From 0edbb4d12bc54e4e2699e07406a661ed9af81cf2 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Sun, 27 May 2018 10:27:25 -0700 Subject: [PATCH 01/17] fixed invalid link --- .../identity-protection/vpn/vpn-conditional-access.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index 7d22c3efb9..792ac66a13 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -23,9 +23,10 @@ The VPN client is now able to integrate with the cloud-based Conditional Access >Conditional Access is an Azure AD Premium feature. Conditional Access Platform components used for Device Compliance include the following cloud-based services: -- [Conditional Access Framework](https://blogs.technet.microsoft.com/tip_of_the_day/2016/03/12/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn/) -- [Azure AD Connect Health](https://azure.microsoft.com/documentation/articles/active-directory-Azure ADconnect-health/) +- [Conditional Access Framework](https://blogs.technet.microsoft.com/tip_of_the_day/2016/03/12/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn) + +- [Azure AD Connect Health](https://docs.microsoft.com/en-us/azure/active-directory/connect-health/active-directory-aadconnect-health) - [Windows Health Attestation Service](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices#device-health-attestation) (optional) From faf618159a80b84103cdad2bbe36219fbb43111f Mon Sep 17 00:00:00 2001 From: Ben Origas Date: Wed, 30 May 2018 12:30:08 -0500 Subject: [PATCH 02/17] Fix wrong HKLM keys that were missing SOFTWARE at the root --- ...system-components-to-microsoft-services.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 7a736f508b..700f7222c7 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -957,7 +957,7 @@ To turn off **Location for this device**: -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessLocation** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). +- Create a REG\_DWORD registry setting named **LetAppsAccessLocation** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). -or- @@ -990,7 +990,7 @@ To turn off **Location**: -or- -- Create a REG\_DWORD registry setting named **DisableLocation** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\LocationAndSensors** with a value of 1 (one). +- Create a REG\_DWORD registry setting named **DisableLocation** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors** with a value of 1 (one). -or- @@ -1018,7 +1018,7 @@ To turn off **Let apps use my camera**: -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessCamera** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). +- Create a REG\_DWORD registry setting named **LetAppsAccessCamera** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). -or- @@ -1067,7 +1067,7 @@ To turn off **Let apps use my microphone**: -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessMicrophone** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two) +- Create a REG\_DWORD registry setting named **LetAppsAccessMicrophone** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two) To turn off **Choose apps that can use your microphone**: @@ -1115,7 +1115,7 @@ To turn off **Let apps access my notifications**: -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessNotifications** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two) +- Create a REG\_DWORD registry setting named **LetAppsAccessNotifications** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two) ### 17.6 Speech, inking, & typing @@ -1134,7 +1134,7 @@ To turn off the functionality: -or- -- Create a REG\_DWORD registry setting named **RestrictImplicitInkCollection** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\InputPersonalization** with a value of 1 (one). +- Create a REG\_DWORD registry setting named **RestrictImplicitInkCollection** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization** with a value of 1 (one). -or- @@ -1269,7 +1269,7 @@ To turn off **Let apps access my call history**: -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessCallHistory** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). +- Create a REG\_DWORD registry setting named **LetAppsAccessCallHistory** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). ### 17.11 Email @@ -1295,7 +1295,7 @@ To turn off **Let apps access and send email**: -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessEmail** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). +- Create a REG\_DWORD registry setting named **LetAppsAccessEmail** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). ### 17.12 Messaging @@ -1351,7 +1351,7 @@ To turn off **Let apps make phone calls**: -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessPhone** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). +- Create a REG\_DWORD registry setting named **LetAppsAccessPhone** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). To turn off **Choose apps that can make phone calls**: @@ -1382,7 +1382,7 @@ To turn off **Let apps control radios**: -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessRadios** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). +- Create a REG\_DWORD registry setting named **LetAppsAccessRadios** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). To turn off **Choose apps that can control radios**: @@ -1412,7 +1412,7 @@ To turn off **Let apps automatically share and sync info with wireless devices t -or- -- Create a REG\_DWORD registry setting named **LetAppsSyncWithDevices** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). +- Create a REG\_DWORD registry setting named **LetAppsSyncWithDevices** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). To turn off **Let your apps use your trusted devices (hardware you've already connected, or comes with your PC, tablet, or phone)**: @@ -1453,7 +1453,7 @@ To change how frequently **Windows should ask for my feedback**: -or- -- Create a REG\_DWORD registry setting named **DoNotShowFeedbackNotifications** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\DataCollection** with a value of 1 (one). +- Create a REG\_DWORD registry setting named **DoNotShowFeedbackNotifications** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection** with a value of 1 (one). -or- @@ -1572,7 +1572,7 @@ To turn off **Let Windows and your apps use your motion data and collect motion -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessMotion** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). +- Create a REG\_DWORD registry setting named **LetAppsAccessMotion** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). ### 17.19 Tasks @@ -1631,7 +1631,7 @@ For Windows 10: -or- -- Create a REG\_DWORD registry setting named **NoGenTicket** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). +- Create a REG\_DWORD registry setting named **NoGenTicket** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). For Windows Server 2016 with Desktop Experience or Windows Server 2016 Server Core: @@ -1639,7 +1639,7 @@ For Windows Server 2016 with Desktop Experience or Windows Server 2016 Server Co -or- -- Create a REG\_DWORD registry setting named **NoGenTicket** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). +- Create a REG\_DWORD registry setting named **NoGenTicket** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS. @@ -1663,7 +1663,7 @@ You can control if your settings are synchronized: -or- -- Create a REG\_DWORD registry setting named **DisableSettingSync** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 2 (two) and another named **DisableSettingSyncUserOverride** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 1 (one). +- Create a REG\_DWORD registry setting named **DisableSettingSync** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 2 (two) and another named **DisableSettingSyncUserOverride** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 1 (one). -or- From b7f10aa8f56a50c27d41b32ab2f3440cbd3b01b6 Mon Sep 17 00:00:00 2001 From: arottem Date: Wed, 30 May 2018 11:30:25 -0700 Subject: [PATCH 03/17] Make clear LPS is not recommend for enteprise --- .../limited-periodic-scanning-windows-defender-antivirus.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md index 18f934df2d..d0d4cfd9db 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md @@ -39,6 +39,7 @@ Limited periodic scanning is a special type of threat detection and remediation It can only be enabled in certain situations. See the [Windows Defender Antivirus compatibility](windows-defender-antivirus-compatibility.md) topic for more information on when limited periodic scanning can be enabled, and how Windows Defender Antivirus works with other AV products. +**Microsoft does not recommend using this feature in enterprise environments. This is a feature primarily intended for consumers.** This feature only uses a very limited subset of the capabilities of Windows Defender Antivirus to detect malware, and will not be able to detect most malware and potentially unwanted software. Also, management and reporting capabilities will be limited. Microsoft recommends enterprises choose their primary antivirus solution and use it exclusively. ## How to enable limited periodic scanning @@ -69,4 +70,4 @@ Sliding the swtich to **On** will show the standard Windows Defender AV options ## Related topics - [Configure behavioral, heuristic, and real-time protection](configure-protection-features-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) From 32dc8c7e3247d5a08145a32ca6574680851e128a Mon Sep 17 00:00:00 2001 From: Richard Zhang Date: Wed, 30 May 2018 14:49:47 -0700 Subject: [PATCH 04/17] Create apply-hotfix-for-mbam-25-sp1.md --- mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md diff --git a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md new file mode 100644 index 0000000000..ff7aab122d --- /dev/null +++ b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md @@ -0,0 +1,28 @@ +--- +title: Applying hotfixes on MBAM 2.5 SP1 +description: Applying hotfixes on MBAM 2.5 SP1 +author: ppriya-msft +ms.assetid: +ms.pagetype: mdop, security +ms.mktglfcycl: manage +ms.sitesec: library +ms.prod: w10 +ms.date: 5/30/2018 +--- + +# Applying hotfixes on MBAM 2.5 SP1 +This topic describes the process for applying the hotfixes for Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1 + +### Before you begin, download the latest hotfix of Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1 +[Desktop Optimization Pack](https://www.microsoft.com/en-us/download/details.aspx?id=56126) + +#### Steps to update the MBAM Server for existing MBAM environment +1. Remove MBAM server feature(do this by opening the MBAM Server Configuration Tool, then select Remove Features). +2. Remove MDOP MBAM from Control Panel | Programs and Features. +3. Install MBAM 2.5 SP1 RTM server components. +4. Install lastest MBAM 2.5 SP1 hotfix rollup. +5. Configure MBAM features using MBAM Server Configurator. + +#### Steps to install the new MBAM 2.5 SP1 server hotfix +refer to the document for new server installation. +https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/deploying-the-mbam-25-server-infrastructure From f9f119a8b49c16ab6fd7ca94c4fe5f6dc9b3dfaf Mon Sep 17 00:00:00 2001 From: arottem Date: Wed, 30 May 2018 14:53:07 -0700 Subject: [PATCH 05/17] correct misleading av enabling --- .../windows-defender-antivirus-compatibility.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md index fb71bda388..6d409e7449 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md @@ -73,7 +73,7 @@ Active mode | Windows Defender AV is used as the antivirus app on the machine. A Passive mode is enabled if you are enrolled in Windows Defender ATP because [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks. -Automatic disabled mode is enabled so that if the protection offered by a third-party antivirus product goes out of date, is not updated, or stops providing real-time protection from viruses, malware, and other threats, Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md), which uses the Windows Defender AV engine to periodically check for threats in addition to your main antivirus app. +Automatic disabled mode is enabled so that if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware or other threats, Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md), which uses the Windows Defender AV engine to periodically check for threats in addition to your main antivirus app. In passive and automatic disabled mode, you can still [manage updates for Windows Defender AV](manage-updates-baselines-windows-defender-antivirus.md), however you can't move Windows Defender AV into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware. @@ -90,4 +90,4 @@ In passive and automatic disabled mode, you can still [manage updates for Window ## Related topics - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) -- [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) \ No newline at end of file +- [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) From 13eef01c20edb6bafd80b5e4397795268fb5dcf3 Mon Sep 17 00:00:00 2001 From: Richard Zhang Date: Wed, 30 May 2018 14:56:23 -0700 Subject: [PATCH 06/17] Update index.md --- mdop/mbam-v25/index.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mdop/mbam-v25/index.md b/mdop/mbam-v25/index.md index 2a9e37642f..05fa418076 100644 --- a/mdop/mbam-v25/index.md +++ b/mdop/mbam-v25/index.md @@ -58,6 +58,9 @@ To get the MBAM software, see [How Do I Get MDOP](https://go.microsoft.com/fwlin Get help in choosing a deployment method for MBAM, including step-by-step instructions for each method. +- [Apply Hotfixes on MBAM 2.5 SP1 Server](apply-hotfix-for-mbam-25-sp1.md) + + View updated product information and known issues for MBAM 2.5 ## Got a suggestion for MBAM? - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). From 38e192640893d06bddc54823eef8eabb635e5a66 Mon Sep 17 00:00:00 2001 From: Richard Zhang Date: Wed, 30 May 2018 15:04:06 -0700 Subject: [PATCH 07/17] Update index.md --- mdop/mbam-v25/index.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mdop/mbam-v25/index.md b/mdop/mbam-v25/index.md index 05fa418076..84fc7c8df0 100644 --- a/mdop/mbam-v25/index.md +++ b/mdop/mbam-v25/index.md @@ -60,7 +60,8 @@ To get the MBAM software, see [How Do I Get MDOP](https://go.microsoft.com/fwlin - [Apply Hotfixes on MBAM 2.5 SP1 Server](apply-hotfix-for-mbam-25-sp1.md) - View updated product information and known issues for MBAM 2.5 + Guide of how to apply MBAM 2.5 SP1 Server hotfixes + ## Got a suggestion for MBAM? - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). From 0edcc6034d449a53dffe08b83c6a53790f5e21f6 Mon Sep 17 00:00:00 2001 From: CelesteDG Date: Wed, 30 May 2018 15:32:35 -0700 Subject: [PATCH 08/17] Updated the Partner pivot to updthe first two URLs, text, and description - per request from the Education Partner team --- education/index.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/education/index.md b/education/index.md index 72125c6a4c..424b52680d 100644 --- a/education/index.md +++ b/education/index.md @@ -447,7 +447,7 @@ ms.date: 10/30/2017
  • - +
    @@ -457,8 +457,8 @@ ms.date: 10/30/2017
    -

    Microsoft Education Partner Network

    -

    Find out the latest news and announcements for Microsoft Education partners.

    +

    Microsoft Partner Network

    +

    Discover the latest news and resources for Microsoft Education products, solutions, licensing, and readiness.

    @@ -466,7 +466,7 @@ ms.date: 10/30/2017
  • - +
    @@ -476,8 +476,8 @@ ms.date: 10/30/2017
    -

    Authorized Education Partner (AEP) home page

    -

    Access the essentials and find out what it takes to become an AEP.

    +

    Authorized Education Partner (AEP) program

    +

    Become authorized to purchase and resell academic priced offers and products to Qualified Educational Users (QEU).

    From f0b31bfd41a5b6bd547d17b0ee083535f25d2f03 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 31 May 2018 13:33:07 +0000 Subject: [PATCH 09/17] Merged PR 8645: fix example --- windows/configuration/guidelines-for-assigned-access-app.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md index ec9939ed8a..91b729e5c8 100644 --- a/windows/configuration/guidelines-for-assigned-access-app.md +++ b/windows/configuration/guidelines-for-assigned-access-app.md @@ -110,7 +110,11 @@ Entry | Result `contoso.com` | Blocks all requests to contoso.com, www.contoso.com, and sub.www.contoso.com `https://*` | Blocks all HTTPS requests to any domain. `mail.contoso.com` | Blocks requests to mail.contoso.com but not to www.contoso.com or contoso.com +<<<<<<< HEAD +`.contoso.com` | Blocks contoso.com but not its subdomains, like subdomain.contoso.com. +======= `.contoso.com` | Blocks contoso.com but not its subdomains, like contoso.com/docs. +>>>>>>> refs/remotes/origin/master `.www.contoso.com` | Blocks www.contoso.com but not its subdomains. `*` | Blocks all requests except for URLs in the Blocked URL Exceptions list. `*:8080` | Blocks all requests to port 8080. From 30c3e33f650042ee4c5017ac4590fa0c42eca8e4 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 31 May 2018 07:25:10 -0700 Subject: [PATCH 10/17] added the MDM settings for Do not sync browser settings --- browsers/edge/available-policies.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 4994e63ed6..079e40df7a 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -451,6 +451,15 @@ This policy setting specifies whether you can use the Sync your Settings option This policy setting specifies whether a browser group can use the Sync your Settings options to sync their information to and from their device. Settings include information like History and Favorites. By default, this setting is disabled or not configured, which means the Sync your Settings options are turned on, letting browser groups pick what can sync on their device. If enabled, the Sync your Settings options are turned off so that browser groups are unable to sync their settings and info. You can use the Allow users to turn browser syncing on option to turn the feature off by default, but to let the employee change this setting. +**MDM settings in Microsoft Intune** +| | | +|---|---| +|MDM name |Experience/DoNotSynBrowserSettings | +|Supported devices |Desktop
    Mobile | +|URI full path |./Vendor/MSFT/Policy/Config/Experience/DoNotSynBrowserSettings | +|Data type |Integer | +|Allowed values |
    • **0** - Disable syncing.
    • **1 (default)** - Allow syncing.
    | + ## Keep favorites in sync between Internet Explorer and Microsoft Edge >*Supported versions: Windows 10, version 1703 or later* From d41e482b44dc41b16b7b60fbe104a0e96ad05562 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 31 May 2018 07:42:28 -0700 Subject: [PATCH 11/17] more updates to the MDM settings --- browsers/edge/available-policies.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 079e40df7a..7047cc4fc7 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -444,7 +444,7 @@ This policy setting specifies whether you can use the Sync your Settings option |URI full path |./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings | |Location |Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync | |Data type | Integer | -|Allowed values |
    • **0** - Employees cannot sync settings between PCs.
    • **1 (default)** - Employees can sync between PCs.
    | +|Allowed values |
    • **0** - Disable syncing between PCs.
    • **1 (default)** - Allow syncing between PCs.
    | ## Do not sync browser settings >*Supported versions: Windows 10* @@ -458,7 +458,7 @@ This policy setting specifies whether a browser group can use the Sync your Sett |Supported devices |Desktop
    Mobile | |URI full path |./Vendor/MSFT/Policy/Config/Experience/DoNotSynBrowserSettings | |Data type |Integer | -|Allowed values |
    • **0** - Disable syncing.
    • **1 (default)** - Allow syncing.
    | +|Allowed values |
    • **0** - Disable browser syncing.
    • **1 (default)** - Allow browser syncing.
    | ## Keep favorites in sync between Internet Explorer and Microsoft Edge >*Supported versions: Windows 10, version 1703 or later* From fcac972b9c37a7f57746fec282d396dec8d82683 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 31 May 2018 07:44:22 -0700 Subject: [PATCH 12/17] more updates to the MDM settings --- browsers/edge/available-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 7047cc4fc7..2ba0d202e0 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -472,7 +472,7 @@ This policy setting specifies whether favorites are kept in sync between Interne |Supported devices |Desktop | |URI full path |./Vendor/MSFT/Policy/Config/Browser/SyncFavoritesBetweenIEAndMicrosoftEdge | |Data type | Integer | -|Allowed values |
    • **0 (default)** - Synchronization is turned off.
    • **1** - Synchronization is turned on.
    | +|Allowed values |
    • **0 (default)** - Turn off synchronization.
    • **1** - Turn on synchronization.
    | ## Prevent access to the about:flags page >*Supported versions: Windows 10, version 1607 or later* From 6bf65f32102ba5813e9693155d5cd77c4c539bfc Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 31 May 2018 09:01:57 -0700 Subject: [PATCH 13/17] added best practice back --- .../domain-member-maximum-machine-account-password-age.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md index d7cba5795f..54bd39472d 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md @@ -32,8 +32,9 @@ For more information, see [Machine Account Password Process](https://blogs.techn ### Best practices -It is often advisable to set **Domain member: Maximum machine account password age** to about 30 days. +1. It is often advisable to set **Domain member: Maximum machine account password age** to about 30 days. Setting the value to fewer days can increase replication and impact domain controllers. For example, in Windows NT domains, machine passwords were changed every 7 days. The additional replication churn would impact domain controllers in large organizations with many computers or slow links between sites. +2. Some organizations pre-build computers and then store them for later use or ship them to remote locations. When a computer starts after being offline more than 30 days, the Netlogon service will notice the password age and initiate a secure channel to a domain controller to change it. If the secure channel cannot be established, the computer will not authenticate with the domain. For this reason, some organizations might want to create a special organizational unit (OU) for computers that are prebuilt, and configure the value for this policy setting to a larger number of days. ### Location From 90ac253c7699441eaeff8bc80c2e699b78cce959 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 31 May 2018 09:06:00 -0700 Subject: [PATCH 14/17] added best practice back --- .../domain-member-maximum-machine-account-password-age.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md index 54bd39472d..c9cb9862fb 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: brianlic-msft -ms.date: 04/19/2017 +ms.date: 05/31/2018 --- # Domain member: Maximum machine account password age From 549cbd571b1b80da79b711a50eada5ba3368b306 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 31 May 2018 16:07:17 +0000 Subject: [PATCH 15/17] Merged PR 8650: fix AD acct fix AD acct --- windows/configuration/setup-kiosk-digital-signage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/setup-kiosk-digital-signage.md b/windows/configuration/setup-kiosk-digital-signage.md index 5d83e51050..a2b8efc53b 100644 --- a/windows/configuration/setup-kiosk-digital-signage.md +++ b/windows/configuration/setup-kiosk-digital-signage.md @@ -200,7 +200,7 @@ Clear-AssignedAccess > >OS edition: Windows 10 Pro (version 1709) for UWP only; Ent, Edu for both app types > ->Account type: Local standard user +>Account type: Local standard user, Active Directory >[!IMPORTANT] >When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows). From bac61db6f13c172259675d6e8669bd00414e4398 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Thu, 31 May 2018 16:11:05 +0000 Subject: [PATCH 16/17] Merged PR 8652: what's new - 1805 --- store-for-business/images/edu-icon.png | Bin 0 -> 6872 bytes .../manage-private-store-settings.md | 4 ++-- ...tory-microsoft-store-business-education.md | 7 +++++- ...-new-microsoft-store-business-education.md | 21 +++++++++++++----- 4 files changed, 23 insertions(+), 9 deletions(-) create mode 100644 store-for-business/images/edu-icon.png diff --git a/store-for-business/images/edu-icon.png b/store-for-business/images/edu-icon.png new file mode 100644 index 0000000000000000000000000000000000000000..49009f70851c7f60ed89ffdb1352499865065e4b GIT binary patch literal 6872 zcmdT}30zZG)<^5qDxziAx`jv^Tpr1L*#p56a6w2=WCxd*mlp_RBMA_|t+og#D1zWp zfucZNC@u^NE}(w6RVXl^C!T0u%%&)-DIOSp=wVs~7vF7Ukpg!tG8kivi1Y0TwptEgAj35%K`WEW)f_FC*w2>(#=2=Tk* zbpi?A{G|j3g$gIotr-vo(+~oaZ4EOhY=kzCfKXs2nZhK)REPp|C=3pjO&EL;fi#s! z%yDyEI4BETafyK%jgmtqhlht-hf}Q;ssJ*~X0yo@gp42%pn%j7at*45N92{{q zrjjT%5`~>&4Hq2ZZs*?6=EW*gR6qn(0jT+Fx!vcV7`TSw>x9TF34O6Q%3&MaIgAREswc0&G ziId%MwIWo7;S0im#92eus5Nf*8-ISlc0fM7StAj@W3O)IHx9tHl6R2mR)$HH90wJS zY7{DWg+e-nouxw_Cpb6|th^+0ks@3@TW7%_IqryRa4r$Rhy_s)@OFpkIv61UPb?0F zGC;})z!aexbR;nyf|>3xlS2ov0~?udh!rAF;$^G*&9 zOH~T7L<$zvZi{#Xrv(lSn9X27h&4gc2DVfRmN-fPQuPe2$Y`twH4& z?&QcN0$Z&m5)lVyi*O7PBM_U$#vp`6!yvXuOowO`oQY#X91+8;q5X~uEK~4Wo2C0bnS?I;1>QTHo? zFxVrPd`2w6Y(!T=-Z;%2*J@nQ2wbHetW7*LU~nXrjEHEPrU=P5d2Fda^MeN=laWS3BV!$jM5@J*u06dKbvBYdKBx1mH z3c?g2Am#(gNG0!7>uvJ;s}^UmM5j;0pgWf1A#WVhU#K`JHV|Y?m*%*LNEn!wyannX z2C9Mm;ej}S(;pOo0W!5htO-X|xP1V?;Csr8E-Jd9fSCSPbu}9H$BKjOW>Z)w6%wIB z79^t5Uh!+)zd3@R7QL1-KV6taQJ^{*>Fs4fNUOd$`$ zRU;s!L{%X7G$2j6M6pUCBcMv9RD$(a9&(smG8k;U=3g3mcKRHD2HARex7)%yS z0bL-I3Be42HWmY;LEuOdBN!dLso*&JXS5BU;uH=QB+kGo{-KGZD;guaih+F}l0C!m z9@1$f82TYFj3*tq-h;n)XX%GS?mr{%y>X(UFwQ`!D1;z%(8q{rC?rI1284^nEQCpA zQ(>BT$R{HU-2YLW-fIsg#u;K9h9NPF2JTL9U=Irwi@*q@GQs)J64B8=v}a`Z_}_rL z_dxCcYpMIN=JyZk!~a^G`rEgGc8C1?PH5oTap2ros5^=JZ@M^d>v=vDiQq1b1Dg5a z_I{`l|Ip0T?N|J}4gGN6I^x!PsAmNC>$>6ag930d{HOt!gRVpc9wZnXNwxvcEFL*I z+PiD_K5bYlHEx-H?ioqPHtWb~}@OCy55N%oxhS`U}MFs$rzAJ<8E`=;*MbmFTo zEK=lqDzjv3GXo!4o+y?y%<=TK@b%D~`_99o@q`7>=cB_e3y+_1vl_?0;4Eo;($fU_ z-zRmYRRr9*^{S`)vO`< zO-a*3IHN?G(O3Q}7R(RMo6sGy;`-so0bVHKJRL^Y?96^jrC266Bu3LS#X)JKX%AG_80M; z`I)Idf0z8tQO_&s`}y^EBoFnYPg>7i5x#y(LE+f6oAc6noT#xeAM1D91%*uF97|ZC z6XjePXJE8UCt<7LUQ#QNaM4~PT!!ew`^*+qI+g96qZ1V`5Z>LSlP+m3H92VtG;{ir zG@5A+2ICfxW-Uq4t=YFa&N9{QtFO9ho)u}autqqG)0Lsoagf@RBz{0j>DB5qZRV%5 zf{vB#Pt*RO8=O<8X^X%hE-r?XnHX3jOd^5bs%2ZO%55?~eQ^Lc*?sH94K_Ds%xj$A z_4TUVL3T+;-J-VAxDf|#1#h>?j&x|MhH5wG*PNwpp(03`H0j|rt8aI$GWq4HP3`X1 zhwQoKwZ<2dgcG-1ZT(wG@+U!4#zpUHN)ZqbT#V(Fz3?O%l5O3((tf>$)mfGYWhQz* zTkD$>e^tMGb?AeWJ5#eGArqlNS}7qrI5SaOc~u5twLZ1`V%}^o{piwd0(sOg4~_5m z`361rS+}HyXAzc}TwfRUn(<_!=ZrvF-=1B;!I_^%Rb5rSY&f_=KiYD1T5GltGD%`- zkUj1Pqj^RN0?{Sk8}sHE6h5TG`q2|6Y?_$1FY#t&oX^XKwG}gh4*6(zcJYmTw?y-Z z7tjTk$C74#2LJp$-PEi&pXqjOH>vm(#*c71VX&&p@9wLf$OnHtMM{1~+=(&?m8lCD&URT>B zObr{`ULR&@U*K*1bFpj@u)p}Z{OisD&+-hnyDjVQ%1s-HiYV%BeYUmDuVR|S zt8YEOtkL)0ysYBWuCrf$JL@SByl*{1uI+1xxL^Lnc(cI8*OO~+(|hSzYVT5Q>$b4# zLT3xZ41-N~Ui%#mOWs3%?6uhOe#Dtv%H6|xlc#d+D3c?fc}I0<_qGcz!$o7K2FDd7#-6NrWS(%V zdi?#}@!`tbpU?gFz{9MU$y4`F(@1;(8zf>!w&{~cJ%ultvyyCL5_Yj#5gaVW;??X;~Ki}Xtj|Pns|{6_vb<?6i4 zJX;C7-Hc${dj1H=j4Mmzr<>c7EGsMpbLYGaFg?0=*Lf`N+|1C|t4oi}INMV704Mhr zG-X$d@1%tP`1(=OOfKbY(4k`EUG}6K{0v+1;}IpfQ3GE$&G~75_z5%p=oQwRlN$rfYy+;m22G4)ArsxwOUZr z9JEy|jm+z;2(W>qe^+``r52>*=Uh~pGj9kp6SwU-o!;Q(YB4UUIW0GD@{2lb3#3>X zRg85hT>TnvUuZbnBy{cj(kh3)5n53(U3$|aAUj~!j^_3Z+v9=9!)&KbED6c&O2K41 zkGvuuo>%8i&DX41*|Dwshk3KFy}BHkmS=JL5hwh5=q2}S9apik_6%Oq7v;6d)cRC+ zmmB`sZC7h6Wb-3`J(Cl{-re3KJ;q46yvptc?}s&O-M63pp5(STDZ8s>3Mu8bA@`>C z*&f&^yC$V#Y%F{8M$94KQ26?S$x$wO}zOI;Y)2McN>}u!Q=9XY{yU?V?Nwdqh zomS=3OYU|t%Co0U%4o04tan(Jp0@MpF{LHr8+xg|q%qEum0Prrcg>(DIq|lk-OQQW zyg|Lb9C6HeCuO;Qbm5pZmNW~1%A>W^G`_$p+p1L7TDpK(z~br$W_3NjumSpA8?xJc zm3f|zdtLs4nuk7wl%whY)UKp9AJK2`TNJ!EiWS - Apps recently added to your inventory, including line-of-business (LOB) apps and new purchases, will take up to 36 hours to add to the private store. That time begins when the product is purchased, or added to your inventory.
    - It will take an additional 36 hours for the product to be searchable in private store, even if you see the app available from the private store tab. | - 15 minutes: available on private store tab
    - 36 hours: searchable in private store
    - 36 hours: available on private store tab, if the product has just been added to inventory | +| Add a product to the private store
    - Apps recently added to your inventory, including line-of-business (LOB) apps and new purchases, will take up to 36 hours to add to the private store. That time begins when the product is purchased, or added to your inventory.
    - It will take an additional 36 hours for the product to be searchable in private store, even if you see the app available from the private store tab. | - 15 minutes: available on private store tab
    - 36 hours: searchable in private store
    - 36 hours: searchable in private store tab | | Remove a product from private store | - 15 minutes: private store tab
    - 36 hours: searchable in private store | -| Accept a new LOB app into your inventory (under **Products & services)**) | 36 hours | +| Accept a new LOB app into your inventory (under **Products & services)**) | - 15 minutes: available on private store tab
    - 36 hours: searchable in private store | | Create a new collection | 15 minutes| | Edit or remove a collection | 15 minutes | | Create private store tab | 4-6 hours | diff --git a/store-for-business/release-history-microsoft-store-business-education.md b/store-for-business/release-history-microsoft-store-business-education.md index 59e3fc2354..d7484344ae 100644 --- a/store-for-business/release-history-microsoft-store-business-education.md +++ b/store-for-business/release-history-microsoft-store-business-education.md @@ -8,7 +8,7 @@ ms.pagetype: store author: TrudyHa ms.author: TrudyHa ms.topic: conceptual -ms.date: 4/26/2018 +ms.date: 5/31/2018 --- # Microsoft Store for Business and Education release history @@ -17,6 +17,11 @@ Microsoft Store for Business and Education regularly releases new and improved f Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) +## April 2018 +- **Assign apps to larger groups** - We're making it easier for admins to assign apps to groups of people. Admins can assign licenses to groups of any size, and include subgroups within those groups. We’ll figure out who’s in those groups, and assign licenses to people in the groups (skipping people who already have licenses). Along the way, we’ll let you know how many licenses are needed, and provide an estimate on the time required to assign licenses. +- **Change collection order in private store** - Private store collections make it easy for groups of people to find the apps that they need. Now, you can customize the order of your private store collections. +- **Office 365 subscription management** - We know that sometimes customers need to cancel a subscription. While we don't want to lose a customer, we want the process for managing subscriptions to be easy. Now, you can delete your Office 365 subscription without calling Support. From Microsoft Store for Business and Education, you can request to delete an Office 365 subscription. We'll wait three days before permanently deleting the subscription. In case of a mistake, customers are welcome to reactivate subscriptions during the three-day period. + ## March 2018 - **Performance improvements in private store** - We've made it significantly faster for you to udpate the private store. Many changes to the private store are available immediately after you make them. [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance) - **Private store collection updates** - We’ve made it easier to find apps when creating private store collections – now you can search and filter results. diff --git a/store-for-business/whats-new-microsoft-store-business-education.md b/store-for-business/whats-new-microsoft-store-business-education.md index 2849a71cfc..fc29d300b3 100644 --- a/store-for-business/whats-new-microsoft-store-business-education.md +++ b/store-for-business/whats-new-microsoft-store-business-education.md @@ -8,7 +8,7 @@ ms.pagetype: store author: TrudyHa ms.author: TrudyHa ms.topic: conceptual -ms.date: 4/26/2018 +ms.date: 5/31/2018 --- # What's new in Microsoft Store for Business and Education @@ -17,15 +17,19 @@ Microsoft Store for Business and Education regularly releases new and improved f ## Latest updates for Store for Business and Education -**April 2018** +**May 2018** | | | |--------------------------------------|---------------------------------| -| ![License assign icon](images/license-assign-icon.png) |**Assign apps to larger groups**

    We're making it easier for admins to assign apps to groups of people. Admins can assign licenses to groups of any size, and include subgroups within those groups. We’ll figure out who’s in those groups, and assign licenses to people in the groups (skipping people who already have licenses). Along the way, we’ll let you know how many licenses are needed, and provide an estimate on the time required to assign licenses.

    **Applies to**:
    Microsoft Store for Business
    Microsoft Store for Education | -| ![Private store icon](images/private-store-icon.png) |**Change collection order in private store**

    Private store collections make it easy for groups of people to find the apps that they need. Now, you can customize the order of your private store collections.

    **Applies to**:
    Microsoft Store for Business
    Microsoft Store for Education | -| ![Office logo icon](images/office-logo.png) |**Office 365 subscription management**

    We know that sometimes customers need to cancel subscription. While we don't want to lose a customer, we want the process for managing subscriptions to be easy. Now, you can delete your Office 365 subscription without calling Support. From Microsoft Store for Business and Education, you can request to delete an Office 365 subscription. We'll wait three days before permanently deleting the subscription. In case of a mistake, customers are welcome to reactivate subscriptions during the three-day period.

    **Applies to**:
    Microsoft Store for Business
    Microsoft Store for Education | - +| ![performance icon](images/edu-icon.png) |**Immersive Reader app in Microsoft Store for Education**

    Microsoft Immersive Reader is now available for education organizations using Microsoft Store for Education. This app is a free tool that uses proven techniques to improve reading and writing for people regardless of their age or ability. You can add the app to your private store, so students can easily install and use it. Check out and download [Immersive Reader](https://educationstore.microsoft.com/en-us/store/details/immersive-reader/9PJZQZ821DQ2).

    **Applies to**:
    Microsoft Store for Education | + +