Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)

2025-06-22 13:53:39 +00:00 · 2020-06-15 23:10:13 +00:00
parent 81b316333f 56a5ba160e
commit 0e9c947a0b
98 changed files with 249 additions and 250 deletions
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@ -1,7 +1,7 @@
 ---
 title: ApplicationControl CSP
 description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from a MDM server.
-keywords: whitelisting, security, malware
+keywords: security, malware
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@ -40,7 +40,6 @@ Defines restrictions for applications.
 Additional information:

 - [Find publisher and product name of apps](#productname) - step-by-step guide for getting the publisher and product names for various Windows apps.
- [Whitelist example](#whitelist-examples) - example for Windows 10 Mobile that denies all apps except the ones listed.

 <a href="" id="applocker-applicationlaunchrestrictions-grouping"></a>**AppLocker/ApplicationLaunchRestrictions/_Grouping_**  
 Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define.
@ -869,7 +868,7 @@ The following list shows the apps that may be included in the inbox.



-## Whitelist examples
+## <a href="" id="allow-list-examples"></a>Allow list examples

 The following example disables the calendar application.

--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@ -748,13 +748,13 @@ Each of these are described in further detail in the following sections, along w
 <a href="" id="pcr0"></a>**PCR0**
 <p style="margin-left: 20px">The measurement that is captured in PCR[0] typically represents a consistent view of the Host Platform between boot cycles. It contains a measurement of components that are provided by the host platform manufacturer.</p>

-<p style="margin-left: 20px">Enterprise managers can create a whitelist of trusted PCR[0] values, compare the PCR[0] value of the managed devices (the value that is verified and reported by HAS) with the whitelist, and then make a trust decision based on the result of the comparison.</p>
+<p style="margin-left: 20px">Enterprise managers can create a allow list of trusted PCR[0] values, compare the PCR[0] value of the managed devices (the value that is verified and reported by HAS) with the allow list, and then make a trust decision based on the result of the comparison.</p>

-<p style="margin-left: 20px">If your enterprise does not have a whitelist of accepted PCR[0] values, then take no action.</p>
+<p style="margin-left: 20px">If your enterprise does not have a allow list of accepted PCR[0] values, then take no action.</p>

-<p style="margin-left: 20px">If PCR[0] equals an accepted whitelisted value, then allow access.</p>
+<p style="margin-left: 20px">If PCR[0] equals an accepted allow list value, then allow access.</p>

-<p style="margin-left: 20px">If PCR[0] does not equal any accepted whitelisted value, then take one of the following actions that align with your enterprise policies:</p>
+<p style="margin-left: 20px">If PCR[0] does not equal any accepted listed value, then take one of the following actions that align with your enterprise policies:</p>

 -   Disallow all access
 -   Direct the device to an enterprise honeypot, to further monitor the device's activities.
@ -762,9 +762,9 @@ Each of these are described in further detail in the following sections, along w
 <a href="" id="sbcphash"></a>**SBCPHash**
 <p style="margin-left: 20px">SBCPHash is the finger print of the Custom Secure Boot Configuration Policy (SBCP) that was loaded during boot in Windows devices, except PCs.</p>

-<p style="margin-left: 20px">If SBCPHash is not present, or is an accepted (whitelisted) value, then allow access.
+<p style="margin-left: 20px">If SBCPHash is not present, or is an accepted allow-listed value, then allow access.

-<p style="margin-left: 20px">If SBCPHash is present in DHA-Report, and is not a whitelisted value, then take one of the following actions that align with your enterprise policies:</p>
+<p style="margin-left: 20px">If SBCPHash is present in DHA-Report, and is not a allow-listed value, then take one of the following actions that align with your enterprise policies:</p>

 - Disallow all access
 - Place the device in a watch list to monitor the device more closely for potential risks.
@ -772,9 +772,9 @@ Each of these are described in further detail in the following sections, along w
 <a href="" id="cipolicy"></a>**CIPolicy**
 <p style="margin-left: 20px">This attribute indicates the Code Integrity policy that is controlling the security of the boot environment.</p>

-<p style="margin-left: 20px">If CIPolicy is not present, or is an accepted (whitelisted) value, then allow access.</p>
+<p style="margin-left: 20px">If CIPolicy is not present, or is an accepted allow-listed value, then allow access.</p>

-<p style="margin-left: 20px">If CIPolicy is present and is not a whitelisted value, then take one of the following actions that align with your enterprise policies:</p>
+<p style="margin-left: 20px">If CIPolicy is present and is not a allow-listed value, then take one of the following actions that align with your enterprise policies:</p>

 - Disallow all access
 - Place the device in a watch list to monitor the device more closely for potential risks.
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@ -44,8 +44,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  - [Server-initiated unenrollment failure](#server-initiated-unenrollment-failure)
  - [Certificates causing issues with Wi-Fi and VPN](#certificates-causing-issues-with-wi-fi-and-vpn)
  - [Version information for mobile devices](#version-information-for-mobile-devices)
-  - [Upgrading Windows Phone 8.1 devices with app whitelisting using ApplicationRestriction policy has issues](#upgrading-windows-phone-81-devices-with-app-whitelisting-using-applicationrestriction-policy-has-issues)
-  - [Apps dependent on Microsoft Frameworks may get blocked in phones prior to build 10586.218](#apps-dependent-on-microsoft-frameworks-may-get-blocked-in-phones-prior-to-build-10586218)
+    - [Apps dependent on Microsoft Frameworks may get blocked in phones prior to build 10586.218](#apps-dependent-on-microsoft-frameworks-may-get-blocked-in-phones-prior-to-build-10586218)
  - [Multiple certificates might cause Wi-Fi connection instabilities in Windows 10 Mobile](#multiple-certificates-might-cause-wi-fi-connection-instabilities-in-windows-10-mobile)
  - [Remote PIN reset not supported in Azure Active Directory joined mobile devices](#remote-pin-reset-not-supported-in-azure-active-directory-joined-mobile-devices)
  - [MDM client will immediately check-in with the MDM server after client renews WNS channel URI](#mdm-client-will-immediately-check-in-with-the-mdm-server-after-client-renews-wns-channel-uri)
@ -1747,7 +1746,7 @@ Currently in Windows 10, version 1511, when using the ClientCertificateInstall

 The software version information from **DevDetail/SwV** does not match the version in **Settings** under **System/About**.

-### Upgrading Windows Phone 8.1 devices with app whitelisting using ApplicationRestriction policy has issues
+### Upgrading Windows Phone 8.1 devices with app allow-listing using ApplicationRestriction policy has issues

 -   When you upgrade Windows Phone 8.1 devices to Windows 10 Mobile using ApplicationRestrictions with a list of allowed apps, some Windows inbox apps get blocked causing unexpected behavior. To work around this issue, you must include the [inbox apps](applocker-csp.md#inboxappsandcomponents) that you need to your list of allowed apps.

@ -2946,7 +2945,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top"><a href="applocker-csp.md" data-raw-source="[AppLocker CSP](applocker-csp.md)">AppLocker CSP</a></td>
-<td style="vertical-align:top"><p>Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in <a href="applocker-csp.md#whitelist-examples" data-raw-source="[Whitelist examples](applocker-csp.md#whitelist-examples)">Whitelist examples</a>.</p>
+<td style="vertical-align:top"><p>Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in <a href="applocker-csp.md#allow-list-examples" data-raw-source="[Allowlist examples](applocker-csp.md#allow-list-examples)">Allow list examples</a>.</p>
 </td></tr>
 <tr class="odd">
 <td style="vertical-align:top"><a href="devicemanageability-csp.md" data-raw-source="[DeviceManageability CSP](devicemanageability-csp.md)">DeviceManageability CSP</a></td>
--- a/windows/client-management/windows-10-mobile-and-mdm.md
+++ b/windows/client-management/windows-10-mobile-and-mdm.md
@ -533,7 +533,7 @@ Learn more about the [Microsoft Store for Business](/microsoft-store/index).

 IT administrators can control which apps are allowed to be installed on Windows 10 Mobile devices and how they should be kept up-to-date.

-Windows 10 Mobile includes AppLocker, which enables administrators to create allow or disallow (sometimes also called whitelist/blacklist) lists of apps from the Microsoft Store. This capability extends to built-in apps, as well, such as Xbox, Groove, text messaging, email, and calendar, etc. The ability to allow or deny apps helps to ensure that people use their mobile devices for their intended purposes. However, it is not always an easy approach to find a balance between what employees need or request and security concerns. Creating allow or disallow lists also requires keeping up with the changing app landscape in the Microsoft Store.
+Windows 10 Mobile includes AppLocker, which enables administrators to create allow or disallow lists of apps from the Microsoft Store. This capability extends to built-in apps, as well, such as Xbox, Groove, text messaging, email, and calendar, etc. The ability to allow or deny apps helps to ensure that people use their mobile devices for their intended purposes. However, it is not always an easy approach to find a balance between what employees need or request and security concerns. Creating allow or disallow lists also requires keeping up with the changing app landscape in the Microsoft Store.

 For more details, see [AppLocker CSP](https://msdn.microsoft.com/library/windows/hardware/dn920019(v=vs.85).aspx).

@ -970,7 +970,7 @@ This is a list of attributes that are supported by DHA and can trigger the corre
 -   **Boot Manager Version** The version of the Boot Manager running on the device. The HAS can check this version to determine whether the most current Boot Manager is running, which is more secure (trusted).
 -   **Code integrity version** Specifies the version of code that is performing integrity checks during the boot sequence. The HAS can check this version to determine whether the most current version of code is running, which is more secure (trusted).
 -   **Secure Boot Configuration Policy (SBCP) present** Whether the hash of the custom SBCP is present. A device with an SBCP hash present is more trustworthy than a device without an SBCP hash.
-   **Boot cycle whitelist** The view of the host platform between boot cycles as defined by the manufacturer compared to a published whitelist. A device that complies with the whitelist is more trustworthy (secure) than a device that is noncompliant.
+-   **Boot cycle whitelist** The view of the host platform between boot cycles as defined by the manufacturer compared to a published allow list. A device that complies with the allow list is more trustworthy (secure) than a device that is noncompliant.

 **Example scenario**