related pro Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windows\DeviceGuard ``` -> [!NOTE] -> The *Win32\_DeviceGuard* WMI class is only available on the Professional and Enterprise editions of Windows 10 and Windows 11. - > [!NOTE] > Mode Based Execution Control property will only be listed as available starting with Windows 10 version 1803 and Windows 11 version 21H2.