From 9c91f86b19370b98c4cc3427b3bd4bc5d8c33ee2 Mon Sep 17 00:00:00 2001 From: Jess Krynitsky Date: Thu, 21 Jul 2022 14:02:56 -0700 Subject: [PATCH 01/17] Update firewall-csp.md Added nodes and descriptions for dynamic keywords, which enables FQDN and reusable groups in firewall using MDE/MEM. This feature is planned to release to public preview at the end of the month. --- windows/client-management/mdm/firewall-csp.md | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 2812409a82..7006c1d456 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -112,6 +112,13 @@ Firewall ----------------FriendlyName ----------------Status ----------------Name +----------------RemoteAddressDynamicKeywords +--------DynamicKeywords +----------------Addresses +-------------------------Id +---------------------------------Keyword +---------------------------------Addresses +---------------------------------AutoResolve ``` **./Vendor/MSFT/Firewall** @@ -445,6 +452,42 @@ Value type is string. Supported operation is Get. Name of the rule. Value type is string. Supported operations are Add, Get, Replace, and Delete. +**FirewallRules/_FirewallRuleName_/RemoteAddressDynamicKeywords** +Comma separated list of Dynamic Keyword Address Ids (GUID strings) specifying the remote addresses covered by the rule. +Value type is string. Supported operations are Add, Get, Replace, and Delete. + + +**MdmStore/DynamicKeywords** +Interior node. +Supported operation is Get. + +**MdmStore/DynamicKeywords/Addresses** +Interior node. +Supported operation is Get. + +**MdmStore/DynamicKeywords/Addresses/Id** +A unique GUID string identifier for this dynamic keyword address. +Value type is string. Supported operations are Add, Delete, and Get. + +**MdmStore/DynamicKeywords/Addresses/Id/Keyword** +A String representing a keyword. If the AutoResolve value is true, this should be a Fully Qualified Domain name (wildcards accepted, for example "contoso.com" or "*.contoso.com"). +Value type is string. Supported operations are Add, Delete, and Get. + +**MdmStore/DynamicKeywords/Addresses/Id/Addresses** +Consists of one or more comma-delimited tokens specifying the addresses covered by this keyword. This value should not be set if AutoResolve is true. + +Valid tokens include: + - A subnet specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. +- A valid IPv6 address. +- An IPv4 address range in the format of "start address-end address" with no spaces included. +- An IPv6 address range in the format of "start address-end address" with no spaces included. +Supported operations are Add, Delete, Replace, and Get. + +**MdmStore/DynamicKeywords/Addresses/Id/AutoResolve** +Boolean value. If this flag is set to TRUE, then the 'keyword' field of this object is expected to be a fully qualified domain name, and the addresses will be automatically resolved. This flag should only be set if the Microsoft Defender Advanced Threat Protection Service is present. +Value type is string. Supported operations are Add, Delete, and Get. + + ## Related topics [Configuration service provider reference](configuration-service-provider-reference.md) From 2f8c7d1ba939ab5dda709a2f00a7d94faab5c8aa Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Tue, 26 Jul 2022 20:26:11 -0600 Subject: [PATCH 02/17] Adding new content for endpoints, other minor clean-up items --- windows/deployment/do/TOC.yml | 4 +- .../do/delivery-optimization-endpoints.md | 40 +++++++++++++++++++ .../do/delivery-optimization-proxy.md | 26 ++++++------ windows/deployment/do/index.yml | 4 +- .../do/waas-delivery-optimization-setup.md | 6 +++ .../update/waas-delivery-optimization-faq.md | 4 +- 6 files changed, 67 insertions(+), 17 deletions(-) create mode 100644 windows/deployment/do/delivery-optimization-endpoints.md diff --git a/windows/deployment/do/TOC.yml b/windows/deployment/do/TOC.yml index ba824d08fb..e949b2c0b3 100644 --- a/windows/deployment/do/TOC.yml +++ b/windows/deployment/do/TOC.yml @@ -8,14 +8,14 @@ - name: What's new href: whats-new-do.md - - - name: Configure Delivery Optimization items: - name: Configure Windows Clients items: - name: Windows Delivery Optimization settings href: waas-delivery-optimization-setup.md#recommended-delivery-optimization-settings + - name: Windows Delivery Optimization Frequently Asked Questions + href: url: waas-delivery-optimization-faq.md - name: Configure Microsoft Endpoint Manager items: - name: Delivery Optimization settings in Microsoft Intune diff --git a/windows/deployment/do/delivery-optimization-endpoints.md b/windows/deployment/do/delivery-optimization-endpoints.md new file mode 100644 index 0000000000..0df5ea859e --- /dev/null +++ b/windows/deployment/do/delivery-optimization-endpoints.md @@ -0,0 +1,40 @@ +--- +title: # Delivery Optimization and Microsoft Connected Cache content endpoints. +description: # The complete list of all fully qualified domain names, ports, and associated content types to use Delivery Optimization and Microsoft Connected Cache. +ms.date: 07/26/2022 +ms.prod: windows +ms.technology: windows +ms.topic: conceptual #reference for complete list of content types, endpoint names, ports, etc. +ms.localizationpriority: medium +author: # GitHub username (cmknox) +ms.author: # MS alias (carmenf) +ms.reviewer: # MS alias of feature PM, optional +manager: # MS alias of manager (naengler) +ms.collection: # optional +- # highpri - high priority, strategic, important, current, etc. articles +- # openauth - the article is owned by PM or community for open authoring +--- + +## Delivery Optimization and Microsoft Connected Cache content type endpoints + +_Applies to:_ + +- Windows 11 +- Windows 10 + +> [!NOTE] +> All ports are outbound. + +To ensure connect delivered via Delivery Optimization and Microsoft Connected Cache is properly configured, the following list of endpoints need to be allowed through the firewall. Use the table below to reference any particular content types supported by Delivery Optimization and Microsoft Connected Cache. + +|Domain Name |Protocol/Port(s) | Content Type | Additional Information | Version | +|---------|---------|---------------|-------------------|-----------------| +| *.b1.download.windowsupdate.com, *.dl.delivery.mp.microsoft.com, *.download.windowsupdate.com, *.au.download.windowsupdate.com, *.au.b1.download.windowsupdate.com, *.tlu.dl.delivery.mp.microsoft.com, *.emdl.ws.microsoft.com, *.ctldl.windowsupdate.com | HTTP / 80 | Windows Update Windows Defender Windows Drivers | [Complete list](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-2004-endpoints) of endpoints for Windows Update services and payload. | Microsoft Endpoint Configuration Manager Distribution Point | +| *.delivery.mp.microsoft.com | HTTP / 80 | Edge Browser | [Complete list](https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-endpoints) of endpoints for Edge Browser. | Microsoft Endpoint Configuration Manager Distribution Point | +| *.officecdn.microsoft.com.edgesuite.net, *.officecdn.microsoft.com, *.cdn.office.net | HTTP / 80 | Office CDN updates | [Complete list](https://docs.microsoft.com/en-us/office365/enterprise/office-365-endpoints) of endpoints for Office CDN updates. | Microsoft Endpoint Configuration Manager Distribution Point | +| *.manage.microsoft.com, *.swda01.manage.microsoft.com, *.swda02.manage.microsoft.com, *.swdb01.manage.microsoft.com, *.swdb02.manage.microsoft.com, *.swdc01.manage.microsoft.com, *.swdc02.manage.microsoft.com, *.swdd01.manage.microsoft.com, *.swdd02.manage.microsoft.com, *.swda01-mscdn.manage.microsoft.com, *.swda02-mscdn.manage.microsoft.com, *.swdb01-mscdn.manage.microsoft.com, *.swdb02-mscdn.manage.microsoft.com, *.swdc01-mscdn.manage.microsoft.com, *.swdc02-mscdn.manage.microsoft.com, *.swdd01-mscdn.manage.microsoft.com, *.swdd02-mscdn.manage.microsoft.com | HTTP / 80, HTTPs / 443 | Intune Win32 Apps | [Complete list](https://docs.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints) of endpoints for Intune Win32 Apps updates. | Microsoft Endpoint Configuration Manager Distribution Point | +| *.statics.teams.cdn.office.net | HTTP / 80, HTTPs / 443 | Teams | | Microsoft Endpoint Configuration Manager Distribution Point | +| *.assets1.xboxlive.com, *.assets2.xboxlive.com, *.dlassets.xboxlive.com, *.dlassets2.xboxlive.com, *.d1.xboxlive.com, *.d2.xboxlive.com, *.assets.xbox.com, *.xbl-dlassets-origin.xboxlive.com, *.assets-origin.xboxlive.com, *.xvcb1.xboxlive.com, *.xvcb2.xboxlive.com, *.xvcf1.xboxlive.com, *.xvcf2.xboxlive.com | HTTP / 80 | Xbox | | Microsoft Endpoint Configuration Manager Distribution Point | +| *.tlu.dl.adu.microsoft.com, *.nlu.dl.adu.microsoft.com, *.dcsfe.prod.adu.microsoft.com | HTTP / 80 | Device Update | [Complete list](https://docs.microsoft.com/en-us/azure/iot-hub-device-update/) of endpoints for Device Update updates. | Microsoft Endpoint Configuration Manager Distribution Point | +| *.do.dsp.mp.microsoft.com | HTTP / 80, HTTPs / 443 | Microsoft Connected Cache -> Delivery Optimization Services communication | [Complete list](https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization) of endpoints for Delivery Optimization only. | Microsoft Connected Cache Managed in Azure | +| *.azure-devices.net, *.global.azure-devices-provisioning.net, *.azurecr.io, *.blob.core.windows.net, *.mcr.microsoft.com | AMQP / 5671, MQTT / 8883, HTTPs / 443 | IoT Edge / IoT Hub communication| [Complete list](https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-protocols) of Azure IoT Hub communication protocols and ports. [Azure IoT Guide](https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-endpoints) to understanding Azure IoT Hub endpoints. | Microsoft Connected Cache Managed in Azure | diff --git a/windows/deployment/do/delivery-optimization-proxy.md b/windows/deployment/do/delivery-optimization-proxy.md index 5afb66f3f6..0b070b05ad 100644 --- a/windows/deployment/do/delivery-optimization-proxy.md +++ b/windows/deployment/do/delivery-optimization-proxy.md @@ -12,27 +12,27 @@ ms.topic: article # Using a proxy with Delivery Optimization -**Applies to** +_Applies to:_ -- Windows 10 - Windows 11 +- Windows 10 -When Delivery Optimization downloads content from HTTP sources, it uses the automatic proxy discovery capability of WinHttp to streamline and maximize the support for complex proxy configurations as it makes range requests from the content server. It does this by setting the **WINHTTP_ACCESS_TYPE_AUTOMATIC_PROXY** flag in all HTTP calls. +When Delivery Optimization downloads content from HTTP sources, it uses the automatic proxy discovery capability of WinHttp to streamline and maximize the support for complex proxy configurations as it makes range requests from the content server. It does this by setting the **WINHTTP_ACCESS_TYPE_AUTOMATIC_PROXY** flag in all HTTP calls. Delivery Optimization provides a token to WinHttp that corresponds to the user that is signed in currently. In turn, WinHttp automatically authenticates the user against the proxy server set either in Internet Explorer or in the **Proxy Settings** menu in Windows. For downloads that use Delivery Optimization to successfully use the proxy, you should set the proxy via Windows **Proxy Settings** or the Internet Explorer proxy settings. -Setting the Internet Explorer proxy to apply device-wide will ensure that the device can access the proxy server even when no user is signed in. In this case, the proxy is accessed with the “NetworkService” context if proxy authentication is required. +Setting the Internet Explorer proxy to apply device-wide will ensure that the device can access the proxy server even when no user is signed in. In this case, the proxy is accessed with the “NetworkService” context if proxy authentication is required. > [!NOTE] > We don't recommend that you use `netsh winhttp set proxy ProxyServerName:PortNumber`. Using this offers no auto-detection of the proxy, no support for an explicit PAC URL, and no authentication to the proxy. This setting is ignored by WinHTTP for requests that use auto-discovery (if an interactive user token is used). If a user is signed in, the system uses the Internet Explorer proxy. -If no user is signed in, even if both the Internet Explorer proxy and netsh configuration are set, the netsh configuration will take precedence over the Internet Explorer proxy. This can result in download failures. For example, you might receive HTTP_E_STATUS_PROXY_AUTH_REQ or HTTP_E_STATUS_DENIED errors. +If no user is signed in, even if both the Internet Explorer proxy and netsh configuration are set, the netsh configuration will take precedence over the Internet Explorer proxy. This can result in download failures. For example, you might receive HTTP_E_STATUS_PROXY_AUTH_REQ or HTTP_E_STATUS_DENIED errors. -You can still use netsh to import the proxy setting from Internet Explorer (`netsh winhttp import proxy source=ie `) if your proxy configuration is a static *proxyServerName:Port*. However, the same limitations mentioned previously apply. +You can still use netsh to import the proxy setting from Internet Explorer (`netsh winhttp import proxy source=ie `) if your proxy configuration is a static *proxyServerName:Port*. However, the same limitations mentioned previously apply. ### Summary of settings behavior @@ -43,7 +43,7 @@ With an interactive user signed in: |Named proxy set by using: |Delivery Optimization successfully uses proxy | |---------|---------| |Internet Explorer proxy, current user | Yes | -|Internet Explorer proxy, device-wide | Yes | +|Internet Explorer proxy, device-wide | Yes | |netsh proxy | No | |Both Internet Explorer proxy (current user) *and* netsh proxy | Yes, Internet Explorer proxy is used | |Both Internet Explorer proxy (device-wide) *and* netsh proxy | Yes, Internet Explorer proxy is used | @@ -53,7 +53,7 @@ With NetworkService (if unable to obtain a user token from a signed-in user): |Named proxy set by using: |Delivery Optimization successfully uses proxy | |---------|---------| |Internet Explorer proxy, current user | No | -|Internet Explorer proxy, device-wide | Yes | +|Internet Explorer proxy, device-wide | Yes | |netsh proxy | Yes | |Both Internet Explorer proxy (current user) *and* netsh proxy | Yes, netsh proxy is used | |Both Internet Explorer proxy (device-wide) *and* netsh proxy | Yes, netsh proxy is used | @@ -70,10 +70,10 @@ This policy is meant to ensure that proxy settings apply uniformly to the same c Starting with Windows 10, version 2004, you can use Connected Cache behind a proxy. In older versions, when you set Delivery Optimization to download from Connected Cache, it will bypass the proxy and try to connect directly to the Connected Cache server. This can cause failure to download. -However, you can set the Connected Cache server to use an unauthenticated proxy. For more information, see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache#prerequisites-and-limitations). +However, you can set the Connected Cache server to use an unauthenticated proxy. For more information, see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache#prerequisites-and-limitations). - ## Related articles +## Related articles -- [How can I configure Proxy AutoConfigURL Setting using Group Policy Preference (GPP)?](/archive/blogs/askie/how-can-i-configure-proxy-autoconfigurl-setting-using-group-policy-preference-gpp) -- [How to use GPP Registry to uncheck automatically detect settings? ](/archive/blogs/askie/how-to-use-gpp-registry-to-uncheck-automatically-detect-settings) -- [How to configure a proxy server URL and Port using GPP Registry?](/archive/blogs/askie/how-to-configure-a-proxy-server-url-and-port-using-gpp-registry) \ No newline at end of file +- [How can I configure Proxy AutoConfigURL Setting using Group Policy Preference (GPP)?](/archive/blogs/askie/how-can-i-configure-proxy-autoconfigurl-setting-using-group-policy-preference-gpp) +- [How to use GPP Registry to uncheck automatically detect settings?](/archive/blogs/askie/how-to-use-gpp-registry-to-uncheck-automatically-detect-settings) +- [How to configure a proxy server URL and Port using GPP Registry?](/archive/blogs/askie/how-to-configure-a-proxy-server-url-and-port-using-gpp-registry) diff --git a/windows/deployment/do/index.yml b/windows/deployment/do/index.yml index c1f2b5eb4a..f2292d6e08 100644 --- a/windows/deployment/do/index.yml +++ b/windows/deployment/do/index.yml @@ -1,6 +1,6 @@ ### YamlMime:Landing -title: Delivery Optimization for Windows client # < 60 chars +title: Delivery Optimization # < 60 chars summary: Set up peer to peer downloads for Windows Updates and learn about Microsoft Connected Cache. # < 160 chars metadata: @@ -97,4 +97,6 @@ landingContent: url: delivery-optimization-workflow.md - text: Using a proxy with Delivery Optimization url: delivery-optimization-proxy.md + - text: Content endpoints for Delivery Optimization / Microsoft Connected Cache + url: delivery-optimization-endpoints.md diff --git a/windows/deployment/do/waas-delivery-optimization-setup.md b/windows/deployment/do/waas-delivery-optimization-setup.md index fd6f82f98c..a7410f4b72 100644 --- a/windows/deployment/do/waas-delivery-optimization-setup.md +++ b/windows/deployment/do/waas-delivery-optimization-setup.md @@ -31,6 +31,12 @@ Starting with Microsoft Intune version 1902, you can set many Delivery Optimizat **Starting with Windows 10, version 1903**, you can use the Azure Active Directory (Azure AD) Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5. +## Allow content endpoints + +When using a firewall, it is important that the content endpoints are allowed and associated ports are open. + +[Learn more](delivery-optimization-endpoints.md) about the complete list for fully qualified domains, ports for all Delivery Optimization and Microsoft Connected Cache content types. + ## Recommended Delivery Optimization settings Delivery Optimization offers a great many settings to fine-tune its behavior (see [Delivery Optimization reference](waas-delivery-optimization-reference.md) for a comprehensive list), but for the most efficient performance, there are just a few key parameters that will have the greatest impact if particular situations exist in your deployment. If you just need an overview of Delivery Optimization, see [Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md). diff --git a/windows/deployment/update/waas-delivery-optimization-faq.md b/windows/deployment/update/waas-delivery-optimization-faq.md index 4e752ce90b..ec8a820b3e 100644 --- a/windows/deployment/update/waas-delivery-optimization-faq.md +++ b/windows/deployment/update/waas-delivery-optimization-faq.md @@ -37,7 +37,7 @@ For Delivery Optimization to successfully use the proxy, you should set up the p ## What hostnames should I allow through my firewall to support Delivery Optimization? -**For communication between clients and the Delivery Optimization cloud service**: +**For communication between clients and the Delivery Optimization cloud service**: - `*.do.dsp.mp.microsoft.com` @@ -55,6 +55,8 @@ For Delivery Optimization to successfully use the proxy, you should set up the p - `win1910.ipv6.microsoft.com` +[Complete list](delivery-optimization-endpoints.md) of all content endpoints used for Delivery Optimization and Microsoft Connected Cache. + ## Does Delivery Optimization use multicast? No. It relies on the cloud service for peer discovery, resulting in a list of peers and their IP addresses. Client devices then connect to their peers to obtain download files over TCP/IP. From 1a3d4d7305d498217e2277b633c9b86bacadaaa3 Mon Sep 17 00:00:00 2001 From: Carmen Forsmann Date: Wed, 27 Jul 2022 17:50:47 -0600 Subject: [PATCH 03/17] Update delivery-optimization-endpoints.md --- windows/deployment/do/delivery-optimization-endpoints.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/do/delivery-optimization-endpoints.md b/windows/deployment/do/delivery-optimization-endpoints.md index 0df5ea859e..6404e3feae 100644 --- a/windows/deployment/do/delivery-optimization-endpoints.md +++ b/windows/deployment/do/delivery-optimization-endpoints.md @@ -15,7 +15,7 @@ ms.collection: # optional - # openauth - the article is owned by PM or community for open authoring --- -## Delivery Optimization and Microsoft Connected Cache content type endpoints +# Delivery Optimization and Microsoft Connected Cache content type endpoints _Applies to:_ @@ -25,7 +25,7 @@ _Applies to:_ > [!NOTE] > All ports are outbound. -To ensure connect delivered via Delivery Optimization and Microsoft Connected Cache is properly configured, the following list of endpoints need to be allowed through the firewall. Use the table below to reference any particular content types supported by Delivery Optimization and Microsoft Connected Cache. +To ensure content delivered via Delivery Optimization and Microsoft Connected Cache is properly configured, the following list of endpoints need to be allowed through the firewall. Use the table below to reference any particular content types supported by Delivery Optimization and Microsoft Connected Cache. |Domain Name |Protocol/Port(s) | Content Type | Additional Information | Version | |---------|---------|---------------|-------------------|-----------------| From 97f382182a16d52d7d855bead7d56ea6c3cb6151 Mon Sep 17 00:00:00 2001 From: Michael Nady Date: Sat, 30 Jul 2022 01:28:55 +0200 Subject: [PATCH 04/17] #10516 I picked point nb. 4 to put my the commenter's note it. Please move the note to a more suitable place if needed. --- .../windows-sandbox/windows-sandbox-overview.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md index ec211848d1..9aaeef5f2a 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md @@ -67,6 +67,8 @@ The following video provides an overview of Windows Sandbox. 4. Locate and select **Windows Sandbox** on the Start menu to run it for the first time. + > [!NOTE] + > The Sandbox version of Windows will not respect the mouse settings of the host system, so if the host system is set to use a right-handed mouse, you will need to apply these settings inside the Sandbox manually. ## Usage 1. Copy an executable file (and any other files needed to run the application) from the host and paste them into the **Windows Sandbox** window. From 88d2e687a89104bba978ed2eab5e1b669bbd6bd4 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 1 Aug 2022 14:30:34 -0700 Subject: [PATCH 05/17] content dev edits for do --- windows/deployment/do/TOC.yml | 5 ++- .../do/delivery-optimization-endpoints.md | 37 +++++++++---------- .../do/delivery-optimization-proxy.md | 4 +- windows/deployment/do/index.yml | 2 +- .../do/waas-delivery-optimization-setup.md | 5 +-- .../update/waas-delivery-optimization-faq.md | 2 +- 6 files changed, 27 insertions(+), 28 deletions(-) diff --git a/windows/deployment/do/TOC.yml b/windows/deployment/do/TOC.yml index e949b2c0b3..ad872a2c86 100644 --- a/windows/deployment/do/TOC.yml +++ b/windows/deployment/do/TOC.yml @@ -15,7 +15,7 @@ - name: Windows Delivery Optimization settings href: waas-delivery-optimization-setup.md#recommended-delivery-optimization-settings - name: Windows Delivery Optimization Frequently Asked Questions - href: url: waas-delivery-optimization-faq.md + href: ../update/waas-delivery-optimization-faq.md - name: Configure Microsoft Endpoint Manager items: - name: Delivery Optimization settings in Microsoft Intune @@ -40,3 +40,6 @@ href: delivery-optimization-workflow.md - name: Using a proxy with Delivery Optimization href: delivery-optimization-proxy.md + - name: Content endpoints for Delivery Optimization and Microsoft Connected Cache + href: delivery-optimization-endpoints.md + diff --git a/windows/deployment/do/delivery-optimization-endpoints.md b/windows/deployment/do/delivery-optimization-endpoints.md index 6404e3feae..306465ca1d 100644 --- a/windows/deployment/do/delivery-optimization-endpoints.md +++ b/windows/deployment/do/delivery-optimization-endpoints.md @@ -1,18 +1,15 @@ --- -title: # Delivery Optimization and Microsoft Connected Cache content endpoints. -description: # The complete list of all fully qualified domain names, ports, and associated content types to use Delivery Optimization and Microsoft Connected Cache. +title: Delivery Optimization and Microsoft Connected Cache content endpoints +description: List of fully qualified domain names, ports, and associated content types to use Delivery Optimization and Microsoft Connected Cache. ms.date: 07/26/2022 ms.prod: windows -ms.technology: windows -ms.topic: conceptual #reference for complete list of content types, endpoint names, ports, etc. +ms.technology: windows-10 +ms.topic: reference ms.localizationpriority: medium -author: # GitHub username (cmknox) -ms.author: # MS alias (carmenf) -ms.reviewer: # MS alias of feature PM, optional -manager: # MS alias of manager (naengler) -ms.collection: # optional -- # highpri - high priority, strategic, important, current, etc. articles -- # openauth - the article is owned by PM or community for open authoring +author: cmknox +ms.author: carmenf +ms.reviewer: mstewart +manager: naengler --- # Delivery Optimization and Microsoft Connected Cache content type endpoints @@ -25,16 +22,16 @@ _Applies to:_ > [!NOTE] > All ports are outbound. -To ensure content delivered via Delivery Optimization and Microsoft Connected Cache is properly configured, the following list of endpoints need to be allowed through the firewall. Use the table below to reference any particular content types supported by Delivery Optimization and Microsoft Connected Cache. +This article lists the endpoints that need to be allowed through the firewall to ensure that content from Delivery Optimization and Microsoft Connected cache is properly delivered. Use the table below to reference any particular content types supported by Delivery Optimization and Microsoft Connected Cache: |Domain Name |Protocol/Port(s) | Content Type | Additional Information | Version | |---------|---------|---------------|-------------------|-----------------| -| *.b1.download.windowsupdate.com, *.dl.delivery.mp.microsoft.com, *.download.windowsupdate.com, *.au.download.windowsupdate.com, *.au.b1.download.windowsupdate.com, *.tlu.dl.delivery.mp.microsoft.com, *.emdl.ws.microsoft.com, *.ctldl.windowsupdate.com | HTTP / 80 | Windows Update Windows Defender Windows Drivers | [Complete list](https://docs.microsoft.com/en-us/windows/privacy/manage-windows-2004-endpoints) of endpoints for Windows Update services and payload. | Microsoft Endpoint Configuration Manager Distribution Point | -| *.delivery.mp.microsoft.com | HTTP / 80 | Edge Browser | [Complete list](https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-endpoints) of endpoints for Edge Browser. | Microsoft Endpoint Configuration Manager Distribution Point | -| *.officecdn.microsoft.com.edgesuite.net, *.officecdn.microsoft.com, *.cdn.office.net | HTTP / 80 | Office CDN updates | [Complete list](https://docs.microsoft.com/en-us/office365/enterprise/office-365-endpoints) of endpoints for Office CDN updates. | Microsoft Endpoint Configuration Manager Distribution Point | -| *.manage.microsoft.com, *.swda01.manage.microsoft.com, *.swda02.manage.microsoft.com, *.swdb01.manage.microsoft.com, *.swdb02.manage.microsoft.com, *.swdc01.manage.microsoft.com, *.swdc02.manage.microsoft.com, *.swdd01.manage.microsoft.com, *.swdd02.manage.microsoft.com, *.swda01-mscdn.manage.microsoft.com, *.swda02-mscdn.manage.microsoft.com, *.swdb01-mscdn.manage.microsoft.com, *.swdb02-mscdn.manage.microsoft.com, *.swdc01-mscdn.manage.microsoft.com, *.swdc02-mscdn.manage.microsoft.com, *.swdd01-mscdn.manage.microsoft.com, *.swdd02-mscdn.manage.microsoft.com | HTTP / 80, HTTPs / 443 | Intune Win32 Apps | [Complete list](https://docs.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints) of endpoints for Intune Win32 Apps updates. | Microsoft Endpoint Configuration Manager Distribution Point | -| *.statics.teams.cdn.office.net | HTTP / 80, HTTPs / 443 | Teams | | Microsoft Endpoint Configuration Manager Distribution Point | +| *.b1.download.windowsupdate.com, *.dl.delivery.mp.microsoft.com, *.download.windowsupdate.com, *.au.download.windowsupdate.com, *.au.b1.download.windowsupdate.com, *.tlu.dl.delivery.mp.microsoft.com, *.emdl.ws.microsoft.com, *.ctldl.windowsupdate.com | HTTP / 80 | Windows Update
Windows Defender
Windows Drivers | [Complete list](/windows/privacy/manage-windows-2004-endpoints) of endpoints for Windows Update services and payload. | Microsoft Endpoint Configuration Manager Distribution Point | +| *.delivery.mp.microsoft.com | HTTP / 80 | Edge Browser | [Complete list](/deployedge/microsoft-edge-security-endpoints) of endpoints for Edge Browser. | Microsoft Endpoint Configuration Manager Distribution Point | +| *.officecdn.microsoft.com.edgesuite.net, *.officecdn.microsoft.com, *.cdn.office.net | HTTP / 80 | Office CDN updates | [Complete list](/office365/enterprise/office-365-endpoints) of endpoints for Office CDN updates. | Microsoft Endpoint Configuration Manager Distribution Point | +| *.manage.microsoft.com, *.swda01.manage.microsoft.com, *.swda02.manage.microsoft.com, *.swdb01.manage.microsoft.com, *.swdb02.manage.microsoft.com, *.swdc01.manage.microsoft.com, *.swdc02.manage.microsoft.com, *.swdd01.manage.microsoft.com, *.swdd02.manage.microsoft.com, *.swda01-mscdn.manage.microsoft.com, *.swda02-mscdn.manage.microsoft.com, *.swdb01-mscdn.manage.microsoft.com, *.swdb02-mscdn.manage.microsoft.com, *.swdc01-mscdn.manage.microsoft.com, *.swdc02-mscdn.manage.microsoft.com, *.swdd01-mscdn.manage.microsoft.com, *.swdd02-mscdn.manage.microsoft.com | HTTP / 80
HTTPs / 443 | Intune Win32 Apps | [Complete list](/mem/intune/fundamentals/intune-endpoints) of endpoints for Intune Win32 Apps updates. | Microsoft Endpoint Configuration Manager Distribution Point | +| *.statics.teams.cdn.office.net | HTTP / 80
HTTPs / 443 | Teams | | Microsoft Endpoint Configuration Manager Distribution Point | | *.assets1.xboxlive.com, *.assets2.xboxlive.com, *.dlassets.xboxlive.com, *.dlassets2.xboxlive.com, *.d1.xboxlive.com, *.d2.xboxlive.com, *.assets.xbox.com, *.xbl-dlassets-origin.xboxlive.com, *.assets-origin.xboxlive.com, *.xvcb1.xboxlive.com, *.xvcb2.xboxlive.com, *.xvcf1.xboxlive.com, *.xvcf2.xboxlive.com | HTTP / 80 | Xbox | | Microsoft Endpoint Configuration Manager Distribution Point | -| *.tlu.dl.adu.microsoft.com, *.nlu.dl.adu.microsoft.com, *.dcsfe.prod.adu.microsoft.com | HTTP / 80 | Device Update | [Complete list](https://docs.microsoft.com/en-us/azure/iot-hub-device-update/) of endpoints for Device Update updates. | Microsoft Endpoint Configuration Manager Distribution Point | -| *.do.dsp.mp.microsoft.com | HTTP / 80, HTTPs / 443 | Microsoft Connected Cache -> Delivery Optimization Services communication | [Complete list](https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-faq#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization) of endpoints for Delivery Optimization only. | Microsoft Connected Cache Managed in Azure | -| *.azure-devices.net, *.global.azure-devices-provisioning.net, *.azurecr.io, *.blob.core.windows.net, *.mcr.microsoft.com | AMQP / 5671, MQTT / 8883, HTTPs / 443 | IoT Edge / IoT Hub communication| [Complete list](https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-protocols) of Azure IoT Hub communication protocols and ports. [Azure IoT Guide](https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-endpoints) to understanding Azure IoT Hub endpoints. | Microsoft Connected Cache Managed in Azure | +| *.tlu.dl.adu.microsoft.com, *.nlu.dl.adu.microsoft.com, *.dcsfe.prod.adu.microsoft.com | HTTP / 80 | Device Update | [Complete list](/azure/iot-hub-device-update/) of endpoints for Device Update updates. | Microsoft Endpoint Configuration Manager Distribution Point | +| *.do.dsp.mp.microsoft.com | HTTP / 80
HTTPs / 443 | Microsoft Connected Cache -> Delivery Optimization Services communication | [Complete list](../update/waas-delivery-optimization-faq.md#what-hostnames-should-i-allow-through-my-firewall-to-support-delivery-optimization) of endpoints for Delivery Optimization only. | Microsoft Connected Cache Managed in Azure | +| *.azure-devices.net, *.global.azure-devices-provisioning.net, *.azurecr.io, *.blob.core.windows.net, *.mcr.microsoft.com | AMQP / 5671
MQTT / 8883
HTTPs / 443 | IoT Edge / IoT Hub communication| [Complete list](/azure/iot-hub/iot-hub-devguide-protocols) of Azure IoT Hub communication protocols and ports. [Azure IoT Guide](/azure/iot-hub/iot-hub-devguide-endpoints) to understanding Azure IoT Hub endpoints. | Microsoft Connected Cache Managed in Azure | diff --git a/windows/deployment/do/delivery-optimization-proxy.md b/windows/deployment/do/delivery-optimization-proxy.md index 0b070b05ad..15bd6957d3 100644 --- a/windows/deployment/do/delivery-optimization-proxy.md +++ b/windows/deployment/do/delivery-optimization-proxy.md @@ -12,7 +12,7 @@ ms.topic: article # Using a proxy with Delivery Optimization -_Applies to:_ +**Applies to:** - Windows 11 - Windows 10 @@ -76,4 +76,4 @@ However, you can set the Connected Cache server to use an unauthenticated proxy. - [How can I configure Proxy AutoConfigURL Setting using Group Policy Preference (GPP)?](/archive/blogs/askie/how-can-i-configure-proxy-autoconfigurl-setting-using-group-policy-preference-gpp) - [How to use GPP Registry to uncheck automatically detect settings?](/archive/blogs/askie/how-to-use-gpp-registry-to-uncheck-automatically-detect-settings) -- [How to configure a proxy server URL and Port using GPP Registry?](/archive/blogs/askie/how-to-configure-a-proxy-server-url-and-port-using-gpp-registry) +- [How to configure a proxy server URL and Port using GPP Registry?](/archive/blogs/askie/how-to-configure-a-proxy-server-url-and-port-using-gpp-registry) diff --git a/windows/deployment/do/index.yml b/windows/deployment/do/index.yml index f2292d6e08..dede7617a5 100644 --- a/windows/deployment/do/index.yml +++ b/windows/deployment/do/index.yml @@ -97,6 +97,6 @@ landingContent: url: delivery-optimization-workflow.md - text: Using a proxy with Delivery Optimization url: delivery-optimization-proxy.md - - text: Content endpoints for Delivery Optimization / Microsoft Connected Cache + - text: Content endpoints for Delivery Optimization and Microsoft Connected Cache url: delivery-optimization-endpoints.md diff --git a/windows/deployment/do/waas-delivery-optimization-setup.md b/windows/deployment/do/waas-delivery-optimization-setup.md index a7410f4b72..928132b662 100644 --- a/windows/deployment/do/waas-delivery-optimization-setup.md +++ b/windows/deployment/do/waas-delivery-optimization-setup.md @@ -27,15 +27,14 @@ You can use Group Policy or an MDM solution like Intune to configure Delivery Op You will find the Delivery Optimization settings in Group Policy under **Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization**. -Starting with Microsoft Intune version 1902, you can set many Delivery Optimization policies as a profile, which you can then apply to groups of devices. For more information, see [Delivery Optimization settings in Microsoft Intune](/intune/delivery-optimization-windows)) +Starting with Microsoft Intune version 1902, you can set many Delivery Optimization policies as a profile, which you can then apply to groups of devices. For more information, see [Delivery Optimization settings in Microsoft Intune](/intune/delivery-optimization-windows). **Starting with Windows 10, version 1903**, you can use the Azure Active Directory (Azure AD) Tenant ID as a means to define groups. To do this set the value for DOGroupIdSource to its new maximum value of 5. ## Allow content endpoints -When using a firewall, it is important that the content endpoints are allowed and associated ports are open. +When using a firewall, it is important that the content endpoints are allowed and associated ports are open. For more information, see [Endpoints for Delivery Optimization and Microsoft Connected Cache content](delivery-optimization-endpoints.md). -[Learn more](delivery-optimization-endpoints.md) about the complete list for fully qualified domains, ports for all Delivery Optimization and Microsoft Connected Cache content types. ## Recommended Delivery Optimization settings diff --git a/windows/deployment/update/waas-delivery-optimization-faq.md b/windows/deployment/update/waas-delivery-optimization-faq.md index ec8a820b3e..e7787d0b50 100644 --- a/windows/deployment/update/waas-delivery-optimization-faq.md +++ b/windows/deployment/update/waas-delivery-optimization-faq.md @@ -55,7 +55,7 @@ For Delivery Optimization to successfully use the proxy, you should set up the p - `win1910.ipv6.microsoft.com` -[Complete list](delivery-optimization-endpoints.md) of all content endpoints used for Delivery Optimization and Microsoft Connected Cache. +For more information, see [Endpoints for Delivery Optimization and Microsoft Connected Cache](../do/delivery-optimization-endpoints.md) for a list of all content endpoints needed. ## Does Delivery Optimization use multicast? From 482e260094ac7f29db83a3a3e149323de3bc6faf Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 2 Aug 2022 11:51:01 -0400 Subject: [PATCH 06/17] More changes to Breadcrumb --- windows/security/breadcrumb/toc.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/breadcrumb/toc.yml b/windows/security/breadcrumb/toc.yml index 6c5b49c520..2531ffba73 100644 --- a/windows/security/breadcrumb/toc.yml +++ b/windows/security/breadcrumb/toc.yml @@ -8,5 +8,5 @@ items: topicHref: /windows/resources/ items: - name: Security - tocHref: /windows/security/ - topicHref: /windows/security/ + tocHref: /windows-server/security/credentials-protection-and-management/ + topicHref: /windows/security/ From a9a6e91c5ad1f7fbbf41fd781788b7386b2fa383 Mon Sep 17 00:00:00 2001 From: Jess Krynitsky Date: Tue, 2 Aug 2022 09:34:05 -0700 Subject: [PATCH 07/17] Update windows/client-management/mdm/firewall-csp.md capitalization Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> --- windows/client-management/mdm/firewall-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 7006c1d456..9911f55a2f 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -470,7 +470,7 @@ A unique GUID string identifier for this dynamic keyword address. Value type is string. Supported operations are Add, Delete, and Get. **MdmStore/DynamicKeywords/Addresses/Id/Keyword** -A String representing a keyword. If the AutoResolve value is true, this should be a Fully Qualified Domain name (wildcards accepted, for example "contoso.com" or "*.contoso.com"). +A String representing a keyword. If the AutoResolve value is true, this should be a Fully Qualified Domain Name (wildcards accepted, for example "contoso.com" or "*.contoso.com"). Value type is string. Supported operations are Add, Delete, and Get. **MdmStore/DynamicKeywords/Addresses/Id/Addresses** From b8a38dc0275e9ba35d18a298bfc6591dcd75e8e7 Mon Sep 17 00:00:00 2001 From: Jess Krynitsky Date: Tue, 2 Aug 2022 09:34:43 -0700 Subject: [PATCH 08/17] Update windows/client-management/mdm/firewall-csp.md capitalization Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> --- windows/client-management/mdm/firewall-csp.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 9911f55a2f..f16f9d97b4 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -484,7 +484,8 @@ Valid tokens include: Supported operations are Add, Delete, Replace, and Get. **MdmStore/DynamicKeywords/Addresses/Id/AutoResolve** -Boolean value. If this flag is set to TRUE, then the 'keyword' field of this object is expected to be a fully qualified domain name, and the addresses will be automatically resolved. This flag should only be set if the Microsoft Defender Advanced Threat Protection Service is present. +Boolean value. If this flag is set to TRUE, then the 'keyword' field of this object is expected to be a Fully Qualified Domain Name, and the addresses will be automatically resolved. This flag should only be set if the Microsoft Defender Advanced Threat Protection Service is present. +Value type is string. Supported operations are Add, Delete, and Get. Value type is string. Supported operations are Add, Delete, and Get. From 2e91ff1439f8029b5eacffb47d1c5dfded7aec6a Mon Sep 17 00:00:00 2001 From: Jess Krynitsky Date: Tue, 2 Aug 2022 09:35:25 -0700 Subject: [PATCH 09/17] Update windows/client-management/mdm/firewall-csp.md formatting Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> --- windows/client-management/mdm/firewall-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index f16f9d97b4..6659b3de62 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -477,7 +477,7 @@ Value type is string. Supported operations are Add, Delete, and Get. Consists of one or more comma-delimited tokens specifying the addresses covered by this keyword. This value should not be set if AutoResolve is true. Valid tokens include: - - A subnet specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. +- A subnet specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. - A valid IPv6 address. - An IPv4 address range in the format of "start address-end address" with no spaces included. - An IPv6 address range in the format of "start address-end address" with no spaces included. From dbd9ba5c945a263c169c43d1be0bb97f96509a18 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 2 Aug 2022 09:59:04 -0700 Subject: [PATCH 10/17] Update windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../windows-sandbox/windows-sandbox-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md index 9aaeef5f2a..e42fab8ddb 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md @@ -68,7 +68,7 @@ The following video provides an overview of Windows Sandbox. 4. Locate and select **Windows Sandbox** on the Start menu to run it for the first time. > [!NOTE] - > The Sandbox version of Windows will not respect the mouse settings of the host system, so if the host system is set to use a right-handed mouse, you will need to apply these settings inside the Sandbox manually. + > Windows Sandbox does not adhere to the mouse settings of the host system, so if the host system is set to use a right-handed mouse, you should apply these settings in Windows Sandbox manually. ## Usage 1. Copy an executable file (and any other files needed to run the application) from the host and paste them into the **Windows Sandbox** window. From efcb097cb1f5471d9c3f432c9afc691bf68ccf54 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 2 Aug 2022 13:30:15 -0400 Subject: [PATCH 11/17] Update firewall-csp.md --- windows/client-management/mdm/firewall-csp.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 6659b3de62..a9fdc01c6d 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -359,6 +359,7 @@ Comma-separated list of local addresses covered by the rule. The default value i - "*" indicates any local address. If present, the local address must be the only token included. - A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255. +- A valid IPv4 address. - A valid IPv6 address. - An IPv4 address range in the format of "start address - end address" with no spaces included. - An IPv6 address range in the format of "start address - end address" with no spaces included. From 1a8e0fa25e70c1a58354e30465e2b97563891d3c Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 2 Aug 2022 13:35:31 -0400 Subject: [PATCH 12/17] Update firewall-csp.md --- windows/client-management/mdm/firewall-csp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index a9fdc01c6d..9c114bccc7 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -380,7 +380,7 @@ List of comma separated tokens specifying the remote addresses covered by the ru - "Internet" - "Ply2Renders" - "LocalSubnet" indicates any local address on the local subnet. This token isn't case-sensitive. -- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. +- A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255. - A valid IPv6 address. - An IPv4 address range in the format of "start address - end address" with no spaces included. - An IPv6 address range in the format of "start address - end address" with no spaces included. @@ -478,7 +478,7 @@ Value type is string. Supported operations are Add, Delete, and Get. Consists of one or more comma-delimited tokens specifying the addresses covered by this keyword. This value should not be set if AutoResolve is true. Valid tokens include: -- A subnet specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. +- A subnet specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255. - A valid IPv6 address. - An IPv4 address range in the format of "start address-end address" with no spaces included. - An IPv6 address range in the format of "start address-end address" with no spaces included. From bb23ddc4b07b1eff8124ad8121ccc0ace5bc376e Mon Sep 17 00:00:00 2001 From: Alvin Ashcraft Date: Tue, 2 Aug 2022 15:15:22 -0400 Subject: [PATCH 13/17] Add deprecation notice for WIP --- .../client-management/mdm/enterprisedataprotection-csp.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md index 2c237eb14f..176e9f3b24 100644 --- a/windows/client-management/mdm/enterprisedataprotection-csp.md +++ b/windows/client-management/mdm/enterprisedataprotection-csp.md @@ -27,6 +27,11 @@ The table below shows the applicability of Windows: The EnterpriseDataProtection configuration service provider (CSP) is used to configure settings for Windows Information Protection (WIP), formerly known as Enterprise Data Protection. For more information about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip). +> [!NOTE] +> Starting in July 2022, Microsoft is deprecating Windows Information Protection (WIP) and the APIs that support WIP. Microsoft will continue to support WIP on supported versions of Windows. New versions of Windows won't include new capabilities for WIP, and it won't be supported in future versions of Windows. For more information, see [Announcing sunset of Windows Information Protection](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/announcing-the-sunset-of-windows-information-protection-wip/ba-p/3579282). +> +> For your data protection needs, Microsoft recommends that you use [Microsoft Purview Information Protection](/microsoft-365/compliance/information-protection) and [Microsoft Purview Data Loss Prevention](/microsoft-365/compliance/dlp-learn-about-dlp). Purview simplifies the configuration set-up and provides an advanced set of capabilities. + > [!NOTE] > To make Windows Information Protection functional, the AppLocker CSP and the network isolation-specific settings must also be configured. For more information, see [AppLocker CSP](applocker-csp.md) and NetworkIsolation policies in [Policy CSP](policy-configuration-service-provider.md). From d18e27d6e70f33d4555e3a4f8dc2d1e920400454 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 2 Aug 2022 16:00:56 -0400 Subject: [PATCH 14/17] added IPv4 information modified: windows/client-management/mdm/firewall-csp.md --- windows/client-management/mdm/firewall-csp.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 9c114bccc7..ddcd82076c 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -381,6 +381,7 @@ List of comma separated tokens specifying the remote addresses covered by the ru - "Ply2Renders" - "LocalSubnet" indicates any local address on the local subnet. This token isn't case-sensitive. - A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255. +- A valid IPv4 address. - A valid IPv6 address. - An IPv4 address range in the format of "start address - end address" with no spaces included. - An IPv6 address range in the format of "start address - end address" with no spaces included. @@ -479,6 +480,7 @@ Consists of one or more comma-delimited tokens specifying the addresses covered Valid tokens include: - A subnet specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255. +- A valid IPv4 address. - A valid IPv6 address. - An IPv4 address range in the format of "start address-end address" with no spaces included. - An IPv6 address range in the format of "start address-end address" with no spaces included. From 7793569143d046cdf69693bd55a2795c5c93bd27 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Tue, 2 Aug 2022 14:06:48 -0600 Subject: [PATCH 15/17] Update delivery-optimization-endpoints.md Change metadata from Windows-10 to w10 per Narkis Engle --- windows/deployment/do/delivery-optimization-endpoints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/delivery-optimization-endpoints.md b/windows/deployment/do/delivery-optimization-endpoints.md index 306465ca1d..55f84a99cb 100644 --- a/windows/deployment/do/delivery-optimization-endpoints.md +++ b/windows/deployment/do/delivery-optimization-endpoints.md @@ -3,7 +3,7 @@ title: Delivery Optimization and Microsoft Connected Cache content endpoints description: List of fully qualified domain names, ports, and associated content types to use Delivery Optimization and Microsoft Connected Cache. ms.date: 07/26/2022 ms.prod: windows -ms.technology: windows-10 +ms.technology: w10 ms.topic: reference ms.localizationpriority: medium author: cmknox From e8a5f66e98e85e659ca5b26367c8e5ad178b6bef Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Tue, 2 Aug 2022 15:04:37 -0600 Subject: [PATCH 16/17] Apply suggestions from code review Reversing metadata for ms.prod and ms.technology. --- windows/deployment/do/delivery-optimization-endpoints.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/do/delivery-optimization-endpoints.md b/windows/deployment/do/delivery-optimization-endpoints.md index 55f84a99cb..9c6b132e49 100644 --- a/windows/deployment/do/delivery-optimization-endpoints.md +++ b/windows/deployment/do/delivery-optimization-endpoints.md @@ -2,8 +2,8 @@ title: Delivery Optimization and Microsoft Connected Cache content endpoints description: List of fully qualified domain names, ports, and associated content types to use Delivery Optimization and Microsoft Connected Cache. ms.date: 07/26/2022 -ms.prod: windows -ms.technology: w10 +ms.prod: w10 +ms.technology: Windows 10 ms.topic: reference ms.localizationpriority: medium author: cmknox From 02b7c668d63be52c77c7167680bdb50fd510b446 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Tue, 2 Aug 2022 15:08:05 -0600 Subject: [PATCH 17/17] Update windows/deployment/do/delivery-optimization-endpoints.md Trying "windows" --- windows/deployment/do/delivery-optimization-endpoints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/delivery-optimization-endpoints.md b/windows/deployment/do/delivery-optimization-endpoints.md index 9c6b132e49..da591eeadd 100644 --- a/windows/deployment/do/delivery-optimization-endpoints.md +++ b/windows/deployment/do/delivery-optimization-endpoints.md @@ -3,7 +3,7 @@ title: Delivery Optimization and Microsoft Connected Cache content endpoints description: List of fully qualified domain names, ports, and associated content types to use Delivery Optimization and Microsoft Connected Cache. ms.date: 07/26/2022 ms.prod: w10 -ms.technology: Windows 10 +ms.technology: windows ms.topic: reference ms.localizationpriority: medium author: cmknox