From 10a7604a12419815db4f219ff048e96aef168ebf Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Mon, 21 Mar 2022 08:14:30 -0700 Subject: [PATCH 1/7] Revert "Policy CSP : Search/DisableSearch update" --- .../policy-configuration-service-provider.md | 5 +- .../mdm/policy-csp-search.md | 57 +------------------ 2 files changed, 2 insertions(+), 60 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 88bfae707f..db53557678 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -70,7 +70,7 @@ Policy

Supported operation is Get. **Policy/Config** -

Node for grouping all policies configured by one source. The configuration source can use this path to set policy values and later query any policy value that it previously set. One policy can be configured by multiple configuration sources. If a configuration source wants to query the result of conflict resolution (for example, if Exchange and MDM both attempt to set a value) the configuration source can use the Policy/Result path to retrieve the resulting value. +

Node for grouping all policies configured by one source. The configuration source can use this path to set policy values and later query any policy value that it previously set. One policy can be configured by multiple configuration sources. If a configuration source wants to query the result of conflict resolution (for example, if Exchange and MDM both attempt to set a value,) the configuration source can use the Policy/Result path to retrieve the resulting value.

Supported operation is Get. @@ -8360,9 +8360,6 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC

Search/DisableRemovableDriveIndexing
-
- Search/DisableSearch -
Search/DoNotUseWebResults
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md index 7e5ea07001..5c7775b5f5 100644 --- a/windows/client-management/mdm/policy-csp-search.md +++ b/windows/client-management/mdm/policy-csp-search.md @@ -57,9 +57,6 @@ manager: dansimp
Search/DisableRemovableDriveIndexing
-
- Search/DisableSearch -
Search/DoNotUseWebResults
@@ -632,58 +629,6 @@ The following list shows the supported values:
- -**Search/DisableSearch** - - - -|Edition|Windows 10|Windows 11| -|--- |--- |--- | -|Home|No|No| -|Pro|No|Yes| -|Business|No|Yes| -|Enterprise|No|Yes| -|Education|No|Yes| - - -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -This policy setting completely disables Search UI and all its entry points such as keyboard shortcuts and touch-pad gestures. - -It removes the Search button from the Taskbar and the corresponding option in the Settings. It also disables type-to-search in the Start menu and removes the Start menu's search box. - - - -ADMX Info: - -- GP Friendly name: *Fully disable Search UI* -- GP name: *DisableSearch* -- GP path: *Windows Components/Search* -- GP ADMX file name: *Search.admx* - - - -The following list shows the supported values: - -- 0 (default) – Do not disable search. -- 1 – Disable search. - - - - -
- - **Search/DoNotUseWebResults** @@ -816,7 +761,7 @@ The following list shows the supported values: -If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index. +If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index.. From 1b38085da647d83bb676543c678e5f4397b5411a Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Mon, 21 Mar 2022 11:12:42 -0700 Subject: [PATCH 2/7] DevUnlock is PPKG only not MDM --- .../mdm/configuration-service-provider-reference.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 47a47c403e..56bcf98029 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -1091,7 +1091,7 @@ The following list shows the CSPs supported in HoloLens devices: | [CertificateStore CSP](certificatestore-csp.md) | Yes | Yes| Yes | | [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) | No | Yes | Yes | | [DevDetail CSP](devdetail-csp.md) | Yes | Yes | Yes | -| [DeveloperSetup CSP](developersetup-csp.md) | No | Yes (runtime provisioning via provisioning packages only; no MDM support)| Yes | +| [DeveloperSetup CSP](developersetup-csp.md) | No | Yes (runtime provisioning via provisioning packages only; no MDM support)| Yes (runtime provisioning via provisioning packages only; no MDM support) | | [DeviceManageability CSP](devicemanageability-csp.md) | No | No | Yes | | [DeviceStatus CSP](devicestatus-csp.md) | No | Yes | Yes | | [DevInfo CSP](devinfo-csp.md) | Yes | Yes | Yes | From d52acf881fc3b4921ebd919608f325d5f9a24e1c Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 22 Mar 2022 08:59:46 +0500 Subject: [PATCH 3/7] Update how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md --- ...-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md index 6298f7d90f..7404c39cfd 100644 --- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md +++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md @@ -29,6 +29,9 @@ The credentials are placed in Credential Manager as a "\*Session" credential. A "\*Session" credential implies that it is valid for the current user session. The credentials are also cleaned up when the WiFi or VPN connection is disconnected. +> [!NOTE] +> In Windows 10 version 21h2 or newer, "\*Session" credential is not visible in Credential Manager. + For example, if someone using Microsoft Edge tries to access a domain resource, Microsoft Edge has the right Enterprise Authentication capability. This allows [WinInet](/windows/win32/wininet/wininet-reference) to release the credentials that it gets from the Credential Manager to the SSP that is requesting it. For more information about the Enterprise Authentication capability, see [App capability declarations](/windows/uwp/packaging/app-capability-declarations). @@ -93,4 +96,4 @@ Domain controllers must have appropriate KDC certificates for the client to trus Domain controllers must be using certificates based on the updated KDC certificate template Kerberos Authentication. This requires that all authenticating domain controllers run Windows Server 2016, or you'll need to enable strict KDC validation on domain controllers that run previous versions of Windows Server. -For more information, see [Enabling Strict KDC Validation in Windows Kerberos](https://www.microsoft.com/download/details.aspx?id=6382). \ No newline at end of file +For more information, see [Enabling Strict KDC Validation in Windows Kerberos](https://www.microsoft.com/download/details.aspx?id=6382). From 94220cb25b3b73cb8ae02204b84528c36104126a Mon Sep 17 00:00:00 2001 From: Grzegorz Tworek Date: Tue, 22 Mar 2022 12:27:21 +0100 Subject: [PATCH 4/7] Typo --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 8ff7c7eec6..8b9884dc96 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -26,7 +26,7 @@ In this article we explain: 1. File Rule Precedence Order 2. Adding Allow Rules -3. Singe Policy Considerations +3. Single Policy Considerations 4. Multiple Policy Considerations 5. Best Practices 6. Tutorial From 16b1dda187390223be99ea4cdd9b465972768314 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 22 Mar 2022 12:42:08 -0700 Subject: [PATCH 5/7] Update how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md --- ...-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md index 7404c39cfd..ee723db1ff 100644 --- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md +++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md @@ -6,7 +6,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: dansimp -ms.date: 09/23/2021 +ms.date: 03/22/2022 ms.reviewer: manager: dansimp ms.author: dansimp From aa1bf1e5d21ae61f1f32b16e63a2ba7c133abe0b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 22 Mar 2022 12:42:19 -0700 Subject: [PATCH 6/7] Update windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md index ee723db1ff..f4e8cb2358 100644 --- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md +++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md @@ -30,7 +30,7 @@ A "\*Session" credential implies that it is valid for the current user session. The credentials are also cleaned up when the WiFi or VPN connection is disconnected. > [!NOTE] -> In Windows 10 version 21h2 or newer, "\*Session" credential is not visible in Credential Manager. +> In Windows 10, version 21h2 and later, the "\*Session" credential is not visible in Credential Manager. For example, if someone using Microsoft Edge tries to access a domain resource, Microsoft Edge has the right Enterprise Authentication capability. This allows [WinInet](/windows/win32/wininet/wininet-reference) to release the credentials that it gets from the Credential Manager to the SSP that is requesting it. For more information about the Enterprise Authentication capability, see [App capability declarations](/windows/uwp/packaging/app-capability-declarations). From 16f4d4ac25885231e9498cff1c0ea16a2139a682 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 22 Mar 2022 12:43:14 -0700 Subject: [PATCH 7/7] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 8b9884dc96..3203610df6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -14,7 +14,7 @@ author: jgeurten ms.reviewer: jsuther1974 ms.author: dansimp manager: dansimp -ms.date: 11/29/2021 +ms.date: 03/22/2022 ms.technology: windows-sec ---