deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into seo-update-lengthy-meta-descriptions

Browse Source
This commit is contained in:
martyav 2019-12-23 17:13:01 -05:00
commit 104aff09ae
36 changed files with 130 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
devices/hololens/hololens-calibration.md
View File

@ -99,7 +99,7 @@ You can also disable the calibration prompt by following these steps:
1. Turn off **When a new person uses this HoloLens, automatically ask to run eye calibration**. 1. Turn off **When a new person uses this HoloLens, automatically ask to run eye calibration**.
> [!IMPORTANT] > [!IMPORTANT]
> Please understand that this setting may adversely affect hologram rendering quality and comfort. > This setting may adversely affect hologram rendering quality and comfort. When you turn off this setting, features that depend on eye tracking (such as text scrolling) no longer work in immersive applications.
### HoloLens 2 eye-tracking technology ### HoloLens 2 eye-tracking technology

4
devices/hololens/hololens-cortana.md
View File

@ -56,7 +56,7 @@ To use these commands, gaze at a 3D object, hologram, or app window.
| "Face me" | Turn it to face you | | "Face me" | Turn it to face you |
| "Move this" | Move it (follow your gaze) | | "Move this" | Move it (follow your gaze) |
| "Close" | Close it | | "Close" | Close it |
| "Follow" / "Stop following" | Make it follow you as you move around | | "Follow me" / "Stop following" | Make it follow you as you move around |
### See it, say it ### See it, say it
@ -64,7 +64,7 @@ Many buttons and other elements on HoloLens also respond to your voice—for exa
### Dictation mode ### Dictation mode
Tired of typing? Switch to dictation mode any time that the holographic keyboard is active. To get started, select the microphone icon or say "Start dictating." To stop dictating, select **Done** or say "Stop dictating." To delete what you just dictated, say "Delete that." Tired of typing? Switch to dictation mode any time that the holographic keyboard is active. To get started, select the microphone button or say "Start dictating." To stop dictating, select the button again or say "Stop dictating." To delete what you just dictated, say "Delete that."
> [!NOTE] > [!NOTE]
> To use dictation mode, you have to have an internet connection. > To use dictation mode, you have to have an internet connection.

9
devices/hololens/hololens2-fit-comfort-faq.md
View File

@ -43,6 +43,15 @@ Try adjusting the position of your device visor so the holographic frame matches
- **If you need to look up to see holograms**. First, shift the back of the headband a bit higher on your head. Then use one hand to hold the headband in place and the other to gently rotate the visor so you have a good view of the holographic frame. - **If you need to look up to see holograms**. First, shift the back of the headband a bit higher on your head. Then use one hand to hold the headband in place and the other to gently rotate the visor so you have a good view of the holographic frame.
- **If you need to look down to see holograms**. First, shift the back of the headband a bit lower on your head. Then place your thumbs under the device arms and your index fingers on top of the headband, and gently squeeze with your thumbs to rotate the visor so you have a good view of the holographic frame. - **If you need to look down to see holograms**. First, shift the back of the headband a bit lower on your head. Then place your thumbs under the device arms and your index fingers on top of the headband, and gently squeeze with your thumbs to rotate the visor so you have a good view of the holographic frame.
## Hologram image color or brightness does not look right
For HoloLens 2, take the following steps to ensure the highest visual quality of holograms presented in displays:
- **Increase brightness of the display.** Holograms look best when the display is at its brightest level.
- **Bring visor closer to your eyes.** Swing the visor down to the closest position to your eyes.
- **Shift visor down.** Try moving the brow pad on your forehead down, which will result in the visor moving down closer to your nose.
- **Run eye calibration.** The display uses your IPD and eye gaze to optimize images on the display. If you don't run eye calibration, the image quality may be made worse.
## The device slides down when I'm using it, or I need to make the headband too tight to keep it secure ## The device slides down when I'm using it, or I need to make the headband too tight to keep it secure
The overhead strap can help keep your HoloLens secure on your head, particularly if you're moving around a lot. The strap may also let you loosen the headband a bit. [Learn how to use it](hololens2-setup.md#adjust-fit). The overhead strap can help keep your HoloLens secure on your head, particularly if you're moving around a lot. The strap may also let you loosen the headband a bit. [Learn how to use it](hololens2-setup.md#adjust-fit).

36
devices/hololens/hololens2-language-support.md
View File

@ -17,7 +17,7 @@ appliesto:
# Supported languages for HoloLens 2 # Supported languages for HoloLens 2
HoloLens 2 supports the following languages. This support includes voice commands and dictation features. HoloLens 2 supports the following languages, including voice commands and dictation features, keyboard layouts, and OCR recognition within apps.
- Chinese Simplified (China) - Chinese Simplified (China)
- English (Australia) - English (Australia)
@ -37,9 +37,37 @@ HoloLens 2 is also available in the following languages. However, this support d
- Dutch (Netherlands) - Dutch (Netherlands)
- Korean (Korea) - Korean (Korea)
## Changing language or keyboard # Changing language or keyboard
The setup process configures your HoloLens for a region and language. You can change this configuration by using the **Time & language** section of **Settings**.
> [!NOTE] > [!NOTE]
> Your speech and dictation language depends on the Windows display language. > Your speech and dictation language depends on the Windows display language.
>
To change the Windows display language, region, or keyboard settings, use the start gesture to open the **Start** menu, and then select **Settings** > **Time and Language** > **Language**. ## To change the Windows display language
1. Go to the **Start** menu, and then select **Settings** > **Time and language** > **Language**.
2. Select **Windows display language**, and then select a language.
If the supported language youre looking for is not in the menu, follow these steps:
1. Under **Preferred languages** select **Add a language**.
2. Search for and add the language.
3. Select the **Windows display language** menu again and choose the language you added.
The Windows display language affects the following settings for Windows and for apps that support localization:
- The user interface text language.
- The speech language.
- The default layout of the on-screen keyboard.
## To change the keyboard layout
To add or remove a keyboard layout, open the **Start** menu and then select **Settings** > **Time & language** > **Keyboard**.
If your HoloLens has more than one keyboard layout, use the **Layout** key to switch between them. The **Layout** key is in the lower right corner of the on-screen keyboard.
> [!NOTE]
> The on-screen keyboard can use Input Method Editor (IME) to enter characters in languages such as Chinese. However, HoloLens does not support external Bluetooth keyboards that use IME.
>
> While you use IME with the on-screen keyboard, you can continue to use a Bluetooth keyboard to type in English. To switch between keyboards, press ~.

2
devices/hololens/index.md
View File

@ -55,4 +55,4 @@ appliesto:
## Related resources ## Related resources
* [Documentation for Holographic app development](https://developer.microsoft.com/windows/mixed-reality/development) * [Documentation for Holographic app development](https://developer.microsoft.com/windows/mixed-reality/development)
* [HoloLens release notes](https://developer.microsoft.com/windows/mixed-reality/release_notes) * [HoloLens release notes](https://docs.microsoft.com/hololens/hololens-release-notes)

2
devices/surface-hub/TOC.md
View File

@ -7,6 +7,7 @@
### [Surface Hub 2S tech specs](surface-hub-2s-techspecs.md) ### [Surface Hub 2S tech specs](surface-hub-2s-techspecs.md)
### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md) ### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md)
### [Adjust Surface Hub 2S brightness, volume, and input](surface-hub-2s-onscreen-display.md) ### [Adjust Surface Hub 2S brightness, volume, and input](surface-hub-2s-onscreen-display.md)
### [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d)
## Plan ## Plan
### [Surface Hub 2S Site Readiness Guide](surface-hub-2s-site-readiness-guide.md) ### [Surface Hub 2S Site Readiness Guide](surface-hub-2s-site-readiness-guide.md)
@ -58,6 +59,7 @@
### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md) ### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md)
### [Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md) ### [Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md)
### [Technical information for 84” Microsoft Surface Hub](surface-hub-technical-84.md) ### [Technical information for 84” Microsoft Surface Hub](surface-hub-technical-84.md)
### [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d)
## Plan ## Plan
### [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md) ### [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md)

1
devices/surface-hub/index.md
View File

@ -30,7 +30,6 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor
<p><a href="https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Behind-the-design-Surface-Hub-2S/ba-p/464099" target="_blank">Behind the design: Surface Hub 2S</a></p> <p><a href="https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Behind-the-design-Surface-Hub-2S/ba-p/464099" target="_blank">Behind the design: Surface Hub 2S</a></p>
<p><a href="surface-hub-2s-whats-new.md">What's new in Surface Hub 2S</a></p> <p><a href="surface-hub-2s-whats-new.md">What's new in Surface Hub 2S</a></p>
<p><a href="differences-between-surface-hub-and-windows-10-enterprise.md">Operating system essentials</a></p> <p><a href="differences-between-surface-hub-and-windows-10-enterprise.md">Operating system essentials</a></p>
<p><a href="https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d">Enable Microsoft Whiteboard on Surface Hub</a></p>
</div> </div>
</div> </div>
</div> </div>

1
devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
View File

@ -49,6 +49,7 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013
```PowerShell ```PowerShell
New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force) New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String <password> -AsPlainText -Force)
``` ```
[!IMPORTANT] ActiveSync Virtual Directory Basic Authentication is required to be enabled as the Surface Hub is unable to authenticate using other authentication methods.
3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy. 3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.

2
devices/surface-hub/surface-hub-2s-manage-intune.md
View File

@ -28,7 +28,7 @@ Surface Hub 2S allows IT administrators to manage settings and policies using a
### Auto registration — Azure Active Directory Affiliated ### Auto registration — Azure Active Directory Affiliated
When affiliating Surface Hub 2S with a tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune. For more information, refer to [Intune enrollment methods for Windows devices](https://docs.microsoft.com/intune/enrollment/windows-enrollment-methods). During the initial setup process, when affiliating a Surface Hub with an Azure AD tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune. For more information, refer to [Intune enrollment methods for Windows devices](https://docs.microsoft.com/intune/enrollment/windows-enrollment-methods). Azure AD affiliation and Intune auto enrollment is required for the Surface Hub to be a "compliant device" in Intune.
## Windows 10 Team Edition settings ## Windows 10 Team Edition settings

9
devices/surface/microsoft-surface-brightness-control.md
View File

@ -21,11 +21,10 @@ When deploying Surface devices in point of sale or other “always-on”
kiosk scenarios, you can optimize power management using the new Surface kiosk scenarios, you can optimize power management using the new Surface
Brightness Control app. Brightness Control app.
Available for download with [Surface Tools for Available for download with [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703).
IT](https://www.microsoft.com/download/details.aspx?id=46703), Surface Brightness Control is Surface Brightness Control is designed to help reduce thermal load and lower the overall carbon footprint for deployed Surface devices.
designed to help reduce thermal load and lower the overall carbon If you plan to get only this tool from the download page, select the file **Surface_Brightness_Control_v1.16.137.0.msi** in the available list.
footprint for deployed Surface devices. The tool automatically dims the screen when not in use and The tool automatically dims the screen when not in use and includes the following configuration options:
includes the following configuration options:
- Period of inactivity before dimming the display. - Period of inactivity before dimming the display.

17
devices/surface/surface-pro-arm-app-management.md
View File

@ -62,18 +62,19 @@ Some third-party antivirus software cannot be installed on a Windows 10 PC runni
## Servicing Surface Pro X ## Servicing Surface Pro X
Outside of personal devices that rely on Windows Update, servicing devices in most corporate environments requires downloading and managing the deployment of .MSI files to update target devices. Refer to the following documentation, which will be updated later to include guidance for servicing Surface Pro X: Surface Pro X supports Windows 10, version 1903 and later. As an ARM-based device, it has specific requirements for maintaining the latest drivers and firmware.
- [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). Surface Pro X was designed to use Windows Update to simplify the process of keeping drivers and firmware up to date for both home users and small business users. Use the default settings to receive Automatic updates. To verify:
> [!NOTE] 1. Go to **Start** > **Settings > Update & Security > Windows Update** > **Advanced Options.**
> Surface Pro X supports Windows 10, version 1903 and later. 2. Under **Choose how updates are installed,** select **Automatic (recommended)**.
### Windows Server Update Services ### Recommendations for commercial customers
Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X.
For more information, refer to the [Microsoft Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/sum/get-started/configure-classifications-and-products).
- Use Windows Update or Windows Update for Business for maintaining the latest drivers and firmware. For more information, see [Deploy Updates using Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb).
- If your procedures require using a Windows Installer .msi file, contact [Surface for Business support](https://support.microsoft.com/help/4037645).
- For more information about deploying and managing updates on Surface devices, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
- Note that Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X.
## Running apps on Surface Pro X ## Running apps on Surface Pro X

15
mdop/agpm/troubleshooting-agpm40-upgrades.md
View File

@ -39,3 +39,18 @@ This section lists common issues that you may encounter when you upgrade your Ad
- Install the required hotfix. - Install the required hotfix.
- Connect to AGPM using an AGPM client to test that your difference reports are now functioning. - Connect to AGPM using an AGPM client to test that your difference reports are now functioning.
## Install Hotfix Package 1 for Microsoft Advanced Group Policy Management 4.0 SP3
**Issue fixed in this hotfix**: AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs).
**How to get this update**: Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information.
More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe`, from the list presented after pressing the download button.
The download link to the Microsoft Desktop Optimization Pack (March 2017 Servicing Release) can be found [here](https://www.microsoft.com/download/details.aspx?id=54967).
## Reference link
https://support.microsoft.com/help/3127165/hotfix-package-1-for-microsoft-advanced-group-policy-management-4-0-sp

3
mdop/mbam-v25/deploy-mbam.md
View File

@ -1,13 +1,14 @@
--- ---
title: Deploying MBAM 2.5 in a stand-alone configuration title: Deploying MBAM 2.5 in a stand-alone configuration
description: Introducing how to deploy MBAM 2.5 in a stand-alone configuration. description: Introducing how to deploy MBAM 2.5 in a stand-alone configuration.
author: delhan author: Deland-Han
ms.reviewer: dcscontentpm ms.reviewer: dcscontentpm
manager: dansimp manager: dansimp
ms.author: delhan ms.author: delhan
ms.sitesec: library ms.sitesec: library
ms.prod: w10 ms.prod: w10
ms.date: 09/16/2019 ms.date: 09/16/2019
manager: dcscontentpm
--- ---
# Deploying MBAM 2.5 in a standalone configuration # Deploying MBAM 2.5 in a standalone configuration

3
mdop/mbam-v25/troubleshooting-mbam-installation.md
View File

@ -1,13 +1,14 @@
--- ---
title: Troubleshooting MBAM 2.5 installation problems title: Troubleshooting MBAM 2.5 installation problems
description: Introducing how to troubleshoot MBAM 2.5 installation problems. description: Introducing how to troubleshoot MBAM 2.5 installation problems.
author: delhan author: Deland-Han
ms.reviewer: dcscontentpm ms.reviewer: dcscontentpm
manager: dansimp manager: dansimp
ms.author: delhan ms.author: delhan
ms.sitesec: library ms.sitesec: library
ms.prod: w10 ms.prod: w10
ms.date: 09/16/2019 ms.date: 09/16/2019
manager: dcscontentpm
--- ---
# Troubleshooting MBAM 2.5 installation problems # Troubleshooting MBAM 2.5 installation problems

2
windows/client-management/introduction-page-file.md
View File

@ -8,7 +8,7 @@ author: Deland-Han
ms.localizationpriority: medium ms.localizationpriority: medium
ms.author: delhan ms.author: delhan
ms.reviewer: greglin ms.reviewer: greglin
manager: willchen manager: dcscontentpm
--- ---
# Introduction to page files # Introduction to page files

4
windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
View File

@ -36,8 +36,7 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro
> - Bulk-join is not supported in Azure Active Directory Join. > - Bulk-join is not supported in Azure Active Directory Join.
> - Bulk enrollment does not work in Intune standalone environment. > - Bulk enrollment does not work in Intune standalone environment.
> - Bulk enrollment works in System Center Configuration Manager (SCCM) + Intune hybrid environment where the ppkg is generated from the SCCM console. > - Bulk enrollment works in System Center Configuration Manager (SCCM) + Intune hybrid environment where the ppkg is generated from the SCCM console.
> - To change bulk enrollment settings, login to **AAD**, then **Devices**, and then click **Device Settings**. Change the number under **Maximum number of devices per user**.
## What you need ## What you need
@ -169,4 +168,3 @@ Here are links to step-by-step provisioning topics in Technet.

2
windows/client-management/mdm/device-update-management.md
View File

@ -635,7 +635,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
> [!Important] > [!Important]
> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Enterprise. > Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enterprise and IoT Enterprise.
<p style="margin-left: 20px">Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet. <p style="margin-left: 20px">Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.

9
windows/client-management/mdm/policy-csp-appruntime.md
View File

@ -99,14 +99,5 @@ ADMX Info:
<!--/Policy--> <!--/Policy-->
<hr/> <hr/>
Footnotes:
- 1 - Added in Windows 10, version 1607.
- 2 - Added in Windows 10, version 1703.
- 3 - Added in Windows 10, version 1709.
- 4 - Added in Windows 10, version 1803.
- 5 - Added in Windows 10, version 1809.
- 6 - Added in Windows 10, version 1903.
<!--/Policies--> <!--/Policies-->

2
windows/client-management/mdm/policy-csp-update.md
View File

@ -4248,7 +4248,7 @@ ADMX Info:
<!--/Scope--> <!--/Scope-->
<!--Description--> <!--Description-->
> [!IMPORTANT] > [!IMPORTANT]
> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile. > Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enterprise and IoT Mobile.
Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet. Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.

2
windows/configuration/setup-digital-signage.md
View File

@ -58,7 +58,7 @@ This procedure explains how to configure digital signage using Kiosk Browser on
- Enter a user name and password, and toggle **Auto sign-in** to **Yes**. - Enter a user name and password, and toggle **Auto sign-in** to **Yes**.
- Under **Configure the kiosk mode app**, enter the user name for the account that you're creating. - Under **Configure the kiosk mode app**, enter the user name for the account that you're creating.
- For **App type**, select **Universal Windows App**. - For **App type**, select **Universal Windows App**.
- In **Enter the AUMID for the app**, enter `Microsoft.KioskBrowser_8wekyb3d8bbwe`. - In **Enter the AUMID for the app**, enter `Microsoft.KioskBrowser_8wekyb3d8bbwe!App`.
11. In the bottom left corner of Windows Configuration Designer, select **Switch to advanced editor**. 11. In the bottom left corner of Windows Configuration Designer, select **Switch to advanced editor**.
12. Go to **Runtime settings** > **Policies** > **KioskBrowser**. Let's assume that the URL for your digital signage content is contoso.com/menu. 12. Go to **Runtime settings** > **Policies** > **KioskBrowser**. Let's assume that the URL for your digital signage content is contoso.com/menu.
- In **BlockedUrlExceptions**, enter `https://www.contoso.com/menu`. - In **BlockedUrlExceptions**, enter `https://www.contoso.com/menu`.

2
windows/deployment/upgrade/upgrade-readiness-data-sharing.md
View File

@ -33,7 +33,7 @@ In order to use the direct connection scenario, set the parameter **ClientProxy=
### Connection through the WinHTTP proxy ### Connection through the WinHTTP proxy
This is the first and most simple proxy scenario. The WinHTTP stack was designed for use in services and does not support proxy autodetection, PAC scripts or authentication. This is the first and most simple proxy scenario.
In order to set the WinHTTP proxy system-wide on your computers, you need to In order to set the WinHTTP proxy system-wide on your computers, you need to
- Use the command netsh winhttp set proxy \<server\>:\<port\> - Use the command netsh winhttp set proxy \<server\>:\<port\>

1
windows/deployment/windows-autopilot/autopilot-faq.md
View File

@ -39,6 +39,7 @@ A [glossary](#glossary) of abbreviations used in this article is provided at the
| Must I become a CSP to participate in Windows Autopilot? | Top volume OEMs do not, as they can use the OEM Direct API. All others who choose to use MPC to register devices must become CSPs in order to access MPC. | | Must I become a CSP to participate in Windows Autopilot? | Top volume OEMs do not, as they can use the OEM Direct API. All others who choose to use MPC to register devices must become CSPs in order to access MPC. |
| Do the different CSP levels have all the same capabilities when it comes to Windows Autopilot? | For purposes of Windows Autopilot, there are three different types of CSPs, each with different levels of authority and access: <br><br>1. <b>Direct CSP</b>: Gets direct authorization from the customer to register devices. <br><br>2. <b>Indirect CSP Provider</b>: Gets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer. Indirect CSP Providers register devices through Microsoft Partner Center. <br><br>3. <b>Indirect CSP Reseller</b>: Gets direct authorization from the customer to register devices. At the same time, their indirect CSP Provider partner also gets authorization, which means that either the Indirect Provider or the Indirect Reseller can register devices for the customer. However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs. | | Do the different CSP levels have all the same capabilities when it comes to Windows Autopilot? | For purposes of Windows Autopilot, there are three different types of CSPs, each with different levels of authority and access: <br><br>1. <b>Direct CSP</b>: Gets direct authorization from the customer to register devices. <br><br>2. <b>Indirect CSP Provider</b>: Gets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer. Indirect CSP Providers register devices through Microsoft Partner Center. <br><br>3. <b>Indirect CSP Reseller</b>: Gets direct authorization from the customer to register devices. At the same time, their indirect CSP Provider partner also gets authorization, which means that either the Indirect Provider or the Indirect Reseller can register devices for the customer. However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs. |
## Manufacturing ## Manufacturing
| Question | Answer | | Question | Answer |

10
windows/deployment/windows-autopilot/registration-auth.md
View File

@ -51,7 +51,8 @@ For a CSP to register Windows Autopilot devices on behalf of a customer, the cus
![Global admin](images/csp3.png) ![Global admin](images/csp3.png)
NOTE: A user without global admin privileges who clicks the link will see a message similar to the following: > [!NOTE]
> A user without global admin privileges who clicks the link will see a message similar to the following:
![Not global admin](images/csp4.png) ![Not global admin](images/csp4.png)
@ -69,14 +70,17 @@ Each OEM has a unique link to provide to their respective customers, which the O
![Global admin](images/csp6.png) ![Global admin](images/csp6.png)
NOTE: A user without global admin privileges who clicks the link will see a message similar to the following: > [!NOTE]
> A user without global admin privileges who clicks the link will see a message similar to the following:
![Not global admin](images/csp7.png) ![Not global admin](images/csp7.png)
3. Customer selects the **Yes** checkbox, followed by the **Accept** button, and theyre done. Authorization happens instantaneously. 3. Customer selects the **Yes** checkbox, followed by the **Accept** button, and theyre done. Authorization happens instantaneously.
4. The OEM can use the Validate Device Submission Data API to verify the consent has completed. This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, its a best practice recommendation for OEM partners to run the API check to confirm theyve received customer consent before attempting to register devices, thus avoiding errors in the registration process. 4. The OEM can use the Validate Device Submission Data API to verify the consent has completed. This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, its a best practice recommendation for OEM partners to run the API check to confirm theyve received customer consent before attempting to register devices, thus avoiding errors in the registration process.
> [!NOTE]
> During the OEM authorization registration process, no delegated admin permissions are granted to the OEM.
## Summary ## Summary
At this stage of the process, Microsoft is no longer involved; the consent exchange happens directly between the OEM and the customer. And, it all happens instantaneously - as quickly as buttons are clicked. At this stage of the process, Microsoft is no longer involved; the consent exchange happens directly between the OEM and the customer. And, it all happens instantaneously - as quickly as buttons are clicked.

10
windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
View File

@ -31,7 +31,7 @@ ms.reviewer:
Windows, today, natively only supports the use of a single credential (password, PIN, fingerprint, face, etc.) for unlocking a device. Therefore, if any of those credentials are compromised (shoulder surfed), an attacker could gain access to the system. Windows, today, natively only supports the use of a single credential (password, PIN, fingerprint, face, etc.) for unlocking a device. Therefore, if any of those credentials are compromised (shoulder surfed), an attacker could gain access to the system.
Windows 10 offers Multi-factor device unlock by extending Windows Hello with trusted signals, administrators can configure Windows 10 to request a combination of factors and trusted signals to unlock their devices. Windows 10 offers Multi-factor device unlock by extending Windows Hello with trusted signals. Administrators can configure Windows 10 to request a combination of factors and trusted signals to unlock their devices.
Which organizations can take advantage of Multi-factor unlock? Those who: Which organizations can take advantage of Multi-factor unlock? Those who:
* Have expressed that PINs alone do not meet their security needs. * Have expressed that PINs alone do not meet their security needs.
@ -101,7 +101,7 @@ Each rule element has a **signal** element. All signal elements have a **type**
| type| "wifi" (Windows 10, version 1803) | type| "wifi" (Windows 10, version 1803)
#### Bluetooth #### Bluetooth
You define the bluetooth signal with additional attribute in the signal element. The bluetooth configuration does not use any other elements. You can end the signal element with short ending tag "\/>". You define the bluetooth signal with additional attributes in the signal element. The bluetooth configuration does not use any other elements. You can end the signal element with short ending tag "\/>".
|Attribute|Value|Required| |Attribute|Value|Required|
|---------|-----|--------| |---------|-----|--------|
@ -117,7 +117,7 @@ Example:
<signal type="bluetooth" scenario="Authentication" classOfDevice="512" rssiMin="-10" rssiMaxDelta="-10"/> <signal type="bluetooth" scenario="Authentication" classOfDevice="512" rssiMin="-10" rssiMaxDelta="-10"/>
</rule> </rule>
``` ```
The **classofDevice** attribute defaults Phones and uses the values from the following table The **classofDevice** attribute defaults to Phone and uses the values from the following table:
|Description|Value| |Description|Value|
|:-------------|:-------:| |:-------------|:-------:|
@ -138,7 +138,7 @@ The **rssiMin** attribute value signal indicates the strength needed for the dev
RSSI measurements are relative and lower as the bluetooth signals between the two paired devices reduces. Therefore a measurement of 0 is stronger than -10, which is stronger than -60, which is an indicator the devices are moving further apart from each other. RSSI measurements are relative and lower as the bluetooth signals between the two paired devices reduces. Therefore a measurement of 0 is stronger than -10, which is stronger than -60, which is an indicator the devices are moving further apart from each other.
>[!IMPORTANT] >[!IMPORTANT]
>Microsoft recommends using the default values for this policy settings. Measurements are relative, based on the varying conditions of each environment. Therefore, the same values may produce different results. Test policy settings in each environment prior to broadly deploying the setting. Use the rssiMIN and rssiMaxDelta values from the XML file created by the Group Policy Management Editor or remove both attributes to use the default values. >Microsoft recommends using the default values for this policy setting. Measurements are relative, based on the varying conditions of each environment. Therefore, the same values may produce different results. Test policy settings in each environment prior to broadly deploying the setting. Use the rssiMIN and rssiMaxDelta values from the XML file created by the Group Policy Management Editor or remove both attributes to use the default values.
#### IP Configuration #### IP Configuration
You define IP configuration signals using one or more ipConfiguration elements. Each element has a string value. IpConfiguration elements do not have attributes or nested elements. You define IP configuration signals using one or more ipConfiguration elements. Each element has a string value. IpConfiguration elements do not have attributes or nested elements.
@ -198,7 +198,7 @@ The IPv6 DNS server represented in Internet standard hexadecimal encoding. An IP
<ipv6DnsServer>21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A%2</ipv6DnsServer> <ipv6DnsServer>21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A%2</ipv6DnsServer>
``` ```
##### dnsSuffix ##### dnsSuffix
The fully qualified domain name of your organizations internal DNS suffix where any part of the fully qualified domain name in this setting exists in the computer's primary DNS suffix. The **signal** element may contain one or more **dnsSuffix** elements.<br> The fully qualified domain name of your organization's internal DNS suffix where any part of the fully qualified domain name in this setting exists in the computer's primary DNS suffix. The **signal** element may contain one or more **dnsSuffix** elements.<br>
**Example** **Example**
``` ```
<dnsSuffix>corp.contoso.com</dnsSuffix> <dnsSuffix>corp.contoso.com</dnsSuffix>

2
windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
View File

@ -185,7 +185,7 @@ Certificate requirements are listed by versions of the Windows operating system.
The smart card certificate has specific format requirements when it is used with Windows XP and earlier operating systems. You can enable any certificate to be visible for the smart card credential provider. The smart card certificate has specific format requirements when it is used with Windows XP and earlier operating systems. You can enable any certificate to be visible for the smart card credential provider.
| **Component** | **Requirements for Windows 8.1, Windows 8, Windows 7, and Windows Vista** | **Requirements for Windows XP** | | **Component** | **Requirements for Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows 10** | **Requirements for Windows XP** |
|--------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |--------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| CRL distribution point location | Not required | The location must be specified, online, and available, for example:<br>\[1\]CRL Distribution Point<br>Distribution Point Name:<br>Full Name:<br>URL=<http://server1.contoso.com/CertEnroll/caname.crl> | | CRL distribution point location | Not required | The location must be specified, online, and available, for example:<br>\[1\]CRL Distribution Point<br>Distribution Point Name:<br>Full Name:<br>URL=<http://server1.contoso.com/CertEnroll/caname.crl> |
| Key usage | Digital signature | Digital signature | | Key usage | Digital signature | Digital signature |

2
windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
View File

@ -35,7 +35,7 @@ This table includes the recommended URLs to add to your Enterprise Cloud Resourc
|-----------------------------|---------------------------------------------------------------------| |-----------------------------|---------------------------------------------------------------------|
|Office 365 for Business |<ul><li>contoso.sharepoint.com</li><li>contoso-my.sharepoint.com</li><li>contoso-files.sharepoint.com</li><li>tasks.office.com</li><li>protection.office.com</li><li>meet.lync.com</li><li>teams.microsoft.com</li></ul> | |Office 365 for Business |<ul><li>contoso.sharepoint.com</li><li>contoso-my.sharepoint.com</li><li>contoso-files.sharepoint.com</li><li>tasks.office.com</li><li>protection.office.com</li><li>meet.lync.com</li><li>teams.microsoft.com</li></ul> |
|Yammer |<ul><li>www.yammer.com</li><li>yammer.com</li><li>persona.yammer.com</li></ul> | |Yammer |<ul><li>www.yammer.com</li><li>yammer.com</li><li>persona.yammer.com</li></ul> |
|Outlook Web Access (OWA) |attachments.office.net | |Outlook Web Access (OWA) |<ul><li>outlook.office.com</li><li>outlook.office365.com</li><li>attachments.office.net</li></ul> |
|Microsoft Dynamics |contoso.crm.dynamics.com | |Microsoft Dynamics |contoso.crm.dynamics.com |
|Visual Studio Online |contoso.visualstudio.com | |Visual Studio Online |contoso.visualstudio.com |
|Power BI |contoso.powerbi.com | |Power BI |contoso.powerbi.com |

4
windows/security/threat-protection/fips-140-validation.md
View File

@ -57,7 +57,7 @@ The cadence for starting module validation aligns with the feature updates of Wi
### What is the difference between “FIPS 140 validated” and “FIPS 140 compliant”? ### What is the difference between “FIPS 140 validated” and “FIPS 140 compliant”?
“FIPS 140 validated” means that the cryptographic module, or a product that embeds the module, has been validated (“certified”) by the CMVP as meeting as meeting the FIPS 140-2 requirements. “FIPS 140 compliant” is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality. “FIPS 140 validated” means that the cryptographic module, or a product that embeds the module, has been validated (“certified”) by the CMVP as meeting the FIPS 140-2 requirements. “FIPS 140 compliant” is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality.
### I need to know if a Windows service or application is FIPS 140-2 validated. ### I need to know if a Windows service or application is FIPS 140-2 validated.
@ -7191,4 +7191,4 @@ Version 6.3.9600</p></td>
\[[SP 800-57](http://csrc.nist.gov/publications/pubssps.html#800-57-part1)\] - Recommendation for Key Management Part 1: General (Revised) \[[SP 800-57](http://csrc.nist.gov/publications/pubssps.html#800-57-part1)\] - Recommendation for Key Management Part 1: General (Revised)
\[[SP 800-131A](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)\] - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths \[[SP 800-131A](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)\] - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

2
windows/security/threat-protection/intelligence/prevent-malware-infection.md
View File

@ -85,6 +85,8 @@ To further ensure that data is protected from malware as well as other threats:
* Do not use untrusted devices to log on to email, social media, and corporate accounts. * Do not use untrusted devices to log on to email, social media, and corporate accounts.
* Avoid downloading or running older apps. Some of these apps might have vulnerabilities. Also, older file formats for Office 2003 (.doc, .pps, and .xls) allow macros or run. This could be a security risk.
## Software solutions ## Software solutions
Microsoft provides comprehensive security capabilities that help protect against threats. We recommend: Microsoft provides comprehensive security capabilities that help protect against threats. We recommend:

2
windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
View File

@ -68,7 +68,7 @@ You can configure the following levels of automation:
|Automation level | Description| |Automation level | Description|
|---|---| |---|---|
|Not protected | Machines do not get any automated investigations run on them. | |No automated response | Machines do not get any automated investigations run on them. |
|Semi - require approval for any remediation | This is the default automation level.<br><br> An approval is needed for any remediation action. | |Semi - require approval for any remediation | This is the default automation level.<br><br> An approval is needed for any remediation action. |
|Semi - require approval for non-temp folders remediation | An approval is required on files or executables that are not in temporary folders. <br><br> Files or executables in temporary folders, such as the user's download folder or the user's temp folder, will automatically be remediated if needed.| |Semi - require approval for non-temp folders remediation | An approval is required on files or executables that are not in temporary folders. <br><br> Files or executables in temporary folders, such as the user's download folder or the user's temp folder, will automatically be remediated if needed.|
|Semi - require approval for core folders remediation | An approval is required on files or executables that are in the operating system directories such as Windows folder and Program files folder. <br><br> Files or executables in all other folders will automatically be remediated if needed.| |Semi - require approval for core folders remediation | An approval is required on files or executables that are in the operating system directories such as Windows folder and Program files folder. <br><br> Files or executables in all other folders will automatically be remediated if needed.|

7
windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
View File

@ -80,6 +80,13 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa
b. Copy _AtpConfiguration.adml_ into _C:\\Windows\\PolicyDefinitions\\en-US_ b. Copy _AtpConfiguration.adml_ into _C:\\Windows\\PolicyDefinitions\\en-US_
If you are using a [Central Store for Group Policy Administrative Templates](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra), copy the following files from the
configuration package:
a. Copy _AtpConfiguration.admx_ into _\\\\\<forest.root\>\\SysVol\\\<forest.root\>\\Policies\\PolicyDefinitions_
b. Copy _AtpConfiguration.adml_ into _\\\\\<forest.root\>\\SysVol\\\<forest.root\>\\Policies\\PolicyDefinitions\\en-US_
2. Open the [Group Policy Management Console](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11), right-click the GPO you want to configure and click **Edit**. 2. Open the [Group Policy Management Console](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11), right-click the GPO you want to configure and click **Edit**.
3. In the **Group Policy Management Editor**, go to **Computer configuration**. 3. In the **Group Policy Management Editor**, go to **Computer configuration**.

4
windows/security/threat-protection/microsoft-defender-atp/live-response.md
View File

@ -55,6 +55,9 @@ You'll need to enable the live response capability in the [Advanced features set
- **Ensure that you have the appropriate permissions**<br> - **Ensure that you have the appropriate permissions**<br>
Only users who have been provisioned with the appropriate permissions can initiate a session. For more information on role assignments see, [Create and manage roles](user-roles.md). Only users who have been provisioned with the appropriate permissions can initiate a session. For more information on role assignments see, [Create and manage roles](user-roles.md).
> [!IMPORTANT]
> The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions.
Depending on the role that's been granted to you, you can run basic or advanced live response commands. Users permission are controlled by RBAC custom role. Depending on the role that's been granted to you, you can run basic or advanced live response commands. Users permission are controlled by RBAC custom role.
## Live response dashboard overview ## Live response dashboard overview
@ -250,4 +253,3 @@ Each command is tracked with full details such as:

20
windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md
View File

@ -31,6 +31,10 @@ To benefit from Microsoft Defender Advanced Threat Protection (ATP) cloud app di
>[!NOTE] >[!NOTE]
>This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)) or later Windows 10 versions. >This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)) or later Windows 10 versions.
> See [Microsoft Defender Advanced Threat Protection integration with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration) for detailed integration of Microsoft Defender ATP with Microsoft Cloud App Security.
## Enable Microsoft Cloud App Security in Microsoft Defender ATP
1. In the navigation pane, select **Preferences setup** > **Advanced features**. 1. In the navigation pane, select **Preferences setup** > **Advanced features**.
2. Select **Microsoft Cloud App Security** and switch the toggle to **On**. 2. Select **Microsoft Cloud App Security** and switch the toggle to **On**.
3. Click **Save preferences**. 3. Click **Save preferences**.
@ -39,21 +43,7 @@ Once activated, Microsoft Defender ATP will immediately start forwarding discove
## View the data collected ## View the data collected
1. Browse to the [Cloud App Security portal](https://portal.cloudappsecurity.com). To view and access Microsoft Defender ATP data in Microsoft Cloud Apps Security, see [Investigate machines in Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security).
2. Navigate to the Cloud Discovery dashboard.
![Image of menu to cloud discovery dashboard](images/atp-cloud-discovery-dashboard-menu.png)
3. Select **Win10 Endpoint Users report**, which contains the data coming from Microsoft Defender ATP.
![Win10 endpoint users](./images/win10-endpoint-users.png)
This report is similar to the existing discovery report with one major difference: you can now benefit from visibility to the machine context.
Notice the new **Machines** tab that allows you to view the data split to the device dimensions. This is available in the main report page or any subpage (for example, when drilling down to a specific cloud app).
![Cloud discovery](./images/cloud-discovery.png)
For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps). For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps).

3
windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md
View File

@ -52,7 +52,8 @@ The following table lists the actual and effective default policy values. Defaul
| Server type or GPO | Default value | | Server type or GPO | Default value |
| - | - | | - | - |
| Default Domain Policy | Not Defined | | Default Domain Policy | Not Defined |
| Default Domain Controller Policy | Administrators | | Default Domain Controller Policy | Not Defined |
| Domain Controller Local Security Policy | Administrators |
| Stand-Alone Server Default Settings | Administrators<br>Remote Desktop Users | | Stand-Alone Server Default Settings | Administrators<br>Remote Desktop Users |
| Domain Controller Effective Default Settings | Administrators | | Domain Controller Effective Default Settings | Administrators |
| Member Server Effective Default Settings | Administrators<br>Remote Desktop Users | | Member Server Effective Default Settings | Administrators<br>Remote Desktop Users |

5
windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md
View File

@ -27,7 +27,8 @@ ms.date: 05/17/2018
- Windows 10 - Windows 10
- Windows Server 2016 - Windows Server 2016
You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph.
You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can either configure an Endpoint Protection profile for WDAC, or create a custom profile with an OMA-URI setting. By using an Endpoint Protection profile, you can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps as defined by the Intelligent Security Graph.
1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. 1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**.
@ -41,3 +42,5 @@ You can use Microsoft Intune to configure Windows Defender Application Control (
- **Trust apps with good reputation**: Select **Enable** to allow reputable apps as defined by the Intelligent Security Graph to run in addition to Windows components and Store apps. - **Trust apps with good reputation**: Select **Enable** to allow reputable apps as defined by the Intelligent Security Graph to run in addition to Windows components and Store apps.
![Configure WDAC](images/wdac-intune-wdac-settings.png) ![Configure WDAC](images/wdac-intune-wdac-settings.png)
To add a custom profile with an OMA-URI see, [Use custom settings for Windows 10 devices in Intune](https://docs.microsoft.com/en-us/intune/configuration/custom-settings-windows-10).

3
windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
View File

@ -66,8 +66,7 @@ To verify that Secure Launch is running, use System Information (MSInfo32). Clic
>[!NOTE] >[!NOTE]
>To enable System Guard Secure launch, the platform must meet all the baseline requirements for [Device Guard](https://docs.microsoft.com/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control), [Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-requirements), and [Virtualization Based Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). >To enable System Guard Secure launch, the platform must meet all the baseline requirements for [Device Guard](https://docs.microsoft.com/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control), [Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-requirements), and [Virtualization Based Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity).
## Requirements Met by System Guard Enabled Machines ## System requirements for System Guard
Any machine with System Guard enabled will automatically meet the following low-level hardware requirements:
|For Intel&reg; vPro&trade; processors starting with Intel&reg; Coffeelake, Whiskeylake, or later silicon|Description| |For Intel&reg; vPro&trade; processors starting with Intel&reg; Coffeelake, Whiskeylake, or later silicon|Description|
|--------|-----------| |--------|-----------|

2
windows/whats-new/whats-new-windows-10-version-1809.md
View File

@ -162,7 +162,7 @@ Onboard supported versions of Windows machines so that they can send sensor data
## Cloud Clipboard ## Cloud Clipboard
Cloud clipboard helps users copy content between devices. It also manages the clipboard histroy so that you can paste your old copied data. You can access it by using **Windows+V**. Set up Cloud clipboard: Cloud clipboard helps users copy content between devices. It also manages the clipboard history so that you can paste your old copied data. You can access it by using **Windows+V**. Set up Cloud clipboard:
1. Go to **Windows Settings** and select **Systems**. 1. Go to **Windows Settings** and select **Systems**.
2. On the left menu, click on **Clipboard**. 2. On the left menu, click on **Clipboard**.