From 7aeabd02156e49d52f424ad629a99db91441aeaf Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Tue, 8 Nov 2022 22:33:50 +0530 Subject: [PATCH 01/16] Update microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md Added more information on what 99999 Minutes represent as it is 8 business hours per day *208 days Per issue#https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10974 --- ...-amount-of-idle-time-required-before-suspending-session.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md index 4c6c5ddd2d..4f6e3071c1 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md @@ -33,9 +33,9 @@ The **Microsoft network server: Amount of idle time required before suspending s ### Possible values -- A user-defined number of minutes from 0 through 99,999 +- A user-defined number of minutes from 0 through 99,999. - For this policy setting, a value of 0 means to disconnect an idle session as quickly as is reasonably possible. The maximum value is 99999, which is 208 days. In effect, this value disables the policy. + For this policy setting, a value of 0 means to disconnect an idle session as quickly as is reasonably possible. The maximum value is 99999(8 business hours per day), which is 208 days . In effect, this value disables the policy. - Not defined From d8d02378e830ff741d8f8f52cfe513597e32a615 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 9 Nov 2022 11:19:24 +0530 Subject: [PATCH 02/16] Update windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...er-amount-of-idle-time-required-before-suspending-session.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md index 4f6e3071c1..39110f95c1 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md @@ -35,7 +35,7 @@ The **Microsoft network server: Amount of idle time required before suspending s - A user-defined number of minutes from 0 through 99,999. - For this policy setting, a value of 0 means to disconnect an idle session as quickly as is reasonably possible. The maximum value is 99999(8 business hours per day), which is 208 days . In effect, this value disables the policy. + For this policy setting, a value of 0 means to disconnect an idle session as quickly as is reasonably possible. The maximum value is 99999 (8 business hours per day), which is 208 days. In effect, this value disables the policy. - Not defined From 1f9ba618b56dcb23b70748d1aa3607be2e760718 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 9 Nov 2022 20:19:03 +0530 Subject: [PATCH 03/16] Update policy-csp-internetexplorer.md Made changes to the GP path Per issue#https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10606 --- windows/client-management/mdm/policy-csp-internetexplorer.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 8475dbc0d9..ee0b9dac66 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -4426,7 +4426,7 @@ The following list shows the supported values: ADMX Info: - GP Friendly name: *Enable extended hot keys in Internet Explorer mode* - GP name: *EnableExtendedIEModeHotkeys* -- GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management* +- GP path: *Windows Components/Internet Explorer/Main* - GP ADMX file name: *inetres.admx* From 8b7879b36d4a6f0228c8bb2e16295c56ae2c2804 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Thu, 10 Nov 2022 21:40:41 +0530 Subject: [PATCH 04/16] Update policy-csp-localusersandgroups.md Updated the group name "Administartors" with an SID as this example wont work if it is a non English language OS. --- .../mdm/policy-csp-localusersandgroups.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index 32217ff75b..b085d4ab52 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -104,11 +104,11 @@ See [Use custom settings for Windows 10 devices in Intune](/mem/intune/configura Example 1: Azure Active Directory focused. -The following example updates the built-in administrators group with Azure AD account "bob@contoso.com" and an Azure AD group with the SID **S-1-12-1-111111111-22222222222-3333333333-4444444444** on an AAD-joined machine. +The following example updates the built-in administrators group with the SID **S-1-5-21-2222222222-3333333333-4444444444-500** with Azure AD account "bob@contoso.com" and an Azure AD group with the SID **S-1-12-1-111111111-22222222222-3333333333-4444444444** on an AAD-joined machine. ```xml - + @@ -119,12 +119,12 @@ The following example updates the built-in administrators group with Azure AD ac Example 2: Replace / Restrict the built-in administrators group with an Azure AD user account. > [!NOTE] -> When using ‘R’ replace option to configure the built-in ‘Administrators’ group. It is required to always specify the administrator as a member + any other custom members. This is because the built-in administrator must always be a member of the administrators group. +> When using ‘R’ replace option to configure the built-in ‘Administrators’ group with SID **S-1-5-21-2222222222-3333333333-4444444444-500**. It is required to always specify the administrator as a member + any other custom members. This is because the built-in administrator must always be a member of the administrators group. Example: ```xml - + @@ -134,11 +134,11 @@ Example: Example 3: Update action for adding and removing group members on a hybrid joined machine. -The following example shows how you can update a local group (**Administrators**)—add an AD domain group as a member using its name (**Contoso\ITAdmins**), add a Azure Active Directory group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**) if it exists. +The following example shows how you can update a local group (**Administrators** with SID **S-1-5-21-2222222222-3333333333-4444444444-500**)—add an AD domain group as a member using its name (**Contoso\ITAdmins**), add a Azure Active Directory group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**) if it exists. ```xml - + From 0623d4a1db0e336a46d99a58f9eb8182eb2e04be Mon Sep 17 00:00:00 2001 From: GrischaE1 <54313015+GrischaE1@users.noreply.github.com> Date: Thu, 10 Nov 2022 18:23:26 +0100 Subject: [PATCH 05/16] Update DORestrictPeerSelectionBy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We need to update the Policy to reflect the new options – 0 for NAT and 2 for Local Peer Discovery. See the DO reference article: https://learn.microsoft.com/en-us/windows/deployment/do/waas-delivery-optimization-reference#select-a-method-to-restrict-peer-selection --- .../mdm/policy-csp-deliveryoptimization.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index 441350957a..a7fa8240fa 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -1457,9 +1457,11 @@ ADMX Info: Set this policy to restrict peer selection via selected option. -Options available are: 1=Subnet mask (more options will be added in a future release). +In Windows 11 the 'Local Peer Discovery' option was introduced to restrict peer discovery to the local network. Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. These options apply to both Download Modes LAN (1) and Group (2) and therefore means there is no peering between subnets. The default value in Windows 11 is set to "Local Peer Discovery". -Option 1 (Subnet mask) applies to both Download Mode LAN (1) and Group (2). +If Group mode is set, Delivery Optimization will connect to locally discovered peers that are also part of the same Group (have the same Group ID). + +The Local Peer Discovery (DNS-SD) option can only be set via MDM delivered policies on Windows 11 builds. @@ -1474,7 +1476,9 @@ ADMX Info: The following list shows the supported values: -- 1 - Subnet mask. +- 0 - NAT +- 1 - Subnet mask +- 2 - Local Peer Discovery From 8515c2555fbde9fa5ce593a730bb6dd18be81739 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Fri, 11 Nov 2022 14:21:59 +0530 Subject: [PATCH 06/16] Update windows/client-management/mdm/policy-csp-localusersandgroups.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-localusersandgroups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index b085d4ab52..538641b1eb 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -134,7 +134,7 @@ Example: Example 3: Update action for adding and removing group members on a hybrid joined machine. -The following example shows how you can update a local group (**Administrators** with SID **S-1-5-21-2222222222-3333333333-4444444444-500**)—add an AD domain group as a member using its name (**Contoso\ITAdmins**), add a Azure Active Directory group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**) if it exists. +The following example shows how you can update a local group (**Administrators** with the SID **S-1-5-21-2222222222-3333333333-4444444444-500**)—add an AD domain group as a member using its name (**Contoso\ITAdmins**), add an Azure Active Directory group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**) if it exists. ```xml From 652a7014d0a6cd18a9ab93ba91ccc11d5bf7d4ce Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Fri, 11 Nov 2022 14:22:11 +0530 Subject: [PATCH 07/16] Update windows/client-management/mdm/policy-csp-localusersandgroups.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-localusersandgroups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index 538641b1eb..2de87e503d 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -104,7 +104,7 @@ See [Use custom settings for Windows 10 devices in Intune](/mem/intune/configura Example 1: Azure Active Directory focused. -The following example updates the built-in administrators group with the SID **S-1-5-21-2222222222-3333333333-4444444444-500** with Azure AD account "bob@contoso.com" and an Azure AD group with the SID **S-1-12-1-111111111-22222222222-3333333333-4444444444** on an AAD-joined machine. +The following example updates the built-in administrators group with the SID **S-1-5-21-2222222222-3333333333-4444444444-500** with an Azure AD account "bob@contoso.com" and an Azure AD group with the SID **S-1-12-1-111111111-22222222222-3333333333-4444444444** on an AAD-joined machine. ```xml From df625231dcd67c4129cf1f12655320a99a9fdffb Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Fri, 11 Nov 2022 15:08:23 +0530 Subject: [PATCH 08/16] Update windows/client-management/mdm/policy-csp-localusersandgroups.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-localusersandgroups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md index 2de87e503d..10e2076e07 100644 --- a/windows/client-management/mdm/policy-csp-localusersandgroups.md +++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md @@ -119,7 +119,7 @@ The following example updates the built-in administrators group with the SID **S Example 2: Replace / Restrict the built-in administrators group with an Azure AD user account. > [!NOTE] -> When using ‘R’ replace option to configure the built-in ‘Administrators’ group with SID **S-1-5-21-2222222222-3333333333-4444444444-500**. It is required to always specify the administrator as a member + any other custom members. This is because the built-in administrator must always be a member of the administrators group. +> When using the ‘R’ replace option to configure the built-in Administrators group with the SID **S-1-5-21-2222222222-3333333333-4444444444-500** you should always specify the administrator as a member plus any other custom members. This is necessary because the built-in administrator must always be a member of the administrators group. Example: ```xml From b3cfed50e4e3a17719b4a15e34438246414f3d74 Mon Sep 17 00:00:00 2001 From: GrischaE1 <54313015+GrischaE1@users.noreply.github.com> Date: Fri, 11 Nov 2022 17:20:35 +0100 Subject: [PATCH 09/16] Update windows/client-management/mdm/policy-csp-deliveryoptimization.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../client-management/mdm/policy-csp-deliveryoptimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md index a7fa8240fa..828657eada 100644 --- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md +++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md @@ -1457,7 +1457,7 @@ ADMX Info: Set this policy to restrict peer selection via selected option. -In Windows 11 the 'Local Peer Discovery' option was introduced to restrict peer discovery to the local network. Currently the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. These options apply to both Download Modes LAN (1) and Group (2) and therefore means there is no peering between subnets. The default value in Windows 11 is set to "Local Peer Discovery". +In Windows 11 the 'Local Peer Discovery' option was introduced to restrict peer discovery to the local network. Currently, the available options include: 0 = NAT, 1 = Subnet mask, and 2 = Local Peer Discovery. These options apply to both Download Modes LAN (1) and Group (2) and therefore it means that there is no peering between subnets. The default value in Windows 11 is set to "Local Peer Discovery". If Group mode is set, Delivery Optimization will connect to locally discovered peers that are also part of the same Group (have the same Group ID). From 4648f134494ab6a6ebb32478bc37c394ad81c820 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Tue, 15 Nov 2022 17:05:05 +0530 Subject: [PATCH 10/16] Update windows-sandbox-configure-using-wsb-file.md Made changes to the VSCode.wsb as SandboxFolder tag is missing fixes #https://github.com/MicrosoftDocs/windows-itpro-docs/issues/11000 --- .../windows-sandbox-configure-using-wsb-file.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md index 7f5b3c7832..e2ebbcaee2 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md @@ -243,16 +243,18 @@ C:\users\WDAGUtilityAccount\Desktop\vscode.exe /verysilent /suppressmsgboxes - C:\SandboxScripts + C:\sandbox\scripts + C:\Users\WDAGUtilityAccount\Downloads\sandbox true - C:\CodingProjects + C:\sandbox\Projects + C:\Users\WDAGUtilityAccount\Documents\Projects false - C:\Users\WDAGUtilityAccount\Desktop\SandboxScripts\VSCodeInstall.cmd + C:\Users\WDAGUtilityAccount\Downloads\sandbox\VSCodeInstall.cmd ``` From 663900b738e9a9f7d7b603c4a133f5824f5b859f Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Fri, 18 Nov 2022 17:08:41 +0530 Subject: [PATCH 11/16] Update windows-sandbox-configure-using-wsb-file.md --- .../windows-sandbox-configure-using-wsb-file.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md index e2ebbcaee2..e7d9a118b9 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md @@ -229,12 +229,14 @@ With the Visual Studio Code installer script already mapped into the sandbox, th ### VSCodeInstall.cmd +Download vscode to `downloads` folder and run from `downloads` folder + ```batch REM Download Visual Studio Code -curl -L "https://update.code.visualstudio.com/latest/win32-x64-user/stable" --output C:\users\WDAGUtilityAccount\Desktop\vscode.exe +curl -L "https://update.code.visualstudio.com/latest/win32-x64-user/stable" --output C:\users\WDAGUtilityAccount\Downloads\vscode.exe REM Install and run Visual Studio Code -C:\users\WDAGUtilityAccount\Desktop\vscode.exe /verysilent /suppressmsgboxes +C:\users\WDAGUtilityAccount\Downloads\vscode.exe /verysilent /suppressmsgboxes ``` ### VSCode.wsb From 60a2c6949a875958718286040319be774d82f0cf Mon Sep 17 00:00:00 2001 From: JuanitaBaptiste <77862249+JuanitaBaptiste@users.noreply.github.com> Date: Sat, 19 Nov 2022 22:57:28 -0800 Subject: [PATCH 12/16] Update policy-csp-kioskbrowser.md updating delimeter for blocked urls --- windows/client-management/mdm/policy-csp-kioskbrowser.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md index 13fe288906..693f130feb 100644 --- a/windows/client-management/mdm/policy-csp-kioskbrowser.md +++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md @@ -113,7 +113,7 @@ List of exceptions to the blocked website URLs (with wildcard support). This pol -List of blocked website URLs (with wildcard support). This policy is used to configure blocked URLs kiosk browsers can't navigate to. +List of blocked website URLs (with wildcard support). This policy is used to configure blocked URLs kiosk browsers can't navigate to. The delimiter for the URLs is "\uF000" character. > [!NOTE] > This policy only applies to the Kiosk Browser app in Microsoft Store. @@ -310,4 +310,4 @@ The value is an int 1-1440 that specifies the number of minutes the session is i ## Related topics -[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file +[Policy configuration service provider](policy-configuration-service-provider.md) From 5dc2fe5475fa102785bfabd7640d9eb1c62ac56b Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 21 Nov 2022 15:12:12 -0500 Subject: [PATCH 13/16] Update password-must-meet-complexity-requirements.md --- .../password-must-meet-complexity-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md index 3781352906..0166813774 100644 --- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md @@ -30,7 +30,7 @@ Describes the best practices, location, values, and security considerations for The **Passwords must meet complexity requirements** policy setting determines whether passwords must meet a series of strong-password guidelines. When enabled, this setting requires passwords to meet the following requirements: -1. Passwords may not contain the user's samAccountName (Account Name) value or entire displayName (Full Name value). Both checks aren't case-sensitive. +1. Passwords may not contain the user's samAccountName (Account Name) value or entire displayName (Full Name value). Neither of these checks are case-sensitive. The samAccountName is checked in its entirety only to determine whether it's part of the password. If the samAccountName is fewer than three characters long, this check is skipped. The displayName is parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the displayName is split and all parsed sections (tokens) are confirmed not to be included in the password. Tokens that are shorter than three characters are ignored, and substrings of the tokens aren't checked. For example, the name "Erin M. Hagens" is split into three tokens: "Erin", "M", and "Hagens". Because the second token is only one character long, it's ignored. So, this user couldn't have a password that included either "erin" or "hagens" as a substring anywhere in the password. From f10f450879495f23657eb13dbc09d25d46d8d033 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Mon, 21 Nov 2022 15:19:21 -0500 Subject: [PATCH 14/16] Update password-must-meet-complexity-requirements.md --- .../password-must-meet-complexity-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md index 0166813774..fb87a0fd40 100644 --- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md @@ -30,7 +30,7 @@ Describes the best practices, location, values, and security considerations for The **Passwords must meet complexity requirements** policy setting determines whether passwords must meet a series of strong-password guidelines. When enabled, this setting requires passwords to meet the following requirements: -1. Passwords may not contain the user's samAccountName (Account Name) value or entire displayName (Full Name value). Neither of these checks are case-sensitive. +1. Passwords may not contain the user's samAccountName (Account Name) value or entire displayName (Full Name value). Neither of these checks is case-sensitive. The samAccountName is checked in its entirety only to determine whether it's part of the password. If the samAccountName is fewer than three characters long, this check is skipped. The displayName is parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the displayName is split and all parsed sections (tokens) are confirmed not to be included in the password. Tokens that are shorter than three characters are ignored, and substrings of the tokens aren't checked. For example, the name "Erin M. Hagens" is split into three tokens: "Erin", "M", and "Hagens". Because the second token is only one character long, it's ignored. So, this user couldn't have a password that included either "erin" or "hagens" as a substring anywhere in the password. From 1dea7d8fd0ab09662723eb11493906396038f10e Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Tue, 22 Nov 2022 02:09:07 +0530 Subject: [PATCH 15/16] Update windows-sandbox-configure-using-wsb-file.md --- .../windows-sandbox-configure-using-wsb-file.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md index e7d9a118b9..b76bc49943 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md @@ -245,12 +245,12 @@ C:\users\WDAGUtilityAccount\Downloads\vscode.exe /verysilent /suppressmsgboxes - C:\sandbox\scripts + C:\SandboxScripts C:\Users\WDAGUtilityAccount\Downloads\sandbox true - C:\sandbox\Projects + C:\CodingProjects C:\Users\WDAGUtilityAccount\Documents\Projects false From b2096ff547d799d633511cc270f386d45525a14d Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Tue, 22 Nov 2022 02:17:01 +0530 Subject: [PATCH 16/16] Update windows-sandbox-configure-using-wsb-file.md --- .../windows-sandbox-configure-using-wsb-file.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md index b76bc49943..58fb302ed7 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md @@ -246,12 +246,12 @@ C:\users\WDAGUtilityAccount\Downloads\vscode.exe /verysilent /suppressmsgboxes C:\SandboxScripts - C:\Users\WDAGUtilityAccount\Downloads\sandbox + C:\Users\WDAGUtilityAccount\Downloads\sandbox true C:\CodingProjects - C:\Users\WDAGUtilityAccount\Documents\Projects + C:\Users\WDAGUtilityAccount\Documents\Projects false