diff --git a/store-for-business/device-guard-signing-portal.md b/store-for-business/device-guard-signing-portal.md index 64da5a18ce..f13413106a 100644 --- a/store-for-business/device-guard-signing-portal.md +++ b/store-for-business/device-guard-signing-portal.md @@ -17,6 +17,11 @@ ms.date: 07/21/2021 # Device Guard signing +**Applies to** + +- Windows 10 +- Windows 10 Mobile + > [!IMPORTANT] > Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution). @@ -37,12 +42,6 @@ ms.date: 07/21/2021 > > For any questions, please contact us at DGSSMigration@microsoft.com. - -**Applies to** - -- Windows 10 -- Windows 10 Mobile - Device Guard signing is a Device Guard feature that gives admins a single place to sign catalog files and code integrity policies. After admins have created catalog files for unsigned apps and signed the catalog files, they can add the signers to a code integrity policy. You can merge the code integrity policy with your existing policy to include your custom signing certificate. This allows you to trust the catalog files. Device Guard is a feature set that consists of both hardware and software system integrity hardening features. These features use new virtualization-based security options and the trust-nothing mobile device operating system model. A key feature in this model is called configurable code integrity, which allows your organization to choose exactly which software or trusted software publishers are allowed to run code on your client machines. Also, Device Guard offers organizations a way to sign existing line-of-business (LOB) applications so that they can trust their own code, without the requirement that the application be repackaged. Also, this same method of signing allows organizations to trust individual third-party applications. For more information, see [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide). @@ -56,16 +55,17 @@ Device Guard is a feature set that consists of both hardware and software system ## Device Guard Signing Service (v2) PowerShell Commands -_Note: [.. common ..] are parameters common across all commands that are documented below the command definitions._ +> [!NOTE] +> [.. common ..] are parameters common across all commands that are documented below the command definitions. **Get-DefaultPolicy** Gets the default .xml policy file associated with the current tenant. - Usage: -``` +```powershell Get-DefaultPolicy -OutFile filename [-PassThru] [.. common ..] ``` - + - Parameters: **OutFile** - string, mandatory - The filename where the default policy file should be persisted to disk. The file name should be an .xml file. If the file already exists, it will be overwritten (note: create the folder first). @@ -80,7 +80,7 @@ Get-DefaultPolicy -OutFile filename [-PassThru] [.. common ..] - Usage: - ``` + ```powershell Get-RootCertificate -OutFile filename [-PassThru] [.. common ..] ``` @@ -99,7 +99,7 @@ Get-DefaultPolicy -OutFile filename [-PassThru] [.. common ..] - Usage: - ``` + ```powershell Get-SigningHistory -OutFile filename [-PassThru] [.. common ..] ``` @@ -117,7 +117,7 @@ Get-DefaultPolicy -OutFile filename [-PassThru] [.. common ..] - Usage: - ``` + ```powershell Submit-SigningJob -InFile filename -OutFile filename [-NoTimestamp][- TimeStamperUrl "timestamper url"] [-JobDescription "description"] [.. common ..] ``` @@ -138,7 +138,7 @@ signing is binary policy files with the extension (.bin) that have been created - Usage: - ``` + ```powershell Submit-SigningV1MigrationPolicy -InFile filename -OutFile filename [-NoTimestamp][-TimeStamperUrl "timestamper url"] [-JobDescription "description"] [.. common ..] ``` @@ -146,7 +146,10 @@ signing is binary policy files with the extension (.bin) that have been created **InFile** - string, mandatory - The file to be signed. This should be a file of the types described in description above (.bin). - **OutFile** - string, mandatory - The output file that should be generated by the signing process. If this file already exists, it will be overwritten (note: create the folder first). + **OutFile** - string, mandatory - The output file that should be generated by the signing process. If this file already exists, it will be overwritten. + + > [!NOTE] + > Create the folder first. **NoTimestamp** - switch, optional - If present, the signing operation will skip timestamping the output file, and it will be signed only. If not present (default) and TimeStamperUrl presents, the output file will be both signed and timestamped. If both NoTimestamp and TimeStamperUrl not present, the signing operation will skip timestamping the output file, and it will be signed only. @@ -164,7 +167,7 @@ In addition to cmdlet-specific parameters, each cmdlet understands the following - Usage: - ``` + ```powershell ... [-NoPrompt] [-Credential $creds] [-AppId AppId] [-Verbose] ```