deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into 30day

Browse Source
This commit is contained in:
jaimeo 2018-09-24 08:59:47 -07:00
commit 1c5eadabb0
15 changed files with 64 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.openpublishing.redirection.json
View File

@ -6862,6 +6862,11 @@
"redirect_document_id": true
},
{
"source_path": "windows/configuration/start-taskbar-lockscreen.md",
"redirect_url": "/windows/configuration/windows-10-start-layout-options-and-policies",
"redirect_document_id": true
},
{
"source_path": "windows/configure/stop-employees-from-using-the-windows-store.md",
"redirect_url": "/windows/configuration/stop-employees-from-using-the-windows-store",
"redirect_document_id": true

2
windows/application-management/msix-app-packaging-tool.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.localizationpriority: medium
ms.author: mikeblodge
ms.topic: article
ms.date: 08/01/2018
ms.date: 09/21/2018
---
# Repackage existing win32 applications to the MSIX format

4
windows/client-management/connect-to-remote-aadj-pc.md
View File

@ -33,11 +33,11 @@ From its release, Windows 10 has supported remote connections to PCs that are jo
![Allow remote connections to this computer](images/allow-rdp.png)
3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users to connect to the PC, you must allow remote connections for the local **Authenticated Users** group. Click **Select Users**.
3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users to connect to the PC, you must allow remote connections for the local **Authenticated Users** group. Click **Select Users**.
>[!NOTE]
>You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once and then running the following PowerShell cmdlet:
>
>`net localgroup "Remote Desktop Users" /add "AzureAD\FirstnameLastname"`
>`net localgroup "Remote Desktop Users" /add "AzureAD\FirstnameLastname"`, where *FirstnameLastname* is the name of the user profile in C:\Users\, which is created based on DisplayName attribute in Azure AD.
>
>In Windows 10, version 1709, the user does not have to sign in to the remote device first.
>

13
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -10,7 +10,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 08/27/2018
ms.date: 09/20/2018
---
# What's new in MDM enrollment and management
@ -1405,7 +1405,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<li>Defender/EnableLowCPUPriority</li>
<li>Defender/SignatureUpdateFallbackOrder</li>
<li>Defender/SignatureUpdateFileSharesSources</li>
<li>DeviceGuard/EnableSystemGuard</li>
<li>DeviceGuard/ConfigureSystemGuardLaunch</li>
<li>DeviceInstallation/AllowInstallationOfMatchingDeviceIDs</li>
<li>DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses</li>
<li>DeviceInstallation/PreventDeviceMetadataFromNetwork</li>
@ -1762,9 +1762,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
### September 2018
New or updated topic | Description
--- | ---
[Mobile device management](index.md#mmat) | Added information about the MDM Migration Analysis Tool (MMAT).
|New or updated topic | Description|
|--- | ---|
|[Mobile device management](index.md#mmat) | Added information about the MDM Migration Analysis Tool (MMAT).|
|[Policy CSP - DeviceGuard](policy-csp-deviceguard.md) | Updated ConfigureSystemGuardLaunch policy and replaced EnableSystemGuard with it.|
### August 2018
@ -1912,7 +1913,7 @@ New or updated topic | Description
<li>Defender/EnableLowCPUPriority</li>
<li>Defender/SignatureUpdateFallbackOrder</li>
<li>Defender/SignatureUpdateFileSharesSources</li>
<li>DeviceGuard/EnableSystemGuard</li>
<li>DeviceGuard/ConfigureSystemGuardLaunch</li>
<li>DeviceInstallation/AllowInstallationOfMatchingDeviceIDs</li>
<li>DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses</li>
<li>DeviceInstallation/PreventDeviceMetadataFromNetwork</li>

4
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -987,7 +987,7 @@ The following diagram shows the Policy configuration service provider in tree fo
<dl>
<dd>
<a href="./policy-csp-deviceguard.md#deviceguard-enablesystemguard" id="deviceguard-enablesystemguard">DeviceGuard/EnableSystemGuard</a>
<a href="./policy-csp-deviceguard.md#deviceguard-configuresystemguardlaunch" id="deviceguard-configuresystemguardlaunch">DeviceGuard/ConfigureSystemGuardLaunch</a>
</dd>
<dd>
<a href="./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity" id="deviceguard-enablevirtualizationbasedsecurity">DeviceGuard/EnableVirtualizationBasedSecurity</a>
@ -4324,7 +4324,7 @@ The following diagram shows the Policy configuration service provider in tree fo
- [DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth](./policy-csp-deliveryoptimization.md#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth)
- [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
- [DeviceGuard/EnableSystemGuard](./policy-csp-deviceguard.md#deviceguard-enablesystemguard)
- [DeviceGuard/ConfigureSystemGuardLaunch](./policy-csp-deviceguard.md#deviceguard-configuresystemguardlaunch)
- [DeviceGuard/EnableVirtualizationBasedSecurity](./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity)
- [DeviceGuard/LsaCfgFlags](./policy-csp-deviceguard.md#deviceguard-lsacfgflags)
- [DeviceGuard/RequirePlatformSecurityFeatures](./policy-csp-deviceguard.md#deviceguard-requireplatformsecurityfeatures)

6
windows/client-management/mdm/policy-csp-deviceguard.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 07/30/2018
ms.date: 09/20/2018
---
# Policy CSP - DeviceGuard
@ -22,7 +22,7 @@ ms.date: 07/30/2018
<dl>
<dd>
<a href="#deviceguard-enablesystemguard">DeviceGuard/EnableSystemGuard</a>
<a href="#deviceguard-configuresystemguardlaunch">DeviceGuard/ConfigureSystemGuardLaunch</a>
</dd>
<dd>
<a href="#deviceguard-enablevirtualizationbasedsecurity">DeviceGuard/EnableVirtualizationBasedSecurity</a>
@ -39,7 +39,7 @@ ms.date: 07/30/2018
<hr/>
<!--Policy-->
<a href="" id="deviceguard-enablesystemguard"></a>**DeviceGuard/EnableSystemGuard**
<a href="" id="deviceguard-configuresystemguardlaunch"></a>**DeviceGuard/ConfigureSystemGuardLaunch**
<!--SupportedSKUs-->
<table>

36
windows/client-management/mdm/policy-ddf-file.md
View File

@ -25635,7 +25635,7 @@ Related policy:
</DFType>
</DFProperties>
<Node>
<NodeName>EnableSystemGuard</NodeName>
<NodeName>ConfigureSystemGuardLaunch</NodeName>
<DFProperties>
<AccessType>
<Add />
@ -27217,7 +27217,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
<Get />
<Replace />
</AccessType>
<Description>You can configure Microsoft Edge, when enabled, to prevent the &quot;browser&quot; group from using the Sync your Settings option to sync information, such as history and favorites, between user&apos;s devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable the Allow users to turn browser syncing on policy. If disabled or not configured, the Sync your Settings options are turned on in Microsoft Edge by default, and configurable by the user.
<Description>You can configure Microsoft Edge, when enabled, to prevent the &quot;browser&quot; group from using the Sync your Settings option to sync information, such as history and favorites, between user&apos;s devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable the Allow users to turn browser syncing on policy. If disabled or not configured, the Sync your Settings options are turned on in Microsoft Edge by default, and configurable by the user.
Related policy: PreventUsersFromTurningOnBrowserSyncing
0 (default) = allow syncing, 2 = disable syncing</Description>
<DFFormat>
@ -33474,7 +33474,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
<Replace />
</AccessType>
<Description>Devices joined to Azure Active Directory in a hybrid environment need to interact with Active Directory Domain Controllers, but they lack the built-in ability to find a Domain Controller that a domain-joined device has. This can cause failures when such a device needs to resolve an AAD UPN into an Active Directory Principal.
This parameter adds a list of domains that an Azure Active Directory joined device should attempt to contact if it is otherwise unable to resolve a UPN to a principal.</Description>
<DFFormat>
<chr/>
@ -33862,7 +33862,7 @@ If you disable or do not configure this policy (recommended), users will be able
Notes
If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password.
Disabling the Administrator account can become a maintenance issue under certain circumstances.
Disabling the Administrator account can become a maintenance issue under certain circumstances.
Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts. If the computer is domain joined the disabled administrator will not be enabled.
@ -34352,7 +34352,7 @@ The options are:
No Action
Lock Workstation
Force Logoff
Disconnect if a Remote Desktop Services session
Disconnect if a Remote Desktop Services session
If you click Lock Workstation in the Properties dialog box for this policy, the workstation is locked when the smart card is removed, allowing users to leave the area, take their smart card with them, and still maintain a protected session.
@ -35374,7 +35374,7 @@ This policy setting controls the behavior of all User Account Control (UAC) poli
The options are:
• Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
• Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
• Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.</Description>
<DFFormat>
@ -44745,7 +44745,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
<Get />
<Replace />
</AccessType>
<Description>Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user&apos;s permissions to administrative or system levels. Caution: Assigning this user right can be a security risk. Only assign this user right to trusted users. Note: By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist.
<Description>Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user&apos;s permissions to administrative or system levels. Caution: Assigning this user right can be a security risk. Only assign this user right to trusted users. Note: By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist.
1) The access token that is being impersonated is for this user.
2) The user, in this logon session, created the access token by logging on to the network with explicit credentials.
3) The requested level is less than Impersonate, such as Anonymous or Identify.
@ -47064,11 +47064,11 @@ Because of these factors, users do not usually need this user right. Warning: If
<xs:element name="ForceRestart">
<xs:complexType>
<xs:attribute name="StartDateTime" type="xs:dateTime" use="required"/>
<xs:attribute name="Recurrence" type="recurrence" use="required"/>
<xs:attribute name="RunIfTaskIsMissed" type="xs:boolean" use="required"/>
<xs:attribute name="DaysOfWeek" type="daysOfWeek"/>
<xs:attribute name="DaysOfMonth" type="daysOfMonth"/>
<xs:attribute name="StartDateTime" type="xs:dateTime" use="required"/>
<xs:attribute name="Recurrence" type="recurrence" use="required"/>
<xs:attribute name="RunIfTaskIsMissed" type="xs:boolean" use="required"/>
<xs:attribute name="DaysOfWeek" type="daysOfWeek"/>
<xs:attribute name="DaysOfMonth" type="daysOfMonth"/>
</xs:complexType>
</xs:element>
</xs:schema>]]></MSFT:XMLSchema>
@ -55084,7 +55084,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>You can configure Microsoft Edge, when enabled, to prevent the &quot;browser&quot; group from using the Sync your Settings option to sync information, such as history and favorites, between user&apos;s devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable the Allow users to turn browser syncing on policy. If disabled or not configured, the Sync your Settings options are turned on in Microsoft Edge by default, and configurable by the user.
<Description>You can configure Microsoft Edge, when enabled, to prevent the &quot;browser&quot; group from using the Sync your Settings option to sync information, such as history and favorites, between user&apos;s devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable the Allow users to turn browser syncing on policy. If disabled or not configured, the Sync your Settings options are turned on in Microsoft Edge by default, and configurable by the user.
Related policy: PreventUsersFromTurningOnBrowserSyncing
0 (default) = allow syncing, 2 = disable syncing</Description>
<DFFormat>
@ -62093,7 +62093,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
</AccessType>
<DefaultValue></DefaultValue>
<Description>Devices joined to Azure Active Directory in a hybrid environment need to interact with Active Directory Domain Controllers, but they lack the built-in ability to find a Domain Controller that a domain-joined device has. This can cause failures when such a device needs to resolve an AAD UPN into an Active Directory Principal.
This parameter adds a list of domains that an Azure Active Directory joined device should attempt to contact if it is otherwise unable to resolve a UPN to a principal.</Description>
<DFFormat>
<chr/>
@ -62491,7 +62491,7 @@ If you disable or do not configure this policy (recommended), users will be able
Notes
If you try to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password requirements, you cannot reenable the account. In this case, an alternative member of the Administrators group must reset the password on the Administrator account. For information about how to reset a password, see To reset a password.
Disabling the Administrator account can become a maintenance issue under certain circumstances.
Disabling the Administrator account can become a maintenance issue under certain circumstances.
Under Safe Mode boot, the disabled Administrator account will only be enabled if the machine is non-domain joined and there are no other local active administrator accounts. If the computer is domain joined the disabled administrator will not be enabled.
@ -63024,7 +63024,7 @@ The options are:
No Action
Lock Workstation
Force Logoff
Disconnect if a Remote Desktop Services session
Disconnect if a Remote Desktop Services session
If you click Lock Workstation in the Properties dialog box for this policy, the workstation is locked when the smart card is removed, allowing users to leave the area, take their smart card with them, and still maintain a protected session.
@ -64127,7 +64127,7 @@ This policy setting controls the behavior of all User Account Control (UAC) poli
The options are:
• Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
• Enabled: (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
• Disabled: Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.</Description>
<DFFormat>
@ -74444,7 +74444,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
<Get />
</AccessType>
<DefaultValue></DefaultValue>
<Description>Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user&apos;s permissions to administrative or system levels. Caution: Assigning this user right can be a security risk. Only assign this user right to trusted users. Note: By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist.
<Description>Assigning this user right to a user allows programs running on behalf of that user to impersonate a client. Requiring this user right for this kind of impersonation prevents an unauthorized user from convincing a client to connect (for example, by remote procedure call (RPC) or named pipes) to a service that they have created and then impersonating that client, which can elevate the unauthorized user&apos;s permissions to administrative or system levels. Caution: Assigning this user right can be a security risk. Only assign this user right to trusted users. Note: By default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Model (COM) servers that are started by the COM infrastructure and that are configured to run under a specific account also have the Service group added to their access tokens. As a result, these services get this user right when they are started. In addition, a user can also impersonate an access token if any of the following conditions exist.
1) The access token that is being impersonated is for this user.
2) The user, in this logon session, created the access token by logging on to the network with explicit credentials.
3) The requested level is less than Impersonate, such as Anonymous or Identify.

23
windows/configuration/TOC.md
View File

@ -27,18 +27,17 @@
### [Product IDs in Windows 10 Mobile](mobile-devices/product-ids-in-windows-10-mobile.md)
### [Start layout XML for mobile editions of Windows 10 (reference)](mobile-devices/start-layout-xml-mobile.md)
## [Configure cellular settings for tablets and PCs](provisioning-apn.md)
## [Configure Start, taskbar, and lock screen](start-taskbar-lockscreen.md)
### [Configure Windows Spotlight on the lock screen](windows-spotlight.md)
### [Manage Windows 10 and Microsoft Store tips, "fun facts", and suggestions](manage-tips-and-suggestions.md)
### [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
#### [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
#### [Customize and export Start layout](customize-and-export-start-layout.md)
#### [Add image for secondary tiles](start-secondary-tiles.md)
#### [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
#### [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
#### [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
#### [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
#### [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
## [Configure Windows Spotlight on the lock screen](windows-spotlight.md)
## [Manage Windows 10 and Microsoft Store tips, "fun facts", and suggestions](manage-tips-and-suggestions.md)
## [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
### [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
### [Customize and export Start layout](customize-and-export-start-layout.md)
### [Add image for secondary tiles](start-secondary-tiles.md)
### [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
### [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
### [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
### [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
### [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
## [Cortana integration in your business or enterprise](cortana-at-work/cortana-at-work-overview.md)
### [Testing scenarios using Cortana in your business or organization](cortana-at-work/cortana-at-work-testing-scenarios.md)
#### [Test scenario 1 - Sign-in to Azure AD and use Cortana to manage the notebook](cortana-at-work/cortana-at-work-scenario-1.md)

2
windows/configuration/guidelines-for-assigned-access-app.md
View File

@ -46,7 +46,7 @@ Avoid selecting Windows apps that are designed to launch other apps as part of t
In Windows 10, version 1803, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure additional settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but arent allowed to go to a competitor's website.
>[!NOTE]
>Kiosk Browser supports a single tab. If a website has links that open a new tab, those links will not work with Kiosk Browser.
>Kiosk Browser supports a single tab. If a website has links that open a new tab, those links will not work with Kiosk Browser. Kiosk Browser does not support .pdfs.
**Kiosk Browser** must be downloaded for offline licensing using Microsoft Store For Business. You can deploy **Kiosk Browser** to devices running Windows 10, version 1803 (Pro, Business, Enterprise, and Education).

4
windows/configuration/index.md
View File

@ -26,7 +26,9 @@ Enterprises often need to apply custom configurations to devices for their users
| [Configure kiosk and digital signage devices running Windows 10 desktop editions](kiosk-methods.md) | These topics help you configure Windows 10 devices to run as a kiosk device. |
| [Configure Windows 10 Mobile devices](mobile-devices/configure-mobile.md) | These topics help you configure the features and apps and Start screen for a device running Windows 10 Mobile, as well as how to configure a kiosk device that runs a single app. |
| [Configure cellular settings for tablets and PCs](provisioning-apn.md) | Enterprises can provision cellular settings for tablets and PC with built-in cellular modems or plug-in USB modem dongles. |
| [Configure Start, taskbar, and lock screen](start-taskbar-lockscreen.md) | A standard, customized Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. Configuring the taskbar allows the organization to pin useful apps for their employees and to remove apps that are pinned by default. |
| [Windows Spotlight on the lock screen](windows-spotlight.md) | Windows Spotlight is an option for the lock screen background that displays different background images and occasionally offers suggestions on the lock screen.</br></br>**Note:** You can also use the [Personalization CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/personalization-csp) settings to set lock screen and desktop background images. |
| [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](manage-tips-and-suggestions.md) | Options to manage the tips, tricks, and suggestions offered by Windows and Microsoft Store. |
| [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) | Organizations might want to deploy a customized Start screen and menu to devices running Windows 10 Pro, Enterprise, or Education. A standard Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. |
| [Cortana integration in your business or enterprise](cortana-at-work/cortana-at-work-overview.md) | The worlds first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments. |
| [Configure access to Microsoft Store](stop-employees-from-using-the-windows-store.md) | IT Pros can configure access to Microsoft Store for client computers in their organization. For some organizations, business policies require blocking access to Microsoft Store. |
| [Accessibility information for IT Pros](windows-10-accessibility-for-ITPros.md) | Windows 10 includes accessibility features that benefit all users. These features make it easier to customize the computer and give users with different abilities options to improve their experience with Windows. This topic helps IT administrators learn about built-in accessibility features. |

30
windows/configuration/start-taskbar-lockscreen.md
View File

@ -1,30 +0,0 @@
---
title: Configure Start layout, taskbar, and lock screen for Windows 10 PCs (Windows 10)
description:
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
author: jdeckerms
ms.author: jdecker
ms.topic: article
ms.date: 07/27/2017
---
# Configure Start layout, taskbar, and lock screen for Windows 10 PCs
## In this section
| Topic | Description |
| --- | --- |
| [Windows Spotlight on the lock screen](windows-spotlight.md) | Windows Spotlight is an option for the lock screen background that displays different background images and occasionally offers suggestions on the lock screen.</br></br>**Note:** You can also use the [Personalization CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/personalization-csp) settings to set lock screen and desktop background images. |
| [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](manage-tips-and-suggestions.md) | Options to manage the tips, tricks, and suggestions offered by Windows and Microsoft Store. |
| [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) | Organizations might want to deploy a customized Start screen and menu to devices running Windows 10 Pro, Enterprise, or Education. A standard Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. |
## Related topics
- [Configure Windows 10 Mobile devices](mobile-devices/configure-mobile.md)

3
windows/security/threat-protection/TOC.md
View File

@ -138,7 +138,7 @@
####### [Get user related machines](windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md)
##### [Managed service provider provider support](windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md)
##### [Managed security service provider support](windows-defender-atp/mssp-support-windows-defender-advanced-threat-protection.md)
#### [Microsoft threat protection](windows-defender-atp/threat-protection-integration.md)
##### [Protect users, data, and devices with conditional access](windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md)
@ -372,6 +372,7 @@
#### [Malware names](intelligence/malware-naming.md)
#### [Coin miners](intelligence/coinminer-malware.md)
#### [Exploits and exploit kits](intelligence/exploits-malware.md)
#### [Fileless threats](intelligence/fileless-threats.md)
#### [Macro malware](intelligence/macro-malware.md)
#### [Phishing](intelligence/phishing.md)
#### [Ransomware](intelligence/ransomware-malware.md)

18
windows/security/threat-protection/index.md
View File

@ -38,7 +38,7 @@ Windows Defender Advanced Threat Protection (Windows Defender ATP) is a unified
<a name="asr"></a>
**Attack surface reduction**<br>
**[Attack surface reduction](windows-defender-atp/overview-attack-surface-reduction.md)**<br>
The attack surface reduction set of capabilities provide the first line of defense in the stack. By ensuring configuration settings are properly set and exploit mitigation techniques are applied, these set of capabilities resist attacks and exploitations.
- [Hardware based isolation](windows-defender-atp/overview-hardware-based-isolation.md)
@ -51,7 +51,7 @@ The attack surface reduction set of capabilities provide the first line of defen
<a name="ngp"></a>
**Next generation protection**<br>
**[Next generation protection](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)**<br>
To further reinforce the security perimeter of your network, Windows Defender ATP uses next generation protection designed to catch all types of emerging threats.
- [Windows Defender Antivirus](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)
@ -61,8 +61,7 @@ To further reinforce the security perimeter of your network, Windows Defender AT
<a name="edr"></a>
**Endpoint protection and response**<br>
**[Endpoint protection and response](windows-defender-atp/overview-endpoint-detection-response.md)**<br>
Endpoint protection and response capabilities are put in place to detect, investigate, and respond to advanced threats that may have made it past the first two security pillars.
- [Alerts](windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md)
@ -74,7 +73,7 @@ Endpoint protection and response capabilities are put in place to detect, invest
<a name="ai"></a>
**Automated investigation and remediation**<br>
**[Automated investigation and remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)**<br>
In conjunction with being able to quickly respond to advanced attacks, Windows Defender ATP offers automatic investigation and remediation capabilities that help reduce the volume of alerts in minutes at scale.
- [Automated investigation and remediation](windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md)
@ -84,8 +83,7 @@ In conjunction with being able to quickly respond to advanced attacks, Windows D
<a name="ss"></a>
**Secure score**<br>
**[Secure score](windows-defender-atp/overview-secure-score-windows-defender-advanced-threat-protection.md)**<br>
Windows Defender ATP includes a secure score to help you dynamically assess the security state of your enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of your organization.
- [Asset inventory](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
- [Recommended improvement actions](windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md)
@ -94,7 +92,7 @@ Windows Defender ATP includes a secure score to help you dynamically assess the
<a name="ah"></a>
**Advanced hunting**<br>
**[Advanced hunting](windows-defender-atp/overview-hunting-windows-defender-advanced-threat-protection.md)**<br>
Create custom threat intelligence and use a powerful search and query tool to hunt for possible threats in your organization.
- [Custom detection](windows-defender-atp/overview-custom-detections.md)
@ -102,7 +100,7 @@ Create custom threat intelligence and use a powerful search and query tool to hu
<a name="apis"></a>
**Management and APIs**<br>
**[Management and APIs](windows-defender-atp/management-apis.md)**<br>
Integrate Windows Defender Advanced Threat Protection into your existing workflows.
- [Onboarding](windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md)
- [API and SIEM integration](windows-defender-atp/configure-siem-windows-defender-advanced-threat-protection.md)
@ -112,7 +110,7 @@ Integrate Windows Defender Advanced Threat Protection into your existing workflo
<a name="mtp"></a>
**Microsoft threat protection** <br>
**[Microsoft threat protection](windows-defender-atp/threat-protection-integration.md)** <br>
Bring the power of Microsoft threat protection to your organization.
- [Conditional access](windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md)
- [O365 ATP](windows-defender-atp/threat-protection-integration.md)

BIN
windows/security/threat-protection/intelligence/images/fileless-malware.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 194 KiB

After

Width:  |  Height:  |  Size: 192 KiB

2
windows/security/threat-protection/windows-defender-atp/TOC.md
View File

@ -137,7 +137,7 @@
###### [Get user related machines](get-user-related-machines-windows-defender-advanced-threat-protection.md)
#### [Managed service provider provider support](mssp-support-windows-defender-advanced-threat-protection.md)
#### [Managed security service provider support](mssp-support-windows-defender-advanced-threat-protection.md)
### [Microsoft threat protection](threat-protection-integration.md)