From c951da6935180a8763f202e6eef77676eaecdc9d Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Wed, 18 Apr 2018 16:43:05 -0700 Subject: [PATCH 001/319] Began Part 2 of revision --- ...ministrator-with-the-management-console.md | 30 ++-- ...de-packages-with-the-management-console.md | 35 ++--- ...appv-administering-appv-with-powershell.md | 136 ++++-------------- ...pplications-with-the-management-console.md | 110 ++++---------- 4 files changed, 80 insertions(+), 231 deletions(-) diff --git a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md index 7a031ea941..7867900bd3 100644 --- a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md +++ b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md @@ -1,6 +1,6 @@ --- title: How to Add or Remove an Administrator by Using the Management Console (Windows 10) -description: How to Add or Remove an Administrator by Using the Management Console +description: How to add or remove an administrator by using the Management Console author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy @@ -8,33 +8,27 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- +# How to add or remove an administrator by using the Management Console - -# How to Add or Remove an Administrator by Using the Management Console - -**Applies to** -- Windows 10, version 1607 +>Applies to: Windows 10, version 1607 Use the following procedures to add or remove an administrator on the Microsoft Application Virtualization (App-V) server. -**To add an administrator using the Management Console** +## Add an administrator using the Management Console -1. Open the Microsoft Application Virtualization (App-V) Management Console and click **Administrators** in the navigation pane. The navigation pane displays a list of Access Directory (AD) users and groups that currently have administrative access to the Microsoft Application Virtualization (App-V) server. +1. Open the Microsoft Application Virtualization (App-V) Management Console and select **Administrators** in the navigation pane. The navigation pane will display a list of Access Directory (AD) users and groups that currently have administrative access to the Microsoft Application Virtualization (App-V) server. +2. To add a new administrator, select **Add Administrator**. Enter the name of the administrator that you want to add in the **Active Directory Name** field. Make sure to also provide the associated user account domain name. For example, **Domain** \\ **UserName**. +3. Select the account you want to add and select **Add**. The new account should now appear in the list of server administrators. -2. To add a new administrator, click **Add Administrator** Type the name of the administrator that you want to add in the **Active Directory Name** field. Ensure you provide the associated user account domain name. For example, **Domain** \\ **UserName**. +## Remove an administrator using the Management Console -3. Select the account that you want to add and click **Add**. The new account is displayed in the list of server administrators. - -**To remove an administrator using the Management Console** - -1. Open the Microsoft Application Virtualization (App-V) Management Console and click **Administrators** in the navigation pane. The navigation pane displays a list of AD users and groups that currently have administrative access to the Microsoft Application Virtualization (App-V) server. - -2. Right-click the account to be removed from the list of administrators and select **Remove**. +1. Open the Microsoft Application Virtualization (App-V) Management Console and click **Administrators** in the navigation pane. The navigation pane displays a list of AD users and groups that currently have administrative access to the Microsoft Application Virtualization (App-V) server. +2. Right-click the account to be removed from the list of administrators and select **Remove**. ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics -[Operations for App-V](appv-operations.md) +* [Operations for App-V](appv-operations.md) diff --git a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md index 19131f8521..8c3b04234f 100644 --- a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md +++ b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md @@ -1,6 +1,6 @@ --- title: How to Add or Upgrade Packages by Using the Management Console (Windows 10) -description: How to Add or Upgrade Packages by Using the Management Console +description: How to add or upgrade packages by using the Management Console author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy @@ -8,42 +8,37 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- +# How to add or upgrade packages by using the Management Console - -# How to Add or Upgrade Packages by Using the Management Console - -**Applies to** -- Windows 10, version 1607 +>Applies to: Windows 10, version 1607 You can the following procedure to add or upgrade a package to the App-V Management Console. To upgrade a package that already exists in the Management Console, use the following steps and import the upgraded package using the same package **Name**. -**To add a package to the Management Console** +## Add a package to the Management Console -1. Click the **Packages** tab in the navigation pane of the Management Console display. +1. Select the **Packages** tab in the navigation pane of the Management Console display. The console displays the list of packages that have been added to the server along with status information about each package. When a package is selected, detailed information about the package is displayed in the **PACKAGES** pane. - Click the **Ungrouped** drop-down list box and specify how the packages are to be displayed in the console. You can also click the associated column header to sort the packages. + Select the **Ungrouped** drop-down list box and specify how the packages are to be displayed in the console. You can also click the associated column header to sort the packages. -2. To specify the package you want to add, click **Add or Upgrade Packages**. +2. Select **Add or Upgrade Packages** to specify which package you want to add. -3. Type the full path to the package that you want to add. Use the UNC or HTTP path format, for example **\\\\servername\\sharename\\foldername\\packagename.appv** or **https://server.1234/file.appv**, and then click **Add**. +3. Enter the full path to the package that you want to add. Use the UNC or HTTP path format, for example **\\\\servername\\sharename\\foldername\\packagename.appv** or **http://server.1234/file.appv**, and then click **Add**. - **Important**   - You must select a package with the **.appv** file name extension. + >[!IMPORTANT] + >You must select a package with the **.appv** file name extension. -   +4. The page displays the status message **Adding <Packagename>**. Select **IMPORT STATUS** to check the status of a package that you have imported. -4. The page displays the status message **Adding <Packagename>**. Click **IMPORT STATUS** to check the status of a package that you have imported. + Click **OK** to add the package and close the **Add Package** page. If there was an error during the import, select **Detail** on the **Package Import** page for more information. The newly added package is now available in the **PACKAGES** pane. - Click **OK** to add the package and close the **Add Package** page. If there was an error during the import, click **Detail** on the **Package Import** page for more information. The newly added package is now available in the **PACKAGES** pane. - -5. Click **Close** to close the **Add or Upgrade Packages** page. +5. Select **Close** to close the **Add or Upgrade Packages** page. ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics -[Operations for App-V](appv-operations.md) +* [Operations for App-V](appv-operations.md) diff --git a/windows/application-management/app-v/appv-administering-appv-with-powershell.md b/windows/application-management/app-v/appv-administering-appv-with-powershell.md index a27ad2dd60..10327aa2e2 100644 --- a/windows/application-management/app-v/appv-administering-appv-with-powershell.md +++ b/windows/application-management/app-v/appv-administering-appv-with-powershell.md @@ -1,5 +1,5 @@ --- -title: Administering App-V by Using Windows PowerShell (Windows 10) +title: Administering App-V by using Windows PowerShell (Windows 10) description: Administering App-V by Using Windows PowerShell author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization @@ -8,130 +8,46 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- +# Administering App-V by using Windows PowerShell - -# Administering App-V by Using Windows PowerShell - -**Applies to** -- Windows 10, version 1607 +>Applies to: Windows 10, version 1607 Microsoft Application Virtualization (App-V) provides Windows PowerShell cmdlets, which can help administrators perform various App-V tasks. The following sections provide more information about using Windows PowerShell with App-V. -## How to administer App-V by using Windows PowerShell - +## How to administer App-V with Windows PowerShell Use the following Windows PowerShell procedures to perform various App-V tasks. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameDescription

[How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help](appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md)

Describes how to install the Windows PowerShell cmdlets and find cmdlet help and examples.

[How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md)

Describes how to manage the client package lifecycle on a stand-alone computer by using Windows PowerShell.

[How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md)

Describes how to manage connection groups by using Windows PowerShell.

[How to Modify Client Configuration by Using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)

Describes how to modify the client by using Windows PowerShell.

[How to Apply the User Configuration File by Using Windows PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)

Describes how to apply a user configuration file by using Windows PowerShell.

[How to Apply the Deployment Configuration File by Using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)

Describes how to apply a deployment configuration file by using Windows PowerShell.

[How to Sequence a Package by Using Windows PowerShell](appv-sequence-a-package-with-powershell.md)

Describes how to create a new package by using Windows PowerShell.

[How to Create a Package Accelerator by Using Windows PowerShell](appv-create-a-package-accelerator-with-powershell.md)

Describes how to create a package accelerator by using Windows PowerShell. You can use package accelerators automatically sequence large, complex applications.

[How to Enable Reporting on the App-V Client by Using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)

Describes how to enable the computer running the App-V to send reporting information.

[How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md)

Describes how to take an array of account names and to convert each of them to the corresponding SID in standard and hexadecimal formats.

[How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) -

Describes how to use Windows PowerShell to configure a client after you deploy the App-V management and publishing servers, and add the required packages and connection groups.

+|Name|Description| +|---|---| +|[How to load the Windows PowerShell cmdlets for App-V and get cmdlet help](appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md)|Describes how to install the Windows PowerShell cmdlets and find cmdlet help and examples.| +|[How to manage App-V packages running on a stand-alone computer by using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md)|Describes how to manage the client package lifecycle on a stand-alone computer with Windows PowerShell.| +|[How to manage connection groups on a stand-alone computer by using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md)|Describes how to manage connection groups with Windows PowerShell.| +|[How to modify client configuration by using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)|Describes how to modify the client with Windows PowerShell.| +|[How to apply the user configuration file by using Windows PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)|Describes how to apply a user configuration file with Windows PowerShell.| +|[How to apply the deployment configuration file by using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)|Describes how to apply a deployment configuration file with Windows PowerShell.| +|[How to sequence a package by using Windows PowerShell](appv-sequence-a-package-with-powershell.md)|Describes how to create a new package with Windows PowerShell.| +|[How to create a package accelerator by using Windows PowerShell](appv-create-a-package-accelerator-with-powershell.md)|Describes how to create a package accelerator with Windows PowerShell. You can use package accelerators automatically sequence large, complex applications.| +|[How to enable reporting on the App-V client by using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)|Describes how to enable the computer running the App-V client to send reporting information.| +|[How to install the App-V databases and convert the associated security identifiers by using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md)|Describes how to take an array of account names and to convert each of them to the corresponding SID in standard and hexadecimal formats.| +|[How to configure the client to receive package and connection groups updates from the publishing server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)|Describes how to use Windows PowerShell to configure a client after you deploy the App-V management and publishing servers, and add the required packages and connection groups.| -  - -**Important**   -Make sure that any script you execute with your App-V packages matches the execution policy that you have configured for Windows PowerShell. - -  - -## Windows PowerShell Error Handling +>[!IMPORTANT] +>Make sure that any script you execute with your App-V packages matches the execution policy that you have configured for Windows PowerShell. +## Windows PowerShell error handling Use the following table for information about Windows PowerShell error handling for App-V. - ---- - - - - - - - - - - - - - - - - -
EventAction

Using the RollbackOnError attribute with embedded scripts

When you use the RollbackOnError attribute with embedded scripts, the attribute is ignored for the following events:

-
    -

  • Removing a package

    • -

  • Unpublishing a package

    • -

  • Terminating a virtual environment

    • -

  • Terminating a process

    • -

Package name contains $

If a package name contains the character ( $ ), you must use a single-quote ( ' ), for example,

-

Add-AppvClientPackage 'Contoso$App.appv'

- -  +|Event|Action| +|---|---| +|Using the **RollbackOnError** attribute with embedded scripts|When you use the **RollbackOnError** attribute with embedded scripts, the attribute is ignored for the following events:
- Removing a package
- Unpublishing a package
- Terminating a virtual environment
- Terminating a process| +|Package name contains **$**|If a package name contains the character ( **$** ), you must use a single-quote ( **'** ), for example,
```Add-AppvClientPackage 'Contoso$App.appv'```| ## Have a suggestion for App-V? - -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics - -[Operations for App-V](appv-operations.md) +* [Operations for App-V](appv-operations.md) \ No newline at end of file diff --git a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md index ff218061cc..915933fa98 100644 --- a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md +++ b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md @@ -8,12 +8,9 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- - - # Administering App-V Virtual Applications by Using the Management Console -**Applies to** -- Windows 10, version 1607 +>Applies to: Windows 10, version 1607 Use the Microsoft Application Virtualization (App-V) management server to manage packages, connection groups, and package access in your environment. The server publishes application icons, shortcuts, and file type associations to authorized computers that run the App-V client. One or more management servers typically share a common data store for configuration and package information. @@ -21,96 +18,43 @@ The management server uses Active Directory Domain Services (AD DS) groups to ma Because the management servers stream applications to end users on demand, these servers are ideally suited for system configurations that have reliable, high-bandwidth LANs. The management server consists of the following components: -- Management Server – Use the management server to manage packages and connection groups. - -- Publishing Server – Use the publishing server to deploy packages to computers that run the App-V client. - -- Management Database - Use the management database to manage the package access and to publish the server’s synchronization with the management server. +- Management Server—Use the management server to manage packages and connection groups. +- Publishing Server—Use the publishing server to deploy packages to computers that run the App-V client. +- Management Database—Use the management database to manage the package access and to publish the server’s synchronization with the management server. ## Management Console tasks - The most common tasks that you can perform with the App-V Management console are: -- [How to Connect to the Management Console](appv-connect-to-the-management-console.md) - -- [How to Add or Upgrade Packages by Using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md) - -- [How to Configure Access to Packages by Using the Management Console](appv-configure-access-to-packages-with-the-management-console.md) - -- [How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md) - -- [How to Delete a Package in the Management Console](appv-delete-a-package-with-the-management-console.md) - -- [How to Add or Remove an Administrator by Using the Management Console](appv-add-or-remove-an-administrator-with-the-management-console.md) - -- [How to Register and Unregister a Publishing Server by Using the Management Console](appv-register-and-unregister-a-publishing-server-with-the-management-console.md) - -- [How to Create a Custom Configuration File by Using the App-V Management Console](appv-create-a-custom-configuration-file-with-the-management-console.md) - -- [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console](appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md) - -- [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](appv-customize-virtual-application-extensions-with-the-management-console.md) - -- [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md) +- [How to connect to the Management Console](appv-connect-to-the-management-console.md) +- [How to add or upgrade packages by using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md) +- [How to configure access to packages by using the Management Console](appv-configure-access-to-packages-with-the-management-console.md) +- [How to publish a package by using the Management Console](appv-publish-a-packages-with-the-management-console.md) +- [How to delete a package in the Management Console](appv-delete-a-package-with-the-management-console.md) +- [How to add or remove an administrator by using the Management Console](appv-add-or-remove-an-administrator-with-the-management-console.md) +- [How to register and unregister a publishing server by using the Management Console](appv-register-and-unregister-a-publishing-server-with-the-management-console.md) +- [How to create a custom configuration file by using the App-V Management Console](appv-create-a-custom-configuration-file-with-the-management-console.md) +- [How to transfer access and configurations to another version of a package by using the Management Console](appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md) +- [How to customize virtual application extensions for a specific AD group by using the Management Console](appv-customize-virtual-application-extensions-with-the-management-console.md) +- [How to view and configure applications and default virtual application extensions by using the Management Console](appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md) The main elements of the App-V Management Console are: - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Management Console tabDescription

Packages tab

Use the PACKAGES tab to add or upgrade packages.

Connection Groups tab

Use the CONNECTION GROUPS tab to manage connection groups.

Servers tab

Use the SERVERS tab to register a new server.

Administrators tab

Use the ADMINISTRATORS tab to register, add, or remove administrators in your App-V environment.

+|Management Console tab|Description| +|---|---| +|Packages tab|Use the **Packages** tab to add or upgrade packages.| +|Connection Groups tab|Use the **Connection Groups** tab to manage connection groups.| +|Servers tab|Use the **Servers** tab to register a new server.| +|Administrators tab|Use the **Administrators** tab to register, add, or remove administrators in your App-V environment.| -  - -**Important**   -JavaScript must be enabled on the browser that opens the Web Management Console. - -  +>[!IMPORTANT] +>JavaScript must be enabled on the browser that opens the Web Management Console. ## Have a suggestion for App-V? +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). - -## Other resources for this App-V deployment - - -- [Application Virtualization (App-V) overview](appv-for-windows.md) - -- [Operations for App-V](appv-operations.md) - -  - -  - - - - +## Other resources for this App-V deployment +- [Application Virtualization (App-V) overview](appv-for-windows.md) +- [Operations for App-V](appv-operations.md) \ No newline at end of file From cf74f93f4801ffd7c220d56d03de3bb337074338 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Thu, 19 Apr 2018 14:43:10 -0700 Subject: [PATCH 002/319] Formatting for application publishing and client interaction article --- ...inistrators-to-enable-connection-groups.md | 50 +- ...ation-publishing-and-client-interaction.md | 553 +++++++++--------- 2 files changed, 272 insertions(+), 331 deletions(-) diff --git a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md index f97ca1f36d..d982f4b88b 100644 --- a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md +++ b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md @@ -8,54 +8,26 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- +# How to allow only administrators to enable connection groups +>Applies to: Windows 10, version 1607 -# How to Allow Only Administrators to Enable Connection Groups +You can configure the App-V client so that only administrators, not users, can enable or disable connection groups. In earlier versions of App-V, there was no way to restrict access to disabling connection groups to users. -**Applies to** -- Windows 10, version 1607 - -You can configure the App-V client so that only administrators (not end users) can enable or disable connection groups. In earlier versions of App-V, you could not prevent end users from performing these tasks. - -**Note**
-This feature is supported starting in App-V 5.0 SP3. +>[!NOTE] +>This feature is supported starting in App-V 5.0 SP3. Use one of the following methods to allow only administrators to enable or disable connection groups. - ---- - - - - - - - - - - - - - - - - -
MethodSteps

Group Policy setting

Enable the “Require publish as administrator” Group Policy setting, which is located in the following Group Policy Object node:

-

Computer Configuration > Administrative Templates > System > App-V > Publishing

Windows PowerShell cmdlet

Run the Set-AppvClientConfiguration cmdlet with the -RequirePublishAsAdmin parameter.

-

Parameter values:

-
    -

  • 0 - False

    • -

  • 1 - True

    • -
-

Example: Set-AppvClientConfiguration -RequirePublishAsAdmin 1

+|Method|Steps| +|---|---| +|Group Policy setting|Enable the “Require publish as administrator” Group Policy setting, which is located in the following Group Policy Object node:

**Computer Configuration** > **Administrative Templates** > **System** > **App-V** > **Publishing**| +|Windows PowerShell cmdlet|Run the **Set-AppvClientConfiguration** cmdlet with the *-RequirePublishAsAdmin* parameter.

Parameter values:
- **0** – False
- **1** – True

Example: ```Set-AppvClientConfiguration -RequirePublishAsAdmin 1```| ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics -[Managing Connection Groups](appv-managing-connection-groups.md) +- [Managing Connection Groups](appv-managing-connection-groups.md) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 4674fddc02..79b0720209 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -1,6 +1,6 @@ --- title: Application Publishing and Client Interaction (Windows 10) -description: Application Publishing and Client Interaction +description: Application publishing and client interaction. author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy @@ -8,20 +8,26 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- +# Application publishing and client interaction - -# Application Publishing and Client Interaction - -**Applies to** -- Windows 10, version 1607 +>Applies to: Windows 10, version 1607 This article provides technical information about common App-V client operations and their integration with the local operating system. ## App-V package files created by the Sequencer - The Sequencer creates App-V packages and produces a virtualized application. The sequencing process creates the following files: +|File|Description| +|---|---| +|.appv|- The primary package file, which contains the captured assets and state information from the sequencing process.
- Architecture of the package file, publishing information, and registry in a tokenized form that can be reapplied to a machine and to a specific user upon delivery.| +|.MSI|Executable deployment wrapper that you can use to deploy .appv files manually or by using a third-party deployment platform.| +|_DeploymentConfig.XML|File used to customize the default publishing parameters for all applications in a package that is deployed globally to all users on a computer that is running the App-V client.| +|_UserConfig.XML|File used to customize the publishing parameters for all applications in a package that is a deployed to a specific user on a computer that is running the App-V client.| +|Report.xml|Summary of messages resulting from the sequencing process, including omitted drivers, files, and registry locations.| +|.CAB|Optional: Package accelerator file used to automatically rebuild a previously sequenced virtual application package.| +|.appvt|Optional: Sequencer template file used to retain commonly reused Sequencer settings.| + @@ -72,7 +78,6 @@ For information about sequencing, see [How to Sequence a New Application with Ap ## What’s in the appv file? - The appv file is a container that stores XML and non-XML files together in a single entity. This file is built from the AppX format, which is based on the Open Packaging Conventions (OPC) standard. To view the appv file contents, make a copy of the package, and then rename the copied file to a ZIP extension. @@ -80,7 +85,7 @@ To view the appv file contents, make a copy of the package, and then rename the The appv file contains the following folder and files, which are used when creating and publishing a virtual application: | Name | Type | Description | -| - | - | - | +|---|---|---| | Root | File folder | Directory that contains the file system for the virtualized application that is captured during sequencing. | | [Content_Types].xml | XML File | List of the core content types in the appv file (e.g. DLL, EXE, BIN). | | AppxBlockMap.xml | XML File | Layout of the appv file, which uses File, Block, and BlockMap elements that enable location and validation of files in the App-V package.| @@ -90,14 +95,12 @@ The appv file contains the following folder and files, which are used when creat | Registry.dat | DAT File | Registry keys and values captured during the sequencing process for the package.| | StreamMap.xml | XML File | List of files for the primary and publishing feature block. The publishing feature block contains the ICO files and required portions of files (EXE and DLL) for publishing the package. When present, the primary feature block includes files that have been optimized for streaming during the sequencing process.| -  - ## App-V client data storage locations The App-V client performs tasks to ensure that virtual applications run properly and work like locally installed applications. The process of opening and running virtual applications requires mapping from the virtual file system and registry to ensure the application has the required components of a traditional application expected by users. This section describes the assets that are required to run virtual applications and lists the location where App-V stores the assets. | Name | Location | Description | -| - | - | - | +|---|---|---| | Package Store | %ProgramData%\App-V| Default location for read only package files| | Machine Catalog | %ProgramData%\Microsoft\AppV\Client\Catalog| Contains per-machine configuration documents| | User Catalog | %AppData%\Microsoft\AppV\Client\Catalog| Contains per-user configuration documents| @@ -126,21 +129,26 @@ To change the default location of the package store during setup, see [Enable th If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information, see [Shared Content Store in Microsoft App-V 5.0 - Behind the Scenes](https://blogs.technet.microsoft.com/appv/2013/07/22/shared-content-store-in-microsoft-app-v-5-0-behind-the-scenes/). -> [!NOTE] +> [!NOTE] > The machine and package store must be located on a local drive, even when you’re using Shared Content Store configurations for the App-V Client. -  - ### Package catalogs The App-V Client manages the following two file-based locations: -- **Catalogs (user and machine).** - -- **Registry locations** - depends on how the package is targeted for publishing. There is a Catalog (data store) for the computer, and a catalog for each individual user. The Machine Catalog stores global information applicable to all users or any user, and the User Catalog stores information applicable to a specific user. The Catalog is a collection of Dynamic Configurations and manifest files; there is discrete data for both file and registry per package version.  +- **Catalogs (user and machine).** +- **Registry locations**—depends on how the package is targeted for publishing. There is a Catalog (data store) for the computer, and a catalog for each individual user. The Machine Catalog stores global information applicable to all users or any user, and the User Catalog stores information applicable to a specific user. The Catalog is a collection of Dynamic Configurations and manifest files; there is discrete data for both file and registry per package version.  ### Machine catalog +||| +|---|---| +|Description|Stores package documents that are available to users on the machine, when packages are added and published. However, if a package is “global” at publishing time, the integrations are available to all users.

If a package is non-global, the integrations are published only for specific users, but there are still global resources that are modified and visible to anyone on the client computer (such as when the package directory is in a shared disk location).

If a package is available to a user on the computer (global or non-global), the manifest is stored in the Machine Catalog. When a package is published globally, there is a Dynamic Configuration file, stored in the Machine Catalog; therefore, the determination of whether a package is global is defined according to whether there is a policy file (UserDeploymentConfiguration file) in the Machine Catalog.| +|Default storage location|```%programdata%\Microsoft\AppV\Client\Catalog\```

This location is not the same as the Package Store location. The Package Store is the golden or pristine copy of the package files.| +|Files in the machine catalog|- Manifest.xml
- DeploymentConfiguration.xml
- UserManifest.xml (Globally Published Package)
- UserDeploymentConfiguration.xml (Globally Published Package)| +|Additional machine catalog location, used when the package is part of a connection group|The following location is in addition to the specific package location mentioned previously as the default storage location:

```%programdata%\Microsoft\AppV\Client\Catalog\PackageGroups\ConGroupGUID\ConGroupVerGUID```| +|Additional files in the machine catalog when the package is part of a connection group|- PackageGroupDescriptor.xml
- UserPackageGroupDescriptor.xml (globally published Connection Group)| +
@@ -182,10 +190,16 @@ The App-V Client manages the following two file-based locations:
-  - ### User catalog +||| +|---|---| +|Description|Created during the publishing process. Contains information used for publishing the package, and also used at launch to ensure that a package is provisioned to a specific user. Created in a roaming location and includes user-specific publishing information.

When a package is published for a user, the policy file is stored in the User Catalog. At the same time, a copy of the manifest is also stored in the User Catalog. When a package entitlement is removed for a user, the relevant package files are removed from the User Catalog. Looking at the user catalog, an administrator can view the presence of a Dynamic Configuration file, which indicates that the package is entitled for that user.

For roaming users, the User Catalog needs to be in a roaming or shared location to preserve the legacy App-V behavior of targeting users by default. Entitlement and policy are tied to a user, not a computer, so they should roam with the user once they are provisioned.| +|Default storage location|```appdata\roaming\Microsoft\AppV\Client\Catalog\Packages\PkgGUID\VerGUID```| +|Files in the user catalog|- UserManifest.xml
- DynamicConfiguration.xml or UserDeploymentConfiguration.xml| +|Additional user catalog location, used when the package is part of a connection group|The following location is in addition to the specific package location mentioned above:

```appdata\roaming\Microsoft\AppV\Client\Catalog\PackageGroups\PkgGroupGUID\PkgGroupVerGUID```| +|Additional file in the machine catalog when the package is part of a connection group|```UserPackageGroupDescriptor.xml```| + @@ -221,11 +235,9 @@ The App-V Client manages the following two file-based locations:
-  - ### Shortcut backups -During the publishing process, the App-V Client backs up any shortcuts and integration points to `%AppData%\Microsoft\AppV\Client\Integration\ShortCutBackups.` This backup enables the restoration of these integration points to the previous versions when the package is unpublished. +During the publishing process, the App-V Client backs up any shortcuts and integration points to ```%AppData%\Microsoft\AppV\Client\Integration\ShortCutBackups```. This backup enables the restoration of these integration points to the previous versions when the package is unpublished. ### Copy on Write files @@ -239,17 +251,15 @@ The COW Roaming location described above stores changes to files and directories The COW Local location is similar to the roaming location, but the directories and files are not roamed to other computers, even if roaming support has been configured. The COW Local location described above stores changes applicable to typical windows and not the %AppData% location. The directories listed will vary but there will be two locations for any typical Windows locations (e.g. Common AppData and Common AppDataS). The **S** signifies the restricted location when the virtual service requests the change as a different elevated user from the logged on users. The non-**S** location stores user based changes. -## Package registry - +## Package registry Before an application can access the package registry data, the App-V Client must make the package registry data available to the applications. The App-V Client uses the real registry as a backing store for all registry data. -When a new package is added to the App-V Client, a copy of the REGISTRY.DAT file from the package is created at `%ProgramData%\Microsoft\AppV\Client\VREG\{Version GUID}.dat`. The name of the file is the version GUID with the .DAT extension. The reason this copy is made is to ensure that the actual hive file in the package is never in use, which would prevent the removal of the package at a later time. +When a new package is added to the App-V Client, a copy of the REGISTRY.DAT file from the package is created at ```%ProgramData%\Microsoft\AppV\Client\VREG\{Version GUID}.dat```. The name of the file is the version GUID with the .DAT extension. The reason this copy is made is to ensure that the actual hive file in the package is never in use, which would prevent the removal of the package at a later time. **Registry.dat from Package Store** > **%ProgramData%\Microsoft\AppV\Client\Vreg\\{VersionGuid}.dat** -  -When the first application from the package is launched on the client, the client stages or copies the contents out of the hive file, re-creating the package registry data in an alternate location `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\PackageGuid\Versions\VersionGuid\REGISTRY`. The staged registry data has two distinct types of machine data and user data. Machine data is shared across all users on the machine. User data is staged for each user to a userspecific location `HKCU\Software\Microsoft\AppV\Client\Packages\PackageGuid\Registry\User`. The machine data is ultimately removed at package removal time, and the user data is removed on a user unpublish operation. +When the first application from the package is launched on the client, the client stages or copies the contents out of the hive file, re-creating the package registry data in an alternate location ```HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\PackageGuid\Versions\VersionGuid\REGISTRY```. The staged registry data has two distinct types of machine data and user data. Machine data is shared across all users on the machine. User data is staged for each user to a userspecific location ```HKCU\Software\Microsoft\AppV\Client\Packages\PackageGuid\Registry\User```. The machine data is ultimately removed at package removal time, and the user data is removed on a user unpublish operation. ### Package registry staging vs. connection group registry staging @@ -267,6 +277,12 @@ There are two package registry locations and two connection group locations wher **Single Package VReg:** +|Location|Description| +|---|---| +|COW|- Machine Registry\Client\Packages\PkgGUID\REGISTRY (Only elevate process can write)
- User Registry\Client\Packages\PkgGUID\REGISTRY (User Roaming anything written under HKCU except Software\Classes
- User Registry Classes\Client\Packages\PkgGUID\REGISTRY (HKCU\Software\Classes writes and HKLM for non elevated process)| +|Package|- Machine Registry\Client\Packages\PkgGUID\Versions\VerGuid\Registry\Machine
- User Registry Classes\Client\Packages\PkgGUID\Versions\VerGUID\Registry| +|Native|- Native application registry location| + @@ -301,12 +317,14 @@ There are two package registry locations and two connection group locations wher
-  - -  - **Connection Group VReg:** +|Location|Description| +|---|---| +|COW|- Machine Registry\Client\PackageGroups\GrpGUID\REGISTRY (only elevate process can write)
- User Registry\Client\PackageGroups\GrpGUID\REGISTRY (Anything written to HKCU except Software\Classes)
- User Registry Classes\Client\PackageGroups\GrpGUID\REGISTRY| +|Package|- Machine Registry\Client\PackageGroups\GrpGUID\Versions\VerGUID\REGISTRY
- User Registry Classes\Client\PackageGroups\GrpGUID\Versions\VerGUID\REGISTRY| +|Native|- Native application registry location| + @@ -341,41 +359,36 @@ There are two package registry locations and two connection group locations wher
-  - -  - There are two COW locations for HKLM; elevated and non-elevated processes. Elevated processes always write HKLM changes to the secure COW under HKLM. Non-elevated processes always write HKLM changes to the non-secure COW under HKCU\\Software\\Classes. When an application reads changes from HKLM, elevated processes will read changes from the secure COW under HKLM. Non-elevated reads from both, favoring the changes made in the unsecure COW first. ### Pass-through keys -Pass-through keys enable an administrator to configure certain keys so they can only be read from the native registry, bypassing the Package and COW locations. Pass-through locations are global to the machine (not package specific) and can be configured by adding the path to the key, which should be treated as pass-through to the **REG\_MULTI\_SZ** value called **PassThroughPaths** of the key `HKLM\Software\Microsoft\AppV\Subsystem\VirtualRegistry`. Any key that appears under this multi-string value (and their children) will be treated as pass-through. +Pass-through keys enable an administrator to configure certain keys so they can only be read from the native registry, bypassing the Package and COW locations. Pass-through locations are global to the machine (not package specific) and can be configured by adding the path to the key, which should be treated as pass-through to the **REG\_MULTI\_SZ** value called **PassThroughPaths** of the key ```HKLM\Software\Microsoft\AppV\Subsystem\VirtualRegistry```. Any key that appears under this multi-string value (and their children) will be treated as pass-through. The following locations are configured as pass-through locations by default: -- HKEY\_CURRENT\_USER\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel +- HKEY\_CURRENT\_USER\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel -- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel +- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel -- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT +- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT -- HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\services\\eventlog\\Application +- HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\services\\eventlog\\Application -- HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\WMI\\Autologger +- HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\WMI\\Autologger -- HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings +- HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings -- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib +- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib -- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies +- HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies -- HKEY\_CURRENT\_USER\\SOFTWARE\\Policies +- HKEY\_CURRENT\_USER\\SOFTWARE\\Policies The purpose of Pass-through keys is to ensure that a virtual application does not write registry data in the VReg that is required for non-virtual applications for successful operation or integration. The Policies key ensures that Group Policy based settings set by the administrator are utilized and not per package settings. The AppModel key is required for integration with Windows Modern UI based applications. It is recommend that administers do not modify any of the default pass-through keys, but in some instances, based on application behavior may require adding additional pass-through keys. ## App-V package store behavior - App-V manages the Package Store, which is the location where the expanded asset files from the appv file are stored. By default, this location is stored at %ProgramData%\\App-V, and is limited in terms of storage capabilities only by free disk space. The package store is organized by the GUIDs for the package and version as mentioned in the previous section. ### Add packages @@ -384,11 +397,19 @@ App-V Packages are staged upon addition to the computer with the App-V Client. T ### Mounting packages -Packages can be explicitly loaded using the Windows PowerShell `Mount-AppVClientPackage` or by using the **App-V Client UI** to download a package. This operation completely loads the entire package into the package store. +Packages can be explicitly loaded by entering the **Mount-AppVClientPackage** PowerShell cmdlet or by using the **App-V Client UI** to download a package. This operation completely loads the entire package into the package store. ### Streaming packages -The App-V Client can be configured to change the default behavior of streaming. All streaming policies are stored under the following registry key: `HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Streaming`. Policies are set using the Windows PowerShell cmdlet `Set-AppvClientConfiguration`. The following policies apply to Streaming: +The App-V Client can be configured to change the default behavior of streaming. All streaming policies are stored under the following registry key: ```HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Streaming```. Policies are set by entering the **Set-AppvClientConfiguration** PowerShell cmdlet. The following policies apply to streaming: + +|Policy|Description| +|---|---| +|AllowHighCostLaunch|Allows streaming over 3G and cellular networks| +|AutoLoad|Specifies the Background Load setting:
**0** – Disabled
**1** – Previously Used Packages only
**2** – All Packages| +|PackageInstallationRoot|The root folder for the package store in the local machine| +|PackageSourceRoot|The root override where packages should be streamed from| +|SharedContentStoreMode|Enables the use of Shared Content Store for VDI scenarios| @@ -428,21 +449,15 @@ The App-V Client can be configured to change the default behavior of streaming.
-  - -  - These settings affect the behavior of streaming App-V package assets to the client. By default, App-V only downloads the assets required after downloading the initial publishing and primary feature blocks. There are three specific behaviors around streaming packages that must be explained: -- Background Streaming - -- Optimized Streaming - -- Stream Faults +- Background Streaming +- Optimized Streaming +- Stream Faults ### Background streaming -The Windows PowerShell cmdlet `Get-AppvClientConfiguration` can be used to determine the current mode for background streaming with the AutoLoad setting and modified with the cmdlet Set-AppvClientConfiguration or from the registry (HKLM\\SOFTWARE\\Microsoft\\AppV\\ClientStreaming key). Background streaming is a default setting where the Autoload setting is set to download previously used packages. The behavior based on default setting (value=1) downloads App-V data blocks in the background after the application has been launched. This setting can be disabled all together (value=0) or enabled for all packages (value=2), whether they have been launched. +The Windows PowerShell cmdlet ```Get-AppvClientConfiguration``` can be used to determine the current mode for background streaming with the AutoLoad setting and modified with the cmdlet Set-AppvClientConfiguration or from the registry (HKLM\\SOFTWARE\\Microsoft\\AppV\\ClientStreaming key). Background streaming is a default setting where the Autoload setting is set to download previously used packages. The behavior based on default setting (value=1) downloads App-V data blocks in the background after the application has been launched. This setting can be disabled all together (value=0) or enabled for all packages (value=2), whether they have been launched. ### Optimized streaming @@ -454,36 +469,37 @@ After the initial stream of any publishing data and the primary feature block, r ### Package upgrades -App-V Packages require updating throughout the lifecycle of the application. App-V Package upgrades are similar to the package publish operation, as each version will be created in its own PackageRoot location: `%ProgramData%\App-V\{PkgGUID}\{newVerGUID}`. The upgrade operation is optimized by creating hard links to identical- and streamed-files from other versions of the same package. +App-V Packages require updating throughout the lifecycle of the application. App-V Package upgrades are similar to the package publish operation, as each version will be created in its own PackageRoot location: ```%ProgramData%\App-V\{PkgGUID}\{newVerGUID}```. The upgrade operation is optimized by creating hard links to identical- and streamed-files from other versions of the same package. ### Package removal -The behavior of the App-V Client when packages are removed depends on the method used for removal. Using an App-V full infrastructure to unpublish the application, the user catalog files (machine catalog for globally published applications) are removed, but retains the package store location and COW locations. When the Windows PowerShell cmdlet `Remove-AppVClientPackge` is used to remove an App-V Package, the package store location is cleaned. Remember that unpublishing an App-V Package from the Management Server does not perform a Remove operation. Neither operation will remove the Package Store package files. - -## Roaming registry and data +The behavior of the App-V Client when packages are removed depends on the method used for removal. Using an App-V full infrastructure to unpublish the application, the user catalog files (machine catalog for globally published applications) are removed, but retains the package store location and COW locations. When the Windows PowerShell cmdlet ```Remove-AppVClientPackge``` is used to remove an App-V Package, the package store location is cleaned. Remember that unpublishing an App-V Package from the Management Server does not perform a Remove operation. Neither operation will remove the Package Store package files. +## Roaming registry and data App-V is able to provide a near-native experience when roaming, depending on how the application being used is written. By default, App-V roams AppData that is stored in the roaming location, based on the roaming configuration of the operating system. Other locations for storage of file-based data do not roam from computer to computer, since they are in locations that are not roamed. -### Roaming requirements and user catalog data storage +### Roaming requirements and user catalog data storage App-V stores data, which represents the state of the user’s catalog, in the form of: -- Files under %appdata%\\Microsoft\\AppV\\Client\\Catalog - -- Registry settings under `HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages` +- Files under %appdata%\\Microsoft\\AppV\\Client\\Catalog +- Registry settings under `HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages` Together, these files and registry settings represent the user’s catalog, so either both must be roamed, or neither must be roamed for a given user. App-V does not support roaming %AppData%, but not roaming the user’s profile (registry), or vice versa. -> [!NOTE] -> The **Repair-AppvClientPackage** cmdlet does not repair the publishing state of packages, where the user’s App-V state under `HKEY_CURRENT_USER` is missing or mismatched with the data in %appdata%. - -  +>[!NOTE] +>The **Repair-AppvClientPackage** cmdlet does not repair the publishing state of packages, where the user’s App-V state under `HKEY_CURRENT_USER` is missing or mismatched with the data in %appdata%. ### Registry-based data App-V registry roaming falls into two scenarios, as shown in the following table. +|Scenario|Description| +|---|---| +|Applications that are run as standard users|When a standard user launches an App-V application, both HKLM and HKCU for App-V applications are stored in the HKCU hive on the machine. This presents as two distinct paths:
- HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages\\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE
- HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\REGISTRY\USER\\{UserSID}\SOFTWARE
The locations are enabled for roaming based on the operating system settings.| +|Applications that are run with elevation|When an application is launched with elevation:
- HKLM data is stored in the HKLM hive on the local computer
- HKCU data is stored in the User Registry location
In this scenario, these settings are not roamed with normal operating system roaming configurations, and the resulting registry keys and values are stored in the following location:
- HKLM\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\{UserSID}\REGISTRY\MACHINE\SOFTWARE
- HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\Registry\User\\{UserSID}\SOFTWARE| + @@ -521,8 +537,6 @@ App-V registry roaming falls into two scenarios, as shown in the following table
-  - ### App-V and folder redirection App-V supports folder redirection of the roaming AppData folder (%AppData%). When the virtual environment is started, the roaming AppData state from the user’s roaming AppData directory is copied to the local cache. Conversely, when the virtual environment is shut down, the local cache that is associated with a specific user’s roaming AppData is transferred to the actual location of that user’s roaming AppData directory. @@ -532,7 +546,7 @@ A typical package has several locations mapped in the user’s backing store for The following table shows local and roaming locations, when folder redirection has not been implemented. | VFS directory in package | Mapped location of backing store | -| - | - | +|---|---| | ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\ProgramFilesX86 | | SystemX86 | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\SystemX86 | | Windows | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\Windows | @@ -542,64 +556,48 @@ The following table shows local and roaming locations, when folder redirection h The following table shows local and roaming locations, when folder redirection has been implemented for %AppData%, and the location has been redirected (typically to a network location). | VFS directory in package | Mapped location of backing store | -| - | - | +|---|---| | ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\ProgramFilesX86 | | SystemX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\SystemX86 | | Windows | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\Windows | | appv_ROOT | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\appv\_ROOT | | AppData | \\Fileserver\users\Local\roaming\Microsoft\AppV\Client\VFS\\<GUID>\AppData | -  The current App-V Client VFS driver cannot write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. The detailed steps of the processes are: -1. During publishing or virtual environment startup, the App-V Client detects the location of the AppData directory. - -2. If the roaming AppData path is local or ino AppData\\Roaming location is mapped, nothing happens. - -3. If the roaming AppData path is not local, the VFS AppData directory is mapped to the local AppData directory. +1. During publishing or virtual environment startup, the App-V Client detects the location of the AppData directory. +2. If the roaming AppData path is local or ino AppData\\Roaming location is mapped, nothing happens. +3. If the roaming AppData path is not local, the VFS AppData directory is mapped to the local AppData directory. This process solves the problem of a non-local %AppData% that is not supported by the App-V Client VFS driver. However, the data stored in this new location is not roamed with folder redirection. All changes during the running of the application happen to the local AppData location and must be copied to the redirected location. The detailed steps of this process are: -1. App-V application is shut down, which shuts down the virtual environment. - -2. The local cache of the roaming AppData location is compressed and stored in a ZIP file. - -3. A timestamp at the end of the ZIP packaging process is used to name the file. - -4. The timestamp is recorded in the registry: HKEY\_CURRENT\_USER\\Software\\Microsoft\\AppV\\Client\\Packages\\<GUID>\\AppDataTime as the last known AppData timestamp. - -5. The folder redirection process is called to evaluate and initiate the ZIP file uploaded to the roaming AppData directory. +1. App-V application is shut down, which shuts down the virtual environment. +2. The local cache of the roaming AppData location is compressed and stored in a ZIP file. +3. A timestamp at the end of the ZIP packaging process is used to name the file. +4. The timestamp is recorded in the registry: HKEY\_CURRENT\_USER\\Software\\Microsoft\\AppV\\Client\\Packages\\<GUID>\\AppDataTime as the last known AppData timestamp. +5. The folder redirection process is called to evaluate and initiate the ZIP file uploaded to the roaming AppData directory. The timestamp is used to determine a “last writer wins” scenario if there is a conflict and is used to optimize the download of the data when the App-V application is published or the virtual environment is started. Folder redirection will make the data available from any other clients covered by the supporting policy and will initiate the process of storing the AppData\\Roaming data to the local AppData location on the client. The detailed processes are: -1. The user starts the virtual environment by starting an application. - -2. The application’s virtual environment checks for the most recent time stamped ZIP file, if present. - -3. The registry is checked for the last known uploaded timestamp, if present. - -4. The most recent ZIP file is downloaded unless the local last known upload timestamp is greater than or equal to the timestamp from the ZIP file. - -5. If the local last known upload timestamp is earlier than that of the most recent ZIP file in the roaming AppData location, the ZIP file is extracted to the local temp directory in the user’s profile. - -6. After the ZIP file is successfully extracted, the local cache of the roaming AppData directory is renamed and the new data is moved into place. - -7. The renamed directory is deleted and the application opens with the most recently saved roaming AppData data. +1. The user starts the virtual environment by starting an application. +2. The application’s virtual environment checks for the most recent time stamped ZIP file, if present. +3. The registry is checked for the last known uploaded timestamp, if present. +4. The most recent ZIP file is downloaded unless the local last known upload timestamp is greater than or equal to the timestamp from the ZIP file. +5. If the local last known upload timestamp is earlier than that of the most recent ZIP file in the roaming AppData location, the ZIP file is extracted to the local temp directory in the user’s profile. +6. After the ZIP file is successfully extracted, the local cache of the roaming AppData directory is renamed and the new data is moved into place. +7. The renamed directory is deleted and the application opens with the most recently saved roaming AppData data. This completes the successful roaming of application settings that are present in AppData\\Roaming locations. The only other condition that must be addressed is a package repair operation. The details of the process are: -1. During repair, detect if the path to the user’s roaming AppData directory is not local. - -2. Map the non-local roaming AppData path targets are recreated the expected roaming and local AppData locations. - -3. Delete the timestamp stored in the registry, if present. +1. During repair, detect if the path to the user’s roaming AppData directory is not local. +2. Map the non-local roaming AppData path targets are recreated the expected roaming and local AppData locations. +3. Delete the timestamp stored in the registry, if present. This process will re-create both the local and network locations for AppData and remove the registry record of the timestamp. ## App-V client application lifecycle management - -In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers via the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are performed as a series of Windows PowerShell commands initiated on the computer running the App-V Client. +In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers through the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are performed as a series of Windows PowerShell commands initiated on the computer running the App-V Client. This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012, see [Integrating Virtual Application Management with App-V 5 and Configuration Manager 2012 SP1](https://www.microsoft.com/en-us/download/details.aspx?id=38177). @@ -609,19 +607,15 @@ The App-V application lifecycle tasks are triggered at user login (default), mac The publishing refresh process is comprised of several smaller operations that are performed on the App-V Client. Since App-V is an application virtualization technology and not a task scheduling technology, the Windows Task Scheduler is utilized to enable the process at user logon, machine startup, and at scheduled intervals. The configuration of the client during setup listed above is the preferred method when distributing the client to a large group of computers with the correct settings. These client settings can be configured with the following Windows PowerShell cmdlets: -- **Add-AppVPublishingServer:** Configures the client with an App-V Publishing Server that provides App-V packages. - -- **Set-AppVPublishingServer:** Modifies the current settings for the App-V Publishing Server. - -- **Set-AppVClientConfiguration:** Modifies the currents settings for the App-V Client. - -- **Sync-AppVPublishingServer:** Initiates an App-V Publishing Refresh process manually. This is also utilized in the scheduled tasks created during configuration of the publishing server. +- **Add-AppVPublishingServer:** Configures the client with an App-V Publishing Server that provides App-V packages. +- **Set-AppVPublishingServer:** Modifies the current settings for the App-V Publishing Server. +- **Set-AppVClientConfiguration:** Modifies the currents settings for the App-V Client. +- **Sync-AppVPublishingServer:** Initiates an App-V Publishing Refresh process manually. This is also utilized in the scheduled tasks created during configuration of the publishing server. The focus of the following sections is to detail the operations that occur during different phases of an App-V Publishing Refresh. The topics include: -- Adding an App-V Package - -- Publishing an App-V Package +- Adding an App-V Package +- Publishing an App-V Package ### Adding an App-V package @@ -629,65 +623,61 @@ Adding an App-V package to the client is the first step of the publishing refres **How to add an App-V package** -1. Manual initiation via Windows PowerShell or Task Sequence initiation of the Publishing Refresh process. +1. Manual initiation via Windows PowerShell or Task Sequence initiation of the Publishing Refresh process. - 1. The App-V Client makes an HTTP connection and requests a list of applications based on the target. The Publishing refresh process supports targeting machines or users. + 1. The App-V Client makes an HTTP connection and requests a list of applications based on the target. The Publishing refresh process supports targeting machines or users. - 2. The App-V Publishing Server uses the identity of the initiating target, user or machine, and queries the database for a list of entitled applications. The list of applications is provided as an XML response, which the client uses to send additional requests to the server for more information on a per package basis. + 2. The App-V Publishing Server uses the identity of the initiating target, user or machine, and queries the database for a list of entitled applications. The list of applications is provided as an XML response, which the client uses to send additional requests to the server for more information on a per package basis. -2. The Publishing Agent on the App-V Client performs all actions below serialized. +2. The Publishing Agent on the App-V Client performs all actions below serialized. Evaluate any connection groups that are unpublished or disabled, since package version updates that are part of the connection group cannot be processed. -3. Configure the packages by identifying an Add or Update operations. +3. Configure the packages by identifying an Add or Update operations. - 1. The App-V Client utilizes the AppX API from Windows and accesses the appv file from the publishing server. + 1. The App-V Client utilizes the AppX API from Windows and accesses the appv file from the publishing server. - 2. The package file is opened and the AppXManifest.xml and StreamMap.xml are downloaded to the Package Store. + 2. The package file is opened and the AppXManifest.xml and StreamMap.xml are downloaded to the Package Store. - 3. Completely stream publishing block data defined in the StreamMap.xml. Stores the publishing block data in the Package Store\\PkgGUID\\VerGUID\\Root. + 3. Completely stream publishing block data defined in the StreamMap.xml. Stores the publishing block data in the Package Store\\PkgGUID\\VerGUID\\Root. - - Icons: Targets of extension points. + - Icons: Targets of extension points. + - Portable Executable Headers (PE Headers): Targets of extension points that contain the base information about the image need on disk, directly accessed or via file types. + - Scripts: Download scripts directory for use throughout the publishing process. - - Portable Executable Headers (PE Headers): Targets of extension points that contain the base information about the image need on disk, directly accessed or via file types. + 4. Populate the Package store: - - Scripts: Download scripts directory for use throughout the publishing process. + 1. Create sparse files on disk that represent the extracted package for any directories listed. - 4. Populate the Package store: + 2. Stage top level files and directories under root. - 1. Create sparse files on disk that represent the extracted package for any directories listed. + 3. All other files are created when the directory is listed as sparse on disk and streamed on demand. - 2. Stage top level files and directories under root. + 5. Create the machine catalog entries. Create the Manifest.xml and DeploymentConfiguration.xml from the package files (if no DeploymentConfiguration.xml file in the package a placeholder is created). - 3. All other files are created when the directory is listed as sparse on disk and streamed on demand. + 6. Create location of the package store in the registry HKLM\\Software\\Microsoft\\AppV\\Client\\Packages\\PkgGUID\\Versions\\VerGUID\\Catalog - 5. Create the machine catalog entries. Create the Manifest.xml and DeploymentConfiguration.xml from the package files (if no DeploymentConfiguration.xml file in the package a placeholder is created). + 7. Create the Registry.dat file from the package store to %ProgramData%\\Microsoft\\AppV\\Client\\VReg\\{VersionGUID}.dat - 6. Create location of the package store in the registry HKLM\\Software\\Microsoft\\AppV\\Client\\Packages\\PkgGUID\\Versions\\VerGUID\\Catalog + 8. Register the package with the App-V Kernal Mode Driver HKLM\\Microsoft\\Software\\AppV\\MAV - 7. Create the Registry.dat file from the package store to %ProgramData%\\Microsoft\\AppV\\Client\\VReg\\{VersionGUID}.dat + 9. Invoke scripting from the AppxManifest.xml or DeploymentConfig.xml file for Package Add timing. - 8. Register the package with the App-V Kernal Mode Driver HKLM\\Microsoft\\Software\\AppV\\MAV +4. Configure Connection Groups by adding and enabling or disabling. - 9. Invoke scripting from the AppxManifest.xml or DeploymentConfig.xml file for Package Add timing. +5. Remove objects that are not published to the target (user or machine). -4. Configure Connection Groups by adding and enabling or disabling. + >[!NOTE] + >This will not perform a package deletion but rather remove integration points for the specific target (user or machine) and remove user catalog files (machine catalog files for globally published). -5. Remove objects that are not published to the target (user or machine). +6. Invoke background load mounting based on client configuration. - > [!NOTE] - > This will not perform a package deletion but rather remove integration points for the specific target (user or machine) and remove user catalog files (machine catalog files for globally published). +7. Packages that already have publishing information for the machine or user are immediately restored. -   + >[!NOTE] + >This condition occurs as a product of removal without unpublishing with background addition of the package. -6. Invoke background load mounting based on client configuration. -7. Packages that already have publishing information for the machine or user are immediately restored. - - > [!NOTE]    - > This condition occurs as a product of removal without unpublishing with background addition of the package. - -   This completes an App-V package add of the publishing refresh process. The next step is publishing the package to the specific target (machine or user). @@ -697,28 +687,28 @@ This completes an App-V package add of the publishing refresh process. The next During the Publishing Refresh operation, the specific publishing operation (Publish-AppVClientPackage) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps. The following are the detailed steps. -**How to publish and App-V package** +#### How to publish an App-V package -1. Package entries are added to the user catalog +1. Package entries are added to the user catalog - 1. User targeted packages: the UserDeploymentConfiguration.xml and UserManifest.xml are placed on the machine in the User Catalog + 1. User targeted packages: the UserDeploymentConfiguration.xml and UserManifest.xml are placed on the machine in the User Catalog - 2. Machine targeted (global) packages: the UserDeploymentConfiguration.xml is placed in the Machine Catalog + 2. Machine targeted (global) packages: the UserDeploymentConfiguration.xml is placed in the Machine Catalog -2. Register the package with the kernel mode driver for the user at HKLM\\Software\\Microsoft\\AppV\\MAV +2. Register the package with the kernel mode driver for the user at HKLM\\Software\\Microsoft\\AppV\\MAV -3. Perform integration tasks. +3. Perform integration tasks. - 1. Create extension points. + 1. Create extension points. - 2. Store backup information in the user’s registry and roaming profile (Shortcut Backups). + 2. Store backup information in the user’s registry and roaming profile (Shortcut Backups). - **Note**   - This enables restore extension points if the package is unpublished. + >[!NOTE] + >This enables restore extension points if the package is unpublished. -   - 3. Run scripts targeted for publishing timing. + + 3. Run scripts targeted for publishing timing. Publishing an App-V Package that is part of a Connection Group is very similar to the above process. For connection groups, the path that stores the specific catalog information includes PackageGroups as a child of the Catalog Directory. Review the machine and users catalog information above for details. @@ -728,25 +718,24 @@ Publishing an App-V Package that is part of a Connection Group is very similar t After the Publishing Refresh process, the user launches and subsequently re-launches an App-V application. The process is very simple and optimized to launch quickly with a minimum of network traffic. The App-V Client checks the path to the user catalog for files created during publishing. After rights to launch the package are established, the App-V Client creates a virtual environment, begins streaming any necessary data, and applies the appropriate manifest and deployment configuration files during virtual environment creation. With the virtual environment created and configured for the specific package and application, the application starts. -**How to launch App-V applications** +#### How to launch App-V applications -1. User launches the application by clicking on a shortcut or file type invocation. +1. User launches the application by clicking on a shortcut or file type invocation. -2. The App-V Client verifies existence in the User Catalog for the following files +2. The App-V Client verifies existence in the User Catalog for the following files - - UserDeploymentConfiguration.xml + - UserDeploymentConfiguration.xml + - UserManifest.xml - - UserManifest.xml +3. If the files are present, the application is entitled for that specific user and the application will start the process for launch. There is no network traffic at this point. -3. If the files are present, the application is entitled for that specific user and the application will start the process for launch. There is no network traffic at this point. +4. Next, the App-V Client checks that the path for the package registered for the App-V Client service is found in the registry. -4. Next, the App-V Client checks that the path for the package registered for the App-V Client service is found in the registry. +5. Upon finding the path to the package store, the virtual environment is created. If this is the first launch, the Primary Feature Block downloads if present. -5. Upon finding the path to the package store, the virtual environment is created. If this is the first launch, the Primary Feature Block downloads if present. +6. After downloading, the App-V Client service consumes the manifest and deployment configuration files to configure the virtual environment and all App-V subsystems are loaded. -6. After downloading, the App-V Client service consumes the manifest and deployment configuration files to configure the virtual environment and all App-V subsystems are loaded. - -7. The Application launches. For any missing files in the package store (sparse files), App-V will stream fault the files on an as needed basis. +7. The Application launches. For any missing files in the package store (sparse files), App-V will stream fault the files on an as needed basis. ![package add file and registry data - stream](images/packageaddfileandregistrydata-stream.png) @@ -754,52 +743,52 @@ After the Publishing Refresh process, the user launches and subsequently re-laun The App-V package upgrade process differs from the older versions of App-V. App-V supports multiple versions of the same package on a machine entitled to different users. Package versions can be added at any time as the package store and catalogs are updated with the new resources. The only process specific to the addition of new version resources is storage optimization. During an upgrade, only the new files are added to the new version store location and hard links are created for unchanged files. This reduces the overall storage by only presenting the file on one disk location and then projecting it into all folders with a file location entry on the disk. The specific details of upgrading an App-V Package are as follows: -**How to upgrade an App-V package** +#### How to upgrade an App-V package -1. The App-V Client performs a Publishing Refresh and discovers a newer version of an App-V Package. +1. The App-V Client performs a Publishing Refresh and discovers a newer version of an App-V Package. -2. Package entries are added to the appropriate catalog for the new version +2. Package entries are added to the appropriate catalog for the new version - 1. User targeted packages: the UserDeploymentConfiguration.xml and UserManifest.xml are placed on the machine in the user catalog at appdata\\roaming\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID + 1. User targeted packages: the UserDeploymentConfiguration.xml and UserManifest.xml are placed on the machine in the user catalog at appdata\\roaming\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID - 2. Machine targeted (global) packages: the UserDeploymentConfiguration.xml is placed in the machine catalog at %programdata%\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID + 2. Machine targeted (global) packages: the UserDeploymentConfiguration.xml is placed in the machine catalog at %programdata%\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID -3. Register the package with the kernel mode driver for the user at HKLM\\Software\\Microsoft\\AppV\\MAV +3. Register the package with the kernel mode driver for the user at HKLM\\Software\\Microsoft\\AppV\\MAV -4. Perform integration tasks. +4. Perform integration tasks. 1. Integrate extensions points (EP) from the Manifest and Dynamic Configuration files. - 2. File based EP data is stored in the AppData folder utilizing Junction Points from the package store. + 2. File based EP data is stored in the AppData folder utilizing Junction Points from the package store. - 3. Version 1 EPs already exist when a new version becomes available. + 3. Version 1 EPs already exist when a new version becomes available. - 4. The extension points are switched to the Version 2 location in machine or user catalogs for any newer or updated extension points. + 4. The extension points are switched to the Version 2 location in machine or user catalogs for any newer or updated extension points. -5. Run scripts targeted for publishing timing. +5. Run scripts targeted for publishing timing. -6. Install Side by Side assemblies as required. +6. Install Side by Side assemblies as required. ### Upgrading an in-use App-V package If you try to upgrade a package that is in use by an end user, the upgrade task is placed in a pending state. The upgrade will run later, according to the following rules: | Task type | Applicable rule | -| - | - | -| User-based task, e.g., publishing a package to a user | The pending task will be performed after the user logs off and then logs back on. | -| Globally based task, e.g., enabling a connection group globally | The pending task will be performed when the computer is shut down and then restarted. | +|---|---| +| User-based tasks, such as publishing a package to a user | The pending task will be performed after the user logs off and then logs back on. | +| Globally based tasks, such as enabling a connection group globally | The pending task will be performed when the computer is shut down and then restarted. | When a task is placed in a pending state, the App-V client also generates a registry key for the pending task, as follows: | User-based or globally based task | Where the registry key is generated | -| - | - | +|---|---| | User-based tasks | HKEY\_CURRENT\_USER\Software\Microsoft\AppV\Client\PendingTasks | | Globally based tasks | HKEY\_LOCAL\_MACHINE\Software\Microsoft\AppV\Client\PendingTasks | The following operations must be completed before users can use the newer version of the package: | Task | Details | -| - | - | +|---|---| | Add the package to the computer | This task is computer specific and you can perform it at any time by completing the steps in the Package Add section above. | | Publish the package | See the Package Publishing section above for steps. This process requires that you update extension points on the system. End users cannot be using the application when you complete this task. | @@ -810,14 +799,12 @@ Use the following example scenarios as a guide for updating packages. | App-V package is not in use when you try to upgrade | None of the following components of the package can be in use: virtual application, COM server, or shell extensions.

The administrator publishes a newer version of the package and the upgrade works the next time a component or application inside the package is launched. The new version of the package is streamed and ran. | | App-V package is in use when the administrator publishes a newer version of the package | The upgrade operation is set to pending by the App-V Client, which means that it is queued and carried out later when the package is not in use.

If the package application is in use, the user shuts down the virtual application, after which the upgrade can occur.

If the package has shell extensions, which are permanently loaded by Windows Explorer, the user cannot be logged in. Users must log off and the log back in to initiate the App-V package upgrade.| -  -### Global vs user publishing +### Global vs. user publishing App-V Packages can be published in one of two ways; User which entitles an App-V package to a specific user or group of users and Global which entitles the App-V package to the entire machine for all users of the machine. Once a package upgrade has been pended and the App-V package is not in use, consider the two types of publishing: -- **Globally published**: the application is published to a machine; all users on that machine can use it. The upgrade will happen when the App-V Client Service starts, which effectively means a machine restart. - -- **User published**: the application is published to a user. If there are multiple users on the machine, the application can be published to a subset of the users. The upgrade will happen when the user logs in or when it is published again (periodically, ConfigMgr Policy refresh and evaluation, or an App-V periodic publishing/refresh, or explicitly via Windows PowerShell commands). +- **Globally published**: the application is published to a machine; all users on that machine can use it. The upgrade will happen when the App-V Client Service starts, which effectively means a machine restart. +- **User published**: the application is published to a user. If there are multiple users on the machine, the application can be published to a subset of the users. The upgrade will happen when the user logs in or when it is published again (periodically, ConfigMgr Policy refresh and evaluation, or an App-V periodic publishing/refresh, or explicitly via Windows PowerShell commands). ### Removing an App-V package @@ -829,52 +816,37 @@ The repair operation is very simple but may affect many locations on the machine ## Integration of App-V packages - The App-V Client and package architecture provides specific integration with the local operating system during the addition and publishing of packages. Three files define the integration or extension points for an App-V Package: -- AppXManifest.xml: Stored inside of the package with fallback copies stored in the package store and the user profile. Contains the options created during the sequencing process. - -- DeploymentConfig.xml: Provides configuration information of computer and user based integration extension points. - -- UserConfig.xml: A subset of the Deploymentconfig.xml that only provides user- based configurations and only targets user-based extension points. +- AppXManifest.xml: Stored inside of the package with fallback copies stored in the package store and the user profile. Contains the options created during the sequencing process. +- DeploymentConfig.xml: Provides configuration information of computer and user based integration extension points. +- UserConfig.xml: A subset of the Deploymentconfig.xml that only provides user- based configurations and only targets user-based extension points. ### Rules of integration When App-V applications are published to a computer with the App-V Client, some specific actions take place as described in the list below: -- Global Publishing: Shortcuts are stored in the All Users profile location and other extension points are stored in the registry in the HKLM hive. +- Global Publishing: Shortcuts are stored in the All Users profile location and other extension points are stored in the registry in the HKLM hive. +- User Publishing: Shortcuts are stored in the current user account profile and other extension points are stored in the registry in the HKCU hive. +- Backup and Restore: Existing native application data and registry (such as FTA registrations) are backed up during publishing. -- User Publishing: Shortcuts are stored in the current user account profile and other extension points are stored in the registry in the HKCU hive. - -- Backup and Restore: Existing native application data and registry (such as FTA registrations) are backed up during publishing. - - 1. App-V packages are given ownership based on the last integrated package where the ownership is passed to the newest published App-V application. - - 2. Ownership transfers from one App-V package to another when the owning App-V package is unpublished. This will not initiate a restore of the data or registry. - - 3. Restore the backed up data when the last package is unpublished or removed on a per extension point basis. + 1. App-V packages are given ownership based on the last integrated package where the ownership is passed to the newest published App-V application. + 2. Ownership transfers from one App-V package to another when the owning App-V package is unpublished. This will not initiate a restore of the data or registry. + 3. Restore the backed up data when the last package is unpublished or removed on a per extension point basis. ### Extension points The App-V publishing files (manifest and dynamic configuration) provide several extension points that enable the application to integrate with the local operating system. These extension points perform typical application installation tasks, such as placing shortcuts, creating file type associations, and registering components. As these are virtualized applications that are not installed in the same manner a traditional application, there are some differences. The following is a list of extension points covered in this section: -- Shortcuts - -- File Type Associations - -- Shell Extensions - -- COM - -- Software Clients - -- Application capabilities - -- URL Protocol Handler - -- AppPath - -- Virtual Application +- Shortcuts +- File Type Associations +- Shell Extensions +- COM +- Software Clients +- Application capabilities +- URL Protocol Handler +- AppPath +- Virtual Application ### Shortcuts @@ -882,7 +854,7 @@ The short cut is one of the basic elements of integration with the OS and is the From the package manifest and dynamic configuration XML files, the path to a specific application executable can be found in a section similar to the following: -``` syntax +```XML [{Common Desktop}]\Adobe Reader.lnk @@ -902,7 +874,7 @@ As mentioned previously, the App-V shortcuts are placed by default in the user The App-V Client manages the local operating system File Type Associations during publishing, which enables users to use file type invocations or to open a file with a specifically registered extension (.docx) to start an App-V application. File type associations are present in the manifest and dynamic configuration files as represented in the example below: -``` syntax +```XML @@ -939,48 +911,39 @@ The App-V Client manages the local operating system File Type Associations durin ``` -**Note**   -In this example: - -- `.xdp` is the extension - -- `AcroExch.XDPDoc` is the ProgId value (which points to the adjoining ProgId) - -- `"[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1"` is the command line, which points to the application executable - -  +>[!NOTE] +>In this example: +> + >- `.xdp` is the extension + >- `AcroExch.XDPDoc` is the ProgId value (which points to the adjoining ProgId) + >- `"[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1"` is the command line, which points to the application executable ### Shell extensions Shell extensions are embedded in the package automatically during the sequencing process. When the package is published globally, the shell extension gives users the same functionality as if the application were locally installed. The application requires no additional setup or configuration on the client to enable the shell extension functionality. -**Requirements for using shell extensions:** +#### Requirements for using shell extensions -- Packages that contain embedded shell extensions must be published globally. +- Packages that contain embedded shell extensions must be published globally. +- The “bitness” of the application, Sequencer, and App-V client must match, or the shell extensions won’t work. For example: -- The “bitness” of the application, Sequencer, and App-V client must match, or the shell extensions won’t work. For example: - - - The version of the application is 64-bit. - - - The Sequencer is running on a 64-bit computer. - - - The package is being delivered to a 64-bit App-V client computer. + - The version of the application is 64-bit. + - The Sequencer is running on a 64-bit computer. + - The package is being delivered to a 64-bit App-V client computer. The following table displays the supported shell extensions. | Handler | Description | -| - | - | +|---|---| | Context menu handler | Adds menu items to the context menu. It is called before the context menu is displayed. | | Drag-and-drop handler | Controls the action upon right-click drag-and-drop and modifies the context menu that appears. | | Drop target handler | Controls the action after a data object is dragged-and-dropped over a drop target such as a file.| | Data object handler| Controls the action after a file is copied to the clipboard or dragged-and-dropped over a drop target. It can provide additional clipboard formats to the drop target.| | Property sheet handler| Replaces or adds pages to the property sheet dialog box of an object.| -| Infotip handler| Allows retrieving flags and infotip information for an item and displaying it inside a popup tooltip upon mouse- hover.| +| Infotip handler| Allows retrieving flags and infotip information for an item and displaying it inside a popup tooltip upon mouse-hover.| | Column handler| Allows creating and displaying custom columns in Windows Explorer *Details view*. It can be used to extend sorting and grouping.| | Preview handler| Enables a preview of a file to be displayed in the Windows Explorer Preview Pane.| -  - ### COM The App-V Client supports publishing applications with support for COM integration and virtualization. COM integration allows the App-V Client to register COM objects on the local operating system and virtualization of the objects. For the purposes of this document, the integration of COM objects requires additional detail. @@ -995,7 +958,7 @@ App-V supports specific software clients and application capabilities extension Example of software client registration of an App-V based mail client. -``` syntax +```XML @@ -1035,16 +998,12 @@ Example of software client registration of an App-V based mail client. ``` -**Note**   +>[!NOTE] In this example: - -- `` is the overall Software Clients setting to integrate Email clients - -- `` is the flag to set a particular Email client as the default Email client - -- `[{ProgramFilesX86}]\Mozilla Thunderbird\mozMapi32_InUse.dll` is the MAPI dll registration - -  +> + >- `` is the overall Software Clients setting to integrate Email clients + >- `` is the flag to set a particular Email client as the default Email client + >- `[{ProgramFilesX86}]\Mozilla Thunderbird\mozMapi32_InUse.dll` is the MAPI dll registration ### URL Protocol handler @@ -1068,6 +1027,25 @@ The extension points described above are integrated into the operating system ba Extension points are not all published the same way, where some extension points will require global publishing and others require sequencing on the specific operating system and architecture where they are delivered. Below is a table that describes these two key rules. +|Virtual Extension|Requires target OS Sequencing|Requires Global Publishing| +|---|:---:|:---:| +|Shortcut||| +|File Type Association||| +|URL Protocols|X|| +|AppPaths|X|| +|COM Mode||| +|Software Client|X|| +|Application Capabilities|X|X| +|Context Menu Handler|X|X| +|Drag-and-drop Handler|X|| +|Data Object Handler|X|| +|Property Sheet Handler|X|| +|Infotip Handler|X|| +|Column Handler|X|| +|Shell Extensions|X|| +|Browser Helper Object|X|X| +|Active X Object|X|X| + @@ -1180,9 +1158,9 @@ App-V Packages contain the Manifest file inside of the appv package file, which The example below shows the combination of the Manifest, Deployment Configuration and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only and not to be a complete description of the specific categories available in each of the files. For more information, download the [App-V Sequencing Guide](https://www.microsoft.com/en-us/download/details.aspx?id=27760). -**Manifest** +#### Manifest -``` syntax +```XML [{Common Programs}]\7-Zip\7-Zip File Manager.lnk @@ -1192,9 +1170,9 @@ The example below shows the combination of the Manifest, Deployment Configuratio ``` -**Deployment Configuration** +#### Deployment Configuration -``` syntax +```XML @@ -1207,9 +1185,9 @@ The example below shows the combination of the Manifest, Deployment Configuratio ``` -**User Configuration** +#### User Configuration -``` syntax +```XML @@ -1248,41 +1226,32 @@ The example below shows the combination of the Manifest, Deployment Configuratio ## Side-by-side assemblies +App-V supports the automatic packaging of side-by-side (SxS) assemblies during sequencing and deployment on the client during virtual application publishing. App-V supports capturing SxS assemblies during sequencing for assemblies not present on the sequencing machine. And for assemblies consisting of Visual C++ (Version 8 and newer) and/or MSXML run-time, the Sequencer will automatically detect and capture these dependencies even if they were not installed during monitoring. The side-by-side assemblies feature removes the limitations of previous versions of App-V, where the App-V Sequencer did not capture assemblies already present on the sequencing workstation, and privatizing the assemblies which limited to one bit version per package. This behavior resulted in deployed App-V applications to clients missing the required SxS assemblies, causing application launch failures. This forced the packaging process to document and then ensure that all assemblies required for packages were locally installed on the user’s client operating system to ensure support for the virtual applications. Based on the number of assemblies and the lack of application documentation for the required dependencies, this task was both a management and implementation challenge. -App-V supports the automatic packaging of side-by-side (SxS) assemblies during sequencing and deployment on the client during virtual application publishing. App-V supports capturing SxS assemblies during sequencing for assemblies not present on the sequencing machine. And for assemblies consisting of Visual C++ (Version 8 and newer) and/or MSXML run-time, the Sequencer will automatically detect and capture these dependencies even if they were not installed during monitoring. The Side by Side assemblies feature removes the limitations of previous versions of App-V, where the App-V Sequencer did not capture assemblies already present on the sequencing workstation, and privatizing the assemblies which limited to one bit version per package. This behavior resulted in deployed App-V applications to clients missing the required SxS assemblies, causing application launch failures. This forced the packaging process to document and then ensure that all assemblies required for packages were locally installed on the user’s client operating system to ensure support for the virtual applications. Based on the number of assemblies and the lack of application documentation for the required dependencies, this task was both a management and implementation challenge. +Side-by-side assembly support in App-V has the following features. -Side by Side Assembly support in App-V has the following features. - -- Automatic captures of SxS assembly during Sequencing, regardless of whether the assembly was already installed on the sequencing workstation. - -- The App-V Client automatically installs required SxS assemblies to the client computer at publishing time when they are not present. - -- The Sequencer reports the VC run-time dependency in Sequencer reporting mechanism. - -- The Sequencer allows opting to not package the assemblies that are already installed on the Sequencer, supporting scenarios where the assemblies have previously been installed on the target computers. +- Automatic captures of SxS assembly during Sequencing, regardless of whether the assembly was already installed on the sequencing workstation. +- The App-V Client automatically installs required SxS assemblies to the client computer at publishing time when they are not present. +- The Sequencer reports the VC run-time dependency in Sequencer reporting mechanism. +- The Sequencer allows opting to not package the assemblies that are already installed on the Sequencer, supporting scenarios where the assemblies have previously been installed on the target computers. ### Automatic publishing of SxS assemblies During publishing of an App-V package with SxS assemblies the App-V Client will check for the presence of the assembly on the machine. If the assembly does not exist, the client will deploy the assembly to the machine. Packages that are part of connection groups will rely on the Side by Side assembly installations that are part of the base packages, as the connection group does not contain any information about assembly installation. -> [!NOTE] -> Unpublishing or removing a package with an assembly does not remove the assemblies for that package. - -  +>[!NOTE] +>Unpublishing or removing a package with an assembly does not remove the assemblies for that package. ## Client logging - The App-V client logs information to the Windows Event log in standard ETW format. The specific App-V events can be found in the event viewer, under Applications and Services Logs\\Microsoft\\AppV\\Client. There are three specific categories of events recorded described below. -**Admin**: Logs events for configurations being applied to the App-V Client, and contains the primary warnings and errors. - -**Operational**: Logs the general App-V execution and usage of individual components creating an audit log of the App-V operations that have been completed on the App-V Client. - -**Virtual Application**: Logs virtual application launches and use of virtualization subsystems. +- **Admin**: Logs events for configurations being applied to the App-V Client, and contains the primary warnings and errors. +- **Operational**: Logs the general App-V execution and usage of individual components creating an audit log of the App-V operations that have been completed on the App-V Client. +- **Virtual Application**: Logs virtual application launches and use of virtualization subsystems. ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). \ No newline at end of file From 2cb3a88000fdbe2802b45a9b42fb1b403d9a22dc Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Thu, 19 Apr 2018 16:43:10 -0700 Subject: [PATCH 003/319] Began editorial text edits for article --- ...ation-publishing-and-client-interaction.md | 52 +++++++++---------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 79b0720209..3965e42334 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -86,11 +86,11 @@ The appv file contains the following folder and files, which are used when creat | Name | Type | Description | |---|---|---| -| Root | File folder | Directory that contains the file system for the virtualized application that is captured during sequencing. | -| [Content_Types].xml | XML File | List of the core content types in the appv file (e.g. DLL, EXE, BIN). | +| Root | File folder | Directory that contains the file system for the virtualized application captured during sequencing. | +| [Content_Types].xml | XML File | List of the core content types in the appv file (for example, DLL, EXE, BIN). | | AppxBlockMap.xml | XML File | Layout of the appv file, which uses File, Block, and BlockMap elements that enable location and validation of files in the App-V package.| | AppxManifest.xml | XML File | Metadata for the package that contains the required information for adding, publishing, and launching the package. Includes extension points (file type associations and shortcuts) and the names and GUIDs associated with the package.| -| FilesystemMetadata.xml | XML File | List of the files captured during sequencing, including attributes (e.g., directories, files, opaque directories, empty directories,and long and short names). | +| FilesystemMetadata.xml | XML File | List of the files captured during sequencing, including attributes (such as directories, files, opaque directories, empty directories, and long and short names). | | PackageHistory.xml | XML File | Information about the sequencing computer (operating system version, Internet Explorer version, .Net Framework version) and process (upgrade, package version).| | Registry.dat | DAT File | Registry keys and values captured during the sequencing process for the package.| | StreamMap.xml | XML File | List of files for the primary and publishing feature block. The publishing feature block contains the ICO files and required portions of files (EXE and DLL) for publishing the package. When present, the primary feature block includes files that have been optimized for streaming during the sequencing process.| @@ -101,43 +101,43 @@ The App-V client performs tasks to ensure that virtual applications run properly | Name | Location | Description | |---|---|---| -| Package Store | %ProgramData%\App-V| Default location for read only package files| -| Machine Catalog | %ProgramData%\Microsoft\AppV\Client\Catalog| Contains per-machine configuration documents| -| User Catalog | %AppData%\Microsoft\AppV\Client\Catalog| Contains per-user configuration documents| -| Shortcut Backups | %AppData%\Microsoft\AppV\Client\Integration\ShortCutBackups| Stores previous integration points that enable restore on package unpublish| -| Copy on Write (COW) Roaming | %AppData%\Microsoft\AppV\Client\VFS| Writeable roaming location for package modification| -| Copy on Write (COW) Local | %LocalAppData%\Microsoft\AppV\Client\VFS| Writeable non-roaming location for package modification| -| Machine Registry | HKLM\Software\Microsoft\AppV| Contains package state information, including VReg for machine or globally published packages (Machine hive)| -| User Registry | HKCU\Software\Microsoft\AppV| Contains user package state information including VReg| -| User Registry Classes | HKCU\Software\Classes\AppV| Contains additional user package state information| +| Package Store | %ProgramData%\App-V| Default location for read only package files| +| Machine Catalog | %ProgramData%\Microsoft\AppV\Client\Catalog| Contains per-machine configuration documents| +| User Catalog | %AppData%\Microsoft\AppV\Client\Catalog| Contains per-user configuration documents| +| Shortcut Backups | %AppData%\Microsoft\AppV\Client\Integration\ShortCutBackups| Stores previous integration points that enable restore on package unpublish| +| Copy on Write (COW) Roaming | %AppData%\Microsoft\AppV\Client\VFS| Writeable roaming location for package modification| +| Copy on Write (COW) Local | %LocalAppData%\Microsoft\AppV\Client\VFS| Writeable non-roaming location for package modification| +| Machine Registry | HKLM\Software\Microsoft\AppV| Contains package state information, including VReg for machine or globally published packages (Machine hive)| +| User Registry | HKCU\Software\Microsoft\AppV| Contains user package state information including VReg| +| User Registry Classes | HKCU\Software\Classes\AppV| Contains additional user package state information| Additional details for the table are provided in the section below and throughout the document. ### Package store -The App-V Client manages the applications assets mounted in the package store. This default storage location is `%ProgramData%\App-V`, but you can configure it during or after setup by using the `Set-AppVClientConfiguration` Windows PowerShell cmdlet, which modifies the local registry (`PackageInstallationRoot` value under the `HKLM\Software\Microsoft\AppV\Client\Streaming` key). The package store must be located at a local path on the client operating system. The individual packages are stored in the package store in subdirectories named for the Package GUID and Version GUID. +The App-V Client manages the applications assets mounted in the package store. This default storage location is `%ProgramData%\App-V`, but you can configure it during or after setup by using the **Set-AppVClientConfiguration** Windows PowerShell cmdlet, which modifies the local registry (`PackageInstallationRoot` value under the `HKLM\Software\Microsoft\AppV\Client\Streaming` key). The package store must be located at a local path on the client operating system. The individual packages are stored in the package store in subdirectories named after the Package GUID and Version GUID. Example of a path to a specific application: -``` syntax -C:\ProgramData\App-V\PackGUID\VersionGUID +```syntax +C:\ProgramData\App-V\PackGUID\VersionGUID ``` To change the default location of the package store during setup, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md). ### Shared Content Store -If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information, see [Shared Content Store in Microsoft App-V 5.0 - Behind the Scenes](https://blogs.technet.microsoft.com/appv/2013/07/22/shared-content-store-in-microsoft-app-v-5-0-behind-the-scenes/). +If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high-performance network location (such as a SAN) is preferable. For more information, see [Shared Content Store in Microsoft App-V 5.0 - Behind the Scenes](https://blogs.technet.microsoft.com/appv/2013/07/22/shared-content-store-in-microsoft-app-v-5-0-behind-the-scenes/). -> [!NOTE] -> The machine and package store must be located on a local drive, even when you’re using Shared Content Store configurations for the App-V Client. +>[!NOTE] +>The machine and package store must be located on a local drive, even when you’re using Shared Content Store configurations for the App-V Client. ### Package catalogs The App-V Client manages the following two file-based locations: - **Catalogs (user and machine).** -- **Registry locations**—depends on how the package is targeted for publishing. There is a Catalog (data store) for the computer, and a catalog for each individual user. The Machine Catalog stores global information applicable to all users or any user, and the User Catalog stores information applicable to a specific user. The Catalog is a collection of Dynamic Configurations and manifest files; there is discrete data for both file and registry per package version.  +- **Registry locations**—depends on how the package is targeted for publishing. There is a Catalog (data store) for the computer, and a catalog for each individual user. The Machine catalog stores global information applicable to all users or any specific user, and the User catalog stores information applicable to a specific user. The catalog is a collection of Dynamic Configurations and manifest files; there is discrete data for both file and registry per package version. ### Machine catalog @@ -194,7 +194,7 @@ The App-V Client manages the following two file-based locations: ||| |---|---| -|Description|Created during the publishing process. Contains information used for publishing the package, and also used at launch to ensure that a package is provisioned to a specific user. Created in a roaming location and includes user-specific publishing information.

When a package is published for a user, the policy file is stored in the User Catalog. At the same time, a copy of the manifest is also stored in the User Catalog. When a package entitlement is removed for a user, the relevant package files are removed from the User Catalog. Looking at the user catalog, an administrator can view the presence of a Dynamic Configuration file, which indicates that the package is entitled for that user.

For roaming users, the User Catalog needs to be in a roaming or shared location to preserve the legacy App-V behavior of targeting users by default. Entitlement and policy are tied to a user, not a computer, so they should roam with the user once they are provisioned.| +|Description|Created during the publishing process. Contains information used for publishing the package, and for making sure that a package is provisioned to a specific user at launch. Created in a roaming location and includes user-specific publishing information.

When a package is published for a user, the policy file is stored in the User Catalog. At the same time, a copy of the manifest is also stored in the User Catalog. When a package entitlement is removed for a user, the relevant package files are removed from the User Catalog. Looking at the user catalog, an administrator can view the presence of a Dynamic Configuration file, which indicates that the package is entitled for that user.

For roaming users, the User Catalog needs to be in a roaming or shared location to preserve the legacy App-V behavior of targeting users by default. Entitlement and policy are tied to a user, not a computer, so they should roam with the user once they are provisioned.| |Default storage location|```appdata\roaming\Microsoft\AppV\Client\Catalog\Packages\PkgGUID\VerGUID```| |Files in the user catalog|- UserManifest.xml
- DynamicConfiguration.xml or UserDeploymentConfiguration.xml| |Additional user catalog location, used when the package is part of a connection group|The following location is in addition to the specific package location mentioned above:

```appdata\roaming\Microsoft\AppV\Client\Catalog\PackageGroups\PkgGroupGUID\PkgGroupVerGUID```| @@ -237,7 +237,7 @@ The App-V Client manages the following two file-based locations: ### Shortcut backups -During the publishing process, the App-V Client backs up any shortcuts and integration points to ```%AppData%\Microsoft\AppV\Client\Integration\ShortCutBackups```. This backup enables the restoration of these integration points to the previous versions when the package is unpublished. +During the publishing process, the App-V Client backs up any shortcuts and integration points to ```%AppData%\Microsoft\AppV\Client\Integration\ShortCutBackups```. This backup lets integration points restore to the previous versions when the package is unpublished. ### Copy on Write files @@ -249,7 +249,7 @@ The COW Roaming location described above stores changes to files and directories ### COW local -The COW Local location is similar to the roaming location, but the directories and files are not roamed to other computers, even if roaming support has been configured. The COW Local location described above stores changes applicable to typical windows and not the %AppData% location. The directories listed will vary but there will be two locations for any typical Windows locations (e.g. Common AppData and Common AppDataS). The **S** signifies the restricted location when the virtual service requests the change as a different elevated user from the logged on users. The non-**S** location stores user based changes. +The COW Local location is similar to the roaming location, but the directories and files are not roamed to other computers, even if roaming support has been configured. The COW Local location described above stores changes applicable to typical windows and not the %AppData% location. The directories listed will vary but there will be two locations for any typical Windows locations (for example, Common AppData and Common AppDataS). The **S** signifies the restricted location when the virtual service requests the change as a different elevated user from the logged on users. The non-**S** location stores user based changes. ## Package registry @@ -269,13 +269,13 @@ The staged registry persists the same way as in the single package case. Staged ### Virtual registry -The purpose of the virtual registry (VREG) is to provide a single merged view of the package registry and the native registry to applications. It also provides copy-on-write (COW) functionality – that is any changes made to the registry from the context of a virtual process are made to a separate COW location. This means that the VREG must combine up to three separate registry locations into a single view based on the populated locations in the registry COW -> package -> native. When a request is made for a registry data it will locate in order until it finds the data it was requesting. Meaning if there is a value stored in a COW location it will not proceed to other locations, however, if there is no data in the COW location it will proceed to the Package and then Native location until it finds the appropriate data. +The purpose of the virtual registry (VREG) is to provide a single merged view of the package registry and the native registry to applications. It also provides copy-on-write (COW) functionality—that is, any changes made to the registry from the context of a virtual process are made to a separate COW location. This means that the VREG must combine up to three separate registry locations into a single view based on the populated locations in the registry COW -> package -> native. When a request is made for a registry data it will locate in order until it finds the data it was requesting. Meaning if there is a value stored in a COW location it will not proceed to other locations, however, if there is no data in the COW location it will proceed to the Package and then Native location until it finds the appropriate data. ### Registry locations There are two package registry locations and two connection group locations where the App-V Client stores registry information, depending on whether the Package is published individually or as part of a connection group. There are three COW locations for packages and three for connection groups, which are created and managed by the VREG. Settings for packages and connection groups are not shared: -**Single Package VReg:** +#### Single Package VReg |Location|Description| |---|---| @@ -317,7 +317,7 @@ There are two package registry locations and two connection group locations wher
-**Connection Group VReg:** +#### Connection Group VReg |Location|Description| |---|---| @@ -385,7 +385,7 @@ The following locations are configured as pass-through locations by default: - HKEY\_CURRENT\_USER\\SOFTWARE\\Policies -The purpose of Pass-through keys is to ensure that a virtual application does not write registry data in the VReg that is required for non-virtual applications for successful operation or integration. The Policies key ensures that Group Policy based settings set by the administrator are utilized and not per package settings. The AppModel key is required for integration with Windows Modern UI based applications. It is recommend that administers do not modify any of the default pass-through keys, but in some instances, based on application behavior may require adding additional pass-through keys. +The purpose of Pass-through keys is to ensure that a virtual application does not write registry data in the VReg that is required for non-virtual applications for successful operation or integration. The Policies key ensures that Group Policy-based settings set by the administrator are utilized and not per package settings. The AppModel key is required for integration with Windows Modern UI-based applications. Administers ideally should not modify any of the default pass-through keys, but in some instances, based on application behavior the admin may need to add additional pass-through keys. ## App-V package store behavior From 5bc924ab867285d06ddf472881c9a3f6a1f394c6 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Fri, 20 Apr 2018 11:07:01 -0700 Subject: [PATCH 004/319] Continued updating text for app publishing and client interaction article --- ...ation-publishing-and-client-interaction.md | 20 +++++++++---------- ...v-planning-folder-redirection-with-appv.md | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 3965e42334..8af9f4e472 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -80,7 +80,7 @@ For information about sequencing, see [How to Sequence a New Application with Ap The appv file is a container that stores XML and non-XML files together in a single entity. This file is built from the AppX format, which is based on the Open Packaging Conventions (OPC) standard. -To view the appv file contents, make a copy of the package, and then rename the copied file to a ZIP extension. +To view the appv file contents, make a copy of the package, and then rename the copied file to a .zip extension. The appv file contains the following folder and files, which are used when creating and publishing a virtual application: @@ -385,7 +385,7 @@ The following locations are configured as pass-through locations by default: - HKEY\_CURRENT\_USER\\SOFTWARE\\Policies -The purpose of Pass-through keys is to ensure that a virtual application does not write registry data in the VReg that is required for non-virtual applications for successful operation or integration. The Policies key ensures that Group Policy-based settings set by the administrator are utilized and not per package settings. The AppModel key is required for integration with Windows Modern UI-based applications. Administers ideally should not modify any of the default pass-through keys, but in some instances, based on application behavior the admin may need to add additional pass-through keys. +The purpose of pass-through keys is to ensure that a virtual application does not write registry data in the VReg that is required for non-virtual applications for successful operation or integration. The Policies key ensures that Group Policy-based settings set by the administrator are utilized and not per package settings. The AppModel key is required for integration with Windows Modern UI-based applications. Administers ideally should not modify any of the default pass-through keys, but in some instances, based on application behavior the admin may need to add additional pass-through keys. ## App-V package store behavior @@ -563,7 +563,7 @@ The following table shows local and roaming locations, when folder redirection h | appv_ROOT | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\appv\_ROOT | | AppData | \\Fileserver\users\Local\roaming\Microsoft\AppV\Client\VFS\\<GUID>\AppData | -The current App-V Client VFS driver cannot write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. The detailed steps of the processes are: +The current App-V Client VFS driver can't write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. The detailed steps of the processes are: 1. During publishing or virtual environment startup, the App-V Client detects the location of the AppData directory. 2. If the roaming AppData path is local or ino AppData\\Roaming location is mapped, nothing happens. @@ -572,19 +572,19 @@ The current App-V Client VFS driver cannot write to network locations, so the Ap This process solves the problem of a non-local %AppData% that is not supported by the App-V Client VFS driver. However, the data stored in this new location is not roamed with folder redirection. All changes during the running of the application happen to the local AppData location and must be copied to the redirected location. The detailed steps of this process are: 1. App-V application is shut down, which shuts down the virtual environment. -2. The local cache of the roaming AppData location is compressed and stored in a ZIP file. -3. A timestamp at the end of the ZIP packaging process is used to name the file. +2. The local cache of the roaming AppData location is compressed and stored in a .zip file. +3. A timestamp at the end of the .zip packaging process is used to name the file. 4. The timestamp is recorded in the registry: HKEY\_CURRENT\_USER\\Software\\Microsoft\\AppV\\Client\\Packages\\<GUID>\\AppDataTime as the last known AppData timestamp. -5. The folder redirection process is called to evaluate and initiate the ZIP file uploaded to the roaming AppData directory. +5. The folder redirection process is called to evaluate and initiate the .zip file uploaded to the roaming AppData directory. The timestamp is used to determine a “last writer wins” scenario if there is a conflict and is used to optimize the download of the data when the App-V application is published or the virtual environment is started. Folder redirection will make the data available from any other clients covered by the supporting policy and will initiate the process of storing the AppData\\Roaming data to the local AppData location on the client. The detailed processes are: 1. The user starts the virtual environment by starting an application. -2. The application’s virtual environment checks for the most recent time stamped ZIP file, if present. +2. The application’s virtual environment checks for the most recent time stamped .zip file, if present. 3. The registry is checked for the last known uploaded timestamp, if present. -4. The most recent ZIP file is downloaded unless the local last known upload timestamp is greater than or equal to the timestamp from the ZIP file. -5. If the local last known upload timestamp is earlier than that of the most recent ZIP file in the roaming AppData location, the ZIP file is extracted to the local temp directory in the user’s profile. -6. After the ZIP file is successfully extracted, the local cache of the roaming AppData directory is renamed and the new data is moved into place. +4. The most recent .zip file is downloaded unless the local last known upload timestamp is greater than or equal to the timestamp from the .zip file. +5. If the local last known upload timestamp is earlier than that of the most recent .zip file in the roaming AppData location, the .zip file is extracted to the local temp directory in the user’s profile. +6. After the .zip file is successfully extracted, the local cache of the roaming AppData directory is renamed and the new data is moved into place. 7. The renamed directory is deleted and the application opens with the most recently saved roaming AppData data. This completes the successful roaming of application settings that are present in AppData\\Roaming locations. The only other condition that must be addressed is a package repair operation. The details of the process are: diff --git a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md index 28f695046f..7665805a14 100644 --- a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md +++ b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md @@ -33,7 +33,7 @@ To use %AppData% folder redirection, you must: * Files under %appdata%\Microsoft\AppV\Client\Catalog * Registry settings under HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages -For more information, see [Application publishing and client interaction](appv-application-publishing-and-client-interaction.md#bkmk-clt-inter-roam-reqs). +For more information, see [Application publishing and client interaction](appv-application-publishing-and-client-interaction.md#roaming-requirements-and-user-catalog-data-storage). ## Unsupported scenarios for App-V folder redirection From ae8693a8e25def760c97b8d73394bbdd7113d405 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 24 Apr 2018 11:53:44 -0700 Subject: [PATCH 005/319] Continued article revision --- ...ation-publishing-and-client-interaction.md | 35 ++++++++----------- 1 file changed, 15 insertions(+), 20 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 8af9f4e472..5263548ceb 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -573,17 +573,17 @@ This process solves the problem of a non-local %AppData% that is not supported b 1. App-V application is shut down, which shuts down the virtual environment. 2. The local cache of the roaming AppData location is compressed and stored in a .zip file. -3. A timestamp at the end of the .zip packaging process is used to name the file. -4. The timestamp is recorded in the registry: HKEY\_CURRENT\_USER\\Software\\Microsoft\\AppV\\Client\\Packages\\<GUID>\\AppDataTime as the last known AppData timestamp. +3. A time stamp at the end of the .zip packaging process is used to name the file. +4. The time stamp is recorded in the HKEY\_CURRENT\_USER\\Software\\Microsoft\\AppV\\Client\\Packages\\<GUID>\\AppDataTime registry as the last known AppData time stamp. 5. The folder redirection process is called to evaluate and initiate the .zip file uploaded to the roaming AppData directory. -The timestamp is used to determine a “last writer wins” scenario if there is a conflict and is used to optimize the download of the data when the App-V application is published or the virtual environment is started. Folder redirection will make the data available from any other clients covered by the supporting policy and will initiate the process of storing the AppData\\Roaming data to the local AppData location on the client. The detailed processes are: +The time stamp is used to determine a “last writer wins” scenario if there is a conflict and is used to optimize the download of the data when the App-V application is published or the virtual environment is started. Folder redirection will make the data available from any other clients covered by the supporting policy and will initiate the process of storing the AppData\\Roaming data to the local AppData location on the client. The detailed processes are: 1. The user starts the virtual environment by starting an application. 2. The application’s virtual environment checks for the most recent time stamped .zip file, if present. -3. The registry is checked for the last known uploaded timestamp, if present. -4. The most recent .zip file is downloaded unless the local last known upload timestamp is greater than or equal to the timestamp from the .zip file. -5. If the local last known upload timestamp is earlier than that of the most recent .zip file in the roaming AppData location, the .zip file is extracted to the local temp directory in the user’s profile. +3. The registry is checked for the last known uploaded time stamp, if present. +4. The most recent .zip file is downloaded unless the local last known upload time stamp is greater than or equal to the time stamp from the .zip file. +5. If the local last known upload time stamp is earlier than that of the most recent .zip file in the roaming AppData location, the .zip file is extracted to the local temp directory in the user’s profile. 6. After the .zip file is successfully extracted, the local cache of the roaming AppData directory is renamed and the new data is moved into place. 7. The renamed directory is deleted and the application opens with the most recently saved roaming AppData data. @@ -591,37 +591,34 @@ This completes the successful roaming of application settings that are present i 1. During repair, detect if the path to the user’s roaming AppData directory is not local. 2. Map the non-local roaming AppData path targets are recreated the expected roaming and local AppData locations. -3. Delete the timestamp stored in the registry, if present. +3. Delete the time stamp stored in the registry, if present. -This process will re-create both the local and network locations for AppData and remove the registry record of the timestamp. +This process will re-create both the local and network locations for AppData and remove the registry record of the time stamp. ## App-V client application lifecycle management -In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers through the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are performed as a series of Windows PowerShell commands initiated on the computer running the App-V Client. +In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers through the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are input as PowerShell commands on the computer running the App-V Client. This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012, see [Integrating Virtual Application Management with App-V 5 and Configuration Manager 2012 SP1](https://www.microsoft.com/en-us/download/details.aspx?id=38177). -The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured (after the client is enabled) with Windows PowerShell commands. See [App-V Client Configuration Settings: Windows PowerShell](appv-client-configuration-settings.md#app-v-client-configuration-settings-windows-powershell). +The App-V application lifecycle tasks are triggered at user sign in (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured (after the client is enabled) with Windows PowerShell commands. See [App-V Client Configuration Settings: Windows PowerShell](appv-client-configuration-settings.md#app-v-client-configuration-settings-windows-powershell). ### Publishing refresh -The publishing refresh process is comprised of several smaller operations that are performed on the App-V Client. Since App-V is an application virtualization technology and not a task scheduling technology, the Windows Task Scheduler is utilized to enable the process at user logon, machine startup, and at scheduled intervals. The configuration of the client during setup listed above is the preferred method when distributing the client to a large group of computers with the correct settings. These client settings can be configured with the following Windows PowerShell cmdlets: +The publishing refresh process comprises several smaller operations that are performed on the App-V Client. Since App-V is an application virtualization technology and not a task scheduling technology, the Windows Task Scheduler is utilized to enable the process when the user signs in, the machine turns on, and at scheduled intervals. The client configuration during setup listed in the previous section is the preferred method when distributing the client to a large group of computers with the correct settings. These client settings can be configured with the following Windows PowerShell cmdlets: - **Add-AppVPublishingServer:** Configures the client with an App-V Publishing Server that provides App-V packages. - **Set-AppVPublishingServer:** Modifies the current settings for the App-V Publishing Server. - **Set-AppVClientConfiguration:** Modifies the currents settings for the App-V Client. - **Sync-AppVPublishingServer:** Initiates an App-V Publishing Refresh process manually. This is also utilized in the scheduled tasks created during configuration of the publishing server. -The focus of the following sections is to detail the operations that occur during different phases of an App-V Publishing Refresh. The topics include: +The following sections will elaborate what goes on during the publishing refresh process. -- Adding an App-V Package -- Publishing an App-V Package - -### Adding an App-V package +#### Adding an App-V package Adding an App-V package to the client is the first step of the publishing refresh process. The end result is the same as the `Add-AppVClientPackage` cmdlet in Windows PowerShell, except during the publishing refresh add process, the configured publishing server is contacted and passes a high-level list of applications back to the client to pull more detailed information and not a single package add operation. The process continues by configuring the client for package or connection group additions or updates, then accesses the appv file. Next, the contents of the appv file are expanded and placed on the local operating system in the appropriate locations. The following is a detailed workflow of the process, assuming the package is configured for Fault Streaming. -**How to add an App-V package** +#### How to add an App-V package 1. Manual initiation via Windows PowerShell or Task Sequence initiation of the Publishing Refresh process. @@ -677,13 +674,11 @@ Adding an App-V package to the client is the first step of the publishing refres >[!NOTE] >This condition occurs as a product of removal without unpublishing with background addition of the package. - - This completes an App-V package add of the publishing refresh process. The next step is publishing the package to the specific target (machine or user). ![package add file and registry data](images/packageaddfileandregistrydata.png) -### Publishing an App-V package +#### Publishing an App-V package During the Publishing Refresh operation, the specific publishing operation (Publish-AppVClientPackage) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps. The following are the detailed steps. From 6c16e0aea013414c52b4e8da72812e864a7a0f70 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 24 Apr 2018 13:20:56 -0700 Subject: [PATCH 006/319] Continued editing --- .../app-v/appv-application-publishing-and-client-interaction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 5263548ceb..7403663b3d 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -620,7 +620,7 @@ Adding an App-V package to the client is the first step of the publishing refres #### How to add an App-V package -1. Manual initiation via Windows PowerShell or Task Sequence initiation of the Publishing Refresh process. +1. Initiate installation manually through Windows PowerShell or Task Sequence initiation of the Publishing Refresh process. 1. The App-V Client makes an HTTP connection and requests a list of applications based on the target. The Publishing refresh process supports targeting machines or users. From 54a6ac6cf79807701c32c6b347109a6d5bf6c4ee Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Thu, 26 Apr 2018 15:38:26 -0700 Subject: [PATCH 007/319] Continued editorial changes --- ...ation-publishing-and-client-interaction.md | 68 +++++++++---------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 7403663b3d..137715003d 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -616,7 +616,9 @@ The following sections will elaborate what goes on during the publishing refresh #### Adding an App-V package -Adding an App-V package to the client is the first step of the publishing refresh process. The end result is the same as the `Add-AppVClientPackage` cmdlet in Windows PowerShell, except during the publishing refresh add process, the configured publishing server is contacted and passes a high-level list of applications back to the client to pull more detailed information and not a single package add operation. The process continues by configuring the client for package or connection group additions or updates, then accesses the appv file. Next, the contents of the appv file are expanded and placed on the local operating system in the appropriate locations. The following is a detailed workflow of the process, assuming the package is configured for Fault Streaming. +Adding an App-V package to the client is the first step of the publishing refresh process. The end result is the same as the **Add-AppVClientPackage** cmdlet in Windows PowerShell, except the publishing refresh add process contacts the configured publishing server and passes a high-level list of applications back to the client to pull more detailed information, rather than just doing a single package add operation. + +The process then configures the client for package or connection group additions or updates, then accesses the appv file. Next, the contents of the appv file are expanded and placed on the local operating system in the appropriate locations. The following is a detailed workflow of the process, assuming the package is configured for Fault Streaming. #### How to add an App-V package @@ -624,41 +626,39 @@ Adding an App-V package to the client is the first step of the publishing refres 1. The App-V Client makes an HTTP connection and requests a list of applications based on the target. The Publishing refresh process supports targeting machines or users. - 2. The App-V Publishing Server uses the identity of the initiating target, user or machine, and queries the database for a list of entitled applications. The list of applications is provided as an XML response, which the client uses to send additional requests to the server for more information on a per package basis. + 2. The App-V Publishing Server uses the identity of the initiating target, user or machine, and queries the database for a list of entitled applications. The list of applications is provided as an XML response, which the client uses to send additional requests to the server for more information on a per-package basis. -2. The Publishing Agent on the App-V Client performs all actions below serialized. +2. The Publishing Agent on the App-V Client will evaluate any connection groups that are unpublished or disabled, since package version updates that are part of the connection group cannot be processed. - Evaluate any connection groups that are unpublished or disabled, since package version updates that are part of the connection group cannot be processed. - -3. Configure the packages by identifying an Add or Update operations. +3. Configure the packages by identifying the **Add** or **Update** operations. 1. The App-V Client utilizes the AppX API from Windows and accesses the appv file from the publishing server. - 2. The package file is opened and the AppXManifest.xml and StreamMap.xml are downloaded to the Package Store. + 2. The package file is opened and the **AppXManifest.xml** and **StreamMap.xml** files are downloaded to the Package Store. - 3. Completely stream publishing block data defined in the StreamMap.xml. Stores the publishing block data in the Package Store\\PkgGUID\\VerGUID\\Root. + 3. Completely stream publishing block data defined in the **StreamMap.xml**. Publishing block data is stored in Package Store\\PkgGUID\\VerGUID\\Root. - Icons: Targets of extension points. - - Portable Executable Headers (PE Headers): Targets of extension points that contain the base information about the image need on disk, directly accessed or via file types. + - Portable Executable Headers (PE Headers): Targets of extension points that contain the base information about the image need on disk, accessed directly or through file types. - Scripts: Download scripts directory for use throughout the publishing process. - 4. Populate the Package store: + 4. Populate the Package store by doing the following: 1. Create sparse files on disk that represent the extracted package for any directories listed. - 2. Stage top level files and directories under root. + 2. Stage top-level files and directories under root. - 3. All other files are created when the directory is listed as sparse on disk and streamed on demand. + All other files are created when the directory is listed as sparse on disk and streamed on demand. - 5. Create the machine catalog entries. Create the Manifest.xml and DeploymentConfiguration.xml from the package files (if no DeploymentConfiguration.xml file in the package a placeholder is created). + 5. Create the machine catalog entries. Create the **Manifest.xml** and **DeploymentConfiguration.xml** from the package files (if no **DeploymentConfiguration.xml** file in the package a placeholder is created). 6. Create location of the package store in the registry HKLM\\Software\\Microsoft\\AppV\\Client\\Packages\\PkgGUID\\Versions\\VerGUID\\Catalog - 7. Create the Registry.dat file from the package store to %ProgramData%\\Microsoft\\AppV\\Client\\VReg\\{VersionGUID}.dat + 7. Create the **Registry.dat** file from the package store to **%ProgramData%\\Microsoft\\AppV\\Client\\VReg\\{VersionGUID}.dat** - 8. Register the package with the App-V Kernal Mode Driver HKLM\\Microsoft\\Software\\AppV\\MAV + 8. Register the package with the App-V Kernal Mode Driver at HKLM\\Microsoft\\Software\\AppV\\MAV - 9. Invoke scripting from the AppxManifest.xml or DeploymentConfig.xml file for Package Add timing. + 9. Invoke scripting from the **AppxManifest.xml** or **DeploymentConfig.xml** file for Package Add timing. 4. Configure Connection Groups by adding and enabling or disabling. @@ -674,21 +674,21 @@ Adding an App-V package to the client is the first step of the publishing refres >[!NOTE] >This condition occurs as a product of removal without unpublishing with background addition of the package. -This completes an App-V package add of the publishing refresh process. The next step is publishing the package to the specific target (machine or user). +This completes an App-V package add for the publishing refresh process. The next step is publishing the package to a specific target (machine or user). -![package add file and registry data](images/packageaddfileandregistrydata.png) +![Package add file and registry data](images/packageaddfileandregistrydata.png) #### Publishing an App-V package -During the Publishing Refresh operation, the specific publishing operation (Publish-AppVClientPackage) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps. The following are the detailed steps. +During the Publishing Refresh operation, the specific publishing operation, **Publish-AppVClientPackage**, adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps. #### How to publish an App-V package 1. Package entries are added to the user catalog - 1. User targeted packages: the UserDeploymentConfiguration.xml and UserManifest.xml are placed on the machine in the User Catalog + 1. User targeted packages: the **UserDeploymentConfiguration.xml** and **UserManifest.xml** are placed on the machine in the User Catalog. - 2. Machine targeted (global) packages: the UserDeploymentConfiguration.xml is placed in the Machine Catalog + 2. Machine targeted (global) packages: the **UserDeploymentConfiguration.xml** is placed in the Machine Catalog. 2. Register the package with the kernel mode driver for the user at HKLM\\Software\\Microsoft\\AppV\\MAV @@ -705,7 +705,7 @@ During the Publishing Refresh operation, the specific publishing operation (Publ 3. Run scripts targeted for publishing timing. -Publishing an App-V Package that is part of a Connection Group is very similar to the above process. For connection groups, the path that stores the specific catalog information includes PackageGroups as a child of the Catalog Directory. Review the machine and users catalog information above for details. +Publishing an App-V Package that is part of a Connection Group is very similar to the above process. For connection groups, the path that stores the specific catalog information includes PackageGroups as a child of the Catalog Directory. Review the machine and users catalog information in the preceding sections for details. ![package add file and registry data - global](images/packageaddfileandregistrydata-global.png) @@ -719,8 +719,8 @@ After the Publishing Refresh process, the user launches and subsequently re-laun 2. The App-V Client verifies existence in the User Catalog for the following files - - UserDeploymentConfiguration.xml - - UserManifest.xml + - **UserDeploymentConfiguration.xml** + - **UserManifest.xml** 3. If the files are present, the application is entitled for that specific user and the application will start the process for launch. There is no network traffic at this point. @@ -736,7 +736,7 @@ After the Publishing Refresh process, the user launches and subsequently re-laun ### Upgrading an App-V package -The App-V package upgrade process differs from the older versions of App-V. App-V supports multiple versions of the same package on a machine entitled to different users. Package versions can be added at any time as the package store and catalogs are updated with the new resources. The only process specific to the addition of new version resources is storage optimization. During an upgrade, only the new files are added to the new version store location and hard links are created for unchanged files. This reduces the overall storage by only presenting the file on one disk location and then projecting it into all folders with a file location entry on the disk. The specific details of upgrading an App-V Package are as follows: +The App-V package upgrade process in the current version of App-V differs from the older versions. App-V supports multiple versions of the same package on a machine entitled to different users. Package versions can be added at any time, as the package store and catalogs are updated with the new resources. The only process specific to the addition of new version resources is storage optimization. During an upgrade, only new files are added to the new version store location, and hard links are created for unchanged files. This reduces overall storage by only presenting the file on one disk location and then projecting it into all folders with a file location entry on the disk. #### How to upgrade an App-V package @@ -744,9 +744,9 @@ The App-V package upgrade process differs from the older versions of App-V. App- 2. Package entries are added to the appropriate catalog for the new version - 1. User targeted packages: the UserDeploymentConfiguration.xml and UserManifest.xml are placed on the machine in the user catalog at appdata\\roaming\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID + 1. User targeted packages: the **UserDeploymentConfiguration.xml** and **UserManifest.xml** are placed on the machine in the user catalog at appdata\\roaming\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID - 2. Machine targeted (global) packages: the UserDeploymentConfiguration.xml is placed in the machine catalog at %programdata%\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID + 2. Machine targeted (global) packages: the **UserDeploymentConfiguration.xml** is placed in the machine catalog at %programdata%\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID 3. Register the package with the kernel mode driver for the user at HKLM\\Software\\Microsoft\\AppV\\MAV @@ -762,11 +762,11 @@ The App-V package upgrade process differs from the older versions of App-V. App- 5. Run scripts targeted for publishing timing. -6. Install Side by Side assemblies as required. +6. Install Side-by-Side assemblies as required. ### Upgrading an in-use App-V package -If you try to upgrade a package that is in use by an end user, the upgrade task is placed in a pending state. The upgrade will run later, according to the following rules: +If you try to upgrade a package that is currently in use, the upgrade task is placed in a pending state. The upgrade will run later, according to the following rules: | Task type | Applicable rule | |---|---| @@ -784,19 +784,19 @@ The following operations must be completed before users can use the newer versio | Task | Details | |---|---| -| Add the package to the computer | This task is computer specific and you can perform it at any time by completing the steps in the Package Add section above. | -| Publish the package | See the Package Publishing section above for steps. This process requires that you update extension points on the system. End users cannot be using the application when you complete this task. | +| Add the package to the computer | This task is computer-specific and you can perform it at any time by completing the steps in [How to add an App-V package](#how-to-add-an-app-v-package). | +| Publish the package | See the Package Publishing section above for steps. This process requires that you update extension points on the system. You can't complete this task while the application is in use. | Use the following example scenarios as a guide for updating packages. | Scenario | Requirements | -| - | - | +|---|---| | App-V package is not in use when you try to upgrade | None of the following components of the package can be in use: virtual application, COM server, or shell extensions.

The administrator publishes a newer version of the package and the upgrade works the next time a component or application inside the package is launched. The new version of the package is streamed and ran. | -| App-V package is in use when the administrator publishes a newer version of the package | The upgrade operation is set to pending by the App-V Client, which means that it is queued and carried out later when the package is not in use.

If the package application is in use, the user shuts down the virtual application, after which the upgrade can occur.

If the package has shell extensions, which are permanently loaded by Windows Explorer, the user cannot be logged in. Users must log off and the log back in to initiate the App-V package upgrade.| +| App-V package is in use when the administrator publishes a newer version of the package | The App-V Client sets the operation to "pending," which means that it is queued and will be carried out later when the package is not in use.

If the package application is in use, the user shuts down the virtual application, after which the upgrade can occur.

If the package has shell extensions, which are permanently loaded by Windows Explorer, the user won't be able to sign in. Users must sign off and then sign back in to initiate the App-V package upgrade.| ### Global vs. user publishing -App-V Packages can be published in one of two ways; User which entitles an App-V package to a specific user or group of users and Global which entitles the App-V package to the entire machine for all users of the machine. Once a package upgrade has been pended and the App-V package is not in use, consider the two types of publishing: +App-V Packages can be published in one of two ways; as User, which entitles an App-V package to a specific user or group of users, or as Global, which entitles the App-V package to the entire machine for all users of the machine. Once a package upgrade has been pended and the App-V package is not in use, consider the two types of publishing: - **Globally published**: the application is published to a machine; all users on that machine can use it. The upgrade will happen when the App-V Client Service starts, which effectively means a machine restart. - **User published**: the application is published to a user. If there are multiple users on the machine, the application can be published to a subset of the users. The upgrade will happen when the user logs in or when it is published again (periodically, ConfigMgr Policy refresh and evaluation, or an App-V periodic publishing/refresh, or explicitly via Windows PowerShell commands). From b5931aa815471b28b60dbba895ae37f2bb7e112a Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Thu, 26 Apr 2018 15:45:20 -0700 Subject: [PATCH 008/319] Continued editorial changes --- .../appv-application-publishing-and-client-interaction.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 137715003d..5e97160b6e 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -796,10 +796,10 @@ Use the following example scenarios as a guide for updating packages. ### Global vs. user publishing -App-V Packages can be published in one of two ways; as User, which entitles an App-V package to a specific user or group of users, or as Global, which entitles the App-V package to the entire machine for all users of the machine. Once a package upgrade has been pended and the App-V package is not in use, consider the two types of publishing: +App-V Packages can be published in one of two ways; as user, which entitles an App-V package to a specific user or group of users, or as global, which entitles the App-V package to the entire machine for all users of the machine. Once a package upgrade has been pended and the App-V package is not in use, consider the two types of publishing: - **Globally published**: the application is published to a machine; all users on that machine can use it. The upgrade will happen when the App-V Client Service starts, which effectively means a machine restart. -- **User published**: the application is published to a user. If there are multiple users on the machine, the application can be published to a subset of the users. The upgrade will happen when the user logs in or when it is published again (periodically, ConfigMgr Policy refresh and evaluation, or an App-V periodic publishing/refresh, or explicitly via Windows PowerShell commands). +- **User-published**: the application is published to a user. If there are multiple users on the machine, the application can be published to a subset of the users. The upgrade will happen when the user logs in or when it is published again (periodically, ConfigMgr Policy refresh and evaluation, or an App-V periodic publishing/refresh, or explicitly via Windows PowerShell commands). ### Removing an App-V package From d420810616a5f6d4dd95a30029e12d4ad4c60b36 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Thu, 26 Apr 2018 16:37:37 -0700 Subject: [PATCH 009/319] Continued editorial changes --- ...-application-publishing-and-client-interaction.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 5e97160b6e..ddcc7b70aa 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -799,7 +799,7 @@ Use the following example scenarios as a guide for updating packages. App-V Packages can be published in one of two ways; as user, which entitles an App-V package to a specific user or group of users, or as global, which entitles the App-V package to the entire machine for all users of the machine. Once a package upgrade has been pended and the App-V package is not in use, consider the two types of publishing: - **Globally published**: the application is published to a machine; all users on that machine can use it. The upgrade will happen when the App-V Client Service starts, which effectively means a machine restart. -- **User-published**: the application is published to a user. If there are multiple users on the machine, the application can be published to a subset of the users. The upgrade will happen when the user logs in or when it is published again (periodically, ConfigMgr Policy refresh and evaluation, or an App-V periodic publishing/refresh, or explicitly via Windows PowerShell commands). +- **User-published**: the application is published to a user. If there are multiple users on the machine, the application can be published to a subset of the users. The upgrade will happen when the user signs in or when it is published again (periodically, ConfigMgr Policy refresh and evaluation, or an App-V periodic publishing/refresh, or explicitly through Windows PowerShell commands). ### Removing an App-V package @@ -807,19 +807,19 @@ Removing App-V applications in a Full Infrastructure is an unpublish operation, ### Repairing an App-V package -The repair operation is very simple but may affect many locations on the machine. The previously mentioned Copy on Write (COW) locations are removed, and extension points are de-integrated and then re-integrated. Please review the COW data placement locations by reviewing where they are registered in the registry. This operation is done automatically and there is no administrative control other than initiating a Repair operation from the App-V Client Console or via Windows PowerShell (Repair-AppVClientPackage). +The repair operation is easy to do, but may affect many locations on the machine. The previously mentioned Copy on Write (COW) locations are removed, and extension points are deintegrated and then reintegrated. Before repairing, please review where the COW data placement locations are registered in the registry. To perform a Repair operation, all you need to do is initiate it from the App-V Client Console or through the **Repair-AppVClientPackage** PowerShell cmdlet. After that, the operation is completed automatically. ## Integration of App-V packages The App-V Client and package architecture provides specific integration with the local operating system during the addition and publishing of packages. Three files define the integration or extension points for an App-V Package: -- AppXManifest.xml: Stored inside of the package with fallback copies stored in the package store and the user profile. Contains the options created during the sequencing process. -- DeploymentConfig.xml: Provides configuration information of computer and user based integration extension points. -- UserConfig.xml: A subset of the Deploymentconfig.xml that only provides user- based configurations and only targets user-based extension points. +- **AppXManifest.xml**: Stored inside of the package with fallback copies stored in the package store and the user profile. Contains the options created during the sequencing process. +- **DeploymentConfig.xml**: Provides configuration information of computer- and user-based integration extension points. +- **UserConfig.xml**: A subset of the **Deploymentconfig.xml** that only provides user-based configurations and only targets user-based extension points. ### Rules of integration -When App-V applications are published to a computer with the App-V Client, some specific actions take place as described in the list below: +When App-V applications are published to a computer with the App-V Client, some specific actions take place as described in the following list: - Global Publishing: Shortcuts are stored in the All Users profile location and other extension points are stored in the registry in the HKLM hive. - User Publishing: Shortcuts are stored in the current user account profile and other extension points are stored in the registry in the HKCU hive. From ad1619c6fb6a6dfe13cf6c30da1bc0e31b58b41f Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Mon, 7 May 2018 15:49:48 -0700 Subject: [PATCH 010/319] Continued updating article --- ...ation-publishing-and-client-interaction.md | 49 +++++++++---------- 1 file changed, 23 insertions(+), 26 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index ddcc7b70aa..4ffa37db03 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -834,18 +834,18 @@ When App-V applications are published to a computer with the App-V Client, some The App-V publishing files (manifest and dynamic configuration) provide several extension points that enable the application to integrate with the local operating system. These extension points perform typical application installation tasks, such as placing shortcuts, creating file type associations, and registering components. As these are virtualized applications that are not installed in the same manner a traditional application, there are some differences. The following is a list of extension points covered in this section: - Shortcuts -- File Type Associations -- Shell Extensions +- File type associations +- Shell extensions - COM -- Software Clients +- Software clients - Application capabilities -- URL Protocol Handler +- URL Protocol handler - AppPath -- Virtual Application +- Virtual application ### Shortcuts -The short cut is one of the basic elements of integration with the OS and is the interface for direct user launch of an App-V application. During the publishing and unpublishing of App-V applications. +The shortcut is one of the basic elements of integration with the OS and is the interface for direct user launch of an App-V application. During the publishing and unpublishing of App-V applications. From the package manifest and dynamic configuration XML files, the path to a specific application executable can be found in a section similar to the following: @@ -908,10 +908,9 @@ The App-V Client manages the local operating system File Type Associations durin >[!NOTE] >In this example: -> - >- `.xdp` is the extension - >- `AcroExch.XDPDoc` is the ProgId value (which points to the adjoining ProgId) - >- `"[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1"` is the command line, which points to the application executable +>- `.xdp` is the extension +>- `AcroExch.XDPDoc` is the ProgId value (which points to the adjoining ProgId) +>- `"[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1"` is the command line, which points to the application executable ### Shell extensions @@ -921,10 +920,9 @@ Shell extensions are embedded in the package automatically during the sequencing - Packages that contain embedded shell extensions must be published globally. - The “bitness” of the application, Sequencer, and App-V client must match, or the shell extensions won’t work. For example: - - - The version of the application is 64-bit. - - The Sequencer is running on a 64-bit computer. - - The package is being delivered to a 64-bit App-V client computer. + - The version of the application is 64-bit. + - The Sequencer is running on a 64-bit computer. + - The package is being delivered to a 64-bit App-V client computer. The following table displays the supported shell extensions. @@ -943,15 +941,15 @@ The following table displays the supported shell extensions. The App-V Client supports publishing applications with support for COM integration and virtualization. COM integration allows the App-V Client to register COM objects on the local operating system and virtualization of the objects. For the purposes of this document, the integration of COM objects requires additional detail. -App-V supports registering COM objects from the package to the local operating system with two process types: Out-of-process and in-process. Registering COM objects is accomplished with one or a combination of multiple modes of operation for a specific App-V package that includes off, Isolated, and Integrated. The integrated mode is configured for either the out-of-process or in-process type. Configuration of COM modes and types is accomplished with dynamic configuration files (deploymentconfig.xml or userconfig.xml). +App-V supports registering COM objects from the package to the local operating system with two process types: Out-of-process and In-process. Registering COM objects is accomplished with one or a combination of multiple modes of operation for a specific App-V package that includes Off, Isolated, and Integrated. Integrated mode is configured for either the Out-of-process or In-process type. Configuration of COM modes and types is accomplished with dynamic configuration files (**deploymentconfig.xml** or **userconfig.xml**). For details on App-V integration, see [Microsoft Application Virtualization 5.0 Integration](https://blogs.technet.microsoft.com/appv/2013/01/03/microsoft-application-virtualization-5-0-integration). ### Software clients and application capabilities -App-V supports specific software clients and application capabilities extension points that enable virtualized applications to be registered with the software client of the operating system. This enables users to select default programs for operations like email, instant messaging, and media player. This operation is performed in the control panel with the Set Program Access and Computer Defaults, and configured during sequencing in the manifest or dynamic configuration files. Application capabilities are only supported when the App-V applications are published globally. +App-V supports specific software clients and application capabilities extension points that enable virtualized applications to be registered with the software client of the operating system. This enables users to select default programs for operations like email, instant messaging, and using the media player. This operation is performed in the control panel with **Set Program Access** and **Computer Defaults**, and configured during sequencing in the manifest or dynamic configuration files. Application capabilities are only supported when the App-V applications are published globally. -Example of software client registration of an App-V based mail client. +The following is an example of software client registration of an App-V-based mail client. ```XML @@ -994,15 +992,14 @@ Example of software client registration of an App-V based mail client. ``` >[!NOTE] -In this example: -> - >- `` is the overall Software Clients setting to integrate Email clients - >- `` is the flag to set a particular Email client as the default Email client - >- `[{ProgramFilesX86}]\Mozilla Thunderbird\mozMapi32_InUse.dll` is the MAPI dll registration +>In this example: +>- `` is the overall Software Clients setting to integrate Email clients. +>- `` is the flag to set a particular Email client as the default Email client. +>- `[{ProgramFilesX86}]\Mozilla Thunderbird\mozMapi32_InUse.dll` is the MAPI dll registration. ### URL Protocol handler -Applications do not always specifically called virtualized applications utilizing file type invocation. For, example, in an application that supports embedding a mailto: link inside a document or web page, the user clicks on a mailto: link and expects to get their registered mail client. App-V supports URL Protocol handlers that can be registered on a per-package basis with the local operating system. During sequencing, the URL protocol handlers are automatically added to the package. +Virtual applications don't always specifically utilize file type invocation. For, example, in an application that supports embedding a mailto: link inside a document or web page, the user selects the link expecting to access their registered mail client. App-V supports URL Protocol handlers that can be registered on a per-package basis with the local operating system. During sequencing, the URL Protocol handlers are automatically added to the package. For situations where there is more than one application that could register the specific URL Protocol handler, the dynamic configuration files can be utilized to modify the behavior and suppress or disable this feature for an application that should not be the primary application launched. @@ -1014,15 +1011,15 @@ The AppPath extension point is configured either in the manifest or in the dynam ### Virtual application -This subsystem provides a list of applications captured during sequencing which is usually consumed by other App-V components. Integration of extension points belonging to a particular application can be disabled using dynamic configuration files. For example, if a package contains two applications, it is possible to disable all extension points belonging to one application, in order to allow only integration of extension points of other application. +This subsystem provides a list of applications captured during sequencing which is usually consumed by other App-V components. Integration of extension points belonging to a particular application can be disabled using dynamic configuration files. For example, if a package contains two applications, you can disable all extension points belonging to one application to only allow integration of extension points for the other application. ### Extension point rules -The extension points described above are integrated into the operating system based on how the packages has been published. Global publishing places extension points in public machine locations, where user publishing places extension points in user locations. For example a shortcut that is created on the desktop and published globally will result in the file data for the shortcut (%Public%\\Desktop) and the registry data (HKLM\\Software\\Classes). The same shortcut would have file data (%UserProfile%\\Desktop) and registry data (HKCU\\Software\\Classes). +The previously described extension points are integrated into the operating system based on how the packages has been published. Global publishing places extension points in public machine locations, where user publishing places extension points in user locations. For example a shortcut that is created on the desktop and published globally will result in the file data for the shortcut (%Public%\\Desktop) and the registry data (HKLM\\Software\\Classes). The same shortcut would have file data (%UserProfile%\\Desktop) and registry data (HKCU\\Software\\Classes). Extension points are not all published the same way, where some extension points will require global publishing and others require sequencing on the specific operating system and architecture where they are delivered. Below is a table that describes these two key rules. -|Virtual Extension|Requires target OS Sequencing|Requires Global Publishing| +|Virtual Extension|Requires target OS sequencing|Requires global publishing| |---|:---:|:---:| |Shortcut||| |File Type Association||| From 02a04c43352cc265466ed79c82a93a8a9860b794 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 8 May 2018 11:01:46 -0700 Subject: [PATCH 011/319] Continued text revision --- ...plication-publishing-and-client-interaction.md | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 4ffa37db03..2bcdae3587 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -1135,20 +1135,17 @@ Extension points are not all published the same way, where some extension points -  +## Dynamic configuration processing -## Dynamic configuration processing +Deploying App-V packages to a single machine or user is very simple. However, as organizations deploy App-V applications across business lines and geographic and political boundaries, it becomes impossible to sequence all applications with the same settings. App-V was designed to overcome this problem by capturing specific settings and configurations during sequencing in the Manifest file while also supporting modification with Dynamic Configuration files. +App-V dynamic configuration lets you specify a package policy at either the machine or user levels. Dynamic Configuration files enable sequencing engineers to modify the configuration of a package post-sequencing to address the needs of individual groups of users or machines. In some instances, it may be necessary to modify the application to provide proper functionality within the App-V environment. For example, you may need to modify the \_\*config.xml files to allow certain actions to be performed at a specified time while executing the application, like disabling a mailto extension to prevent a virtualized application from overwriting that extension from another application. -Deploying App-V packages to one machine or user is very simple. However, as organizations deploy AppV applications across business lines and geographic and political boundaries, the ability to sequence an application one time with one set of settings becomes impossible. App-V was designed for this scenario, as it captures specific settings and configurations during sequencing in the Manifest file, but also supports modification with Dynamic Configuration files. - -App-V dynamic configuration allows for specifying a policy for a package either at the machine level or at the user level. The Dynamic Configuration files enable sequencing engineers to modify the configuration of a package, post-sequencing, to address the needs of individual groups of users or machines. In some instances it may be necessary to make modifications to the application to provide proper functionality within the App-V environment. For example, it may be necessary to make modifications to the \_\*config.xml files to allow certain actions to be performed at a specified time during the execution of the application, like disabling a mailto extension to prevent a virtualized application from overwriting that extension from another application. - -App-V Packages contain the Manifest file inside of the appv package file, which is representative of sequencing operations and is the policy of choice unless Dynamic Configuration files are assigned to a specific package. Post-sequencing, the Dynamic Configuration files can be modified to allow the publishing of an application to different desktops or users with different extension points. The two Dynamic Configuration Files are the Dynamic Deployment Configuration (DDC) and Dynamic User Configuration (DUC) files. This section focuses on the combination of the manifest and dynamic configuration files. +App-V packages contain the Manifest file inside of the appv package file, which is representative of sequencing operations and is the policy of choice unless Dynamic Configuration files are assigned to a specific package. Post-sequencing, the Dynamic Configuration files can be modified to allow an application to be published to different desktops or users with different extension points. The two Dynamic Configuration Files are the Dynamic Deployment Configuration (DDC) and Dynamic User Configuration (DUC) files. This section focuses on the combination of the manifest and dynamic configuration files. ### Example for dynamic configuration files -The example below shows the combination of the Manifest, Deployment Configuration and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only and not to be a complete description of the specific categories available in each of the files. For more information, download the [App-V Sequencing Guide](https://www.microsoft.com/en-us/download/details.aspx?id=27760). +The following example shows the combination of the Manifest, Deployment Configuration, and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only, not to be a complete description of the specific categories available in each file. For more information, download the [App-V Sequencing Guide](https://www.microsoft.com/en-us/download/details.aspx?id=27760). #### Manifest @@ -1218,7 +1215,7 @@ The example below shows the combination of the Manifest, Deployment Configuratio ## Side-by-side assemblies -App-V supports the automatic packaging of side-by-side (SxS) assemblies during sequencing and deployment on the client during virtual application publishing. App-V supports capturing SxS assemblies during sequencing for assemblies not present on the sequencing machine. And for assemblies consisting of Visual C++ (Version 8 and newer) and/or MSXML run-time, the Sequencer will automatically detect and capture these dependencies even if they were not installed during monitoring. The side-by-side assemblies feature removes the limitations of previous versions of App-V, where the App-V Sequencer did not capture assemblies already present on the sequencing workstation, and privatizing the assemblies which limited to one bit version per package. This behavior resulted in deployed App-V applications to clients missing the required SxS assemblies, causing application launch failures. This forced the packaging process to document and then ensure that all assemblies required for packages were locally installed on the user’s client operating system to ensure support for the virtual applications. Based on the number of assemblies and the lack of application documentation for the required dependencies, this task was both a management and implementation challenge. +App-V supports automatic packaging of side-by-side (SxS) assemblies during sequencing and deployment on the client during virtual application publishing. App-V supports capturing SxS assemblies during sequencing for assemblies not present on the sequencing machine. For assemblies consisting of Visual C++ (Version 8 and newer) or MSXML run-time, the Sequencer will automatically detect and capture these dependencies even if they weren't installed during monitoring. The side-by-side assemblies feature removes the limitations of previous versions of App-V, where the App-V Sequencer did not capture assemblies already present on the sequencing workstation, and privatizing the assemblies which limited to one bit version per package. This behavior resulted in App-V applications deployed to clients missing the required SxS assemblies, causing application launch failures. This forced the packaging process to document and then ensure that all assemblies required for packages were locally installed on the user’s client operating system to ensure support for the virtual applications. Based on the number of assemblies and the lack of application documentation for the required dependencies, this task was both a management and implementation challenge. Side-by-side assembly support in App-V has the following features. From 5197bec938d16e628db56b04dc7c210dc4f6ed3c Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 8 May 2018 13:40:48 -0700 Subject: [PATCH 012/319] Finished first sweep of text edits. --- ...ation-publishing-and-client-interaction.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 2bcdae3587..198ee44fd2 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -1215,30 +1215,30 @@ The following example shows the combination of the Manifest, Deployment Configur ## Side-by-side assemblies -App-V supports automatic packaging of side-by-side (SxS) assemblies during sequencing and deployment on the client during virtual application publishing. App-V supports capturing SxS assemblies during sequencing for assemblies not present on the sequencing machine. For assemblies consisting of Visual C++ (Version 8 and newer) or MSXML run-time, the Sequencer will automatically detect and capture these dependencies even if they weren't installed during monitoring. The side-by-side assemblies feature removes the limitations of previous versions of App-V, where the App-V Sequencer did not capture assemblies already present on the sequencing workstation, and privatizing the assemblies which limited to one bit version per package. This behavior resulted in App-V applications deployed to clients missing the required SxS assemblies, causing application launch failures. This forced the packaging process to document and then ensure that all assemblies required for packages were locally installed on the user’s client operating system to ensure support for the virtual applications. Based on the number of assemblies and the lack of application documentation for the required dependencies, this task was both a management and implementation challenge. +App-V supports automatic packaging of side-by-side assemblies during sequencing and deployment on the client during virtual application publishing. App-V also supports capturing side-by-side assemblies during sequencing for assemblies not present on the sequencing machine. For assemblies consisting of Visual C++ (Version 8 and newer) or MSXML run-time, the Sequencer will automatically detect and capture these dependencies even if they weren't installed during monitoring. The side-by-side assemblies feature removes the limitations of previous versions of App-V, where the App-V Sequencer did not capture assemblies already present on the sequencing workstation, and privatizing the assemblies which limited to one bit version per package. This behavior resulted in App-V applications deployed to clients missing the required side-by-side assemblies, causing application launch failures. This forced the packaging process to document and then ensure that all assemblies required for packages were locally installed on the user’s client operating system to ensure support for the virtual applications. Based on the number of assemblies and the lack of application documentation for the required dependencies, this task was both a management and implementation challenge. -Side-by-side assembly support in App-V has the following features. +Side-by-side assembly support in App-V has the following features: -- Automatic captures of SxS assembly during Sequencing, regardless of whether the assembly was already installed on the sequencing workstation. -- The App-V Client automatically installs required SxS assemblies to the client computer at publishing time when they are not present. +- Automatic captures of side-by-side assembly during Sequencing, regardless of whether the assembly was already installed on the sequencing workstation. +- The App-V Client automatically installs required side-by-side assemblies to the client computer at publishing time if they aren't already installed. - The Sequencer reports the VC run-time dependency in Sequencer reporting mechanism. - The Sequencer allows opting to not package the assemblies that are already installed on the Sequencer, supporting scenarios where the assemblies have previously been installed on the target computers. -### Automatic publishing of SxS assemblies +### Automatic publishing of side-by-side assemblies -During publishing of an App-V package with SxS assemblies the App-V Client will check for the presence of the assembly on the machine. If the assembly does not exist, the client will deploy the assembly to the machine. Packages that are part of connection groups will rely on the Side by Side assembly installations that are part of the base packages, as the connection group does not contain any information about assembly installation. +During publishing of an App-V package with side-by-side assemblies, the App-V Client will check for the presence of the assembly on the machine. If the assembly does not exist, the client will deploy the assembly to the machine. Packages that are part of connection groups will rely on the side-by-side assembly installations in the base packages, as the connection groups don't contain any information about assembly installation. >[!NOTE] >Unpublishing or removing a package with an assembly does not remove the assemblies for that package. ## Client logging -The App-V client logs information to the Windows Event log in standard ETW format. The specific App-V events can be found in the event viewer, under Applications and Services Logs\\Microsoft\\AppV\\Client. +The App-V client logs information to the Windows Event log in standard ETW format. The specific App-V events can be found in the event viewer under **Applications and Services Logs\\Microsoft\\AppV\\Client**. -There are three specific categories of events recorded described below. +There are three specific categories of events recorded: -- **Admin**: Logs events for configurations being applied to the App-V Client, and contains the primary warnings and errors. -- **Operational**: Logs the general App-V execution and usage of individual components creating an audit log of the App-V operations that have been completed on the App-V Client. +- **Admin**: Logs events for configurations applied to the App-V Client, and also contains the primary warnings and errors. +- **Operational**: Logs the general App-V execution and usage of individual components, creating an audit log of the App-V client's completed App-V operations. - **Virtual Application**: Logs virtual application launches and use of virtualization subsystems. ## Have a suggestion for App-V? From 30288a4b9ff49a3334f04dd433bee0f908b31f56 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 8 May 2018 14:45:45 -0700 Subject: [PATCH 013/319] Consistent client capitalization --- ...ation-publishing-and-client-interaction.md | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 198ee44fd2..e8393bccb7 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -12,7 +12,7 @@ ms.date: 04/19/2017 >Applies to: Windows 10, version 1607 -This article provides technical information about common App-V client operations and their integration with the local operating system. +This article provides technical information about common App-V Client operations and their integration with the local operating system. ## App-V package files created by the Sequencer @@ -22,8 +22,8 @@ The Sequencer creates App-V packages and produces a virtualized application. The |---|---| |.appv|- The primary package file, which contains the captured assets and state information from the sequencing process.
- Architecture of the package file, publishing information, and registry in a tokenized form that can be reapplied to a machine and to a specific user upon delivery.| |.MSI|Executable deployment wrapper that you can use to deploy .appv files manually or by using a third-party deployment platform.| -|_DeploymentConfig.XML|File used to customize the default publishing parameters for all applications in a package that is deployed globally to all users on a computer that is running the App-V client.| -|_UserConfig.XML|File used to customize the publishing parameters for all applications in a package that is a deployed to a specific user on a computer that is running the App-V client.| +|_DeploymentConfig.XML|File used to customize the default publishing parameters for all applications in a package that is deployed globally to all users on a computer that is running the App-V Client.| +|_UserConfig.XML|File used to customize the publishing parameters for all applications in a package that is a deployed to a specific user on a computer that is running the App-V Client.| |Report.xml|Summary of messages resulting from the sequencing process, including omitted drivers, files, and registry locations.| |.CAB|Optional: Package accelerator file used to automatically rebuild a previously sequenced virtual application package.| |.appvt|Optional: Sequencer template file used to retain commonly reused Sequencer settings.| @@ -53,11 +53,11 @@ The Sequencer creates App-V packages and produces a virtualized application. The

_DeploymentConfig.XML

-

File used to customize the default publishing parameters for all applications in a package that is deployed globally to all users on a computer that is running the App-V client.

+

File used to customize the default publishing parameters for all applications in a package that is deployed globally to all users on a computer that is running the App-V Client.

_UserConfig.XML

-

File used to customize the publishing parameters for all applications in a package that is a deployed to a specific user on a computer that is running the App-V client.

+

File used to customize the publishing parameters for all applications in a package that is a deployed to a specific user on a computer that is running the App-V Client.

Report.xml

@@ -95,9 +95,9 @@ The appv file contains the following folder and files, which are used when creat | Registry.dat | DAT File | Registry keys and values captured during the sequencing process for the package.| | StreamMap.xml | XML File | List of files for the primary and publishing feature block. The publishing feature block contains the ICO files and required portions of files (EXE and DLL) for publishing the package. When present, the primary feature block includes files that have been optimized for streaming during the sequencing process.| -## App-V client data storage locations +## App-V Client data storage locations -The App-V client performs tasks to ensure that virtual applications run properly and work like locally installed applications. The process of opening and running virtual applications requires mapping from the virtual file system and registry to ensure the application has the required components of a traditional application expected by users. This section describes the assets that are required to run virtual applications and lists the location where App-V stores the assets. +The App-V Client performs tasks to ensure that virtual applications run properly and work like locally installed applications. The process of opening and running virtual applications requires mapping from the virtual file system and registry to ensure the application has the required components of a traditional application expected by users. This section describes the assets that are required to run virtual applications and lists the location where App-V stores the assets. | Name | Location | Description | |---|---|---| @@ -469,11 +469,11 @@ After the initial stream of any publishing data and the primary feature block, r ### Package upgrades -App-V Packages require updating throughout the lifecycle of the application. App-V Package upgrades are similar to the package publish operation, as each version will be created in its own PackageRoot location: ```%ProgramData%\App-V\{PkgGUID}\{newVerGUID}```. The upgrade operation is optimized by creating hard links to identical- and streamed-files from other versions of the same package. +App-V Packages require updating throughout the lifecycle of the application. App-V Package upgrades are similar to the package publish operation, as each version will be created in its own PackageRoot location: ```%ProgramData%\App-V\{PkgGUID}\{newVerGUID}```. The upgrade operation is optimized by creating hard links to identical and streamed files from other versions of the same package. ### Package removal -The behavior of the App-V Client when packages are removed depends on the method used for removal. Using an App-V full infrastructure to unpublish the application, the user catalog files (machine catalog for globally published applications) are removed, but retains the package store location and COW locations. When the Windows PowerShell cmdlet ```Remove-AppVClientPackge``` is used to remove an App-V Package, the package store location is cleaned. Remember that unpublishing an App-V Package from the Management Server does not perform a Remove operation. Neither operation will remove the Package Store package files. +The App-V Client's behavior when packages are removed depends on the package removal method. Using an App-V full infrastructure to unpublish the application, the user catalog files (machine catalog for globally published applications) are removed, but retains the package store location and COW locations. When the Windows PowerShell cmdlet ```Remove-AppVClientPackge``` is used to remove an App-V Package, the package store location is cleaned. Remember that unpublishing an App-V Package from the Management Server does not perform a Remove operation. Neither operation will remove the Package Store package files. ## Roaming registry and data @@ -595,7 +595,7 @@ This completes the successful roaming of application settings that are present i This process will re-create both the local and network locations for AppData and remove the registry record of the time stamp. -## App-V client application lifecycle management +## App-V Client application lifecycle management In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers through the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are input as PowerShell commands on the computer running the App-V Client. @@ -773,7 +773,7 @@ If you try to upgrade a package that is currently in use, the upgrade task is pl | User-based tasks, such as publishing a package to a user | The pending task will be performed after the user logs off and then logs back on. | | Globally based tasks, such as enabling a connection group globally | The pending task will be performed when the computer is shut down and then restarted. | -When a task is placed in a pending state, the App-V client also generates a registry key for the pending task, as follows: +When a task is placed in a pending state, the App-V Client also generates a registry key for the pending task, as follows: | User-based or globally based task | Where the registry key is generated | |---|---| @@ -919,10 +919,10 @@ Shell extensions are embedded in the package automatically during the sequencing #### Requirements for using shell extensions - Packages that contain embedded shell extensions must be published globally. -- The “bitness” of the application, Sequencer, and App-V client must match, or the shell extensions won’t work. For example: +- The “bitness” of the application, Sequencer, and App-V Client must match, or the shell extensions won’t work. For example: - The version of the application is 64-bit. - The Sequencer is running on a 64-bit computer. - - The package is being delivered to a 64-bit App-V client computer. + - The package is being delivered to a 64-bit App-V Client computer. The following table displays the supported shell extensions. @@ -1233,12 +1233,12 @@ During publishing of an App-V package with side-by-side assemblies, the App-V Cl ## Client logging -The App-V client logs information to the Windows Event log in standard ETW format. The specific App-V events can be found in the event viewer under **Applications and Services Logs\\Microsoft\\AppV\\Client**. +The App-V Client logs information to the Windows Event log in standard ETW format. The specific App-V events can be found in the event viewer under **Applications and Services Logs\\Microsoft\\AppV\\Client**. There are three specific categories of events recorded: - **Admin**: Logs events for configurations applied to the App-V Client, and also contains the primary warnings and errors. -- **Operational**: Logs the general App-V execution and usage of individual components, creating an audit log of the App-V client's completed App-V operations. +- **Operational**: Logs the general App-V execution and usage of individual components, creating an audit log of the App-V Client's completed App-V operations. - **Virtual Application**: Logs virtual application launches and use of virtualization subsystems. ## Have a suggestion for App-V? From 2e4bc8a09387770d2ffdb1e5fddaa1b4c05dc311 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 8 May 2018 16:14:01 -0700 Subject: [PATCH 014/319] Continued text edit --- .../app-v/appv-application-publishing-and-client-interaction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index e8393bccb7..846ca41788 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -20,7 +20,7 @@ The Sequencer creates App-V packages and produces a virtualized application. The |File|Description| |---|---| -|.appv|- The primary package file, which contains the captured assets and state information from the sequencing process.
- Architecture of the package file, publishing information, and registry in a tokenized form that can be reapplied to a machine and to a specific user upon delivery.| +|.appv|- The primary package file, which contains captured assets and state information from the sequencing process.
- Architecture of the package file, publishing information, and registry in a tokenized form that can be reapplied to a machine and to a specific user upon delivery.| |.MSI|Executable deployment wrapper that you can use to deploy .appv files manually or by using a third-party deployment platform.| |_DeploymentConfig.XML|File used to customize the default publishing parameters for all applications in a package that is deployed globally to all users on a computer that is running the App-V Client.| |_UserConfig.XML|File used to customize the publishing parameters for all applications in a package that is a deployed to a specific user on a computer that is running the App-V Client.| From 831d50b821c2a56d1b44dd6fd5fc52e52d6f8bbc Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Wed, 9 May 2018 14:19:32 -0700 Subject: [PATCH 015/319] Continued updating text --- ...ation-publishing-and-client-interaction.md | 146 +----------------- 1 file changed, 6 insertions(+), 140 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 846ca41788..741a277cee 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -497,45 +497,8 @@ App-V registry roaming falls into two scenarios, as shown in the following table |Scenario|Description| |---|---| -|Applications that are run as standard users|When a standard user launches an App-V application, both HKLM and HKCU for App-V applications are stored in the HKCU hive on the machine. This presents as two distinct paths:
- HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages\\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE
- HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\REGISTRY\USER\\{UserSID}\SOFTWARE
The locations are enabled for roaming based on the operating system settings.| -|Applications that are run with elevation|When an application is launched with elevation:
- HKLM data is stored in the HKLM hive on the local computer
- HKCU data is stored in the User Registry location
In this scenario, these settings are not roamed with normal operating system roaming configurations, and the resulting registry keys and values are stored in the following location:
- HKLM\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\{UserSID}\REGISTRY\MACHINE\SOFTWARE
- HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\Registry\User\\{UserSID}\SOFTWARE| - - ---- - - - - - - - - - - - - - - - - -
ScenarioDescription

Applications that are run as standard users

When a standard user launches an App-V application, both HKLM and HKCU for App-V applications are stored in the HKCU hive on the machine. This presents as two distinct paths:

-
    -

  • HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages\\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE

    • -

  • HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\REGISTRY\USER\\{UserSID}\SOFTWARE

    • -
-

The locations are enabled for roaming based on the operating system settings.

Applications that are run with elevation

When an application is launched with elevation:

-
    -

  • HKLM data is stored in the HKLM hive on the local computer

    • -

  • HKCU data is stored in the User Registry location

    • -
-

In this scenario, these settings are not roamed with normal operating system roaming configurations, and the resulting registry keys and values are stored in the following location:

-
    -

  • HKLM\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\{UserSID}\REGISTRY\MACHINE\SOFTWARE

    • -

  • HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\Registry\User\\{UserSID}\SOFTWARE

    • -
+|Applications that are run as standard users|When a standard user launches an App-V application, both HKLM and HKCU for App-V applications are stored in the HKCU hive on the machine. This presents as two distinct paths:

- HKLM's location is HKCU\SOFTWARE\Classes\AppV\Client\Packages\\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE
- HKCU's location is HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\REGISTRY\USER\\{UserSID}\SOFTWARE

The locations are enabled for roaming based on the operating system settings.| +|Applications that are run with elevation|When an application is launched with elevation:

- HKLM data is stored in the HKLM hive on the local computer
- HKCU data is stored in the User Registry location

In this scenario, these settings are not roamed with normal operating system roaming configurations, and the resulting registry keys and values are stored in the following locations:

- HKLM's location is HKLM\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\{UserSID}\REGISTRY\MACHINE\SOFTWARE
- HKCU's location is HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\Registry\User\\{UserSID}\SOFTWARE| ### App-V and folder redirection @@ -607,10 +570,10 @@ The App-V application lifecycle tasks are triggered at user sign in (default), m The publishing refresh process comprises several smaller operations that are performed on the App-V Client. Since App-V is an application virtualization technology and not a task scheduling technology, the Windows Task Scheduler is utilized to enable the process when the user signs in, the machine turns on, and at scheduled intervals. The client configuration during setup listed in the previous section is the preferred method when distributing the client to a large group of computers with the correct settings. These client settings can be configured with the following Windows PowerShell cmdlets: -- **Add-AppVPublishingServer:** Configures the client with an App-V Publishing Server that provides App-V packages. -- **Set-AppVPublishingServer:** Modifies the current settings for the App-V Publishing Server. -- **Set-AppVClientConfiguration:** Modifies the currents settings for the App-V Client. -- **Sync-AppVPublishingServer:** Initiates an App-V Publishing Refresh process manually. This is also utilized in the scheduled tasks created during configuration of the publishing server. +- **Add-AppVPublishingServer** configures the client with an App-V Publishing Server that provides App-V packages. +- **Set-AppVPublishingServer** modifies the current settings for the App-V Publishing Server. +- **Set-AppVClientConfiguration** modifies the currents settings for the App-V Client. +- **Sync-AppVPublishingServer** initiates an App-V Publishing Refresh process manually. This is also utilized in the scheduled tasks created during configuration of the publishing server. The following sections will elaborate what goes on during the publishing refresh process. @@ -1038,103 +1001,6 @@ Extension points are not all published the same way, where some extension points |Browser Helper Object|X|X| |Active X Object|X|X| - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Virtual ExtensionRequires target OS SequencingRequires Global Publishing

Shortcut

File Type Association

URL Protocols

X

AppPaths

X

COM Mode

Software Client

X

Application Capabilities

X

X

Context Menu Handler

X

X

Drag-and-drop Handler

X

Data Object Handler

X

Property Sheet Handler

X

Infotip Handler

X

Column Handler

X

Shell Extensions

X

Browser Helper Object

X

X

Active X Object

X

X

- ## Dynamic configuration processing Deploying App-V packages to a single machine or user is very simple. However, as organizations deploy App-V applications across business lines and geographic and political boundaries, it becomes impossible to sequence all applications with the same settings. App-V was designed to overcome this problem by capturing specific settings and configurations during sequencing in the Manifest file while also supporting modification with Dynamic Configuration files. From 04a40479f931832f07c91c28fc5004f5e16eaace Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Thu, 10 May 2018 12:29:40 -0700 Subject: [PATCH 016/319] Continued edits, deleted old duplicate HTML tables --- ...ation-publishing-and-client-interaction.md | 130 +----------------- 1 file changed, 4 insertions(+), 126 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 741a277cee..9cd1577d1f 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -28,53 +28,7 @@ The Sequencer creates App-V packages and produces a virtualized application. The |.CAB|Optional: Package accelerator file used to automatically rebuild a previously sequenced virtual application package.| |.appvt|Optional: Sequencer template file used to retain commonly reused Sequencer settings.| - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FileDescription

.appv

    -

  • The primary package file, which contains the captured assets and state information from the sequencing process.

    • -

  • Architecture of the package file, publishing information, and registry in a tokenized form that can be reapplied to a machine and to a specific user upon delivery.

    • -

.MSI

Executable deployment wrapper that you can use to deploy .appv files manually or by using a third-party deployment platform.

_DeploymentConfig.XML

File used to customize the default publishing parameters for all applications in a package that is deployed globally to all users on a computer that is running the App-V Client.

_UserConfig.XML

File used to customize the publishing parameters for all applications in a package that is a deployed to a specific user on a computer that is running the App-V Client.

Report.xml

Summary of messages resulting from the sequencing process, including omitted drivers, files, and registry locations.

.CAB

Optional: Package accelerator file used to automatically rebuild a previously sequenced virtual application package.

.appvt

Optional: Sequencer template file used to retain commonly reused Sequencer settings.

- -For information about sequencing, see [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md). +To learn more about sequencing, see [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md). ## What’s in the appv file? @@ -149,47 +103,6 @@ The App-V Client manages the following two file-based locations: |Additional machine catalog location, used when the package is part of a connection group|The following location is in addition to the specific package location mentioned previously as the default storage location:

```%programdata%\Microsoft\AppV\Client\Catalog\PackageGroups\ConGroupGUID\ConGroupVerGUID```| |Additional files in the machine catalog when the package is part of a connection group|- PackageGroupDescriptor.xml
- UserPackageGroupDescriptor.xml (globally published Connection Group)| - ---- - - - - - - - - - - - - - - - - - - - - - - -

Description

Stores package documents that are available to users on the machine, when packages are added and published. However, if a package is “global” at publishing time, the integrations are available to all users.

-

If a package is non-global, the integrations are published only for specific users, but there are still global resources that are modified and visible to anyone on the client computer (e.g., the package directory is in a shared disk location).

-

If a package is available to a user on the computer (global or non-global), the manifest is stored in the Machine Catalog. When a package is published globally, there is a Dynamic Configuration file, stored in the Machine Catalog; therefore, the determination of whether a package is global is defined according to whether there is a policy file (UserDeploymentConfiguration file) in the Machine Catalog.

Default storage location

%programdata%\Microsoft\AppV\Client\Catalog\

-

This location is not the same as the Package Store location. The Package Store is the golden or pristine copy of the package files.

Files in the machine catalog

    -

  • Manifest.xml

    • -

  • DeploymentConfiguration.xml

    • -

  • UserManifest.xml (Globally Published Package)

    • -

  • UserDeploymentConfiguration.xml (Globally Published Package)

    • -

Additional machine catalog location, used when the package is part of a connection group

The following location is in addition to the specific package location mentioned above:

-

%programdata%\Microsoft\AppV\Client\Catalog\PackageGroups\ConGroupGUID\ConGroupVerGUID

Additional files in the machine catalog when the package is part of a connection group

    -

  • PackageGroupDescriptor.xml

    • -

  • UserPackageGroupDescriptor.xml (globally published Connection Group)

    • -
- ### User catalog ||| @@ -200,41 +113,6 @@ The App-V Client manages the following two file-based locations: |Additional user catalog location, used when the package is part of a connection group|The following location is in addition to the specific package location mentioned above:

```appdata\roaming\Microsoft\AppV\Client\Catalog\PackageGroups\PkgGroupGUID\PkgGroupVerGUID```| |Additional file in the machine catalog when the package is part of a connection group|```UserPackageGroupDescriptor.xml```| - ---- - - - - - - - - - - - - - - - - - - - - - - -

Description

Created during the publishing process. Contains information used for publishing the package, and also used at launch to ensure that a package is provisioned to a specific user. Created in a roaming location and includes user-specific publishing information.

-

When a package is published for a user, the policy file is stored in the User Catalog. At the same time, a copy of the manifest is also stored in the User Catalog. When a package entitlement is removed for a user, the relevant package files are removed from the User Catalog. Looking at the user catalog, an administrator can view the presence of a Dynamic Configuration file, which indicates that the package is entitled for that user.

-

For roaming users, the User Catalog needs to be in a roaming or shared location to preserve the legacy App-V behavior of targeting users by default. Entitlement and policy are tied to a user, not a computer, so they should roam with the user once they are provisioned.

Default storage location

appdata\roaming\Microsoft\AppV\Client\Catalog\Packages\PkgGUID\VerGUID

Files in the user catalog

    -

  • UserManifest.xml

    • -

  • DynamicConfiguration.xml or UserDeploymentConfiguration.xml

    • -

Additional user catalog location, used when the package is part of a connection group

The following location is in addition to the specific package location mentioned above:

-

appdata\roaming\Microsoft\AppV\Client\Catalog\PackageGroups\PkgGroupGUID\PkgGroupVerGUID

Additional file in the machine catalog when the package is part of a connection group

UserPackageGroupDescriptor.xml

- ### Shortcut backups During the publishing process, the App-V Client backs up any shortcuts and integration points to ```%AppData%\Microsoft\AppV\Client\Integration\ShortCutBackups```. This backup lets integration points restore to the previous versions when the package is unpublished. @@ -1103,9 +981,9 @@ The App-V Client logs information to the Windows Event log in standard ETW forma There are three specific categories of events recorded: -- **Admin**: Logs events for configurations applied to the App-V Client, and also contains the primary warnings and errors. -- **Operational**: Logs the general App-V execution and usage of individual components, creating an audit log of the App-V Client's completed App-V operations. -- **Virtual Application**: Logs virtual application launches and use of virtualization subsystems. +- **Admin** logs events for configurations applied to the App-V Client and also contains the primary warnings and errors. +- **Operational** logs the general App-V execution and usage of individual components, creating an audit log of the App-V Client's completed App-V operations. +- **Virtual Application** logs virtual application launches and use of virtualization subsystems. ## Have a suggestion for App-V? From 606a4e2716e3ae89bdcfab0664cfa603c8e963c3 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Fri, 11 May 2018 17:00:01 -0700 Subject: [PATCH 017/319] Removing HTML tables and sweeping for passive voice --- ...de-packages-with-the-management-console.md | 2 +- ...appv-administering-appv-with-powershell.md | 14 +-- ...pplications-with-the-management-console.md | 18 +-- ...ation-publishing-and-client-interaction.md | 118 +----------------- 4 files changed, 23 insertions(+), 129 deletions(-) diff --git a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md index 8c3b04234f..97631d1114 100644 --- a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md +++ b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md @@ -12,7 +12,7 @@ ms.date: 04/19/2017 >Applies to: Windows 10, version 1607 -You can the following procedure to add or upgrade a package to the App-V Management Console. To upgrade a package that already exists in the Management Console, use the following steps and import the upgraded package using the same package **Name**. +You can use the following procedure to add or upgrade a package to the App-V Management Console. To upgrade a package that already exists in the Management Console, use the following steps and import the upgraded package using the same package **Name**. ## Add a package to the Management Console diff --git a/windows/application-management/app-v/appv-administering-appv-with-powershell.md b/windows/application-management/app-v/appv-administering-appv-with-powershell.md index 10327aa2e2..1a003ccf5c 100644 --- a/windows/application-management/app-v/appv-administering-appv-with-powershell.md +++ b/windows/application-management/app-v/appv-administering-appv-with-powershell.md @@ -12,11 +12,11 @@ ms.date: 04/19/2017 >Applies to: Windows 10, version 1607 -Microsoft Application Virtualization (App-V) provides Windows PowerShell cmdlets, which can help administrators perform various App-V tasks. The following sections provide more information about using Windows PowerShell with App-V. +Microsoft Application Virtualization (App-V) supports Windows PowerShell cmdlets that give administrators a quick and easy way to manage App-V. The following sections will tell you more about how to use Windows PowerShell with App-V. ## How to administer App-V with Windows PowerShell -Use the following Windows PowerShell procedures to perform various App-V tasks. +The following table lists articles that will tell you more about how to use PowerShell for App-V. |Name|Description| |---|---| @@ -27,22 +27,22 @@ Use the following Windows PowerShell procedures to perform various App-V tasks. |[How to apply the user configuration file by using Windows PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)|Describes how to apply a user configuration file with Windows PowerShell.| |[How to apply the deployment configuration file by using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)|Describes how to apply a deployment configuration file with Windows PowerShell.| |[How to sequence a package by using Windows PowerShell](appv-sequence-a-package-with-powershell.md)|Describes how to create a new package with Windows PowerShell.| -|[How to create a package accelerator by using Windows PowerShell](appv-create-a-package-accelerator-with-powershell.md)|Describes how to create a package accelerator with Windows PowerShell. You can use package accelerators automatically sequence large, complex applications.| -|[How to enable reporting on the App-V client by using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)|Describes how to enable the computer running the App-V client to send reporting information.| +|[How to create a package accelerator by using Windows PowerShell](appv-create-a-package-accelerator-with-powershell.md)|Describes how to create a package accelerator with Windows PowerShell. You can use package accelerators to automatically sequence large, complex applications.| +|[How to enable reporting on the App-V client by using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)|Describes how to enable the computer running the App-V Client to send reporting information.| |[How to install the App-V databases and convert the associated security identifiers by using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md)|Describes how to take an array of account names and to convert each of them to the corresponding SID in standard and hexadecimal formats.| -|[How to configure the client to receive package and connection groups updates from the publishing server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)|Describes how to use Windows PowerShell to configure a client after you deploy the App-V management and publishing servers, and add the required packages and connection groups.| +|[How to configure the client to receive package and connection groups updates from the publishing server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)|Describes how to use Windows PowerShell to configure a client after you have deployed the App-V management and publishing servers and added the required packages and connection groups.| >[!IMPORTANT] >Make sure that any script you execute with your App-V packages matches the execution policy that you have configured for Windows PowerShell. ## Windows PowerShell error handling -Use the following table for information about Windows PowerShell error handling for App-V. +The following table describes Windows PowerShell error handling for App-V. |Event|Action| |---|---| |Using the **RollbackOnError** attribute with embedded scripts|When you use the **RollbackOnError** attribute with embedded scripts, the attribute is ignored for the following events:
- Removing a package
- Unpublishing a package
- Terminating a virtual environment
- Terminating a process| -|Package name contains **$**|If a package name contains the character ( **$** ), you must use a single-quote ( **'** ), for example,
```Add-AppvClientPackage 'Contoso$App.appv'```| +|Package name contains **$**|If a package name contains the character \$\, you must use a single-quote ( **'** ).
For example:
```Add-AppvClientPackage 'Contoso$App.appv'```| ## Have a suggestion for App-V? diff --git a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md index 915933fa98..58e54b4527 100644 --- a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md +++ b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md @@ -1,6 +1,6 @@ --- -title: Administering App-V Virtual Applications by Using the Management Console (Windows 10) -description: Administering App-V Virtual Applications by Using the Management Console +title: Administering App-V Virtual Applications by using the Management Console (Windows 10) +description: Administering App-V Virtual Applications by using the Management Console author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy @@ -8,23 +8,23 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- -# Administering App-V Virtual Applications by Using the Management Console +# Administering App-V Virtual Applications by using the Management Console >Applies to: Windows 10, version 1607 -Use the Microsoft Application Virtualization (App-V) management server to manage packages, connection groups, and package access in your environment. The server publishes application icons, shortcuts, and file type associations to authorized computers that run the App-V client. One or more management servers typically share a common data store for configuration and package information. +Use the Microsoft Application Virtualization (App-V) management server to manage packages, connection groups, and package access in your environment. The server publishes application icons, shortcuts, and file type associations to authorized computers running the App-V client. One or more management servers typically share a common data store for configuration and package information. The management server uses Active Directory Domain Services (AD DS) groups to manage user authorization and has SQL Server installed to manage the database and data store. Because the management servers stream applications to end users on demand, these servers are ideally suited for system configurations that have reliable, high-bandwidth LANs. The management server consists of the following components: -- Management Server—Use the management server to manage packages and connection groups. -- Publishing Server—Use the publishing server to deploy packages to computers that run the App-V client. -- Management Database—Use the management database to manage the package access and to publish the server’s synchronization with the management server. +- The **management server** manages packages and connection groups. +- The **publishing server** deploys packages to computers running the App-V Client. +- The **management database** manages the package access publishes the server’s synchronization with the management server. ## Management Console tasks -The most common tasks that you can perform with the App-V Management console are: +Here are some articles that can show you how to perform the most common tasks that the App-V Management Console is used for: - [How to connect to the Management Console](appv-connect-to-the-management-console.md) - [How to add or upgrade packages by using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md) @@ -48,7 +48,7 @@ The main elements of the App-V Management Console are: |Administrators tab|Use the **Administrators** tab to register, add, or remove administrators in your App-V environment.| >[!IMPORTANT] ->JavaScript must be enabled on the browser that opens the Web Management Console. +>JavaScript must be enabled on the browser you use to open the Web Management Console. ## Have a suggestion for App-V? diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 9cd1577d1f..7d6b629a30 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -161,40 +161,6 @@ There are two package registry locations and two connection group locations wher |Package|- Machine Registry\Client\Packages\PkgGUID\Versions\VerGuid\Registry\Machine
- User Registry Classes\Client\Packages\PkgGUID\Versions\VerGUID\Registry| |Native|- Native application registry location| - ---- - - - - - - - - - - - - - - - - - - -

Location

Description

COW

    -

  • Machine Registry\Client\Packages\PkgGUID\REGISTRY (Only elevate process can write)

    • -

  • User Registry\Client\Packages\PkgGUID\REGISTRY (User Roaming anything written under HKCU except Software\Classes

    • -

  • User Registry Classes\Client\Packages\PkgGUID\REGISTRY (HKCU\Software\Classes writes and HKLM for non elevated process)

    • -

Package

    -

  • Machine Registry\Client\Packages\PkgGUID\Versions\VerGuid\Registry\Machine

    • -

  • User Registry Classes\Client\Packages\PkgGUID\Versions\VerGUID\Registry

    • -

Native

    -

  • Native application registry location

    • -
- #### Connection Group VReg |Location|Description| @@ -203,45 +169,11 @@ There are two package registry locations and two connection group locations wher |Package|- Machine Registry\Client\PackageGroups\GrpGUID\Versions\VerGUID\REGISTRY
- User Registry Classes\Client\PackageGroups\GrpGUID\Versions\VerGUID\REGISTRY| |Native|- Native application registry location| - ---- - - - - - - - - - - - - - - - - - - -

Location

Description

COW

    -

  • Machine Registry\Client\PackageGroups\GrpGUID\REGISTRY (only elevate process can write)

    • -

  • User Registry\Client\PackageGroups\GrpGUID\REGISTRY (Anything written to HKCU except Software\Classes

    • -

  • User Registry Classes\Client\PackageGroups\GrpGUID\REGISTRY

    • -

Package

    -

  • Machine Registry\Client\PackageGroups\GrpGUID\Versions\VerGUID\REGISTRY

    • -

  • User Registry Classes\Client\PackageGroups\GrpGUID\Versions\VerGUID\REGISTRY

    • -

Native

    -

  • Native application registry location

    • -
- -There are two COW locations for HKLM; elevated and non-elevated processes. Elevated processes always write HKLM changes to the secure COW under HKLM. Non-elevated processes always write HKLM changes to the non-secure COW under HKCU\\Software\\Classes. When an application reads changes from HKLM, elevated processes will read changes from the secure COW under HKLM. Non-elevated reads from both, favoring the changes made in the unsecure COW first. +There are two COW locations for HKLM: elevated and non-elevated processes. Elevated processes always write HKLM changes to the secure COW under HKLM. Non-elevated processes always write HKLM changes to the non-secure COW under HKCU\\Software\\Classes. When an application reads changes from HKLM, elevated processes will read changes from the secure COW under HKLM. Non-elevated reads from both, favoring the changes made in the unsecure COW first. ### Pass-through keys -Pass-through keys enable an administrator to configure certain keys so they can only be read from the native registry, bypassing the Package and COW locations. Pass-through locations are global to the machine (not package specific) and can be configured by adding the path to the key, which should be treated as pass-through to the **REG\_MULTI\_SZ** value called **PassThroughPaths** of the key ```HKLM\Software\Microsoft\AppV\Subsystem\VirtualRegistry```. Any key that appears under this multi-string value (and their children) will be treated as pass-through. +Pass-through keys enable an administrator to configure certain keys so they can only be read from the native registry, bypassing the Package and COW locations. Pass-through locations are global to the machine (not package-specific) and can be configured by adding the path to the key, which should be treated as pass-through to the **REG\_MULTI\_SZ** value called **PassThroughPaths** of the key ```HKLM\Software\Microsoft\AppV\Subsystem\VirtualRegistry```. Any key that appears under this multi-string value (and their children) will be treated as pass-through. The following locations are configured as pass-through locations by default: @@ -263,7 +195,7 @@ The following locations are configured as pass-through locations by default: - HKEY\_CURRENT\_USER\\SOFTWARE\\Policies -The purpose of pass-through keys is to ensure that a virtual application does not write registry data in the VReg that is required for non-virtual applications for successful operation or integration. The Policies key ensures that Group Policy-based settings set by the administrator are utilized and not per package settings. The AppModel key is required for integration with Windows Modern UI-based applications. Administers ideally should not modify any of the default pass-through keys, but in some instances, based on application behavior the admin may need to add additional pass-through keys. +The purpose of pass-through keys is to ensure that a virtual application does not write registry data in the VReg that is required for non-virtual applications for successful operation or integration. The Policies key ensures that Group Policy-based settings set by the administrator are utilized and not per package settings. The AppModel key is required for integration with Windows Modern UI-based applications. Administers ideally should not modify any of the default pass-through keys, but in some instances, the admin may need to add additional pass-through keys to adjust application behavior. ## App-V package store behavior @@ -271,7 +203,7 @@ App-V manages the Package Store, which is the location where the expanded asset ### Add packages -App-V Packages are staged upon addition to the computer with the App-V Client. The App-V Client provides on-demand staging. During publishing or a manual Add-AppVClientPackage, the data structure is built in the package store (c:\\programdata\\App-V\\{PkgGUID}\\{VerGUID}). The package files identified in the publishing block defined in the StreamMap.xml are added to the system and the top level folders and child files staged to ensure proper application assets exist at launch. +App-V Packages are staged upon addition to the computer with the App-V Client. The App-V Client provides on-demand staging. When publishing or manually entering the **Add-AppVClientPackage** cmdlet, the data structure is built in the package store (C:\\programdata\\App-V\\{PkgGUID}\\{VerGUID}). The package files identified in the publishing block defined in the **StreamMap.xml** file are added to the system, and the top level folders and child files are staged to ensure proper application assets exist at launch. ### Mounting packages @@ -289,45 +221,7 @@ The App-V Client can be configured to change the default behavior of streaming. |PackageSourceRoot|The root override where packages should be streamed from| |SharedContentStoreMode|Enables the use of Shared Content Store for VDI scenarios| - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
PolicyDescription

AllowHighCostLaunch

Allows streaming over 3G and cellular networks

AutoLoad

Specifies the Background Load setting:

-

0 - Disabled

-

1 – Previously Used Packages only

-

2 – All Packages

PackageInstallationRoot

The root folder for the package store in the local machine

PackageSourceRoot

The root override where packages should be streamed from

SharedContentStoreMode

Enables the use of Shared Content Store for VDI scenarios

- -These settings affect the behavior of streaming App-V package assets to the client. By default, App-V only downloads the assets required after downloading the initial publishing and primary feature blocks. There are three specific behaviors around streaming packages that must be explained: +These settings affect the behavior of streaming App-V package assets to the client. By default, App-V only downloads the assets required after downloading the initial publishing and primary feature blocks. There are three specific behaviors in streaming packages that it's particularly important to understand: - Background Streaming - Optimized Streaming @@ -335,7 +229,7 @@ These settings affect the behavior of streaming App-V package assets to the clie ### Background streaming -The Windows PowerShell cmdlet ```Get-AppvClientConfiguration``` can be used to determine the current mode for background streaming with the AutoLoad setting and modified with the cmdlet Set-AppvClientConfiguration or from the registry (HKLM\\SOFTWARE\\Microsoft\\AppV\\ClientStreaming key). Background streaming is a default setting where the Autoload setting is set to download previously used packages. The behavior based on default setting (value=1) downloads App-V data blocks in the background after the application has been launched. This setting can be disabled all together (value=0) or enabled for all packages (value=2), whether they have been launched. +The Windows PowerShell cmdlet ```Get-AppvClientConfiguration``` can be used to determine the current mode for background streaming with the AutoLoad setting and modified with either the **Set-AppvClientConfiguration** cmdlet or from the registry (HKLM\\SOFTWARE\\Microsoft\\AppV\\ClientStreaming key). Background streaming is a default setting where the Autoload setting is set to download previously used packages. The behavior based on default setting (value=1) downloads App-V data blocks in the background after the application has been launched. This setting can either be disabled altogether (value=0) or enabled for all packages (value=2), regardless of whether they have been launched. ### Optimized streaming From 234bab4303fb9ee7641925e995ee27e58923add6 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Mon, 14 May 2018 11:13:12 -0700 Subject: [PATCH 018/319] Editorial changes continued --- .../appv-application-publishing-and-client-interaction.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 7d6b629a30..b59475bc77 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -245,7 +245,7 @@ App-V Packages require updating throughout the lifecycle of the application. App ### Package removal -The App-V Client's behavior when packages are removed depends on the package removal method. Using an App-V full infrastructure to unpublish the application, the user catalog files (machine catalog for globally published applications) are removed, but retains the package store location and COW locations. When the Windows PowerShell cmdlet ```Remove-AppVClientPackge``` is used to remove an App-V Package, the package store location is cleaned. Remember that unpublishing an App-V Package from the Management Server does not perform a Remove operation. Neither operation will remove the Package Store package files. +The App-V Client's behavior when packages are removed depends on the package removal method. Using an App-V full infrastructure to unpublish the application, the user catalog files (machine catalog for globally published applications) are removed, but retains the package store location and COW locations. When the **Remove-AppVClientPackge** Windows PowerShell cmdlet is used to remove an App-V Package, the package store location is cleaned. Remember that unpublishing an App-V Package from the Management Server does not perform a Remove operation. Neither operation will remove the Package Store package files. ## Roaming registry and data @@ -306,7 +306,7 @@ The current App-V Client VFS driver can't write to network locations, so the App This process solves the problem of a non-local %AppData% that is not supported by the App-V Client VFS driver. However, the data stored in this new location is not roamed with folder redirection. All changes during the running of the application happen to the local AppData location and must be copied to the redirected location. The detailed steps of this process are: -1. App-V application is shut down, which shuts down the virtual environment. +1. The App-V application is shut down, which shuts down the virtual environment. 2. The local cache of the roaming AppData location is compressed and stored in a .zip file. 3. A time stamp at the end of the .zip packaging process is used to name the file. 4. The time stamp is recorded in the HKEY\_CURRENT\_USER\\Software\\Microsoft\\AppV\\Client\\Packages\\<GUID>\\AppDataTime registry as the last known AppData time stamp. @@ -324,7 +324,7 @@ The time stamp is used to determine a “last writer wins” scenario if there i This completes the successful roaming of application settings that are present in AppData\\Roaming locations. The only other condition that must be addressed is a package repair operation. The details of the process are: -1. During repair, detect if the path to the user’s roaming AppData directory is not local. +1. During repair, detect if the path to the user’s roaming AppData directory isn't local. 2. Map the non-local roaming AppData path targets are recreated the expected roaming and local AppData locations. 3. Delete the time stamp stored in the registry, if present. From c556663ed203d2169c443b71d3a9040fe17bdbe3 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Mon, 14 May 2018 11:19:42 -0700 Subject: [PATCH 019/319] Removed unnecessary hyphen --- .../appv-application-publishing-and-client-interaction.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index b59475bc77..e1f6e45eab 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -325,10 +325,10 @@ The time stamp is used to determine a “last writer wins” scenario if there i This completes the successful roaming of application settings that are present in AppData\\Roaming locations. The only other condition that must be addressed is a package repair operation. The details of the process are: 1. During repair, detect if the path to the user’s roaming AppData directory isn't local. -2. Map the non-local roaming AppData path targets are recreated the expected roaming and local AppData locations. +2. Map the non-local roaming AppData path targets, recreating the expected roaming and local AppData locations. 3. Delete the time stamp stored in the registry, if present. -This process will re-create both the local and network locations for AppData and remove the registry record of the time stamp. +This process will recreate both the local and network locations for AppData and remove the registry record of the time stamp. ## App-V Client application lifecycle management From cc50450d9cbd7297e3a5c764ef6c8c30bb71973f Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Mon, 14 May 2018 16:43:32 -0700 Subject: [PATCH 020/319] Continued editorial changes --- ...-application-publishing-and-client-interaction.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index e1f6e45eab..3f37c1d810 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -436,17 +436,15 @@ During the Publishing Refresh operation, the specific publishing operation, **Pu >[!NOTE] >This enables restore extension points if the package is unpublished. - - 3. Run scripts targeted for publishing timing. -Publishing an App-V Package that is part of a Connection Group is very similar to the above process. For connection groups, the path that stores the specific catalog information includes PackageGroups as a child of the Catalog Directory. Review the machine and users catalog information in the preceding sections for details. +Publishing an App-V Package that is part of a Connection Group is very similar to the above process. For connection groups, the path that stores the specific catalog information includes PackageGroups as a child of the Catalog Directory. Review the Machine and User Catalog information in the preceding sections for details. ![package add file and registry data - global](images/packageaddfileandregistrydata-global.png) ### Application launch -After the Publishing Refresh process, the user launches and subsequently re-launches an App-V application. The process is very simple and optimized to launch quickly with a minimum of network traffic. The App-V Client checks the path to the user catalog for files created during publishing. After rights to launch the package are established, the App-V Client creates a virtual environment, begins streaming any necessary data, and applies the appropriate manifest and deployment configuration files during virtual environment creation. With the virtual environment created and configured for the specific package and application, the application starts. +After the Publishing Refresh process, the user launches and then relaunches an App-V application. The App-V Client checks the path to the user catalog for files created during publishing. After establishing rights to launch the package, the App-V Client creates a virtual environment, begins streaming any necessary data, and applies the appropriate manifest and deployment configuration files during virtual environment creation. Once the virtual environment created and configured for the specific package and application, the application starts. This might seem like a lot, but the process in action is actually quite fast, and is optimized to minimize network traffic. #### How to launch App-V applications @@ -471,7 +469,7 @@ After the Publishing Refresh process, the user launches and subsequently re-laun ### Upgrading an App-V package -The App-V package upgrade process in the current version of App-V differs from the older versions. App-V supports multiple versions of the same package on a machine entitled to different users. Package versions can be added at any time, as the package store and catalogs are updated with the new resources. The only process specific to the addition of new version resources is storage optimization. During an upgrade, only new files are added to the new version store location, and hard links are created for unchanged files. This reduces overall storage by only presenting the file on one disk location and then projecting it into all folders with a file location entry on the disk. +The current version of App-V's package upgrade process differs from the older versions in its storage optimization. App-V supports multiple versions of the same package on a machine entitled to different users. Package versions can be added at any time, as the package store and catalogs are updated with the new resources. During an upgrade in the new version, only new files are added to the new version store location, and hard links are created for unchanged files. This reduces overall storage by only presenting the file on one disk location, then projecting it into all folders with a file location entry on the disk. #### How to upgrade an App-V package @@ -602,7 +600,7 @@ As mentioned previously, the App-V shortcuts are placed by default in the user ### File type associations -The App-V Client manages the local operating system File Type Associations during publishing, which enables users to use file type invocations or to open a file with a specifically registered extension (.docx) to start an App-V application. File type associations are present in the manifest and dynamic configuration files as represented in the example below: +The App-V Client manages the local operating system File Type Associations during publishing, which enables users to use file type invocations or to open a file with a specifically registered extension (.docx) to start an App-V application. File type associations are present in the manifest and dynamic configuration files, as represented in the following example: ```XML @@ -654,7 +652,7 @@ Shell extensions are embedded in the package automatically during the sequencing #### Requirements for using shell extensions - Packages that contain embedded shell extensions must be published globally. -- The “bitness” of the application, Sequencer, and App-V Client must match, or the shell extensions won’t work. For example: +- The “bitness” of the application, Sequencer, and App-V Client must match, or the shell extensions won’t work. The following example configuration fuflills the matching requirement: - The version of the application is 64-bit. - The Sequencer is running on a 64-bit computer. - The package is being delivered to a 64-bit App-V Client computer. From d4a48f591e776362d548b6e0bfca73b4a73551e4 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 15 May 2018 11:14:55 -0700 Subject: [PATCH 021/319] Continued editorial changes --- .../appv-application-publishing-and-client-interaction.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 3f37c1d810..6d9f2a6201 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -738,7 +738,7 @@ For situations where there is more than one application that could register the ### AppPath -The AppPath extension point supports calling App-V applications directly from the operating system. This is typically accomplished from the Run or Start Screen, depending on the operating system, which enables administrators to provide access to App-V applications from operating system commands or scripts without calling the specific path to the executable. It therefore avoids modifying the system path environment variable on all systems, as it is accomplished during publishing. +The AppPath extension point supports calling App-V applications directly from the operating system. Administrators can provide access to App-V applications from operating system commands or scripts without calling the specific path to the executable from either the Run or Start Screen, depending on the operating system. It therefore avoids modifying the system path environment variable on all systems, as it is accomplished during publishing. The AppPath extension point is configured either in the manifest or in the dynamic configuration files and is stored in the registry on the local machine during publishing for the user. For additional information on AppPath review: [App Paths - A Virtual Application Extension in App-V 5.0](https://blogs.technet.microsoft.com/virtualworld/2012/12/12/app-paths-a-virtual-application-extension-in-app-v-5-0/). @@ -777,9 +777,9 @@ Deploying App-V packages to a single machine or user is very simple. However, as App-V dynamic configuration lets you specify a package policy at either the machine or user levels. Dynamic Configuration files enable sequencing engineers to modify the configuration of a package post-sequencing to address the needs of individual groups of users or machines. In some instances, it may be necessary to modify the application to provide proper functionality within the App-V environment. For example, you may need to modify the \_\*config.xml files to allow certain actions to be performed at a specified time while executing the application, like disabling a mailto extension to prevent a virtualized application from overwriting that extension from another application. -App-V packages contain the Manifest file inside of the appv package file, which is representative of sequencing operations and is the policy of choice unless Dynamic Configuration files are assigned to a specific package. Post-sequencing, the Dynamic Configuration files can be modified to allow an application to be published to different desktops or users with different extension points. The two Dynamic Configuration Files are the Dynamic Deployment Configuration (DDC) and Dynamic User Configuration (DUC) files. This section focuses on the combination of the manifest and dynamic configuration files. +App-V packages contain the Manifest file inside of the App-V Package file, which is representative of sequencing operations and is the policy of choice unless Dynamic Configuration files are assigned to a specific package. Post-sequencing, the Dynamic Configuration files can be modified to allow an application to be published to different desktops or users with different extension points. The two Dynamic Configuration files are the Dynamic Deployment Configuration (DDC) and Dynamic User Configuration (DUC) files. This section focuses on the combination of the manifest and dynamic configuration files. -### Example for dynamic configuration files +### Examples of dynamic configuration files The following example shows the combination of the Manifest, Deployment Configuration, and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only, not to be a complete description of the specific categories available in each file. For more information, download the [App-V Sequencing Guide](https://www.microsoft.com/en-us/download/details.aspx?id=27760). From fede32b1fef6f16fa7b7628e764dd627ad373ef2 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 15 May 2018 13:21:49 -0700 Subject: [PATCH 022/319] Replaced unnecessary uses of "enabled" --- ...ation-publishing-and-client-interaction.md | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 6d9f2a6201..e4747adc38 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -173,7 +173,7 @@ There are two COW locations for HKLM: elevated and non-elevated processes. Eleva ### Pass-through keys -Pass-through keys enable an administrator to configure certain keys so they can only be read from the native registry, bypassing the Package and COW locations. Pass-through locations are global to the machine (not package-specific) and can be configured by adding the path to the key, which should be treated as pass-through to the **REG\_MULTI\_SZ** value called **PassThroughPaths** of the key ```HKLM\Software\Microsoft\AppV\Subsystem\VirtualRegistry```. Any key that appears under this multi-string value (and their children) will be treated as pass-through. +An administrator can use pass-through keys to configure certain keys to only be read from the native registry, bypassing the Package and COW locations. Pass-through locations are global to the machine (not package-specific) and can be configured by adding the path to the key, which should be treated as pass-through to the **REG\_MULTI\_SZ** value called **PassThroughPaths** of the key ```HKLM\Software\Microsoft\AppV\Subsystem\VirtualRegistry```. Any key that appears under this multi-string value (and their children) will be treated as pass-through. The following locations are configured as pass-through locations by default: @@ -564,7 +564,7 @@ When App-V applications are published to a computer with the App-V Client, some ### Extension points -The App-V publishing files (manifest and dynamic configuration) provide several extension points that enable the application to integrate with the local operating system. These extension points perform typical application installation tasks, such as placing shortcuts, creating file type associations, and registering components. As these are virtualized applications that are not installed in the same manner a traditional application, there are some differences. The following is a list of extension points covered in this section: +The App-V publishing files (manifest and dynamic configuration) provide several extension points to integrate the application with the local operating system. These extension points perform typical application installation tasks, such as placing shortcuts, creating file type associations, and registering components. As these are virtualized applications that are not installed in the same manner a traditional application, there are some differences. The following is a list of extension points covered in this section: - Shortcuts - File type associations @@ -600,7 +600,7 @@ As mentioned previously, the App-V shortcuts are placed by default in the user ### File type associations -The App-V Client manages the local operating system File Type Associations during publishing, which enables users to use file type invocations or to open a file with a specifically registered extension (.docx) to start an App-V application. File type associations are present in the manifest and dynamic configuration files, as represented in the following example: +Users can use file type invocations or open a file with a specifically registered extension (.docx) to start an App-V application because the App-V Client manages the local operating system File Type Associations during publishing. File type associations are present in the manifest and dynamic configuration files, as shown in the following example: ```XML @@ -680,7 +680,7 @@ For details on App-V integration, see [Microsoft Application Virtualization 5.0 ### Software clients and application capabilities -App-V supports specific software clients and application capabilities extension points that enable virtualized applications to be registered with the software client of the operating system. This enables users to select default programs for operations like email, instant messaging, and using the media player. This operation is performed in the control panel with **Set Program Access** and **Computer Defaults**, and configured during sequencing in the manifest or dynamic configuration files. Application capabilities are only supported when the App-V applications are published globally. +App-V supports specific software clients and application capabilities extension points to register virtualized applications with the operating system's software client. This means users can select default programs for operations like email, instant messaging, and using the media player. This operation is performed in the control panel with **Set Program Access** and **Computer Defaults**, and configured during sequencing in the manifest or dynamic configuration files. Application capabilities are only supported when the App-V applications are published globally. The following is an example of software client registration of an App-V-based mail client. @@ -775,7 +775,7 @@ Extension points are not all published the same way, where some extension points Deploying App-V packages to a single machine or user is very simple. However, as organizations deploy App-V applications across business lines and geographic and political boundaries, it becomes impossible to sequence all applications with the same settings. App-V was designed to overcome this problem by capturing specific settings and configurations during sequencing in the Manifest file while also supporting modification with Dynamic Configuration files. -App-V dynamic configuration lets you specify a package policy at either the machine or user levels. Dynamic Configuration files enable sequencing engineers to modify the configuration of a package post-sequencing to address the needs of individual groups of users or machines. In some instances, it may be necessary to modify the application to provide proper functionality within the App-V environment. For example, you may need to modify the \_\*config.xml files to allow certain actions to be performed at a specified time while executing the application, like disabling a mailto extension to prevent a virtualized application from overwriting that extension from another application. +App-V dynamic configuration lets you specify a package policy at either the machine or user levels. Sequencing engineers can use Dynamic Configuration files to modify the configuration of a package post-sequencing to address the needs of individual groups of users or machines. In some instances, it may be necessary to modify the application to provide proper functionality within the App-V environment. For example, you may need to modify the \_\*config.xml files to allow certain actions to be performed at a specified time while executing the application, like disabling a mailto extension to prevent a virtualized application from overwriting that extension from another application. App-V packages contain the Manifest file inside of the App-V Package file, which is representative of sequencing operations and is the policy of choice unless Dynamic Configuration files are assigned to a specific package. Post-sequencing, the Dynamic Configuration files can be modified to allow an application to be published to different desktops or users with different extension points. The two Dynamic Configuration files are the Dynamic Deployment Configuration (DDC) and Dynamic User Configuration (DUC) files. This section focuses on the combination of the manifest and dynamic configuration files. @@ -851,18 +851,20 @@ The following example shows the combination of the Manifest, Deployment Configur ## Side-by-side assemblies -App-V supports automatic packaging of side-by-side assemblies during sequencing and deployment on the client during virtual application publishing. App-V also supports capturing side-by-side assemblies during sequencing for assemblies not present on the sequencing machine. For assemblies consisting of Visual C++ (Version 8 and newer) or MSXML run-time, the Sequencer will automatically detect and capture these dependencies even if they weren't installed during monitoring. The side-by-side assemblies feature removes the limitations of previous versions of App-V, where the App-V Sequencer did not capture assemblies already present on the sequencing workstation, and privatizing the assemblies which limited to one bit version per package. This behavior resulted in App-V applications deployed to clients missing the required side-by-side assemblies, causing application launch failures. This forced the packaging process to document and then ensure that all assemblies required for packages were locally installed on the user’s client operating system to ensure support for the virtual applications. Based on the number of assemblies and the lack of application documentation for the required dependencies, this task was both a management and implementation challenge. +App-V supports automatic packaging of side-by-side assemblies during sequencing and deployment on the client during virtual application publishing. App-V also supports capturing side-by-side assemblies during sequencing for assemblies not present on the sequencing machine. For assemblies consisting of Visual C++ (Version 8 and newer) or MSXML run-time, the Sequencer will automatically detect and capture these dependencies even if they weren't installed during monitoring. + +The side-by-side assemblies feature removes the limitations of previous versions of App-V, where the App-V Sequencer did not capture assemblies already present on the sequencing workstation, and privatized the assemblies, which limited it to one bit version per package. This behavior resulted in App-V applications being deployed to clients missing the required side-by-side assemblies, which led to application launch failures. This forced the packaging process to document and ensure that all assemblies required for packages were locally installed on the user’s client operating system. This task was both a management and implementation challenge due to the number of assemblies and the lack of application documentation for the required dependencies. Side-by-side assembly support in App-V has the following features: -- Automatic captures of side-by-side assembly during Sequencing, regardless of whether the assembly was already installed on the sequencing workstation. +- Automatic captures of side-by-side assembly during sequencing, regardless of whether the assembly was already installed on the sequencing workstation. - The App-V Client automatically installs required side-by-side assemblies to the client computer at publishing time if they aren't already installed. - The Sequencer reports the VC run-time dependency in Sequencer reporting mechanism. -- The Sequencer allows opting to not package the assemblies that are already installed on the Sequencer, supporting scenarios where the assemblies have previously been installed on the target computers. +- The Sequencer allows opting to not package assemblies already installed on the Sequencer, supporting scenarios where the assemblies have previously been installed on the target computers. ### Automatic publishing of side-by-side assemblies -During publishing of an App-V package with side-by-side assemblies, the App-V Client will check for the presence of the assembly on the machine. If the assembly does not exist, the client will deploy the assembly to the machine. Packages that are part of connection groups will rely on the side-by-side assembly installations in the base packages, as the connection groups don't contain any information about assembly installation. +During publishing of an App-V package with side-by-side assemblies, the App-V Client will check for the presence of the assembly on the machine. If it doesn't detect an assembly, the client will deploy the assembly to the machine. Packages that are part of connection groups will rely on the side-by-side assembly installations in the base packages, as the connection groups don't contain any information about assembly installation. >[!NOTE] >Unpublishing or removing a package with an assembly does not remove the assemblies for that package. From c8ae649193550e8e3301156dccb723d9a58127db Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 15 May 2018 13:49:41 -0700 Subject: [PATCH 023/319] Editorial changes --- ...istering-virtual-applications-with-the-management-console.md | 2 +- .../app-v/appv-application-publishing-and-client-interaction.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md index 58e54b4527..5abc5df2bd 100644 --- a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md +++ b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md @@ -48,7 +48,7 @@ The main elements of the App-V Management Console are: |Administrators tab|Use the **Administrators** tab to register, add, or remove administrators in your App-V environment.| >[!IMPORTANT] ->JavaScript must be enabled on the browser you use to open the Web Management Console. +>The browser you're using to open the Web Management Console must have JavaScript enabled. ## Have a suggestion for App-V? diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index e4747adc38..5bedf07e80 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -51,7 +51,7 @@ The appv file contains the following folder and files, which are used when creat ## App-V Client data storage locations -The App-V Client performs tasks to ensure that virtual applications run properly and work like locally installed applications. The process of opening and running virtual applications requires mapping from the virtual file system and registry to ensure the application has the required components of a traditional application expected by users. This section describes the assets that are required to run virtual applications and lists the location where App-V stores the assets. +The App-V Client performs tasks to keep virtual applications running properly and working like locally installed applications. The process of opening and running virtual applications requires mapping from the virtual file system and registry to ensure the application has the required components of a traditional application expected by users. This section describes the assets that are required to run virtual applications and lists the location where App-V stores the assets. | Name | Location | Description | |---|---|---| From 089059c61a9cb1c19bbbce1f776a855bc6c1f6a2 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 15 May 2018 14:30:07 -0700 Subject: [PATCH 024/319] Error fix sweep --- ...ation-publishing-and-client-interaction.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 5bedf07e80..9902296574 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -55,15 +55,15 @@ The App-V Client performs tasks to keep virtual applications running properly an | Name | Location | Description | |---|---|---| -| Package Store | %ProgramData%\App-V| Default location for read only package files| -| Machine Catalog | %ProgramData%\Microsoft\AppV\Client\Catalog| Contains per-machine configuration documents| -| User Catalog | %AppData%\Microsoft\AppV\Client\Catalog| Contains per-user configuration documents| -| Shortcut Backups | %AppData%\Microsoft\AppV\Client\Integration\ShortCutBackups| Stores previous integration points that enable restore on package unpublish| -| Copy on Write (COW) Roaming | %AppData%\Microsoft\AppV\Client\VFS| Writeable roaming location for package modification| -| Copy on Write (COW) Local | %LocalAppData%\Microsoft\AppV\Client\VFS| Writeable non-roaming location for package modification| -| Machine Registry | HKLM\Software\Microsoft\AppV| Contains package state information, including VReg for machine or globally published packages (Machine hive)| -| User Registry | HKCU\Software\Microsoft\AppV| Contains user package state information including VReg| -| User Registry Classes | HKCU\Software\Classes\AppV| Contains additional user package state information| +| Package Store | %ProgramData%\App-V| Default location for read-only package files.| +| Machine Catalog | %ProgramData%\Microsoft\AppV\Client\Catalog| Contains per-machine configuration documents.| +| User Catalog | %AppData%\Microsoft\AppV\Client\Catalog| Contains per-user configuration documents.| +| Shortcut Backups | %AppData%\Microsoft\AppV\Client\Integration\ShortCutBackups| Stores previous integration points that enable restore on package unpublish.| +| Copy on Write (COW) Roaming | %AppData%\Microsoft\AppV\Client\VFS| Writeable roaming location for package modification.| +| Copy on Write (COW) Local | %LocalAppData%\Microsoft\AppV\Client\VFS| Writeable non-roaming location for package modification.| +| Machine Registry | HKLM\Software\Microsoft\AppV| Contains package state information, including VReg for machine or globally published packages (Machine hive).| +| User Registry | HKCU\Software\Microsoft\AppV| Contains user package state information including VReg.| +| User Registry Classes | HKCU\Software\Classes\AppV| Contains additional user package state information.| Additional details for the table are provided in the section below and throughout the document. @@ -97,7 +97,7 @@ The App-V Client manages the following two file-based locations: ||| |---|---| -|Description|Stores package documents that are available to users on the machine, when packages are added and published. However, if a package is “global” at publishing time, the integrations are available to all users.

If a package is non-global, the integrations are published only for specific users, but there are still global resources that are modified and visible to anyone on the client computer (such as when the package directory is in a shared disk location).

If a package is available to a user on the computer (global or non-global), the manifest is stored in the Machine Catalog. When a package is published globally, there is a Dynamic Configuration file, stored in the Machine Catalog; therefore, the determination of whether a package is global is defined according to whether there is a policy file (UserDeploymentConfiguration file) in the Machine Catalog.| +|Description|Stores package documents that are available to users on the machine when packages are added and published. However, if a package is “global” at publishing time, the integrations are available to all users.

If a package is non-global, the integrations are published only for specific users, but there are still global resources that are modified and visible to anyone on the client computer (such as when the package directory is in a shared disk location).

If a package is available to a user on the computer (global or non-global), the manifest is stored in the Machine Catalog. When a package is published globally, there is a Dynamic Configuration file, stored in the Machine Catalog; therefore, the determination of whether a package is global is defined according to whether there is a policy file (UserDeploymentConfiguration file) in the Machine Catalog.| |Default storage location|```%programdata%\Microsoft\AppV\Client\Catalog\```

This location is not the same as the Package Store location. The Package Store is the golden or pristine copy of the package files.| |Files in the machine catalog|- Manifest.xml
- DeploymentConfiguration.xml
- UserManifest.xml (Globally Published Package)
- UserDeploymentConfiguration.xml (Globally Published Package)| |Additional machine catalog location, used when the package is part of a connection group|The following location is in addition to the specific package location mentioned previously as the default storage location:

```%programdata%\Microsoft\AppV\Client\Catalog\PackageGroups\ConGroupGUID\ConGroupVerGUID```| @@ -119,7 +119,7 @@ During the publishing process, the App-V Client backs up any shortcuts and integ ### Copy on Write files -The Package Store contains a pristine copy of the package files that have been streamed from the publishing server. During normal operation of an App-V application, the user or service may require changes to the files. These changes are not made in the package store in order to preserve your ability to repair the application, which removes these changes. These locations, called Copy on Write (COW), support both roaming and non-roaming locations. The location where the modifications are stored depends where the application has been programmed to write changes to in a native experience. +The Package Store contains a pristine copy of the package files that have been streamed from the publishing server. During normal operation of an App-V application, the user or service may require changes to the files. However, these changes aren't made in the package store to preserve your ability to repair the application, which removes these changes. These locations, called Copy on Write (COW), support both roaming and non-roaming locations. The location where the modifications are stored depends where the application has been programmed to write changes to in a native experience. ### COW roaming @@ -127,7 +127,7 @@ The COW Roaming location described above stores changes to files and directories ### COW local -The COW Local location is similar to the roaming location, but the directories and files are not roamed to other computers, even if roaming support has been configured. The COW Local location described above stores changes applicable to typical windows and not the %AppData% location. The directories listed will vary but there will be two locations for any typical Windows locations (for example, Common AppData and Common AppDataS). The **S** signifies the restricted location when the virtual service requests the change as a different elevated user from the logged on users. The non-**S** location stores user based changes. +The COW Local location is similar to the roaming location, but the directories and files are not roamed to other computers, even if roaming support has been configured. The COW Local location described above stores changes applicable to typical windows and not the %AppData% location. The directories listed will vary but there will be two locations for any typical Windows locations (for example, Common AppData and Common AppDataS). The **S** signifies the restricted location when the virtual service requests the change as a different elevated user from the signed-in users. The non-**S** location stores user-based changes. ## Package registry @@ -137,7 +137,7 @@ When a new package is added to the App-V Client, a copy of the REGISTRY.DAT file **Registry.dat from Package Store** > **%ProgramData%\Microsoft\AppV\Client\Vreg\\{VersionGuid}.dat** -When the first application from the package is launched on the client, the client stages or copies the contents out of the hive file, re-creating the package registry data in an alternate location ```HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\PackageGuid\Versions\VersionGuid\REGISTRY```. The staged registry data has two distinct types of machine data and user data. Machine data is shared across all users on the machine. User data is staged for each user to a userspecific location ```HKCU\Software\Microsoft\AppV\Client\Packages\PackageGuid\Registry\User```. The machine data is ultimately removed at package removal time, and the user data is removed on a user unpublish operation. +When the first application from the package is launched on the client, the client stages or copies the contents out of the hive file, re-creating the package registry data in an alternate location ```HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\PackageGuid\Versions\VersionGuid\REGISTRY```. The staged registry data has two distinct types of machine data and user data. Machine data is shared across all users on the machine. User data is staged for each user to a user-specific location ```HKCU\Software\Microsoft\AppV\Client\Packages\PackageGuid\Registry\User```. The machine data is ultimately removed at package removal time, and the user data is removed on a user unpublish operation. ### Package registry staging vs. connection group registry staging @@ -157,7 +157,7 @@ There are two package registry locations and two connection group locations wher |Location|Description| |---|---| -|COW|- Machine Registry\Client\Packages\PkgGUID\REGISTRY (Only elevate process can write)
- User Registry\Client\Packages\PkgGUID\REGISTRY (User Roaming anything written under HKCU except Software\Classes
- User Registry Classes\Client\Packages\PkgGUID\REGISTRY (HKCU\Software\Classes writes and HKLM for non elevated process)| +|COW|- Machine Registry\Client\Packages\PkgGUID\REGISTRY (Only elevate process can write)
- User Registry\Client\Packages\PkgGUID\REGISTRY (User Roaming anything written under HKCU except Software\Classes
- User Registry Classes\Client\Packages\PkgGUID\REGISTRY (HKCU\Software\Classes writes and HKLM for non-elevated process)| |Package|- Machine Registry\Client\Packages\PkgGUID\Versions\VerGuid\Registry\Machine
- User Registry Classes\Client\Packages\PkgGUID\Versions\VerGUID\Registry| |Native|- Native application registry location| From 5ef357a7eb359dffbf24dc9e50c20d74bd7a2d98 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 15 May 2018 15:47:55 -0700 Subject: [PATCH 025/319] Passive voice & editorial changes --- ...ation-publishing-and-client-interaction.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 9902296574..cf5a6a46e8 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -147,7 +147,7 @@ The staged registry persists the same way as in the single package case. Staged ### Virtual registry -The purpose of the virtual registry (VREG) is to provide a single merged view of the package registry and the native registry to applications. It also provides copy-on-write (COW) functionality—that is, any changes made to the registry from the context of a virtual process are made to a separate COW location. This means that the VREG must combine up to three separate registry locations into a single view based on the populated locations in the registry COW -> package -> native. When a request is made for a registry data it will locate in order until it finds the data it was requesting. Meaning if there is a value stored in a COW location it will not proceed to other locations, however, if there is no data in the COW location it will proceed to the Package and then Native location until it finds the appropriate data. +The purpose of the virtual registry (VREG) is to provide a single merged view of the package registry and the native registry to applications. It also provides copy-on-write (COW) functionality—that is, any changes made to the registry from the context of a virtual process are made to a separate COW location. This means that the VREG must combine up to three separate registry locations into a single view based on the populated locations in the **registry COW** > **package** > **native**. When a request is made for a registry data it will locate in order until it finds the data it was requesting. Meaning if there is a value stored in a COW location it will not proceed to other locations, however, if there is no data in the COW location it will proceed to the Package and then Native location until it finds the appropriate data. ### Registry locations @@ -241,11 +241,11 @@ After the initial stream of any publishing data and the primary feature block, r ### Package upgrades -App-V Packages require updating throughout the lifecycle of the application. App-V Package upgrades are similar to the package publish operation, as each version will be created in its own PackageRoot location: ```%ProgramData%\App-V\{PkgGUID}\{newVerGUID}```. The upgrade operation is optimized by creating hard links to identical and streamed files from other versions of the same package. +App-V Packages require updating throughout the lifecycle of the application. App-V Package upgrades are like the package publish operation, as each version will be created in its own PackageRoot location: ```%ProgramData%\App-V\{PkgGUID}\{newVerGUID}```. The upgrade operation is optimized by creating hard links to identical and streamed files from other versions of the same package. ### Package removal -The App-V Client's behavior when packages are removed depends on the package removal method. Using an App-V full infrastructure to unpublish the application, the user catalog files (machine catalog for globally published applications) are removed, but retains the package store location and COW locations. When the **Remove-AppVClientPackge** Windows PowerShell cmdlet is used to remove an App-V Package, the package store location is cleaned. Remember that unpublishing an App-V Package from the Management Server does not perform a Remove operation. Neither operation will remove the Package Store package files. +The App-V Client's behavior when packages are removed depends on the package removal method. Using an App-V full infrastructure to unpublish the application, the user catalog files (machine catalog for globally published applications) are removed, but the package store location and COW locations remain. When the **Remove-AppVClientPackge** Windows PowerShell cmdlet is used to remove an App-V Package, the package store location is cleaned. Remember that unpublishing an App-V Package from the Management Server does not perform a Remove operation. Neither operation will remove the Package Store package files. ## Roaming registry and data @@ -306,20 +306,20 @@ The current App-V Client VFS driver can't write to network locations, so the App This process solves the problem of a non-local %AppData% that is not supported by the App-V Client VFS driver. However, the data stored in this new location is not roamed with folder redirection. All changes during the running of the application happen to the local AppData location and must be copied to the redirected location. The detailed steps of this process are: -1. The App-V application is shut down, which shuts down the virtual environment. -2. The local cache of the roaming AppData location is compressed and stored in a .zip file. -3. A time stamp at the end of the .zip packaging process is used to name the file. -4. The time stamp is recorded in the HKEY\_CURRENT\_USER\\Software\\Microsoft\\AppV\\Client\\Packages\\<GUID>\\AppDataTime registry as the last known AppData time stamp. -5. The folder redirection process is called to evaluate and initiate the .zip file uploaded to the roaming AppData directory. +1. Shut down the App-V application, which also shuts down the virtual environment. +2. Compress the local cache of the roaming AppData location and store it in a .zip file. +3. Use the time stamp at the end of the .zip packaging process to name the file. +4. Record the time stamp in the HKEY\_CURRENT\_USER\\Software\\Microsoft\\AppV\\Client\\Packages\\<GUID>\\AppDataTime registry as the last known AppData time stamp. +5. Call the folder redirection process to evaluate and initiate the .zip file uploaded to the roaming AppData directory. -The time stamp is used to determine a “last writer wins” scenario if there is a conflict and is used to optimize the download of the data when the App-V application is published or the virtual environment is started. Folder redirection will make the data available from any other clients covered by the supporting policy and will initiate the process of storing the AppData\\Roaming data to the local AppData location on the client. The detailed processes are: +The time stamp is used to determine a “last writer wins” scenario if there is a conflict and is used to optimize the download of the data when the App-V application is published, or the virtual environment is started. Folder redirection will make the data available from any other clients covered by the supporting policy and will initiate the process of storing the AppData\\Roaming data to the local AppData location on the client. The detailed processes are: -1. The user starts the virtual environment by starting an application. +1. The user starts an application, which also starts the virtual environment. 2. The application’s virtual environment checks for the most recent time stamped .zip file, if present. -3. The registry is checked for the last known uploaded time stamp, if present. +3. The virtual environment checks the registry for the last known uploaded time stamp, if present. 4. The most recent .zip file is downloaded unless the local last known upload time stamp is greater than or equal to the time stamp from the .zip file. 5. If the local last known upload time stamp is earlier than that of the most recent .zip file in the roaming AppData location, the .zip file is extracted to the local temp directory in the user’s profile. -6. After the .zip file is successfully extracted, the local cache of the roaming AppData directory is renamed and the new data is moved into place. +6. After the .zip file is successfully extracted, the local cache of the roaming AppData directory is renamed and the new data moved into place. 7. The renamed directory is deleted and the application opens with the most recently saved roaming AppData data. This completes the successful roaming of application settings that are present in AppData\\Roaming locations. The only other condition that must be addressed is a package repair operation. The details of the process are: From 1774417a72ce5b1166608d4ef6d60d40601fc87d Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Wed, 16 May 2018 10:18:54 -0700 Subject: [PATCH 026/319] Editorial changes --- ...ation-publishing-and-client-interaction.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index cf5a6a46e8..969d5c7296 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -298,35 +298,35 @@ The following table shows local and roaming locations, when folder redirection h | appv_ROOT | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\appv\_ROOT | | AppData | \\Fileserver\users\Local\roaming\Microsoft\AppV\Client\VFS\\<GUID>\AppData | -The current App-V Client VFS driver can't write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. The detailed steps of the processes are: +The current App-V Client VFS driver can't write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. Here's what happens during the process: 1. During publishing or virtual environment startup, the App-V Client detects the location of the AppData directory. 2. If the roaming AppData path is local or ino AppData\\Roaming location is mapped, nothing happens. 3. If the roaming AppData path is not local, the VFS AppData directory is mapped to the local AppData directory. -This process solves the problem of a non-local %AppData% that is not supported by the App-V Client VFS driver. However, the data stored in this new location is not roamed with folder redirection. All changes during the running of the application happen to the local AppData location and must be copied to the redirected location. The detailed steps of this process are: +This process solves the problem of a non-local %AppData% that is not supported by the App-V Client VFS driver. However, the data stored in this new location is not roamed with folder redirection. All changes during the running of the application happen to the local AppData location and must be copied to the redirected location. The process does the following things: -1. Shut down the App-V application, which also shuts down the virtual environment. -2. Compress the local cache of the roaming AppData location and store it in a .zip file. -3. Use the time stamp at the end of the .zip packaging process to name the file. -4. Record the time stamp in the HKEY\_CURRENT\_USER\\Software\\Microsoft\\AppV\\Client\\Packages\\<GUID>\\AppDataTime registry as the last known AppData time stamp. -5. Call the folder redirection process to evaluate and initiate the .zip file uploaded to the roaming AppData directory. +1. Shuts down the App-V application, which also shuts down the virtual environment. +2. Compresses the local cache of the roaming AppData location and store it in a .zip file. +3. Uses the time stamp at the end of the .zip packaging process to name the file. +4. Records the time stamp in the HKEY\_CURRENT\_USER\\Software\\Microsoft\\AppV\\Client\\Packages\\<GUID>\\AppDataTime registry as the last known AppData time stamp. +5. Calls the folder redirection process to evaluate and initiate the .zip file uploaded to the roaming AppData directory. -The time stamp is used to determine a “last writer wins” scenario if there is a conflict and is used to optimize the download of the data when the App-V application is published, or the virtual environment is started. Folder redirection will make the data available from any other clients covered by the supporting policy and will initiate the process of storing the AppData\\Roaming data to the local AppData location on the client. The detailed processes are: +The time stamp is used to determine a “last writer wins” scenario if there is a conflict and is used to optimize the download of the data when the App-V application is published, or the virtual environment is started. Folder redirection will make the data available from any other clients covered by the supporting policy and will initiate the process of storing the AppData\\Roaming data to the local AppData location on the client. Here's what happens during the process: 1. The user starts an application, which also starts the virtual environment. 2. The application’s virtual environment checks for the most recent time stamped .zip file, if present. 3. The virtual environment checks the registry for the last known uploaded time stamp, if present. -4. The most recent .zip file is downloaded unless the local last known upload time stamp is greater than or equal to the time stamp from the .zip file. -5. If the local last known upload time stamp is earlier than that of the most recent .zip file in the roaming AppData location, the .zip file is extracted to the local temp directory in the user’s profile. +4. The virtual environment downloads the most recent .zip file unless the local last known upload time stamp is greater than or equal to the time stamp from the .zip file. +5. If the local last known upload time stamp is earlier than that of the most recent .zip file in the roaming AppData location, the virtual environment extracts the .zip file to the local temp directory in the user’s profile. 6. After the .zip file is successfully extracted, the local cache of the roaming AppData directory is renamed and the new data moved into place. 7. The renamed directory is deleted and the application opens with the most recently saved roaming AppData data. -This completes the successful roaming of application settings that are present in AppData\\Roaming locations. The only other condition that must be addressed is a package repair operation. The details of the process are: +This completes the successful roaming of application settings that are present in AppData\\Roaming locations. The only other condition that must be addressed is a package repair operation. The process does the following things: -1. During repair, detect if the path to the user’s roaming AppData directory isn't local. -2. Map the non-local roaming AppData path targets, recreating the expected roaming and local AppData locations. -3. Delete the time stamp stored in the registry, if present. +1. During repair, detects if the path to the user’s roaming AppData directory isn't local. +2. Maps the non-local roaming AppData path targets, recreating the expected roaming and local AppData locations. +3. Deletes the time stamp stored in the registry, if present. This process will recreate both the local and network locations for AppData and remove the registry record of the time stamp. From c4a086a4747f4e1eb12e973917e927554a786233 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Fri, 18 May 2018 15:20:29 -0700 Subject: [PATCH 027/319] Editorial changes --- ...ministrator-with-the-management-console.md | 2 +- ...de-packages-with-the-management-console.md | 4 +-- ...ation-publishing-and-client-interaction.md | 32 +++++++++---------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md index 7867900bd3..a7c0447d3e 100644 --- a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md +++ b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md @@ -22,7 +22,7 @@ Use the following procedures to add or remove an administrator on the Microsoft ## Remove an administrator using the Management Console -1. Open the Microsoft Application Virtualization (App-V) Management Console and click **Administrators** in the navigation pane. The navigation pane displays a list of AD users and groups that currently have administrative access to the Microsoft Application Virtualization (App-V) server. +1. Open the Microsoft Application Virtualization (App-V) Management Console and select **Administrators** in the navigation pane. The navigation pane displays a list of AD users and groups that currently have administrative access to the Microsoft Application Virtualization (App-V) server. 2. Right-click the account to be removed from the list of administrators and select **Remove**. ## Have a suggestion for App-V? diff --git a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md index 97631d1114..5f03b7e815 100644 --- a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md +++ b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md @@ -24,14 +24,14 @@ You can use the following procedure to add or upgrade a package to the App-V Man 2. Select **Add or Upgrade Packages** to specify which package you want to add. -3. Enter the full path to the package that you want to add. Use the UNC or HTTP path format, for example **\\\\servername\\sharename\\foldername\\packagename.appv** or **http://server.1234/file.appv**, and then click **Add**. +3. Enter the full path to the package that you want to add. Use the UNC or HTTP path format, for example **\\\\servername\\sharename\\foldername\\packagename.appv** or **http://server.1234/file.appv**, and then select **Add**. >[!IMPORTANT] >You must select a package with the **.appv** file name extension. 4. The page displays the status message **Adding <Packagename>**. Select **IMPORT STATUS** to check the status of a package that you have imported. - Click **OK** to add the package and close the **Add Package** page. If there was an error during the import, select **Detail** on the **Package Import** page for more information. The newly added package is now available in the **PACKAGES** pane. + Select **OK** to add the package and close the **Add Package** page. If there was an error during the import, select **Detail** on the **Package Import** page for more information. The newly added package is now available in the **PACKAGES** pane. 5. Select **Close** to close the **Add or Upgrade Packages** page. diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 969d5c7296..80495b4c66 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -387,11 +387,11 @@ The process then configures the client for package or connection group additions 5. Create the machine catalog entries. Create the **Manifest.xml** and **DeploymentConfiguration.xml** from the package files (if no **DeploymentConfiguration.xml** file in the package a placeholder is created). - 6. Create location of the package store in the registry HKLM\\Software\\Microsoft\\AppV\\Client\\Packages\\PkgGUID\\Versions\\VerGUID\\Catalog + 6. Create location of the package store in the registry **HKLM\\Software\\Microsoft\\AppV\\Client\\Packages\\PkgGUID\\Versions\\VerGUID\\Catalog**. - 7. Create the **Registry.dat** file from the package store to **%ProgramData%\\Microsoft\\AppV\\Client\\VReg\\{VersionGUID}.dat** + 7. Create the **Registry.dat** file from the package store to **%ProgramData%\\Microsoft\\AppV\\Client\\VReg\\{VersionGUID}.dat**. - 8. Register the package with the App-V Kernal Mode Driver at HKLM\\Microsoft\\Software\\AppV\\MAV + 8. Register the package with the App-V Kernal Mode Driver at **HKLM\\Microsoft\\Software\\AppV\\MAV**. 9. Invoke scripting from the **AppxManifest.xml** or **DeploymentConfig.xml** file for Package Add timing. @@ -425,7 +425,7 @@ During the Publishing Refresh operation, the specific publishing operation, **Pu 2. Machine targeted (global) packages: the **UserDeploymentConfiguration.xml** is placed in the Machine Catalog. -2. Register the package with the kernel mode driver for the user at HKLM\\Software\\Microsoft\\AppV\\MAV +2. Register the package with the kernel mode driver for the user at **HKLM\\Software\\Microsoft\\AppV\\MAV**. 3. Perform integration tasks. @@ -448,7 +448,7 @@ After the Publishing Refresh process, the user launches and then relaunches an A #### How to launch App-V applications -1. User launches the application by clicking on a shortcut or file type invocation. +1. User launches the application by selecting a shortcut or file type invocation. 2. The App-V Client verifies existence in the User Catalog for the following files @@ -477,11 +477,11 @@ The current version of App-V's package upgrade process differs from the older ve 2. Package entries are added to the appropriate catalog for the new version - 1. User targeted packages: the **UserDeploymentConfiguration.xml** and **UserManifest.xml** are placed on the machine in the user catalog at appdata\\roaming\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID + 1. User targeted packages: the **UserDeploymentConfiguration.xml** and **UserManifest.xml** are placed on the machine in the user catalog at **appdata\\roaming\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID**. - 2. Machine targeted (global) packages: the **UserDeploymentConfiguration.xml** is placed in the machine catalog at %programdata%\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID + 2. Machine targeted (global) packages: the **UserDeploymentConfiguration.xml** is placed in the machine catalog at **%programdata%\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID**. -3. Register the package with the kernel mode driver for the user at HKLM\\Software\\Microsoft\\AppV\\MAV +3. Register the package with the kernel mode driver for the user at **HKLM\\Software\\Microsoft\\AppV\\MAV**. 4. Perform integration tasks. @@ -536,11 +536,11 @@ App-V Packages can be published in one of two ways; as user, which entitles an A ### Removing an App-V package -Removing App-V applications in a Full Infrastructure is an unpublish operation, and does not perform a package removal. The process is the same as the publish process above, but instead of adding the removal process reverses the changes that have been made for App-V Packages. +Removing App-V applications in a Full Infrastructure is an unpublish operation and does not perform a package removal. The process is the same as the publish process above, but instead of adding the removal process reverses the changes that have been made for App-V Packages. ### Repairing an App-V package -The repair operation is easy to do, but may affect many locations on the machine. The previously mentioned Copy on Write (COW) locations are removed, and extension points are deintegrated and then reintegrated. Before repairing, please review where the COW data placement locations are registered in the registry. To perform a Repair operation, all you need to do is initiate it from the App-V Client Console or through the **Repair-AppVClientPackage** PowerShell cmdlet. After that, the operation is completed automatically. +The repair operation is easy to do but may affect many locations on the machine. The previously mentioned Copy on Write (COW) locations are removed, and extension points are deintegrated and then reintegrated. Before repairing, please review where the COW data placement locations are registered in the registry. To perform a Repair operation, all you need to do is initiate it from the App-V Client Console or through the **Repair-AppVClientPackage** PowerShell cmdlet. After that, the operation is completed automatically. ## Integration of App-V packages @@ -560,7 +560,7 @@ When App-V applications are published to a computer with the App-V Client, some 1. App-V packages are given ownership based on the last integrated package where the ownership is passed to the newest published App-V application. 2. Ownership transfers from one App-V package to another when the owning App-V package is unpublished. This will not initiate a restore of the data or registry. - 3. Restore the backed up data when the last package is unpublished or removed on a per extension point basis. + 3. Restore the backed-up data when the last package is unpublished or removed on a per-extension point basis. ### Extension points @@ -580,7 +580,7 @@ The App-V publishing files (manifest and dynamic configuration) provide several The shortcut is one of the basic elements of integration with the OS and is the interface for direct user launch of an App-V application. During the publishing and unpublishing of App-V applications. -From the package manifest and dynamic configuration XML files, the path to a specific application executable can be found in a section similar to the following: +From the package manifest and dynamic configuration XML files, the path to a specific application executable can be found in a section like the following: ```XML @@ -652,7 +652,7 @@ Shell extensions are embedded in the package automatically during the sequencing #### Requirements for using shell extensions - Packages that contain embedded shell extensions must be published globally. -- The “bitness” of the application, Sequencer, and App-V Client must match, or the shell extensions won’t work. The following example configuration fuflills the matching requirement: +- The “bitness” of the application, Sequencer, and App-V Client must match, or the shell extensions won’t work. The following example configuration fulfills the matching requirement: - The version of the application is 64-bit. - The Sequencer is running on a 64-bit computer. - The package is being delivered to a 64-bit App-V Client computer. @@ -663,7 +663,7 @@ The following table displays the supported shell extensions. |---|---| | Context menu handler | Adds menu items to the context menu. It is called before the context menu is displayed. | | Drag-and-drop handler | Controls the action upon right-click drag-and-drop and modifies the context menu that appears. | -| Drop target handler | Controls the action after a data object is dragged-and-dropped over a drop target such as a file.| +| Drop target handler | Controls the action after a data object is dragged-and-dropped over a drop target, such as a file.| | Data object handler| Controls the action after a file is copied to the clipboard or dragged-and-dropped over a drop target. It can provide additional clipboard formats to the drop target.| | Property sheet handler| Replaces or adds pages to the property sheet dialog box of an object.| | Infotip handler| Allows retrieving flags and infotip information for an item and displaying it inside a popup tooltip upon mouse-hover.| @@ -744,11 +744,11 @@ The AppPath extension point is configured either in the manifest or in the dynam ### Virtual application -This subsystem provides a list of applications captured during sequencing which is usually consumed by other App-V components. Integration of extension points belonging to a particular application can be disabled using dynamic configuration files. For example, if a package contains two applications, you can disable all extension points belonging to one application to only allow integration of extension points for the other application. +This subsystem provides a list of applications captured during sequencing which is usually consumed by other App-V components. Integration of extension points belonging to a specific application can be disabled using dynamic configuration files. For example, if a package contains two applications, you can disable all extension points belonging to one application to only allow integration of extension points for the other application. ### Extension point rules -The previously described extension points are integrated into the operating system based on how the packages has been published. Global publishing places extension points in public machine locations, where user publishing places extension points in user locations. For example a shortcut that is created on the desktop and published globally will result in the file data for the shortcut (%Public%\\Desktop) and the registry data (HKLM\\Software\\Classes). The same shortcut would have file data (%UserProfile%\\Desktop) and registry data (HKCU\\Software\\Classes). +The previously described extension points are integrated into the operating system based on how the packages has been published. Global publishing places extension points in public machine locations, where user publishing places extension points in user locations. For example, a shortcut created on the desktop and published globally will result in the file data for the shortcut (%Public%\\Desktop) and the registry data (HKLM\\Software\\Classes). The same shortcut would have file data (%UserProfile%\\Desktop) and registry data (HKCU\\Software\\Classes). Extension points are not all published the same way, where some extension points will require global publishing and others require sequencing on the specific operating system and architecture where they are delivered. Below is a table that describes these two key rules. From 190429710f113d52351c6b4f572d21ae1282d54d Mon Sep 17 00:00:00 2001 From: jaimeo Date: Mon, 21 May 2018 09:41:25 -0700 Subject: [PATCH 028/319] added explanatory material about servicing stack updates --- windows/deployment/TOC.md | 1 + .../update/servicing-stack-updates.md | 41 +++++++++++++++++++ windows/deployment/update/waas-quick-start.md | 4 +- 3 files changed, 44 insertions(+), 2 deletions(-) create mode 100644 windows/deployment/update/servicing-stack-updates.md diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md index 322fa570ca..8557a91510 100644 --- a/windows/deployment/TOC.md +++ b/windows/deployment/TOC.md @@ -213,6 +213,7 @@ ## [Update Windows 10](update/index.md) ### [Quick guide to Windows as a service](update/waas-quick-start.md) +#### [Servicing stack updates](update/servicing-stack-updates.md) ### [Overview of Windows as a service](update/waas-overview.md) ### [Prepare servicing strategy for Windows 10 updates](update/waas-servicing-strategy-windows-10-updates.md) ### [Build deployment rings for Windows 10 updates](update/waas-deployment-rings-windows-10-updates.md) diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md new file mode 100644 index 0000000000..add2afba22 --- /dev/null +++ b/windows/deployment/update/servicing-stack-updates.md @@ -0,0 +1,41 @@ +--- +title: Servicing stack updates (Windows 10) +description: Servicing stack updates improve the code that installs the other updates. +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +author: Jaimeo +ms.localizationpriority: high +ms.author: jaimeo +ms.date:05/27/2018 +--- + +# Servicing stack updates + + +**Applies to** + +- Windows 10 +- Windows 10 Mobile +- Windows 10 IoT Mobile + +## What is a servicing stack update? +The "servicing stack" is the code that installs other operating system updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month. + +## Why should servicing stack updates be installed and kept up to date? + +Having the latest servicing stack update is a prerequisite to reliably installing the latest quality updates and feature updates. + +## When are they released? + +Currently, the servicing stack update releases are aligned with the monthly quality update release date, though sometimes they are released on a separate date if required. + +## Is there any special guidance? + +Typically, the improvements are reliability, security, and performance improvements that do not require any specific special guidance. If there is any significant impact is will be present in the release notes. + +## Installation notes + +• Servicing stack updates contain the full servicing stack; as a result, typically administrators only need to install the latest servicing stack update for the operating system. +• Installing servicing stack update does not require restarting the device, so installation should not be disruptive. +• Servicing stack update releases are specific to the operating system version (build number), much like quality updates. diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md index 8ea214bbb5..28a55e6865 100644 --- a/windows/deployment/update/waas-quick-start.md +++ b/windows/deployment/update/waas-quick-start.md @@ -7,7 +7,7 @@ ms.sitesec: library author: Jaimeo ms.localizationpriority: high ms.author: jaimeo -ms.date: 02/09/2018 +ms.date:05/27/2018 --- # Quick guide to Windows as a service @@ -25,7 +25,7 @@ Windows as a service is a new concept, introduced with the release of Windows 10 Some new terms have been introduced as part of Windows as a service, so you should know what these terms mean. - **Feature updates** will be released twice per year, around March and September. As the name suggests, these will add new features to Windows 10, delivered in bite-sized chunks compared to the previous practice of Windows releases every 3-5 years. -- **Quality updates** are released monthly, delivering both security and non-security fixes. These are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update. +- **Quality updates** are released monthly, delivering both security and non-security fixes. Typically released the second Tuesday of each month (though they can be released at any time), these include security updates, critical updates, servicing stack updates, and driver updates. The "servicing stack" is the code that installs other updates, so they are especially important to keep current. For more information, see [Servicing stack updates](servicing-stack-updates.md) Quality updates are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update. - **Insider Preview** builds are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features as well as compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered. - **Servicing channels** allow organizations to choose when to deploy new features. - The **Semi-Annual Channel** receives feature updates twice per year. From dc19c8629cc775e4375deae34b8258a42daf2565 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 21 May 2018 11:06:18 -0700 Subject: [PATCH 029/319] add event 29 --- ...r-codes-windows-defender-advanced-threat-protection.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md index f4c7dd2bb3..1d174e789f 100644 --- a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/24/2018 +ms.date: 05/21/2018 --- @@ -211,6 +211,12 @@ Check that the onboarding settings and scripts were deployed properly. Try to re See [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md). +29 +Failed to read the offboarding parameters. Error type: %1, Error code: %2, Description: %3 +This event occurs when the system can't read the offboarding parameters. +Ensure the machine has Internet access, then run the entire offboarding process again. + + 30 Windows Defender Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender Antivirus. Failure code: ```variable```. Normally, Windows Defender Antivirus will enter a special passive state if another real-time antimalware product is running properly on the machine, and the machine is reporting to Windows Defender ATP. From 34ebdceddb54ff1de20f116085c39848db2afd66 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 22 May 2018 13:14:03 -0700 Subject: [PATCH 030/319] safety commit --- windows/deployment/update/servicing-stack-updates.md | 2 +- windows/deployment/update/waas-quick-start.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index add2afba22..ccd64c9f27 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -7,7 +7,7 @@ ms.sitesec: library author: Jaimeo ms.localizationpriority: high ms.author: jaimeo -ms.date:05/27/2018 +ms.date: 05/27/2018 --- # Servicing stack updates diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md index 28a55e6865..cc6fc2c319 100644 --- a/windows/deployment/update/waas-quick-start.md +++ b/windows/deployment/update/waas-quick-start.md @@ -7,7 +7,7 @@ ms.sitesec: library author: Jaimeo ms.localizationpriority: high ms.author: jaimeo -ms.date:05/27/2018 +ms.date: 05/27/2018 --- # Quick guide to Windows as a service From ea74596c3b3bca206a65ac0875c71c13780a4129 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 22 May 2018 13:46:02 -0700 Subject: [PATCH 031/319] import of requested new topic material --- windows/deployment/TOC.md | 1 + .../upgrade-readiness-target-new-OS.md | 49 +++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 windows/deployment/upgrade/upgrade-readiness-target-new-OS.md diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md index 322fa570ca..e194452c11 100644 --- a/windows/deployment/TOC.md +++ b/windows/deployment/TOC.md @@ -250,6 +250,7 @@ ##### [Step 2: Resolve issues](upgrade/upgrade-readiness-resolve-issues.md) ##### [Step 3: Deploy Windows](upgrade/upgrade-readiness-deploy-windows.md) ##### [Additional insights](upgrade/upgrade-readiness-additional-insights.md) +##### [Targeting a new operating system version](upgrade/upgrade-readiness-target-new-OS.md) ### [Monitor Windows Updates with Update Compliance](update/update-compliance-monitor.md) #### [Get started with Update Compliance](update/update-compliance-get-started.md) #### [Use Update Compliance](update/update-compliance-using.md) diff --git a/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md b/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md new file mode 100644 index 0000000000..e7556bced3 --- /dev/null +++ b/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md @@ -0,0 +1,49 @@ +--- +title: Upgrade Readiness - Targeting a new operating system version +description: Explains how to run Upgrade Readiness again to target a different operating system version or bulk-approve all apps from a given vendor +ms.prod: w10 +author: jaimeo +ms.date: 05/22/2018 +--- + +# Targeting a new operating system version + +After you've used Upgrade Readiness to help deploy a given version of Windows 10, you might want to use it again to help deploy a newer version of Windows 10. When you change the target operating system version (as described in [Use Upgrade Readiness to manage Windows upgrades](use-upgrade-readiness-to-manage-windows-upgrades#target-version.md), the app states (Importance, AppOwner, UpgradeDecision, TestPlan and TestResult) are not reset. Follow this guidance to preserve or reset these states as needed: + +## TestResults + +If you want to preserve the TestResults from the previous operating system version testing, there is nothing you need to do. + +If you want to reset them, click any of the rows in the **Prioritize Application** blade (described in [Upgrade Readiness - Step 1: Identify important apps](upgrade-readiness-identify-apps.md)). This will take you to the **Log Search** user experience. Replace the query in that window with the following query: + +`search in (UAApp) IsRollup == true and RollupLevel == "Granular" and TestResult <> "Not started"` + +After a short period of time, you will see the "user input" perspective render, which will let you bulk-edit the results. Select the check box in the table header, click the **bulk edit** button, and then set the **TestResult** to *Not started*. Leave all other fields as they are. + +## UpgradeDecision + +If you want to preserve the UpgradeDecision from the previous operating system version testing, there is nothing you need to do. + +If you want to reset them, keep these important points in mind: + +- Make sure to *not* reset the **Ready to upgrade** decision for the "long tail" of apps that have importance of **Ignore** or **Low install count**. Doing this will make it extremely difficult to complete the Upgrade Readiness workflow. +- Decide which decisions to reset. For example, one option is just to reset the decisions marked **Ready to upgrade** (in order to retest those), while preserving states of apps marked **Won't upgrade**. Doing this means you won't lose track of this previous marking. Or you can reset everything. + +To do this, type the following query in **Log Search**: + +`search in (UAApp) IsRollup == true and RollupLevel == "Granular" and Importance <> "Ignore" and Importance <> "Low install count"` + +>[!NOTE] +>You can also append `'and UpgradeDecision="Ready to upgrade"'`, for example, if you just want to reset apps that were previously marked **Ready**. + +After a short period of time, you will see the "user input" perspective render, which will let you bulk-edit the results. Select the check box in the table header, click the **bulk edit** button, and then set the **UpgradeDecision** to *Not reviewed*. Leave all other fields as they are. + + +## Bulk-approving apps from a given vendor + +You can bulk-approve all apps from a given vendor (for example, Microsoft) if there are no known compatibility issues. To do this, type the following query in **Log Search**: + +`search in (UAApp) IsRollup == true and RollupLevel == "Granular" and AppVendor has "Microsoft" and UpgradeAssessment=="No known issues" and UpgradeDecision<>"Ready to upgrade"` + +After a short period of time, you will see the "user input" perspective render, which will let you bulk-edit the results. Select the check box in the table header, click the **bulk edit" button**, and then set the **UpgradeDecision** to *Ready to upgrade*. Leave all other fields as they are. + From c94a5915a96994e8ac0dfb52e5342eeb5d95a805 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 22 May 2018 14:37:17 -0700 Subject: [PATCH 032/319] fixing links and typos --- .../upgrade/upgrade-readiness-target-new-OS.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md b/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md index e7556bced3..85c0583285 100644 --- a/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md +++ b/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md @@ -8,13 +8,13 @@ ms.date: 05/22/2018 # Targeting a new operating system version -After you've used Upgrade Readiness to help deploy a given version of Windows 10, you might want to use it again to help deploy a newer version of Windows 10. When you change the target operating system version (as described in [Use Upgrade Readiness to manage Windows upgrades](use-upgrade-readiness-to-manage-windows-upgrades#target-version.md), the app states (Importance, AppOwner, UpgradeDecision, TestPlan and TestResult) are not reset. Follow this guidance to preserve or reset these states as needed: +After you've used Upgrade Readiness to help deploy a given version of Windows 10, you might want to use it again to help deploy a newer version of Windows 10. When you change the target operating system version (as described in [Use Upgrade Readiness to manage Windows upgrades](upgrade/use-upgrade-readiness-to-manage-windows-upgrades#target-version.md)), the app states (Importance, AppOwner, UpgradeDecision, TestPlan, and TestResult) are not reset. Follow this guidance to preserve or reset these states as needed: ## TestResults If you want to preserve the TestResults from the previous operating system version testing, there is nothing you need to do. -If you want to reset them, click any of the rows in the **Prioritize Application** blade (described in [Upgrade Readiness - Step 1: Identify important apps](upgrade-readiness-identify-apps.md)). This will take you to the **Log Search** user experience. Replace the query in that window with the following query: +If you want to reset them, click any of the rows in the **Prioritize Application** blade (described in [Upgrade Readiness - Step 1: Identify important apps](upgrade/upgrade-readiness-identify-apps.md)). This will take you to the **Log Search** user experience. Replace the query in that window with the following query: `search in (UAApp) IsRollup == true and RollupLevel == "Granular" and TestResult <> "Not started"` @@ -47,3 +47,9 @@ You can bulk-approve all apps from a given vendor (for example, Microsoft) if th After a short period of time, you will see the "user input" perspective render, which will let you bulk-edit the results. Select the check box in the table header, click the **bulk edit" button**, and then set the **UpgradeDecision** to *Ready to upgrade*. Leave all other fields as they are. +## Related topics + +[Windows Analytics overview](../update/windows-analytics-overview) +[Manage Windows upgrades with Upgrade Readiness](manage-windows-updgrades-with-upgrade-readiness) +[Get started with Upgrade Readiness](upgrade-readiness-get-started) + From 4225e5679a4e5c2617383bcfd7cd92a86d5574fe Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 22 May 2018 14:58:02 -0700 Subject: [PATCH 033/319] more link fu --- .../upgrade/upgrade-readiness-target-new-OS.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md b/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md index 85c0583285..c934082d93 100644 --- a/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md +++ b/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md @@ -8,13 +8,13 @@ ms.date: 05/22/2018 # Targeting a new operating system version -After you've used Upgrade Readiness to help deploy a given version of Windows 10, you might want to use it again to help deploy a newer version of Windows 10. When you change the target operating system version (as described in [Use Upgrade Readiness to manage Windows upgrades](upgrade/use-upgrade-readiness-to-manage-windows-upgrades#target-version.md)), the app states (Importance, AppOwner, UpgradeDecision, TestPlan, and TestResult) are not reset. Follow this guidance to preserve or reset these states as needed: +After you've used Upgrade Readiness to help deploy a given version of Windows 10, you might want to use it again to help deploy a newer version of Windows 10. When you change the target operating system version (as described in [Use Upgrade Readiness to manage Windows upgrades](use-upgrade-readiness-to-manage-windows-upgrades.md#target-version)), the app states (Importance, AppOwner, UpgradeDecision, TestPlan, and TestResult) are not reset. Follow this guidance to preserve or reset these states as needed: ## TestResults If you want to preserve the TestResults from the previous operating system version testing, there is nothing you need to do. -If you want to reset them, click any of the rows in the **Prioritize Application** blade (described in [Upgrade Readiness - Step 1: Identify important apps](upgrade/upgrade-readiness-identify-apps.md)). This will take you to the **Log Search** user experience. Replace the query in that window with the following query: +If you want to reset them, click any of the rows in the **Prioritize Application** blade (described in [Upgrade Readiness - Step 1: Identify important apps](upgrade-readiness-identify-apps.md)). This will take you to the **Log Search** user experience. Replace the query in that window with the following query: `search in (UAApp) IsRollup == true and RollupLevel == "Granular" and TestResult <> "Not started"` @@ -49,7 +49,7 @@ After a short period of time, you will see the "user input" perspective render, ## Related topics -[Windows Analytics overview](../update/windows-analytics-overview) -[Manage Windows upgrades with Upgrade Readiness](manage-windows-updgrades-with-upgrade-readiness) -[Get started with Upgrade Readiness](upgrade-readiness-get-started) +[Windows Analytics overview](../update/windows-analytics-overview.md) +[Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md) +[Get started with Upgrade Readiness](upgrade-readiness-get-started.md) From 71fbf9753ff6444234b36f1eef2a9383c8c3c8e5 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 22 May 2018 15:26:21 -0700 Subject: [PATCH 034/319] fixing spacing of related topics links --- windows/deployment/upgrade/upgrade-readiness-target-new-OS.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md b/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md index c934082d93..a357be01c6 100644 --- a/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md +++ b/windows/deployment/upgrade/upgrade-readiness-target-new-OS.md @@ -50,6 +50,8 @@ After a short period of time, you will see the "user input" perspective render, ## Related topics [Windows Analytics overview](../update/windows-analytics-overview.md) + [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md) + [Get started with Upgrade Readiness](upgrade-readiness-get-started.md) From 3c5d4f201ce84ff6f7c1cbdf5e33b8df602fe55e Mon Sep 17 00:00:00 2001 From: jaimeo Date: Fri, 25 May 2018 10:05:49 -0700 Subject: [PATCH 035/319] fixing stuff per Amitabh --- windows/deployment/update/servicing-stack-updates.md | 6 ++---- windows/deployment/update/waas-quick-start.md | 4 ++-- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index ccd64c9f27..f356277c28 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -7,7 +7,7 @@ ms.sitesec: library author: Jaimeo ms.localizationpriority: high ms.author: jaimeo -ms.date: 05/27/2018 +ms.date: 05/25/2018 --- # Servicing stack updates @@ -16,8 +16,6 @@ ms.date: 05/27/2018 **Applies to** - Windows 10 -- Windows 10 Mobile -- Windows 10 IoT Mobile ## What is a servicing stack update? The "servicing stack" is the code that installs other operating system updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month. @@ -32,7 +30,7 @@ Currently, the servicing stack update releases are aligned with the monthly qual ## Is there any special guidance? -Typically, the improvements are reliability, security, and performance improvements that do not require any specific special guidance. If there is any significant impact is will be present in the release notes. +Typically, the improvements are reliability, security, and performance improvements that do not require any specific special guidance. If there is any significant impact, it will be present in the release notes. ## Installation notes diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md index cc6fc2c319..94c2bf0cba 100644 --- a/windows/deployment/update/waas-quick-start.md +++ b/windows/deployment/update/waas-quick-start.md @@ -7,7 +7,7 @@ ms.sitesec: library author: Jaimeo ms.localizationpriority: high ms.author: jaimeo -ms.date: 05/27/2018 +ms.date: 05/25/2018 --- # Quick guide to Windows as a service @@ -25,7 +25,7 @@ Windows as a service is a new concept, introduced with the release of Windows 10 Some new terms have been introduced as part of Windows as a service, so you should know what these terms mean. - **Feature updates** will be released twice per year, around March and September. As the name suggests, these will add new features to Windows 10, delivered in bite-sized chunks compared to the previous practice of Windows releases every 3-5 years. -- **Quality updates** are released monthly, delivering both security and non-security fixes. Typically released the second Tuesday of each month (though they can be released at any time), these include security updates, critical updates, servicing stack updates, and driver updates. The "servicing stack" is the code that installs other updates, so they are especially important to keep current. For more information, see [Servicing stack updates](servicing-stack-updates.md) Quality updates are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update. +- **Quality updates** are released monthly, delivering both security and non-security fixes. Typically released the second Tuesday of each month (though they can be released at any time), these include security updates, critical updates, servicing stack updates, and driver updates. Quality updates are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update. The "servicing stack" is the code that installs other updates, so they are important to keep current. For more information, see [Servicing stack updates](servicing-stack-updates.md). - **Insider Preview** builds are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features as well as compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered. - **Servicing channels** allow organizations to choose when to deploy new features. - The **Semi-Annual Channel** receives feature updates twice per year. From 0edbb4d12bc54e4e2699e07406a661ed9af81cf2 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Sun, 27 May 2018 10:27:25 -0700 Subject: [PATCH 036/319] fixed invalid link --- .../identity-protection/vpn/vpn-conditional-access.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index 7d22c3efb9..792ac66a13 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -23,9 +23,10 @@ The VPN client is now able to integrate with the cloud-based Conditional Access >Conditional Access is an Azure AD Premium feature. Conditional Access Platform components used for Device Compliance include the following cloud-based services: -- [Conditional Access Framework](https://blogs.technet.microsoft.com/tip_of_the_day/2016/03/12/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn/) -- [Azure AD Connect Health](https://azure.microsoft.com/documentation/articles/active-directory-Azure ADconnect-health/) +- [Conditional Access Framework](https://blogs.technet.microsoft.com/tip_of_the_day/2016/03/12/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn) + +- [Azure AD Connect Health](https://docs.microsoft.com/en-us/azure/active-directory/connect-health/active-directory-aadconnect-health) - [Windows Health Attestation Service](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices#device-health-attestation) (optional) From 139597c4252f2882d0e5cb0df2664ef5daacc236 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 29 May 2018 09:21:36 -0700 Subject: [PATCH 037/319] Added spacing --- .../remove-provisioned-apps-during-update.md | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/windows/application-management/remove-provisioned-apps-during-update.md b/windows/application-management/remove-provisioned-apps-during-update.md index fc63f4cba3..489c97927a 100644 --- a/windows/application-management/remove-provisioned-apps-during-update.md +++ b/windows/application-management/remove-provisioned-apps-during-update.md @@ -93,36 +93,68 @@ Windows Registry Editor Version 5.00 ;1709 Registry Keys [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.BingWeather_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.GetHelp_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Getstarted_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.MSPaint_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Office.OneNote_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.OneConnect_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.People_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Print3D_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.SkypeApp_kzf8qxf38zg5c] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.StorePurchaseApp_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Wallet_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Windows.Photos_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsAlarms_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsCalculator_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsCamera_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\microsoft.windowscommunicationsapps_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsMaps_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.WindowsStore_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.Xbox.TCUI_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxApp_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxGameOverlay_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneMusic_8wekyb3d8bbwe] + [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deprovisioned\Microsoft.ZuneVideo_8wekyb3d8bbwe] ``` From bb028147d6514cc9d7b4e76e5f72f29bf0445ef7 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Tue, 29 May 2018 19:46:22 +0000 Subject: [PATCH 038/319] Merged PR 8591: Removed Win8.0 as valid upgrade source, added support statement, fixed msdate Removed Win8.0 as valid upgrade source, added support statement, fixed msdate --- .../deployment/deploy-enterprise-licenses.md | 2 +- .../upgrade/windows-10-upgrade-paths.md | 84 +------------------ 2 files changed, 4 insertions(+), 82 deletions(-) diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md index 9e9b4bdb87..dd0540a540 100644 --- a/windows/deployment/deploy-enterprise-licenses.md +++ b/windows/deployment/deploy-enterprise-licenses.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy localizationpriority: high ms.sitesec: library ms.pagetype: mdt -ms.date: 10/18/2017 +ms.date: 05/25/2018 author: greg-lindsay --- diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md index e6f428797e..9b8d7a8ea6 100644 --- a/windows/deployment/upgrade/windows-10-upgrade-paths.md +++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.localizationpriority: high ms.pagetype: mobile author: greg-lindsay -ms.date: 05/18/2018 +ms.date: 05/29/2018 --- # Windows 10 upgrade paths @@ -28,6 +28,8 @@ This topic provides a summary of available upgrade paths to Windows 10. You can >**Windows N/KN**: Windows "N" and "KN" SKUs follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process. +>**Windows 8.0**: You cannot upgrade directly from Windows 8.0 to Windows 10. To upgrade from Windows 8.0, you must first install the [Windows 8.1 update](https://support.microsoft.com/help/15356/windows-8-install-update-kb-2919355). + ✔ = Full upgrade is supported including personal data, settings, and applications.
D = Edition downgrade; personal data is maintained, applications and settings are removed. @@ -114,86 +116,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar - - Windows 8 - - - (Core) - ✔ - ✔ - ✔ - ✔ - - - - - - - Professional - D - ✔ - ✔ - ✔ - ✔ - - - - - - Professional WMC - D - ✔ - ✔ - ✔ - ✔ - - - - - - Enterprise - - - - ✔ - ✔ - - - - - - Embedded Industry - - - - - ✔ - - - - - - Windows RT - - - - - - - - - - - Windows Phone 8 - - - - - - - - - Windows 8.1 From 12144eff09a9cd796f0f03506d9c77055b35c462 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 29 May 2018 13:37:21 -0700 Subject: [PATCH 039/319] remove au from proxy list --- ...y-internet-windows-defender-advanced-threat-protection.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md index 8de9ab0c90..02ecae6123 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -94,12 +94,9 @@ Common URLs for all locations | ```*.blob.core.windows.net```
```crl.microso US | ```us.vortex-win.data.microsoft.com```
```us-v20.events.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
```winatp-gw-eus.microsoft.com``` Europe | ```eu.vortex-win.data.microsoft.com```
```eu-v20.events.data.microsoft.com```
```winatp-gw-neu.microsoft.com```
```winatp-gw-weu.microsoft.com``` UK | ```uk.vortex-win.data.microsoft.com```
```uk-v20.events.data.microsoft.com```
```winatp-gw-uks.microsoft.com```
```winatp-gw-ukw.microsoft.com``` -AU | ```au.vortex-win.data.microsoft.com```
```au-v20.events.data.microsoft.com```
```winatp-gw-aue.microsoft.com```
```winatp-gw-aus.microsoft.com``` - - - If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the above listed URLs. +If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the above listed URLs. ## Verify client connectivity to Windows Defender ATP service URLs From f67f059b37e21a725ce8be304f88676b87de160d Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 29 May 2018 13:41:45 -0700 Subject: [PATCH 040/319] date --- ...roxy-internet-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md index 02ecae6123..3e89ac6e0a 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 05/03/2018 +ms.date: 05/29/2018 --- From 4978f52090d37fc7f2827cb7e968a1b84db95353 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 29 May 2018 13:42:48 -0700 Subject: [PATCH 041/319] slight updates from tech review --- .../update/servicing-stack-updates.md | 6 +++--- windows/deployment/update/waas-quick-start.md | 20 +++++++++---------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index f356277c28..196ca53038 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -7,7 +7,7 @@ ms.sitesec: library author: Jaimeo ms.localizationpriority: high ms.author: jaimeo -ms.date: 05/25/2018 +ms.date: 05/29/2018 --- # Servicing stack updates @@ -22,7 +22,7 @@ The "servicing stack" is the code that installs other operating system updates. ## Why should servicing stack updates be installed and kept up to date? -Having the latest servicing stack update is a prerequisite to reliably installing the latest quality updates and feature updates. +Having the latest servicing stack update is a prerequisite to reliably installing the latest quality updates and feature updates. ## When are they released? @@ -35,5 +35,5 @@ Typically, the improvements are reliability, security, and performance improveme ## Installation notes • Servicing stack updates contain the full servicing stack; as a result, typically administrators only need to install the latest servicing stack update for the operating system. -• Installing servicing stack update does not require restarting the device, so installation should not be disruptive. +• Installing servicing stack update does not require restarting the device, so installation should not be disruptive. • Servicing stack update releases are specific to the operating system version (build number), much like quality updates. diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md index 94c2bf0cba..1f5292084f 100644 --- a/windows/deployment/update/waas-quick-start.md +++ b/windows/deployment/update/waas-quick-start.md @@ -7,7 +7,7 @@ ms.sitesec: library author: Jaimeo ms.localizationpriority: high ms.author: jaimeo -ms.date: 05/25/2018 +ms.date: 05/29/2018 --- # Quick guide to Windows as a service @@ -19,38 +19,38 @@ ms.date: 05/25/2018 - Windows 10 Mobile - Windows 10 IoT Mobile -Windows as a service is a new concept, introduced with the release of Windows 10. While [an extensive set of documentation](index.md) is available explaining all the specifics and nuances, here is a quick guide to the most important concepts. +Windows as a service is a new concept, introduced with the release of Windows 10. While [an extensive set of documentation](index.md) is available explaining all the specifics and nuances, here is a quick guide to the most important concepts. ## Definitions Some new terms have been introduced as part of Windows as a service, so you should know what these terms mean. -- **Feature updates** will be released twice per year, around March and September. As the name suggests, these will add new features to Windows 10, delivered in bite-sized chunks compared to the previous practice of Windows releases every 3-5 years. -- **Quality updates** are released monthly, delivering both security and non-security fixes. Typically released the second Tuesday of each month (though they can be released at any time), these include security updates, critical updates, servicing stack updates, and driver updates. Quality updates are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update. The "servicing stack" is the code that installs other updates, so they are important to keep current. For more information, see [Servicing stack updates](servicing-stack-updates.md). +- **Feature updates** will be released twice per year, around March and September. As the name suggests, these will add new features to Windows 10, delivered in bite-sized chunks compared to the previous practice of Windows releases every 3-5 years. +- **Quality updates** deliver both security and non-security fixes. They are typically released on the second Tuesday of each month ("Patch Tuesday"), though they can be released at any time. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. Quality updates are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update. The "servicing stack" is the code that installs other updates, so they are important to keep current. For more information, see [Servicing stack updates](servicing-stack-updates.md). - **Insider Preview** builds are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features as well as compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered. - **Servicing channels** allow organizations to choose when to deploy new features. - The **Semi-Annual Channel** receives feature updates twice per year. - The **Long Term Servicing Channel**, which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. -- **Deployment rings** are groups of devices used to initially pilot, and then to broadly deploy, each feature update in an organization. +- **Deployment rings** are groups of devices used to initially pilot, and then to broadly deploy, each feature update in an organization. See [Overview of Windows as a service](waas-overview.md) for more information. ## Key Concepts -Windows 10 gains new functionality with twice-per-year feature update releases. Initially, organizations will use these feature update releases for pilot deployments to ensure compatibility with existing apps and infrastructure. After a period of time, typically about four months after the feature update release, broad deployment throughout the organization can begin. The exact timeframe is determined by feedback from customers, ISVs, OEMs, and others, with an explicit "ready for broad deployment" declaration signaling this to customers. +Windows 10 gains new functionality with twice-per-year feature update releases. Initially, organizations will use these feature update releases for pilot deployments to ensure compatibility with existing apps and infrastructure. After a period of time, typically about four months after the feature update release, broad deployment throughout the organization can begin. The exact timeframe is determined by feedback from customers, ISVs, OEMs, and others, with an explicit "ready for broad deployment" declaration signaling this to customers. Each Windows 10 feature update will be serviced with quality updates for 18 months from the date of the feature update release. -Windows 10 Enterprise LTSB is a separate **Long Term Servicing Channel** version. Each release is supported for a total of 10 years (five years standard support, five years extended support). New releases are expected about every three years. +Windows 10 Enterprise LTSB is a separate **Long Term Servicing Channel** version. Each release is supported for a total of 10 years (five years standard support, five years extended support). New releases are expected about every three years. See [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) for more information. ## Staying up to date -The process for keeping Windows 10 up to date involves deploying a feature update, at an appropriate time after its release. A variety of tools management and patching tools such as Windows Update, Windows Update for Business, Windows Server Update Services, System Center Configuration Manager, and third-party products) can be used to help with this process. [Windows Analytics Upgrade Readiness](https://www.microsoft.com/en-us/WindowsForBusiness/windows-analytics), a free tool to streamline Windows upgrade projects, is another important tool to help. +The process for keeping Windows 10 up to date involves deploying a feature update, at an appropriate time after its release. A variety of tools management and patching tools such as Windows Update, Windows Update for Business, Windows Server Update Services, System Center Configuration Manager, and third-party products) can be used to help with this process. [Windows Analytics Upgrade Readiness](https://www.microsoft.com/en-us/WindowsForBusiness/windows-analytics), a free tool to streamline Windows upgrade projects, is another important tool to help. -Because app compatibility, both for desktop apps and web apps, is outstanding with Windows 10, extensive advanced testing isn’t required. Instead, only business-critical apps need to be tested, with the remaining apps validated through a series of pilot deployment rings. Once these pilot deployments have validated most apps, broad deployment can begin. +Because app compatibility, both for desktop apps and web apps, is outstanding with Windows 10, extensive advanced testing isn’t required. Instead, only business-critical apps need to be tested, with the remaining apps validated through a series of pilot deployment rings. Once these pilot deployments have validated most apps, broad deployment can begin. -This process repeats with each new feature update, twice per year. These are small deployment projects, compared to the big projects that were necessary with the old three-to-five-year Windows release cycles. +This process repeats with each new feature update, twice per year. These are small deployment projects, compared to the big projects that were necessary with the old three-to-five-year Windows release cycles. Additional technologies such as BranchCache and Delivery Optimization, both peer-to-peer distribution tools, can help with the distribution of the feature update installation files. From e3659a191f6fc80749a53a76d8c4f76114bf5151 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 29 May 2018 14:43:55 -0700 Subject: [PATCH 042/319] add UK --- ...orage-privacy-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md index e04a79d353..7a7abff824 100644 --- a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md @@ -51,7 +51,7 @@ In all scenarios, data is encrypted using 256-bit [AES encyption](https://en.wik ## Do I have the flexibility to select where to store my data? -When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in Europe or in the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Customer data in de-identified form may also be stored in the central storage and processing systems in the United States. +When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in the United Kingdom, Europe, or in the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Customer data in de-identified form may also be stored in the central storage and processing systems in the United States. ## Is my data isolated from other customer data? Yes, your data is isolated through access authentication and logical segregation based on customer identifier. Each customer can only access data collected from its own organization and generic data that Microsoft provides. From 14564fcf817ed9e3effe7f2e73faf334bb915d6b Mon Sep 17 00:00:00 2001 From: Dune Desormeaux Date: Tue, 29 May 2018 15:58:07 -0700 Subject: [PATCH 043/319] Correct WMI Command language Corrected a technical error around SCCM compatibility with Exploit Guard and cleaned up surrounding text. --- .../attack-surface-reduction-exploit-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 00c9b0bbaa..64448f983d 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -191,7 +191,7 @@ Local Security Authority Subsystem Service (LSASS) authenticates users who log i This rule blocks processes through PsExec and WMI commands from running, to prevent remote code execution that can spread malware attacks. >[!WARNING] ->[Only use this rule if you are managing your devices with Intune or other MDM solution. If you use this rule with SCCM, it will prevent SCCM compliance rules from working, because this rule blocks the PSExec commands in SCCM.] +>[Only use this rule if you are managing your devices with [Intune](https://docs.microsoft.com/intune) or another MDM solution. This rule is incompatible with management through [System Center Configuration Manager](https://docs.microsoft.com/sccm) because this rule blocks WMI commands that the Configuration Manager client uses to function correctly.] ### Rule: Block untrusted and unsigned processes that run from USB From 894c48baccacd6bc90fa4ddfdfc359104272a5d9 Mon Sep 17 00:00:00 2001 From: Justin Krejcha Date: Tue, 29 May 2018 22:13:11 -0700 Subject: [PATCH 044/319] Place SID and friendly name for Users in correct columns Small fix --- .../identity-protection/access-control/security-identifiers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/access-control/security-identifiers.md b/windows/security/identity-protection/access-control/security-identifiers.md index 9a584e36e0..19f600c354 100644 --- a/windows/security/identity-protection/access-control/security-identifiers.md +++ b/windows/security/identity-protection/access-control/security-identifiers.md @@ -215,7 +215,7 @@ The SECURITY\_NT\_AUTHORITY (S-1-5) predefined identifier authority produces SID | S-1-5-*domain*-520| Group Policy Creator Owners| A global group that is authorized to create new Group Policy Objects in Active Directory. By default, the only member of the group is Administrator.
Objects that are created by members of Group Policy Creator Owners are owned by the individual user who creates them. In this way, the Group Policy Creator Owners group is unlike other administrative groups (such as Administrators and Domain Admins). Objects that are created by members of these groups are owned by the group rather than by the individual.| | S-1-5-*domain*-553| RAS and IAS Servers| A local domain group. By default, this group has no members. Computers that are running the Routing and Remote Access service are added to the group automatically.
Members of this group have access to certain properties of User objects, such as Read Account Restrictions, Read Logon Information, and Read Remote Access Information.| | S-1-5-32-544 | Administrators| A built-in group. After the initial installation of the operating system, the only member of the group is the Administrator account. When a computer joins a domain, the Domain Admins group is added to the Administrators group. When a server becomes a domain controller, the Enterprise Admins group also is added to the Administrators group.| -| Users | S-1-5-32-545| A built-in group. After the initial installation of the operating system, the only member is the Authenticated Users group.| +| S-1-5-32-545 | Users| A built-in group. After the initial installation of the operating system, the only member is the Authenticated Users group.| | S-1-5-32-546 | Guests| A built-in group. By default, the only member is the Guest account. The Guests group allows occasional or one-time users to log on with limited privileges to a computer's built-in Guest account.| | S-1-5-32-547 | Power Users| A built-in group. By default, the group has no members. Power users can create local users and groups; modify and delete accounts that they have created; and remove users from the Power Users, Users, and Guests groups. Power users also can install programs; create, manage, and delete local printers; and create and delete file shares. | | S-1-5-32-548| Account Operators| A built-in group that exists only on domain controllers. By default, the group has no members. By default, Account Operators have permission to create, modify, and delete accounts for users, groups, and computers in all containers and organizational units of Active Directory except the Builtin container and the Domain Controllers OU. Account Operators do not have permission to modify the Administrators and Domain Admins groups, nor do they have permission to modify the accounts for members of those groups.| From 4176d4921298fdbd8ce367bacc4f5b86852e77f3 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 30 May 2018 09:01:06 -0700 Subject: [PATCH 045/319] revised note about using MDM vs MAM --- .../create-wip-policy-using-intune-azure.md | 11 +++++++---- .../create-wip-policy-using-mam-intune-azure.md | 9 +++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 19991175b1..0163ad7144 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -19,10 +19,13 @@ ms.date: 05/09/2018 Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. ->[!Important] ->This topic covers creating a Windows Information Protection (WIP) policy for organizations already managing devices by using Mobile Device Management (MDM) solutions. If your organization uses a mobile application management (MAM) solution to deploy your WIP policy to Intune apps without managing devices, you must follow the instructions in the [Create a Windows Information Protection (WIP) policy with MAM using the Azure portal for Microsoft Intune](create-wip-policy-using-mam-intune-azure.md) topic. ->If the same user and device are targeted for both MDM policy and MAM-only (without device enrollment) policy, the MDM policy will be applied to devices joined to Azure AD. For personal devices that are workplace-joined, the MAM-only policy will be preferred but it's possible to upgrade the device management to MDM in **Settings**. ->Windows Home edition only supports WIP for MAM-only; upgrading to MDM policy on Home edition will revoke WIP-protected data access. +## Alternative steps if you use MAM only (without device enrollment) + +This topic covers creating a Windows Information Protection (WIP) policy for organizations already managing devices by using Mobile Device Management (MDM) solutions. If your organization uses a mobile application management (MAM) solution to deploy your WIP policy to Intune apps without managing devices, see [Create a Windows Information Protection (WIP) policy with MAM using the Azure portal for Microsoft Intune](create-wip-policy-using-mam-intune-azure.md). + +If the same user and device are targeted for both MDM policy and MAM-only (without device enrollment) policy, the MDM policy will be applied to devices joined to Azure AD. For personal devices that are workplace-joined, the MAM-only policy will be preferred but it's possible to upgrade the device management to MDM in **Settings**. + +Windows Home edition only supports WIP for MAM-only; upgrading to MDM policy on Home edition will revoke WIP-protected data access. ## Add a WIP policy Follow these steps to add a WIP policy using Intune. diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md index c4df5d699f..3d634dccbb 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md @@ -26,10 +26,11 @@ By using Microsoft Intune with Mobile application management (MAM), organization - Remove enterprise data from employee's devices - Report on mobile app inventory and track usage ->[!NOTE] ->This topic covers creating a Windows Information Protection (WIP) policy for organizations using a mobile application management (MAM) solution to deploy your WIP policy to Intune apps without device enrollment. If you are already managing devices by using a Mobile Device Management (MDM) solution, you must follow the instructions in the [Create a Windows Information Protection (WIP) with enrollment policy using the Azure portal for Microsoft Intune](create-wip-policy-using-intune-azure.md) topic. ->If the same user and device are targeted for both MAM-only (without device enrollment) policy and MDM policy, the MDM policy will be applied to devices joined to Azure AD. For personal devices that are workplace-joined, the MAM-only policy will be preferred but it's possible to upgrade the device management to MDM in **Settings**. ->Windows Home edition only supports WIP for MAM-only; upgrading to MDM policy on Home edition will revoke WIP-protected data access. +## Alternative steps if you already manage devices with MDM + +This topic covers creating a Windows Information Protection (WIP) policy for organizations using a mobile application management (MAM) solution to deploy your WIP policy to Intune apps without device enrollment. If you are already managing devices by using a Mobile Device Management (MDM) solution, see [Create a Windows Information Protection (WIP) with enrollment policy using the Azure portal for Microsoft Intune](create-wip-policy-using-intune-azure.md). +If the same user and device are targeted for both MAM-only (without device enrollment) policy and MDM policy, the MDM policy (with device enrollement) will be applied to devices joined to Azure AD. For personal devices that are workplace-joined (that is, added by using **Settings** > **Email & accounts** > **Add a work or school account**), the MAM-only policy will be preferred but it's possible to upgrade the device management to MDM in **Settings**. +Windows Home edition only supports WIP for MAM-only; upgrading to MDM policy on Home edition will revoke WIP-protected data access. ## Prerequisites to using MAM with Windows Information Protection (WIP) Before you can create your WIP policy with MAM, you must first set up your MAM provider. For more info about how to do this, see the [Get ready to configure app protection policies for Windows 10](https://docs.microsoft.com/en-us/intune-classic/deploy-use/get-ready-to-configure-app-protection-policies-for-windows-10) topic. From 3c1fb881529b8919900bed2a7f85f14ce885b15f Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 30 May 2018 09:10:23 -0700 Subject: [PATCH 046/319] revised note about using MDM vs MAM --- .../create-wip-policy-using-intune-azure.md | 3 ++- .../create-wip-policy-using-mam-intune-azure.md | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 0163ad7144..48e93d15df 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -6,8 +6,9 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft +ms.author: justinha ms.localizationpriority: medium -ms.date: 05/09/2018 +ms.date: 05/30/2018 --- # Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md index 3d634dccbb..ed662d8105 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md @@ -6,8 +6,8 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.author: lizross -ms.date: 10/13/2017 +ms.author: justinha +ms.date: 05/30/2018 localizationpriority: medium --- From 0fd232c58919c39d1a511a5d0d8e37d53029384e Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 30 May 2018 09:27:11 -0700 Subject: [PATCH 047/319] removed en-us --- .../app-behavior-with-wip.md | 2 +- ...te-vpn-and-wip-policy-using-intune-azure.md | 2 +- .../create-wip-policy-using-intune-azure.md | 16 ++++++++-------- .../create-wip-policy-using-intune.md | 8 ++++---- ...create-wip-policy-using-mam-intune-azure.md | 18 +++++++++--------- .../limitations-with-wip.md | 6 +++--- .../mandatory-settings-for-wip.md | 2 +- .../protect-enterprise-data-using-wip.md | 4 ++-- .../recommended-network-definitions-for-wip.md | 2 +- .../using-owa-with-wip.md | 2 +- .../wip-app-enterprise-context.md | 2 +- 11 files changed, 32 insertions(+), 32 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md index 9069e4634e..d7898455cc 100644 --- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md @@ -31,7 +31,7 @@ We strongly suggest that the only unenlightened apps you add to your allowed app >After revoking WIP, unenlightened apps will have to be uninstalled and re-installed since their settings files will remain encrypted. >[!Note] ->For more info about creating enlightened apps, see the [Windows Information Protection (WIP)](https://msdn.microsoft.com/en-us/windows/uwp/enterprise/wip-hub) topic in the Windows Dev Center. +>For more info about creating enlightened apps, see the [Windows Information Protection (WIP)](https://msdn.microsoft.com/windows/uwp/enterprise/wip-hub) topic in the Windows Dev Center. ## Unenlightened app behavior This table includes info about how unenlightened apps might behave, based on your Windows Information Protection (WIP) networking policies, your app configuration, and potentially whether the app connects to network resources directly by using IP addresses or by using hostnames. diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md index 32d3fa955b..5d54aaac22 100644 --- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md @@ -24,7 +24,7 @@ Follow these steps to associate your WIP policy with your organization's existin **To associate your policies** -1. Create your VPN profile. For info about how to do this, see [How to configure VPN settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/how-to-configure-vpn-settings) and [How to create custom VPN profiles in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/create-custom-vpn-profiles#create-a-custom-configuration). +1. Create your VPN profile. For info about how to do this, see [How to configure VPN settings in Microsoft Intune](https://docs.microsoft.com/intune-azure/configure-devices/how-to-configure-vpn-settings) and [How to create custom VPN profiles in Microsoft Intune](https://docs.microsoft.com/intune-azure/configure-devices/create-custom-vpn-profiles#create-a-custom-configuration). 2. Open the Microsoft Intune mobile application management console, click **Device configuration**, and then click **Create Profile**. diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 48e93d15df..0d38165e64 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -52,7 +52,7 @@ Follow these steps to add a WIP policy using Intune. ![Add a mobile app policy](images/add-a-mobile-app-policy.png) >[!Important] - >Choosing **With enrollment** only applies for organizations using MDM. If you're using MAM only (without device enrollment), you must use these instructions instead: [Create and deploy Windows Information Protection (WIP) app protection policy with Intune](https://docs.microsoft.com/en-us/intune/deploy-use/create-windows-information-protection-policy-with-intune). + >Choosing **With enrollment** only applies for organizations using MDM. If you're using MAM only (without device enrollment), see [Create a Windows Information Protection (WIP) policy with MAM using the Azure portal for Microsoft Intune](create-wip-policy-using-mam-intune-azure.md). 4. Click **Protected apps** and then click **Add apps**. @@ -88,7 +88,7 @@ If you don't know the Store app publisher or product name, you can find them for 1. Go to the [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, *Power BI Mobile App*. -2. Copy the ID value from the app URL. For example, the Power BI Mobile App ID URL is https://www.microsoft.com/en-us/store/p/microsoft-power-bi/9nblgggzlxn1, and you'd copy the ID value, `9nblgggzlxn1`. +2. Copy the ID value from the app URL. For example, the Power BI Mobile App ID URL is https://www.microsoft.com/store/p/microsoft-power-bi/9nblgggzlxn1, and you'd copy the ID value, `9nblgggzlxn1`. 3. In a browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblgggzlxn1/applockerdata, where `9nblgggzlxn1` is replaced with your ID value. @@ -379,7 +379,7 @@ There are no default locations included with WIP, you must add each of your netw Cloud Resources With proxy: contoso.sharepoint.com,contoso.internalproxy1.com|
contoso.visualstudio.com,contoso.internalproxy2.com

Without proxy: contoso.sharepoint.com|contoso.visualstudio.com - Specify the cloud resources to be treated as corporate and protected by WIP.

For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.

If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.

Important
In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.

When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access), using the Domain joined or marked as compliant option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access. + Specify the cloud resources to be treated as corporate and protected by WIP.

For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.

If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.

Important
In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.

When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the Domain joined or marked as compliant option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access. Protected domains @@ -432,7 +432,7 @@ There are no default locations included with WIP, you must add each of your netw After you create and deploy your WIP policy to your employees, Windows begins to encrypt your corporate data on the employees’ local device drive. If somehow the employees’ local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the Data Recovery Agent (DRA) certificate lets Windows use an included public key to encrypt the local data while you maintain the private key that can unencrypt the data. >[!Important] ->Using a DRA certificate isn’t mandatory. However, we strongly recommend it. For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](https://go.microsoft.com/fwlink/p/?LinkId=761462) topic. For more info about creating and verifying your EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](https://docs.microsoft.com/en-us/windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate) topic. +>Using a DRA certificate isn’t mandatory. However, we strongly recommend it. For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](https://go.microsoft.com/fwlink/p/?LinkId=761462) topic. For more info about creating and verifying your EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](https://docs.microsoft.com/windows/threat-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate) topic. **To upload your DRA certificate** 1. From the **App policy** blade, click the name of your policy, and then click **Advanced settings** from the menu that appears. @@ -477,7 +477,7 @@ After you've decided where your protected apps can access enterprise data on you - **Off, or not configured.** Stops using Azure Rights Management encryption with WIP. ## Choose to set up Azure Rights Management with WIP -WIP can integrate with Microsoft Azure Rights Management to enable secure sharing of files by using removable drives such as USB drives. For more info about Azure Rights Management, see [Microsoft Azure Rights Management](https://products.office.com/en-us/business/microsoft-azure-rights-management). To integrate Azure Rights Management with WIP, you must already have Azure Rights Management set up. +WIP can integrate with Microsoft Azure Rights Management to enable secure sharing of files by using removable drives such as USB drives. For more info about Azure Rights Management, see [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management). To integrate Azure Rights Management with WIP, you must already have Azure Rights Management set up. To configure WIP to use Azure Rights Management, you must set the **AllowAzureRMSForEDP** MDM setting to **1** in Microsoft Intune. This setting tells WIP to encrypt files copied to removable drives with Azure Rights Management, so they can be shared amongst your employees on computers running at least Windows 10, version 1703. @@ -487,7 +487,7 @@ Optionally, if you don’t want everyone in your organization to be able to shar >Curly braces -- {} -- are required around the RMS Template ID. >[!NOTE] ->For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-custom-templates) topic. +>For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates) topic. ## Related topics - [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md) @@ -498,9 +498,9 @@ Optionally, if you don’t want everyone in your organization to be able to shar - [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md) -- [What is Azure Rights Management?]( https://docs.microsoft.com/en-us/information-protection/understand-explore/what-is-azure-rms) +- [What is Azure Rights Management?]( https://docs.microsoft.com/information-protection/understand-explore/what-is-azure-rms) -- [Create and deploy Windows Information Protection (WIP) app protection policy with Intune and MAM](https://docs.microsoft.com/en-us/intune/deploy-use/create-windows-information-protection-policy-with-intune) +- [Create and deploy Windows Information Protection (WIP) app protection policy with Intune and MAM](https://docs.microsoft.com/intune/deploy-use/create-windows-information-protection-policy-with-intune) - [Intune MAM Without Enrollment](https://blogs.technet.microsoft.com/configmgrdogs/2016/02/04/intune-mam-without-enrollment/) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md index 68e5de567f..abee275cdd 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md @@ -359,7 +359,7 @@ There are no default locations included with WIP, you must add each of your netw Enterprise Cloud Resources With proxy: contoso.sharepoint.com,contoso.internalproxy1.com|
contoso.visualstudio.com,contoso.internalproxy2.com

Without proxy: contoso.sharepoint.com|contoso.visualstudio.com - Specify the cloud resources to be treated as corporate and protected by WIP.

For each cloud resource, you may also optionally specify a proxy server from your Enterprise Internal Proxy Servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Enterprise Internal Proxy Servers is considered enterprise.

If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.

Important
In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.

When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access), using the Domain joined or marked as compliant option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access. + Specify the cloud resources to be treated as corporate and protected by WIP.

For each cloud resource, you may also optionally specify a proxy server from your Enterprise Internal Proxy Servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Enterprise Internal Proxy Servers is considered enterprise.

If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.

Important
In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.

When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the Domain joined or marked as compliant option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access. Enterprise Network Domain Names (Required) @@ -414,7 +414,7 @@ There are no default locations included with WIP, you must add each of your netw For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](https://go.microsoft.com/fwlink/p/?LinkId=761462) topic. For more info about creating and verifying your EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md). ## Choose to set up Azure Rights Management with WIP -WIP can integrate with Microsoft Azure Rights Management to enable secure sharing of files via removable drives such as USB drives. For more info about Azure Rights Management, see [Microsoft Azure Rights Management](https://products.office.com/en-us/business/microsoft-azure-rights-management). To integrate Azure Rights Management with WIP, you must already have Azure Rights Management set up. +WIP can integrate with Microsoft Azure Rights Management to enable secure sharing of files via removable drives such as USB drives. For more info about Azure Rights Management, see [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management). To integrate Azure Rights Management with WIP, you must already have Azure Rights Management set up. To configure WIP to use Azure Rights Management, you must set the **AllowAzureRMSForEDP** MDM setting to **1** in Microsoft Intune. This setting tells WIP to encrypt files copied to removable drives with Azure Rights Management, so they can be shared amongst your employees on computers running at least Windows 10, version 1703. @@ -424,7 +424,7 @@ Optionally, if you don’t want everyone in your organization to be able to shar >Curly braces -- {} -- are required around the RMS Template ID. >[!NOTE] ->For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-custom-templates) topic. +>For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates) topic. ## Choose your optional WIP-related settings After you've decided where your protected apps can access enterprise data on your network, you’ll be asked to decide if you want to add any optional WIP settings. @@ -475,7 +475,7 @@ After you've decided where your protected apps can access enterprise data on you - [Azure RMS Documentation Update for May 2016](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/azure-rms-documentation-update-for-may-2016/) -- [What is Azure Rights Management?]( https://docs.microsoft.com/en-us/information-protection/understand-explore/what-is-azure-rms) +- [What is Azure Rights Management?]( https://docs.microsoft.com/information-protection/understand-explore/what-is-azure-rms) >[!NOTE] >Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). \ No newline at end of file diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md index ed662d8105..3d0884267e 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md @@ -33,9 +33,9 @@ If the same user and device are targeted for both MAM-only (without device enrol Windows Home edition only supports WIP for MAM-only; upgrading to MDM policy on Home edition will revoke WIP-protected data access. ## Prerequisites to using MAM with Windows Information Protection (WIP) -Before you can create your WIP policy with MAM, you must first set up your MAM provider. For more info about how to do this, see the [Get ready to configure app protection policies for Windows 10](https://docs.microsoft.com/en-us/intune-classic/deploy-use/get-ready-to-configure-app-protection-policies-for-windows-10) topic. +Before you can create your WIP policy with MAM, you need to [set up your MAM provider](https://docs.microsoft.com/intune-classic/deploy-use/get-ready-to-configure-app-protection-policies-for-windows-10). -Additionally, you must have an [Azure AD Premium license](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-what-is) and be running at least Windows 10, version 1703 on your device. +Additionally, you must have an [Azure AD Premium license](https://docs.microsoft.com/azure/active-directory/active-directory-licensing-what-is) and be running at least Windows 10, version 1703 on your device. >[!Important] >WIP doesn't support multi-identity. Only one managed identity can exist at a time. @@ -65,7 +65,7 @@ After you’ve set up Intune for your organization, you must create a WIP-specif ![Microsoft Intune management console: Create your new policy in the Add a policy blade](images/wip-azure-add-policy.png) >[!Important] - >Choosing **Without enrollment** only applies for organizations using MAM. If you're using MDM, you must use these instructions, [Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune](create-wip-policy-using-intune-azure.md), instead. + >Choosing **Without enrollment** only applies for organizations using MAM. If you're using MDM, see [Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune](create-wip-policy-using-intune-azure.md). 4. Click **Create**. @@ -135,7 +135,7 @@ If you don't know the publisher or product name for your Store app, you can find **To find the publisher and product name values for Store apps without installing them** 1. Go to the [Microsoft Store for Business](https://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, *Microsoft Power BI*. -2. Copy the ID value from the app URL. For example, Microsoft Power BI ID URL is https://www.microsoft.com/en-us/store/p/microsoft-power-bi/9nblgggzlxn1, and you'd copy the ID value, `9nblgggzlxn1`. +2. Copy the ID value from the app URL. For example, Microsoft Power BI ID URL is https://www.microsoft.com/store/p/microsoft-power-bi/9nblgggzlxn1, and you'd copy the ID value, `9nblgggzlxn1`. 3. In a browser, run the Microsoft Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9nblgggzlxn1/applockerdata, where `9nblgggzlxn1` is replaced with your ID value. @@ -448,7 +448,7 @@ There are no default locations included with WIP, you must add each of your netw Cloud Resources With proxy: contoso.sharepoint.com,contoso.internalproxy1.com|
contoso.visualstudio.com,contoso.internalproxy2.com

Without proxy: contoso.sharepoint.com|contoso.visualstudio.com - Specify the cloud resources to be treated as corporate and protected by WIP.

For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.

If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.

Important
In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.

When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access), using the Domain joined or marked as compliant option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access. + Specify the cloud resources to be treated as corporate and protected by WIP.

For each cloud resource, you may also optionally specify a proxy server from your Internal proxy servers list to route traffic for this cloud resource. Be aware that all traffic routed through your Internal proxy servers is considered enterprise.

If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: URL <,proxy>|URL <,proxy>.

Important
In some cases, such as when an app connects directly to a cloud resource through an IP address, Windows can’t tell whether it’s attempting to connect to an enterprise cloud resource or to a personal site. In this case, Windows blocks the connection by default. To stop Windows from automatically blocking these connections, you can add the /*AppCompat*/ string to the setting. For example: URL <,proxy>|URL <,proxy>|/*AppCompat*/.

When using this string, we recommend that you also turn on [Azure Active Directory Conditional Access](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access), using the Domain joined or marked as compliant option, which blocks apps from accessing any enterprise cloud resources that are protected by conditional access. Network domain names @@ -553,7 +553,7 @@ After you've decided where your protected apps can access enterprise data on you - **MDM discovery URL.** Lets the **Windows Settings** > **Accounts** > **Access work or school** sign-in offer an **Upgrade to MDM** link. Additionally, this lets you switch to another MDM provider, so that Microsoft Intune can manage MAM, while the new MDM provider manages the MDM devices. By default, this is specified to use Microsoft Intune. #### Choose to set up Azure Rights Management with WIP -WIP can integrate with Microsoft Azure Rights Management to enable secure sharing of files by using removable drives such as USB drives. For more info about Azure Rights Management, see [Microsoft Azure Rights Management](https://products.office.com/en-us/business/microsoft-azure-rights-management). To integrate Azure Rights Management with WIP, you must already have Azure Rights Management set up. +WIP can integrate with Microsoft Azure Rights Management to enable secure sharing of files by using removable drives such as USB drives. For more info about Azure Rights Management, see [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management). To integrate Azure Rights Management with WIP, you must already have Azure Rights Management set up. To configure WIP to use Azure Rights Management, you must set the **AllowAzureRMSForEDP** MDM setting to **1** in Microsoft Intune. This setting tells WIP to encrypt files copied to removable drives with Azure Rights Management, so they can be shared amongst your employees on computers running at least Windows 10, version 1703. @@ -563,7 +563,7 @@ Optionally, if you don’t want everyone in your organization to be able to shar >Curly braces -- {} -- are required around the RMS Template ID. >[!NOTE] ->For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-custom-templates) topic. +>For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates) topic. ### Choose whether to use and configure Windows Hello for Business You can turn on Windows Hello for Business, letting your employees use it as a sign-in method for their devices. @@ -646,11 +646,11 @@ After you’ve created your policy, you'll need to deploy it to your employees. ## Related topics -- [Implement server-side support for mobile application management on Windows](https://docs.microsoft.com/en-us/windows/client-management/mdm/implement-server-side-mobile-application-management) +- [Implement server-side support for mobile application management on Windows](https://docs.microsoft.com/windows/client-management/mdm/implement-server-side-mobile-application-management) - [Microsoft Intune - Mobile Application Management (MAM) standalone blog post](https://blogs.technet.microsoft.com/cbernier/2016/01/05/microsoft-intune-mobile-application-management-mam-standalone/) -- [MAM-supported apps](https://www.microsoft.com/en-us/cloud-platform/microsoft-intune-apps) +- [MAM-supported apps](https://www.microsoft.com/cloud-platform/microsoft-intune-apps) - [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md) diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 1f82d1ef3c..6a7f7a416c 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -69,7 +69,7 @@ This table provides info about the most common problems you might encounter whil Redirected folders with Client Side Caching are not compatible with WIP. Apps might encounter access errors while attempting to read a cached, offline file. - Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business.

Note
For more info about Work Folders and Offline Files, see the blog, [Work Folders and Offline Files support for Windows Information Protection](https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/). If you're having trouble opening files offline while using Offline Files and WIP, see the support article, [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/en-us/kb/3187045). + Migrate to use another file synchronization method, such as Work Folders or OneDrive for Business.

Note
For more info about Work Folders and Offline Files, see the blog, [Work Folders and Offline Files support for Windows Information Protection](https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/). If you're having trouble opening files offline while using Offline Files and WIP, see the support article, [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/kb/3187045). You can't upload an enterprise file to a personal location using Microsoft Edge or Internet Explorer. @@ -79,7 +79,7 @@ This table provides info about the most common problems you might encounter whil ActiveX controls should be used with caution. Webpages that use ActiveX controls can potentially communicate with other outside processes that aren’t protected by using WIP. - We recommend that you switch to using Microsoft Edge, the more secure and safer browser that prevents the use of ActiveX controls. We also recommend that you limit the usage of Internet Explorer 11 to only those line-of-business apps that require legacy technology.

For more info, see [Out-of-date ActiveX control blocking](https://technet.microsoft.com/en-us/itpro/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking). + We recommend that you switch to using Microsoft Edge, the more secure and safer browser that prevents the use of ActiveX controls. We also recommend that you limit the usage of Internet Explorer 11 to only those line-of-business apps that require legacy technology.

For more info, see [Out-of-date ActiveX control blocking](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking). Resilient File System (ReFS) isn't currently supported with WIP. @@ -105,7 +105,7 @@ This table provides info about the most common problems you might encounter whil WIP isn’t turned on for employees in your organization. - Don’t set the MakeFolderAvailableOfflineDisabled option to False for any of the specified folders.

If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/en-us/help/3187045/can-t-open-files-offline-when-you-use-offline-files-and-windows-information-protection). + Don’t set the MakeFolderAvailableOfflineDisabled option to False for any of the specified folders.

If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/help/3187045/can-t-open-files-offline-when-you-use-offline-files-and-windows-information-protection). diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md index 43ee4efa13..9ff661e183 100644 --- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md @@ -29,7 +29,7 @@ This list provides all of the tasks and settings that are required for the opera |Specify your corporate identity.|This field is automatically filled out for you by Microsoft Intune. However, you must manually correct it if it’s incorrect or if you need to add additional domains. For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics. |Specify your network domain names.|Starting with Windows 10, version 1703, this field is optional.

Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics.| |Specify your enterprise IPv4 or IPv6 ranges.|Starting with Windows 10, version 1703, this field is optional.

Specify the addresses for a valid IPv4 or IPv6 value range within your intranet. These addresses, used with your Network domain names, define your corporate network boundaries. For more info about where this area is and what it means, see the table that appears in the **Define your enterprise-managed corporate identity** section of the policy creation topics.| -|Include your Data Recovery Agent (DRA) certificate.|Starting with Windows 10, version 1703, this field is optional. But we strongly recommend that you add a certificate.

This certificate makes sure that any of your WIP-encrypted data can be decrypted, even if the security keys are lost. For more info about where this area is and what it means, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/create-and-verify-an-efs-dra-certificate) topic.| +|Include your Data Recovery Agent (DRA) certificate.|Starting with Windows 10, version 1703, this field is optional. But we strongly recommend that you add a certificate.

This certificate makes sure that any of your WIP-encrypted data can be decrypted, even if the security keys are lost. For more info about where this area is and what it means, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](https://technet.microsoft.com/itpro/windows/keep-secure/create-and-verify-an-efs-dra-certificate) topic.| >[!NOTE] diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index 4227a5f80b..b685702bf0 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -18,7 +18,7 @@ ms.date: 09/11/2017 - Windows 10, version 1607 and later - Windows 10 Mobile, version 1607 and later ->Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare). +>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare). With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage. @@ -29,7 +29,7 @@ You’ll need this software to run WIP in your enterprise: |Operating system | Management solution | |-----------------|---------------------| -|Windows 10, version 1607 or later | Microsoft Intune

-OR-

System Center Configuration Manager

-OR-

Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product. If your 3rd party MDM does not have UI support for the policies, refer to the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt697634.aspx) documentation.| +|Windows 10, version 1607 or later | Microsoft Intune

-OR-

System Center Configuration Manager

-OR-

Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product. If your 3rd party MDM does not have UI support for the policies, refer to the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt697634.aspx) documentation.| ## What is enterprise data control? Effective collaboration means that you need to share data with others in your enterprise. This sharing can be from one extreme where everyone has access to everything without any security, all the way to the other extreme where people can’t share anything and it’s all highly secured. Most enterprises fall somewhere in between the two extremes, where success is balanced between providing the necessary access with the potential for improper data disclosure. diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md index 41d141a9d4..74cf595171 100644 --- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md @@ -18,7 +18,7 @@ ms.date: 09/11/2017 - Windows 10, version 1607 and later - Windows 10 Mobile, version 1607 and later ->Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare). +>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare). We recommend that you add the following URLs to the Enterprise Cloud Resources and Neutral Resources network settings, when used with Windows Information Protection (WIP). diff --git a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md index 15ca7a4e9e..9659622348 100644 --- a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md @@ -17,7 +17,7 @@ ms.date: 09/11/2017 - Windows 10, version 1607 and later - Windows 10 Mobile, version 1607 and later ->Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare). +>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare). Because Outlook on the web can be used both personally and as part of your organization, you have the following options to configure it with Windows Information Protection (WIP): diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md index 82577755ce..711c0de53f 100644 --- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md +++ b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md @@ -17,7 +17,7 @@ ms.date: 09/11/2017 - Windows 10, version 1607 and later - Windows 10 Mobile, version 1607 and later ->Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare). +>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare). Use Task Manager to check the context of your apps while running in Windows Information Protection (WIP) to make sure that your organization's policies are applied and running correctly. From 147f5991afb370ce16f88e65e0d521bf1d1d963f Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 30 May 2018 09:31:38 -0700 Subject: [PATCH 048/319] updated metadata --- .../windows-information-protection/app-behavior-with-wip.md | 4 ++-- .../create-vpn-and-wip-policy-using-intune-azure.md | 4 ++-- .../create-wip-policy-using-intune.md | 4 ++-- .../windows-information-protection/limitations-with-wip.md | 4 ++-- .../mandatory-settings-for-wip.md | 4 ++-- .../protect-enterprise-data-using-wip.md | 4 ++-- .../recommended-network-definitions-for-wip.md | 4 ++-- .../windows-information-protection/using-owa-with-wip.md | 4 ++-- .../wip-app-enterprise-context.md | 4 ++-- 9 files changed, 18 insertions(+), 18 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md index d7898455cc..1c8b475572 100644 --- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md @@ -6,9 +6,9 @@ ms.prod: w10 ms.mktglfcycl: explore ms.pagetype: security ms.sitesec: library -author: eross-msft +ms.author: justinha +ms.date: 05/30/2018 ms.localizationpriority: medium -ms.date: 09/11/2017 --- # Unenlightened and enlightened app behavior while using Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md index 5d54aaac22..c554266f44 100644 --- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md @@ -6,9 +6,9 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: eross-msft +ms.author: justinha +ms.date: 05/30/2018 ms.localizationpriority: medium -ms.date: 09/11/2017 --- # Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md index abee275cdd..12a7d8e8a4 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md @@ -6,9 +6,9 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: eross-msft +ms.author: justinha +ms.date: 05/30/2018 ms.localizationpriority: medium -ms.date: 10/16/2017 --- # Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 6a7f7a416c..58d83ff733 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -7,8 +7,8 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security author: eross-msft -ms.author: lizross -ms.date: 10/26/2017 +ms.author: justinha +ms.date: 05/30/2018 ms.localizationpriority: medium --- diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md index 9ff661e183..accb65ae90 100644 --- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md @@ -6,9 +6,9 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: eross-msft +ms.author: justinha +ms.date: 05/30/2018 ms.localizationpriority: medium -ms.date: 09/11/2017 --- # Mandatory tasks and settings required to turn on Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index b685702bf0..b6041c8b1f 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -7,9 +7,9 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: coreyp-at-msft +ms.author: justinha +ms.date: 05/30/2018 ms.localizationpriority: medium -ms.date: 09/11/2017 --- # Protect your enterprise data using Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md index 74cf595171..d9b56f7ad3 100644 --- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md @@ -6,9 +6,9 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: eross-msft +ms.author: justinha +ms.date: 05/30/2018 ms.localizationpriority: medium -ms.date: 09/11/2017 --- # Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md index 9659622348..0d85fb8053 100644 --- a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md @@ -6,9 +6,9 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: eross-msft +ms.author: justinha +ms.date: 05/30/2018 ms.localizationpriority: medium -ms.date: 09/11/2017 --- # Using Outlook on the web with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md index 711c0de53f..b971c3a054 100644 --- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md +++ b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md @@ -6,9 +6,9 @@ ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security -author: eross-msft +ms.author: justinha +ms.date: 05/30/2018 ms.localizationpriority: medium -ms.date: 09/11/2017 --- # Determine the Enterprise Context of an app running in Windows Information Protection (WIP) From 64e05bcc73c458fc86362ecfa7ca37a543711efc Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Wed, 30 May 2018 09:37:04 -0700 Subject: [PATCH 049/319] Added Windows Server support --- .../attack-surface-reduction-exploit-guard.md | 5 +++-- .../audit-windows-defender-exploit-guard.md | 3 ++- .../collect-cab-files-exploit-guard-submission.md | 3 ++- .../controlled-folders-exploit-guard.md | 6 +++--- .../customize-attack-surface-reduction.md | 6 +++--- .../customize-controlled-folders-exploit-guard.md | 4 ++-- .../customize-exploit-protection.md | 4 ++-- .../enable-attack-surface-reduction.md | 6 +++--- .../enable-controlled-folders-exploit-guard.md | 4 ++-- .../enable-exploit-protection.md | 4 ++-- .../enable-network-protection.md | 6 +++--- .../evaluate-attack-surface-reduction.md | 6 +++--- .../evaluate-controlled-folder-access.md | 4 ++-- .../evaluate-exploit-protection.md | 4 ++-- .../evaluate-network-protection.md | 6 +++--- .../evaluate-windows-defender-exploit-guard.md | 4 ++-- .../event-views-exploit-guard.md | 4 ++-- .../exploit-protection-exploit-guard.md | 4 ++-- .../network-protection-exploit-guard.md | 6 +++--- .../windows-defender-exploit-guard/troubleshoot-asr.md | 1 + .../troubleshoot-exploit-protection-mitigations.md | 4 ++-- .../windows-defender-exploit-guard.md | 4 ++-- 22 files changed, 51 insertions(+), 47 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 00c9b0bbaa..415271f891 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 05/17/2018 +ms.date: 05/30/2018 --- @@ -22,6 +22,7 @@ ms.date: 05/17/2018 **Applies to:** - Windows 10, version 1709 and later +- Windows Server 2016 - Microsoft Office 365 - Microsoft Office 2016 - Microsoft Office 2013 @@ -42,7 +43,7 @@ ms.date: 05/17/2018 - Configuration service providers for mobile device management -Available in Windows 10 Enterprise E5, Attack surface reduction helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines. +Supported in Windows 10 Enterprise E5, Attack surface reduction helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines. It is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md index 753f9fd8a3..f0f6e4ea2b 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/audit-windows-defender-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/30/2018 +ms.date: 05/30/2018 --- @@ -20,6 +20,7 @@ ms.date: 04/30/2018 **Applies to:** - Windows 10, version 1709 and later +- Windows Server 2016 diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md b/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md index 19a6ecae33..21cec1e41c 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/30/2018 +ms.date: 05/30/2018 --- # Collect diagnostic data for Windows Defender Exploit Guard file submissions @@ -19,6 +19,7 @@ ms.date: 04/30/2018 **Applies to:** - Windows 10, version 1709 and later +- Windows Server 2016 **Audience** diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md index 2ce348a33d..4ad70db2f1 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/30/2018 +ms.date: 05/30/2018 --- @@ -22,7 +22,7 @@ ms.date: 04/30/2018 **Applies to:** - Windows 10, version 1709 and later - +- Windows Server 2016 **Audience** @@ -51,7 +51,7 @@ All apps (any executable file, including .exe, .scr, .dll files and others) are This is especially useful in helping to protect your documents and information from [ransomware](https://www.microsoft.com/en-us/wdsi/threats/ransomware) that can attempt to encrypt your files and hold them hostage. -A notification will appear on the machine where the app attempted to make changes to a protected folder. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors. +A notification will appear on the computer where the app attempted to make changes to a protected folder. You can [customize the notification](customize-attack-surface-reduction.md#customize-the-notification) with your company details and contact information. You can also enable the rules individually to customize what techniques the feature monitors. The protected folders include common system folders, and you can [add additional folders](customize-controlled-folders-exploit-guard.md#protect-additional-folders). You can also [allow or whitelist apps](customize-controlled-folders-exploit-guard.md#allow-specific-apps-to-make-changes-to-controlled-folders) to give them access to the protected folders. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md index 7f34a4b5d1..f8f6992650 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 05/17/2018 +ms.date: 05/30/2018 --- # Customize Attack surface reduction @@ -19,7 +19,7 @@ ms.date: 05/17/2018 **Applies to:** - Windows 10 Enterprise edition, version 1709 and later - +- Windows Server 2016 **Audience** @@ -35,7 +35,7 @@ ms.date: 05/17/2018 - Configuration service providers for mobile device management -Available in Windows 10 Enterprise E5, Attack surface reduction is a feature that is part of Windows Defender Exploit Guard. It helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines. +Supported in Windows 10 Enterprise E5, Attack surface reduction is a feature that is part of Windows Defender Exploit Guard. It helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines. This topic describes how to customize Attack surface reduction by [excluding files and folders](#exclude-files-and-folders) or [adding custom text to the notification](#customize-the-notification) alert that appears on a user's computer. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md index 031a513662..700eb382ef 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 05/17/2018 +ms.date: 05/30/2018 --- @@ -22,7 +22,7 @@ ms.date: 05/17/2018 **Applies to:** - Windows 10, version 1709 and later - +- Windows Server 2016 **Audience** diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md index 34dc3e27f0..e444865096 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/30/2018 +ms.date: 05/30/2018 --- # Customize Exploit protection @@ -19,7 +19,7 @@ ms.date: 04/30/2018 **Applies to:** - Windows 10, version 1709 and later - +- Windows Server 2016 **Audience** diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md index 0fb9cf5f6b..a945bdc331 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 05/17/2018 +ms.date: 05/30/2018 --- @@ -21,7 +21,7 @@ ms.date: 05/17/2018 **Applies to:** - Windows 10, version 1709 and later - +- Windows Server 2016 **Audience** @@ -36,7 +36,7 @@ ms.date: 05/17/2018 - Configuration service providers for mobile device management -Available in Windows 10 Enterprise E5, Attack surface reduction is a feature that is part of Windows Defender Exploit Guard. It helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines. +Supported in Windows 10 Enterprise E5, Attack surface reduction is a feature that is part of Windows Defender Exploit Guard. It helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md index 3f1013add6..723db05106 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/30/2018 +ms.date: 05/30/2018 --- @@ -22,7 +22,7 @@ ms.date: 04/30/2018 **Applies to:** - Windows 10, version 1709 and later - +- Windows Server 2016 **Audience** diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md index aa0862bcbc..4fff608788 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/30/2018 +ms.date: 05/30/2018 --- @@ -22,7 +22,7 @@ ms.date: 04/30/2018 **Applies to:** - Windows 10, version 1709 and later - +- Windows Server 2016 **Audience** diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md index b2abb2149e..c4326ff783 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 05/17/2018 +ms.date: 05/30/2018 --- @@ -21,7 +21,7 @@ ms.date: 05/17/2018 **Applies to:** - Windows 10, version 1709 and later - +- Windows Server 2016 **Audience** @@ -36,7 +36,7 @@ ms.date: 05/17/2018 - Configuration service providers for mobile device management -Available in Windows 10 Enterprise, Network protection is a feature that is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). It helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. +Supported in Windows 10 Enterprise, Network protection is a feature that is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). It helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. This topic describes how to enable Network protection with Group Policy, PowerShell cmdlets, and configuration service providers (CSPs) for mobile device management (MDM). diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md index d601c3b522..63e4996970 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/30/2018 +ms.date: 05/30/2018 --- @@ -20,7 +20,7 @@ ms.date: 04/30/2018 **Applies to:** - Windows 10, version 1709 and later - +- Windows Server 2016 **Audience** @@ -37,7 +37,7 @@ ms.date: 04/30/2018 -Available in Windows 10 Enterprise E5, Attack surface reduction is a feature that is part of Windows Defender Exploit Guard [that helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines](attack-surface-reduction-exploit-guard.md). +Supported in Windows 10 Enterprise E5, Attack surface reduction is a feature that is part of Windows Defender Exploit Guard [that helps prevent actions and apps that are typically used by exploit-seeking malware to infect machines](attack-surface-reduction-exploit-guard.md). This topic helps you evaluate Attack surface reduction. It explains how to demo the feature using a specialized tool, and how to enable audit mode so you can test the feature directly in your organization. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md index cdb72f5af8..c9085137fe 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/30/2018 +ms.date: 05/30/2018 --- @@ -20,7 +20,7 @@ ms.date: 04/30/2018 **Applies to:** - Windows 10, version 1709 and later - +- Windows Server 2016 **Audience** diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md index 4f08ee946e..9e2f73cee4 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/30/2018 +ms.date: 05/30/2018 --- @@ -21,7 +21,7 @@ ms.date: 04/30/2018 **Applies to:** - Windows 10, version 1709 and later - +- Windows Server 2016 **Audience** diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md index da2a8e6e8e..3cd65ac50a 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 05/17/2018 +ms.date: 05/30/2018 --- # Evaluate Network protection @@ -21,7 +21,7 @@ ms.date: 05/17/2018 **Applies to:** - Windows 10 Enterprise edition, version 1709 or later - +- Windows Server 2016 **Audience** @@ -36,7 +36,7 @@ ms.date: 05/17/2018 -Available in Windows 10 Enterprise, Network protection is a feature that is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). +Supported in Windows 10 Enterprise, Network protection is a feature that is part of [Windows Defender Exploit Guard](windows-defender-exploit-guard.md). It helps to prevent employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md index 2b34248e48..da6ac7fe66 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-windows-defender-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/30/2018 +ms.date: 05/30/2018 --- @@ -22,7 +22,7 @@ ms.date: 04/30/2018 **Applies to:** - Windows 10, version 1709 and later - +- Windows Server 2016 **Audience** diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md index a059876e54..24ff90fa5e 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md @@ -12,7 +12,7 @@ ms.date: 04/16/2018 localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/30/2018 +ms.date: 05/30/2018 --- @@ -22,7 +22,7 @@ ms.date: 04/30/2018 **Applies to:** - Windows 10, version 1709 and later - +- Windows Server 2016 **Audience** diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md index 7ba0dd60c9..b191cca98e 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 05/21/2018 +ms.date: 05/30/2018 --- @@ -22,7 +22,7 @@ ms.date: 05/21/2018 **Applies to:** - Windows 10, version 1709 and later - +- Windows Server 2016 **Audience** diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md index c928c75ee1..f4ebee4b64 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 05/17/2018 +ms.date: 05/30/2018 --- @@ -21,7 +21,7 @@ ms.date: 05/17/2018 **Applies to:** - Windows 10, version 1709 or higher - +- Windows Server 2016 **Audience** @@ -36,7 +36,7 @@ ms.date: 05/17/2018 - Configuration service providers for mobile device management -Available in Windows 10 Enterprise, Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. +Supported in Windows 10 Enterprise, Network protection helps reduce the attack surface of your devices from Internet-based events. It prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet. It expands the scope of [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md) to block all outbound HTTP(s) traffic that attempts to connect to low-reputation sources (based on the domain or hostname). diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md index 02be571b69..412c817281 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md @@ -19,6 +19,7 @@ ms.date: 05/17/2018 **Applies to:** - Windows 10, version 1709 or higher +- Windows Server 2016 **Audience** diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md index 250b4353fb..d055320c88 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/30/2018 +ms.date: 05/30/2018 --- @@ -22,7 +22,7 @@ ms.date: 04/30/2018 **Applies to:** - Windows 10, version 1709 and later - +- Windows Server 2016 **Audience** diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md index 996a0d79d9..a6bd278ab2 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 04/30/2018 +ms.date: 05/30/2018 --- @@ -22,7 +22,7 @@ ms.date: 04/30/2018 **Applies to:** - Windows 10, version 1709 and later - +- Windows Server 2016 **Audience** From faf618159a80b84103cdad2bbe36219fbb43111f Mon Sep 17 00:00:00 2001 From: Ben Origas Date: Wed, 30 May 2018 12:30:08 -0500 Subject: [PATCH 050/319] Fix wrong HKLM keys that were missing SOFTWARE at the root --- ...system-components-to-microsoft-services.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 7a736f508b..700f7222c7 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -957,7 +957,7 @@ To turn off **Location for this device**: -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessLocation** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). +- Create a REG\_DWORD registry setting named **LetAppsAccessLocation** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). -or- @@ -990,7 +990,7 @@ To turn off **Location**: -or- -- Create a REG\_DWORD registry setting named **DisableLocation** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\LocationAndSensors** with a value of 1 (one). +- Create a REG\_DWORD registry setting named **DisableLocation** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\LocationAndSensors** with a value of 1 (one). -or- @@ -1018,7 +1018,7 @@ To turn off **Let apps use my camera**: -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessCamera** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). +- Create a REG\_DWORD registry setting named **LetAppsAccessCamera** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). -or- @@ -1067,7 +1067,7 @@ To turn off **Let apps use my microphone**: -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessMicrophone** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two) +- Create a REG\_DWORD registry setting named **LetAppsAccessMicrophone** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two) To turn off **Choose apps that can use your microphone**: @@ -1115,7 +1115,7 @@ To turn off **Let apps access my notifications**: -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessNotifications** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two) +- Create a REG\_DWORD registry setting named **LetAppsAccessNotifications** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two) ### 17.6 Speech, inking, & typing @@ -1134,7 +1134,7 @@ To turn off the functionality: -or- -- Create a REG\_DWORD registry setting named **RestrictImplicitInkCollection** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\InputPersonalization** with a value of 1 (one). +- Create a REG\_DWORD registry setting named **RestrictImplicitInkCollection** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\InputPersonalization** with a value of 1 (one). -or- @@ -1269,7 +1269,7 @@ To turn off **Let apps access my call history**: -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessCallHistory** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). +- Create a REG\_DWORD registry setting named **LetAppsAccessCallHistory** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). ### 17.11 Email @@ -1295,7 +1295,7 @@ To turn off **Let apps access and send email**: -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessEmail** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). +- Create a REG\_DWORD registry setting named **LetAppsAccessEmail** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). ### 17.12 Messaging @@ -1351,7 +1351,7 @@ To turn off **Let apps make phone calls**: -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessPhone** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). +- Create a REG\_DWORD registry setting named **LetAppsAccessPhone** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). To turn off **Choose apps that can make phone calls**: @@ -1382,7 +1382,7 @@ To turn off **Let apps control radios**: -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessRadios** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). +- Create a REG\_DWORD registry setting named **LetAppsAccessRadios** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). To turn off **Choose apps that can control radios**: @@ -1412,7 +1412,7 @@ To turn off **Let apps automatically share and sync info with wireless devices t -or- -- Create a REG\_DWORD registry setting named **LetAppsSyncWithDevices** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). +- Create a REG\_DWORD registry setting named **LetAppsSyncWithDevices** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). To turn off **Let your apps use your trusted devices (hardware you've already connected, or comes with your PC, tablet, or phone)**: @@ -1453,7 +1453,7 @@ To change how frequently **Windows should ask for my feedback**: -or- -- Create a REG\_DWORD registry setting named **DoNotShowFeedbackNotifications** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\DataCollection** with a value of 1 (one). +- Create a REG\_DWORD registry setting named **DoNotShowFeedbackNotifications** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection** with a value of 1 (one). -or- @@ -1572,7 +1572,7 @@ To turn off **Let Windows and your apps use your motion data and collect motion -or- -- Create a REG\_DWORD registry setting named **LetAppsAccessMotion** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). +- Create a REG\_DWORD registry setting named **LetAppsAccessMotion** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). ### 17.19 Tasks @@ -1631,7 +1631,7 @@ For Windows 10: -or- -- Create a REG\_DWORD registry setting named **NoGenTicket** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). +- Create a REG\_DWORD registry setting named **NoGenTicket** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). For Windows Server 2016 with Desktop Experience or Windows Server 2016 Server Core: @@ -1639,7 +1639,7 @@ For Windows Server 2016 with Desktop Experience or Windows Server 2016 Server Co -or- -- Create a REG\_DWORD registry setting named **NoGenTicket** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). +- Create a REG\_DWORD registry setting named **NoGenTicket** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS. @@ -1663,7 +1663,7 @@ You can control if your settings are synchronized: -or- -- Create a REG\_DWORD registry setting named **DisableSettingSync** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 2 (two) and another named **DisableSettingSyncUserOverride** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 1 (one). +- Create a REG\_DWORD registry setting named **DisableSettingSync** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 2 (two) and another named **DisableSettingSyncUserOverride** in **HKEY\_LOCAL\_MACHINE\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 1 (one). -or- From ea58a93052269a10bf5366f65574e32bf274c1ab Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 30 May 2018 11:06:21 -0700 Subject: [PATCH 051/319] add UK --- .../licensing-windows-defender-advanced-threat-protection.md | 2 +- ...bleshoot-siem-windows-defender-advanced-threat-protection.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md index 71573b1352..e64acc561c 100644 --- a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md @@ -66,7 +66,7 @@ When accessing the [Windows Defender ATP portal](https://SecurityCenter.Windows. You will need to set up your preferences for the Windows Defender ATP portal. -3. When onboarding the service for the first time, you can choose to store your data in the Microsoft Azure datacenters in Europe or The United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation. +3. When onboarding the service for the first time, you can choose to store your data in the Microsoft Azure datacenters in the United Kingdom, Europe, or The United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation. > [!WARNING] > This option cannot be changed without completely offboarding from Windows Defender ATP and completing a new enrollment process. diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md index 4d77042ae0..ba867a62e4 100644 --- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md @@ -65,6 +65,7 @@ If you encounter an error when trying to get a refresh token when using the thre 5. Add the following URL: - For US: `https://winatpmanagement-us.securitycenter.windows.com/UserAuthenticationCallback`. - For Europe: `https://winatpmanagement-eu.securitycenter.windows.com/UserAuthenticationCallback` + - For United Kingdom: `https://winatpmanagement-uk.securitycenter.windows.com/UserAuthenticationCallback` 6. Click **Save**. From 44790db4bdbc791e728141b347f4361cfaea2f9f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 30 May 2018 11:09:09 -0700 Subject: [PATCH 052/319] add br --- ...roxy-internet-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md index 3e89ac6e0a..f66994565d 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-proxy-internet-windows-defender-advanced-threat-protection.md @@ -90,7 +90,7 @@ If a proxy or firewall is blocking all traffic by default and allowing only spec Service location | Microsoft.com DNS record :---|:--- -Common URLs for all locations | ```*.blob.core.windows.net```
```crl.microsoft.com```
```ctldl.windowsupdate.com``` ```events.data.microsoft.com``` +Common URLs for all locations | ```*.blob.core.windows.net```
```crl.microsoft.com```
```ctldl.windowsupdate.com```
```events.data.microsoft.com``` US | ```us.vortex-win.data.microsoft.com```
```us-v20.events.data.microsoft.com```
```winatp-gw-cus.microsoft.com```
```winatp-gw-eus.microsoft.com``` Europe | ```eu.vortex-win.data.microsoft.com```
```eu-v20.events.data.microsoft.com```
```winatp-gw-neu.microsoft.com```
```winatp-gw-weu.microsoft.com``` UK | ```uk.vortex-win.data.microsoft.com```
```uk-v20.events.data.microsoft.com```
```winatp-gw-uks.microsoft.com```
```winatp-gw-ukw.microsoft.com``` From b7f10aa8f56a50c27d41b32ab2f3440cbd3b01b6 Mon Sep 17 00:00:00 2001 From: arottem Date: Wed, 30 May 2018 11:30:25 -0700 Subject: [PATCH 053/319] Make clear LPS is not recommend for enteprise --- .../limited-periodic-scanning-windows-defender-antivirus.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md index 18f934df2d..d0d4cfd9db 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md @@ -39,6 +39,7 @@ Limited periodic scanning is a special type of threat detection and remediation It can only be enabled in certain situations. See the [Windows Defender Antivirus compatibility](windows-defender-antivirus-compatibility.md) topic for more information on when limited periodic scanning can be enabled, and how Windows Defender Antivirus works with other AV products. +**Microsoft does not recommend using this feature in enterprise environments. This is a feature primarily intended for consumers.** This feature only uses a very limited subset of the capabilities of Windows Defender Antivirus to detect malware, and will not be able to detect most malware and potentially unwanted software. Also, management and reporting capabilities will be limited. Microsoft recommends enterprises choose their primary antivirus solution and use it exclusively. ## How to enable limited periodic scanning @@ -69,4 +70,4 @@ Sliding the swtich to **On** will show the standard Windows Defender AV options ## Related topics - [Configure behavioral, heuristic, and real-time protection](configure-protection-features-windows-defender-antivirus.md) -- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) \ No newline at end of file +- [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) From d8ff2a5457af1058ff4b908c22b05e3678298764 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 30 May 2018 13:22:06 -0700 Subject: [PATCH 054/319] added fixmapi to list of enlightened apps --- .../enlightened-microsoft-apps-and-wip.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index 10a6ed181f..19da22e4ad 100644 --- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -93,6 +93,8 @@ You can add any or all of the enlightened Microsoft apps to your allowed apps li |Notepad |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** notepad.exe
**App Type:** Desktop app | |Microsoft Paint |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** mspaint.exe
**App Type:** Desktop app | |Microsoft Remote Desktop |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** mstsc.exe
**App Type:** Desktop app | +|Microsoft MAPI Repair Tool |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** fixmapi.exe
**App Type:** Desktop app | + >[!NOTE] >Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). \ No newline at end of file From e26f3a74fdc37ac75352432ff74bb8e38e66aa8b Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 30 May 2018 13:31:04 -0700 Subject: [PATCH 055/319] add note on tags --- ...achines-windows-defender-advanced-threat-protection.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index 7f17822158..8e85045713 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/24/2018 +ms.date: 05/30/2018 --- # Investigate machines in the Windows Defender ATP Machines list @@ -164,6 +164,12 @@ You can add tags on machines using the following ways: ### Add machine tags by setting a registry key value Add tags on machines which can be used as a filter in Machines list view. You can limit the machines in the list by selecting the Tag filter on the Machines list. +>[!NOTE] +> Applicable only on the following: +>- Windows 10, version 1709 and later +>- Windows Server, version 1803 +>- Operations Management Suite (OMS) on Windows Server 2016 and Windows Server 2012 R2 + Machines with similar tags can be handy when you need to apply contextual action on a specific list of machines. Use the following registry key entry to add a tag on a machine: From c35bd0a424448bcfcce2f0562a125b8b4970b9ee Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 30 May 2018 13:32:23 -0700 Subject: [PATCH 056/319] added fixmapi to list of enlightened apps --- .../enlightened-microsoft-apps-and-wip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index 19da22e4ad..0bd2b3e912 100644 --- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security author: eross-msft ms.localizationpriority: medium -ms.date: 09/11/2017 +ms.date: 05/30/2018 --- # List of enlightened Microsoft apps for use with Windows Information Protection (WIP) From 9a94a763546ebab88579acbb77ebff27e03f4eb8 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 30 May 2018 13:52:45 -0700 Subject: [PATCH 057/319] copyedits --- .../create-wip-policy-using-intune-azure.md | 2 +- .../create-wip-policy-using-mam-intune-azure.md | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 0d38165e64..a9c46de01c 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -24,7 +24,7 @@ Microsoft Intune helps you create and deploy your Windows Information Protection This topic covers creating a Windows Information Protection (WIP) policy for organizations already managing devices by using Mobile Device Management (MDM) solutions. If your organization uses a mobile application management (MAM) solution to deploy your WIP policy to Intune apps without managing devices, see [Create a Windows Information Protection (WIP) policy with MAM using the Azure portal for Microsoft Intune](create-wip-policy-using-mam-intune-azure.md). -If the same user and device are targeted for both MDM policy and MAM-only (without device enrollment) policy, the MDM policy will be applied to devices joined to Azure AD. For personal devices that are workplace-joined, the MAM-only policy will be preferred but it's possible to upgrade the device management to MDM in **Settings**. +If the same user and device are targeted for both MDM policy and MAM-only (without device enrollment) policy, the MDM policy will be applied to devices joined to Azure AD. For personal devices that are workplace-joined (that is, added by using **Settings** > **Email & accounts** > **Add a work or school account**), the MAM-only policy will be preferred but it's possible to upgrade the device management to MDM in **Settings**. Windows Home edition only supports WIP for MAM-only; upgrading to MDM policy on Home edition will revoke WIP-protected data access. diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md index 3d0884267e..2d44748948 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md @@ -29,7 +29,9 @@ By using Microsoft Intune with Mobile application management (MAM), organization ## Alternative steps if you already manage devices with MDM This topic covers creating a Windows Information Protection (WIP) policy for organizations using a mobile application management (MAM) solution to deploy your WIP policy to Intune apps without device enrollment. If you are already managing devices by using a Mobile Device Management (MDM) solution, see [Create a Windows Information Protection (WIP) with enrollment policy using the Azure portal for Microsoft Intune](create-wip-policy-using-intune-azure.md). + If the same user and device are targeted for both MAM-only (without device enrollment) policy and MDM policy, the MDM policy (with device enrollement) will be applied to devices joined to Azure AD. For personal devices that are workplace-joined (that is, added by using **Settings** > **Email & accounts** > **Add a work or school account**), the MAM-only policy will be preferred but it's possible to upgrade the device management to MDM in **Settings**. + Windows Home edition only supports WIP for MAM-only; upgrading to MDM policy on Home edition will revoke WIP-protected data access. ## Prerequisites to using MAM with Windows Information Protection (WIP) From 210acb077363d318aae648d396e53957f65de322 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 30 May 2018 13:56:02 -0700 Subject: [PATCH 058/319] update list of machines for tagging --- ...chines-windows-defender-advanced-threat-protection.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index 8e85045713..e94b8c1f80 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -165,10 +165,11 @@ You can add tags on machines using the following ways: Add tags on machines which can be used as a filter in Machines list view. You can limit the machines in the list by selecting the Tag filter on the Machines list. >[!NOTE] -> Applicable only on the following: ->- Windows 10, version 1709 and later ->- Windows Server, version 1803 ->- Operations Management Suite (OMS) on Windows Server 2016 and Windows Server 2012 R2 +> Applicable only on the following machines: +>- Windows 10, version 1709 or later +>- Windows Server, version 1803 or later +>- Windows Server 2016 +>- Windows Server 2012 R2 Machines with similar tags can be handy when you need to apply contextual action on a specific list of machines. From 78b25d3167df43f4470e94a4b0adf42460543981 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 30 May 2018 21:12:13 +0000 Subject: [PATCH 059/319] Merged PR 8630: Update instructions for Kiosk Browser --- ...change-history-for-configure-windows-10.md | 3 +- .../guidelines-for-assigned-access-app.md | 70 ++++++++++++++++++- .../setup-kiosk-digital-signage.md | 2 +- 3 files changed, 70 insertions(+), 5 deletions(-) diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md index 4e392ecf48..95e3da2dff 100644 --- a/windows/configuration/change-history-for-configure-windows-10.md +++ b/windows/configuration/change-history-for-configure-windows-10.md @@ -10,7 +10,7 @@ ms.localizationpriority: high author: jdeckerms ms.author: jdecker ms.topic: article -ms.date: 05/25/2018 +ms.date: 05/31/2018 --- # Change history for Configure Windows 10 @@ -23,6 +23,7 @@ New or changed topic | Description --- | --- [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) | Added note that Wi-Fi Sense is no longer available. Topics about Windows 10 diagnostic data | Moved to [Windows Privacy](https://docs.microsoft.com/windows/privacy/). +[Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | Added information on Kiosk Browser settings and URL filtering. [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) | Added details of event log entries to check for when customization is not applied as expected. [Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education](setup-kiosk-digital-signage.md) | Added Active Directory domain account to provisioning method. diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md index 8e57f63ebd..ec9939ed8a 100644 --- a/windows/configuration/guidelines-for-assigned-access-app.md +++ b/windows/configuration/guidelines-for-assigned-access-app.md @@ -9,7 +9,7 @@ author: jdeckerms ms.localizationpriority: high ms.author: jdecker ms.topic: article -ms.date: 04/30/2018 +ms.date: 05/31/2018 --- # Guidelines for choosing an app for assigned access (kiosk mode) @@ -45,8 +45,6 @@ Avoid selecting Windows apps that are designed to launch other apps as part of t In Windows 10, version 1803, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure additional settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren’t allowed to go to a competitor's website. ->[!NOTE] ->Kiosk Browser app is coming soon to Microsoft Store for Business. **Kiosk Browser** must be downloaded for offline licensing using Microsoft Store For Business. You can deploy **Kiosk Browser** to devices running Windows 10, version 1803 (Pro, Business, Enterprise, and Education). @@ -54,6 +52,72 @@ In Windows 10, version 1803, you can install the **Kiosk Browser** app from Micr 2. [Deploy **Kiosk Browser** to kiosk devices.](https://docs.microsoft.com/microsoft-store/distribute-offline-apps) 3. Configure policies using settings from the Policy Configuration Service Provider (CSP) for [KioskBrowser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser). These settings can be configured using your MDM service provider, or [in a provisioning package](provisioning-packages/provisioning-create-package.md). +>[!NOTE] +>If you configure the kiosk using a provisioning package, you must apply the provisioning package after the device completes the out-of-box experience (OOBE). + +#### Kiosk Browser settings + +Kiosk Browser settings | Use this setting to +--- | --- +Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards.

For example, if you want people to be limited to `contoso.com` only, you would add `contoso.com` to blocked URL exception list and then block all other URLs. +Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards.

If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list. +Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL. +Enable End Session Button | Show a button in Kiosk Browser that people can use to reset the browser. End Session will clear all browsing data and navigate back to the default URL. +Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL. +Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser. +Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction. + +>[!TIP] +>To enable the **End Session** button for Kiosk Browser in Intune, you must [create a custom OMA-URI policy](https://docs.microsoft.com/intune/custom-settings-windows-10) with the following information: +>- OMA-URI: ./Vendor/MSFT/Policy/Config/KioskBrowser/EnableEndSessionButton +>- Data type: Integer +>- Value: 1 + + +#### Rules for URLs in Kiosk Browser settings + +Kiosk Browser filtering rules are based on the [Chromium Project](https://www.chromium.org/Home). + +URLs can include: +- A valid port value from 1 to 65,535. +- The path to the resource. +- Query parameters. + +Additional guidelines for URLs: + +- If a period precedes the host, the policy filters exact host matches only. +- You cannot use user:pass fields. +- When both blocked URL and blocked URL exceptions apply with the same path length, the exception takes precedence. +- The policy searches wildcards (*) last. +- The optional query is a set of key-value and key-only tokens delimited by '&'. +- Key-value tokens are separated by '='. +- A query token can optionally end with a '*' to indicate prefix match. Token order is ignored during matching. + +### Examples of blocked URLs and exceptions + +The following table describes the results for different combinations of blocked URLs and blocked URL exceptions. + +Blocked URL rule | Block URL exception rule | Result +--- | --- | --- +`*` | `contoso.com`
`fabrikam.com` | All requests are blocked unless it is to contoso.com, fabrikam.com, or any of their subdomains. +`contoso.com` | `mail.contoso.com`
`.contoso.com`
`.www.contoso.com` | Block all requests to contoso.com, except for the main page and its mail subdomain. +`youtube.com` | `youtube.com/watch?v=v1`
`youtube.com/watch?v=v2` | Blocks all access to youtube.com except for the specified videos (v1 and v2). + +The following table gives examples for blocked URLs. + +Entry | Result +--- | --- +`contoso.com` | Blocks all requests to contoso.com, www.contoso.com, and sub.www.contoso.com +`https://*` | Blocks all HTTPS requests to any domain. +`mail.contoso.com` | Blocks requests to mail.contoso.com but not to www.contoso.com or contoso.com +`.contoso.com` | Blocks contoso.com but not its subdomains, like contoso.com/docs. +`.www.contoso.com` | Blocks www.contoso.com but not its subdomains. +`*` | Blocks all requests except for URLs in the Blocked URL Exceptions list. +`*:8080` | Blocks all requests to port 8080. +`contoso.com/stuff` | Blocks all requests to contoso.com/stuff and its subdomains. +`192.168.1.2` | Blocks requests to 192.168.1.2. +`youtube.com/watch?v=V1` | Blocks youtube video with id V1. + ### Other browsers >[!NOTE] diff --git a/windows/configuration/setup-kiosk-digital-signage.md b/windows/configuration/setup-kiosk-digital-signage.md index ed4eb7c9ce..5d83e51050 100644 --- a/windows/configuration/setup-kiosk-digital-signage.md +++ b/windows/configuration/setup-kiosk-digital-signage.md @@ -38,7 +38,7 @@ Some desktop devices in an enterprise serve a special purpose, such as a PC in t >[!WARNING] >For kiosks in public-facing environments with auto sign-in enabled, you should use a user account with least privilege, such as a local standard user account. > ->Assigned access can be configured via Windows Mangement Instrumentation (WMI) or configuration service provider (CSP) to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so. +>Assigned access can be configured via Windows Management Instrumentation (WMI) or configuration service provider (CSP) to run its applications under a domain user or service account, rather than a local account. However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so. **Which edition of Windows 10 will the kiosk run?** All of the configuration methods work for Windows 10 Enterprise and Education; some of the methods work for Windows 10 Pro. Kiosk mode is not available on Windows 10 Home. From 9cd535b0045db3793fba0ce8a1f7e15c9b63af05 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Wed, 30 May 2018 21:23:13 +0000 Subject: [PATCH 060/319] Merged PR 8627: Small title adjustment to enhanced fields and events --- ...ced-diagnostic-data-windows-analytics-events-and-fields.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md index 34d534863c..9d31869696 100644 --- a/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md +++ b/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields.md @@ -13,11 +13,11 @@ ms.author: jaimeo --- -# Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics +# Windows 10 enhanced diagnostic data events and fields used by Windows Analytics **Applies to** -- Windows 10, version 1709 and later +- Windows 10, version 1709 and newer Windows Analytics Device Health reports are powered by diagnostic data not included in the Basic level. This includes crash reports and certain OS diagnostic data events. Organizations sending Enhanced or Full level diagnostic data were able to participate in Device Health, but some organizations which required detailed event and field level documentation were unable to move from Basic to Enhanced. From 32dc8c7e3247d5a08145a32ca6574680851e128a Mon Sep 17 00:00:00 2001 From: Richard Zhang Date: Wed, 30 May 2018 14:49:47 -0700 Subject: [PATCH 061/319] Create apply-hotfix-for-mbam-25-sp1.md --- mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md diff --git a/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md new file mode 100644 index 0000000000..ff7aab122d --- /dev/null +++ b/mdop/mbam-v25/apply-hotfix-for-mbam-25-sp1.md @@ -0,0 +1,28 @@ +--- +title: Applying hotfixes on MBAM 2.5 SP1 +description: Applying hotfixes on MBAM 2.5 SP1 +author: ppriya-msft +ms.assetid: +ms.pagetype: mdop, security +ms.mktglfcycl: manage +ms.sitesec: library +ms.prod: w10 +ms.date: 5/30/2018 +--- + +# Applying hotfixes on MBAM 2.5 SP1 +This topic describes the process for applying the hotfixes for Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1 + +### Before you begin, download the latest hotfix of Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 SP1 +[Desktop Optimization Pack](https://www.microsoft.com/en-us/download/details.aspx?id=56126) + +#### Steps to update the MBAM Server for existing MBAM environment +1. Remove MBAM server feature(do this by opening the MBAM Server Configuration Tool, then select Remove Features). +2. Remove MDOP MBAM from Control Panel | Programs and Features. +3. Install MBAM 2.5 SP1 RTM server components. +4. Install lastest MBAM 2.5 SP1 hotfix rollup. +5. Configure MBAM features using MBAM Server Configurator. + +#### Steps to install the new MBAM 2.5 SP1 server hotfix +refer to the document for new server installation. +https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/deploying-the-mbam-25-server-infrastructure From f9f119a8b49c16ab6fd7ca94c4fe5f6dc9b3dfaf Mon Sep 17 00:00:00 2001 From: arottem Date: Wed, 30 May 2018 14:53:07 -0700 Subject: [PATCH 062/319] correct misleading av enabling --- .../windows-defender-antivirus-compatibility.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md index fb71bda388..6d409e7449 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md @@ -73,7 +73,7 @@ Active mode | Windows Defender AV is used as the antivirus app on the machine. A Passive mode is enabled if you are enrolled in Windows Defender ATP because [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks. -Automatic disabled mode is enabled so that if the protection offered by a third-party antivirus product goes out of date, is not updated, or stops providing real-time protection from viruses, malware, and other threats, Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md), which uses the Windows Defender AV engine to periodically check for threats in addition to your main antivirus app. +Automatic disabled mode is enabled so that if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware or other threats, Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md), which uses the Windows Defender AV engine to periodically check for threats in addition to your main antivirus app. In passive and automatic disabled mode, you can still [manage updates for Windows Defender AV](manage-updates-baselines-windows-defender-antivirus.md), however you can't move Windows Defender AV into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware. @@ -90,4 +90,4 @@ In passive and automatic disabled mode, you can still [manage updates for Window ## Related topics - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md) -- [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) \ No newline at end of file +- [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) From 13eef01c20edb6bafd80b5e4397795268fb5dcf3 Mon Sep 17 00:00:00 2001 From: Richard Zhang Date: Wed, 30 May 2018 14:56:23 -0700 Subject: [PATCH 063/319] Update index.md --- mdop/mbam-v25/index.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mdop/mbam-v25/index.md b/mdop/mbam-v25/index.md index 2a9e37642f..05fa418076 100644 --- a/mdop/mbam-v25/index.md +++ b/mdop/mbam-v25/index.md @@ -58,6 +58,9 @@ To get the MBAM software, see [How Do I Get MDOP](https://go.microsoft.com/fwlin Get help in choosing a deployment method for MBAM, including step-by-step instructions for each method. +- [Apply Hotfixes on MBAM 2.5 SP1 Server](apply-hotfix-for-mbam-25-sp1.md) + + View updated product information and known issues for MBAM 2.5 ## Got a suggestion for MBAM? - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). From 38e192640893d06bddc54823eef8eabb635e5a66 Mon Sep 17 00:00:00 2001 From: Richard Zhang Date: Wed, 30 May 2018 15:04:06 -0700 Subject: [PATCH 064/319] Update index.md --- mdop/mbam-v25/index.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mdop/mbam-v25/index.md b/mdop/mbam-v25/index.md index 05fa418076..84fc7c8df0 100644 --- a/mdop/mbam-v25/index.md +++ b/mdop/mbam-v25/index.md @@ -60,7 +60,8 @@ To get the MBAM software, see [How Do I Get MDOP](https://go.microsoft.com/fwlin - [Apply Hotfixes on MBAM 2.5 SP1 Server](apply-hotfix-for-mbam-25-sp1.md) - View updated product information and known issues for MBAM 2.5 + Guide of how to apply MBAM 2.5 SP1 Server hotfixes + ## Got a suggestion for MBAM? - Add or vote on suggestions [here](http://mbam.uservoice.com/forums/268571-microsoft-bitlocker-administration-and-monitoring). - For MBAM issues, use the [MBAM TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopmbam). From 0edcc6034d449a53dffe08b83c6a53790f5e21f6 Mon Sep 17 00:00:00 2001 From: CelesteDG Date: Wed, 30 May 2018 15:32:35 -0700 Subject: [PATCH 065/319] Updated the Partner pivot to updthe first two URLs, text, and description - per request from the Education Partner team --- education/index.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/education/index.md b/education/index.md index 72125c6a4c..424b52680d 100644 --- a/education/index.md +++ b/education/index.md @@ -447,7 +447,7 @@ ms.date: 10/30/2017

  • - +
    @@ -457,8 +457,8 @@ ms.date: 10/30/2017
    -

    Microsoft Education Partner Network

    -

    Find out the latest news and announcements for Microsoft Education partners.

    +

    Microsoft Partner Network

    +

    Discover the latest news and resources for Microsoft Education products, solutions, licensing, and readiness.

    @@ -466,7 +466,7 @@ ms.date: 10/30/2017
  • - +
    @@ -476,8 +476,8 @@ ms.date: 10/30/2017
    -

    Authorized Education Partner (AEP) home page

    -

    Access the essentials and find out what it takes to become an AEP.

    +

    Authorized Education Partner (AEP) program

    +

    Become authorized to purchase and resell academic priced offers and products to Qualified Educational Users (QEU).

    From 30765d8bde8c1448ff0feb1d92f67bb6f2874c7e Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 30 May 2018 16:47:23 -0700 Subject: [PATCH 066/319] win 8.1 --- .../windows-defender-atp/TOC.md | 1 + ...ows-defender-advanced-threat-protection.md | 100 ++++++++++++++++++ 2 files changed, 101 insertions(+) create mode 100644 windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md diff --git a/windows/security/threat-protection/windows-defender-atp/TOC.md b/windows/security/threat-protection/windows-defender-atp/TOC.md index e69658d82e..a8defba7ee 100644 --- a/windows/security/threat-protection/windows-defender-atp/TOC.md +++ b/windows/security/threat-protection/windows-defender-atp/TOC.md @@ -7,6 +7,7 @@ ### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) ### [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md) ## [Onboard machines](onboard-configure-windows-defender-advanced-threat-protection.md) +### [Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md) ### [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) #### [Onboard machines using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md) #### [Onboard machines using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..875feb88d2 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -0,0 +1,100 @@ +--- +title: Onboard Windows 7 SP 1 machines on Windows Defender ATP +description: Onboard Windows 7 SP 1 machines so that they can send sensor data to the Windows Defender ATP sensor +keywords: Onboard Windows 7 machines, oms, sp1, enterprise, pro, down level +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 06/11/2018 +--- + +# Onboard Windows 7 SP1 machines + +**Applies to:** + +- Windows 7 SP1 Enterprise +- Windows 7 SP1 Pro +- Windows 8.1 +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + +Windows Defender ATP extends support to also include down-level operating systems, providing advanced attack detection and investigation capabilities, seamlessly through the Windows Defender Security Center console. + +To onboard down-level Windows client endpoints to Windows Defender ATP, youll need to: +- Configure and update System Center Endpoint Protection clients. +- Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP as instructed below. + +>[!TIP] +> After onboarding the machine, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md). + +## Configure and update System Center Endpoint Protection clients +>[!IMPORTANT] +>This step is required only if your organization uses System Center Endpoint Protection (SCEP). + +Windows Defender ATP integrates with System Center Endpoint Protection to provide visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware. + +The following steps are required to enable this integration: +- Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/en-us/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie) +- Configure the SCEP client Cloud Protection Service membership to the **Advanced** setting + +## Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP + +### Before you begin +Review the following details to verify minimum system requirements: +- Install the [February monthly update rollout](https://support.microsoft.com/help/4074598/windows-7-update-kb4074598) +- Install the [Update for customer experience and diagnostic telemetry](https://support.microsoft.com/help/3080149/update-for-customer-experience-and-diagnostic-telemetry) +- Meet the Azure Log Analytics agent minimum system requirements. For more information, see [Collect data from computers in you environment with Log Analytics](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-concept-hybrid#prerequisites) + +1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603) or [Windows 32-bit agent](https://go.microsoft.com/fwlink/?LinkId=828604). + +2. Obtain the workspace ID: + - In the Windows Defender ATP navigation pane, select **Settings > Machine management > Onboarding** + - Select **Windows 7 SP1 and 8.1** as the operating system + - Copy the workspace ID and workspace key + +3. Using the Workspace ID and Workspace key choose any of the following installation methods to install the agent: + - Manually install the agent using setup
    + On the **Agent Setup Options** page, select **Connect the agent to Azure Log Analytics (OMS) + - [Install the agent using command line](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-agent-windows#install-the-agent-using-the-command-line) and [configure the agent using a script](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-agent-windows#add-a-workspace-using-a-script). + +4. If youre using a proxy server to connect to the Internet see the Configure proxy settings section. + +Once completed, you should see onboarded servers in the portal within an hour. + +### Configure server proxy and Internet connectivity settings + +- Each Windows server must be able to connect to the Internet using HTTPS. This connection can be direct, using a proxy, or through the [OMS Gateway](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-oms-gateway). +- If a proxy or firewall is blocking all traffic by default and allowing only specific domains through or HTTPS scanning (SSL inspection) is enabled, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service: + +Agent Resource | Ports +:---|:--- +| *.oms.opinsights.azure.com | 443 | +| *.blob.core.windows.net | 443 | +| *.azure-automation.net | 443 | +| *.ods.opinsights.azure.com | 443 | +| winatp-gw-cus.microsoft.com | 443 | +| winatp-gw-eus.microsoft.com | 443 | +| winatp-gw-neu.microsoft.com | 443 | +| winatp-gw-weu.microsoft.com | 443 | +|winatp-gw-uks.microsoft.com | 443 | +|winatp-gw-ukw.microsoft.com | 443 | +| winatp-gw-aus.microsoft.com | 443| +| winatp-gw-aue.microsoft.com |443 | + + +## Offboard client endpoints +To offboard, you can uninstall the MMA agent from the endpoint or detach it from reporting to your Windows Defender ATP workspace. After offboarding the agent, the endpoint will no longer send sensor data to Windows Defender ATP. + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-downlevele-belowfoldlink) + + + + + + From af0db775a7d8cefda4fd2bafed457cbe8cefadd5 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 30 May 2018 16:47:40 -0700 Subject: [PATCH 067/319] remove --- ...oard-downlevel-windows-defender-advanced-threat-protection.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md index 875feb88d2..fb9fa92c3a 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -19,7 +19,6 @@ ms.date: 06/11/2018 - Windows 7 SP1 Enterprise - Windows 7 SP1 Pro -- Windows 8.1 - Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] From f0b31bfd41a5b6bd547d17b0ee083535f25d2f03 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 31 May 2018 13:33:07 +0000 Subject: [PATCH 068/319] Merged PR 8645: fix example --- windows/configuration/guidelines-for-assigned-access-app.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md index ec9939ed8a..91b729e5c8 100644 --- a/windows/configuration/guidelines-for-assigned-access-app.md +++ b/windows/configuration/guidelines-for-assigned-access-app.md @@ -110,7 +110,11 @@ Entry | Result `contoso.com` | Blocks all requests to contoso.com, www.contoso.com, and sub.www.contoso.com `https://*` | Blocks all HTTPS requests to any domain. `mail.contoso.com` | Blocks requests to mail.contoso.com but not to www.contoso.com or contoso.com +<<<<<<< HEAD +`.contoso.com` | Blocks contoso.com but not its subdomains, like subdomain.contoso.com. +======= `.contoso.com` | Blocks contoso.com but not its subdomains, like contoso.com/docs. +>>>>>>> refs/remotes/origin/master `.www.contoso.com` | Blocks www.contoso.com but not its subdomains. `*` | Blocks all requests except for URLs in the Blocked URL Exceptions list. `*:8080` | Blocks all requests to port 8080. From 30c3e33f650042ee4c5017ac4590fa0c42eca8e4 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 31 May 2018 07:25:10 -0700 Subject: [PATCH 069/319] added the MDM settings for Do not sync browser settings --- browsers/edge/available-policies.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 4994e63ed6..079e40df7a 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -451,6 +451,15 @@ This policy setting specifies whether you can use the Sync your Settings option This policy setting specifies whether a browser group can use the Sync your Settings options to sync their information to and from their device. Settings include information like History and Favorites. By default, this setting is disabled or not configured, which means the Sync your Settings options are turned on, letting browser groups pick what can sync on their device. If enabled, the Sync your Settings options are turned off so that browser groups are unable to sync their settings and info. You can use the Allow users to turn browser syncing on option to turn the feature off by default, but to let the employee change this setting. +**MDM settings in Microsoft Intune** +| | | +|---|---| +|MDM name |Experience/DoNotSynBrowserSettings | +|Supported devices |Desktop
    Mobile | +|URI full path |./Vendor/MSFT/Policy/Config/Experience/DoNotSynBrowserSettings | +|Data type |Integer | +|Allowed values |
    • **0** - Disable syncing.
    • **1 (default)** - Allow syncing.
    | + ## Keep favorites in sync between Internet Explorer and Microsoft Edge >*Supported versions: Windows 10, version 1703 or later* From d41e482b44dc41b16b7b60fbe104a0e96ad05562 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 31 May 2018 07:42:28 -0700 Subject: [PATCH 070/319] more updates to the MDM settings --- browsers/edge/available-policies.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 079e40df7a..7047cc4fc7 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -444,7 +444,7 @@ This policy setting specifies whether you can use the Sync your Settings option |URI full path |./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings | |Location |Computer Configuration\Administrative Templates\Windows Components\sync your settings\Do not sync | |Data type | Integer | -|Allowed values |
    • **0** - Employees cannot sync settings between PCs.
    • **1 (default)** - Employees can sync between PCs.
    | +|Allowed values |
    • **0** - Disable syncing between PCs.
    • **1 (default)** - Allow syncing between PCs.
    | ## Do not sync browser settings >*Supported versions: Windows 10* @@ -458,7 +458,7 @@ This policy setting specifies whether a browser group can use the Sync your Sett |Supported devices |Desktop
    Mobile | |URI full path |./Vendor/MSFT/Policy/Config/Experience/DoNotSynBrowserSettings | |Data type |Integer | -|Allowed values |
    • **0** - Disable syncing.
    • **1 (default)** - Allow syncing.
    | +|Allowed values |
    • **0** - Disable browser syncing.
    • **1 (default)** - Allow browser syncing.
    | ## Keep favorites in sync between Internet Explorer and Microsoft Edge >*Supported versions: Windows 10, version 1703 or later* From fcac972b9c37a7f57746fec282d396dec8d82683 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 31 May 2018 07:44:22 -0700 Subject: [PATCH 071/319] more updates to the MDM settings --- browsers/edge/available-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 7047cc4fc7..2ba0d202e0 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -472,7 +472,7 @@ This policy setting specifies whether favorites are kept in sync between Interne |Supported devices |Desktop | |URI full path |./Vendor/MSFT/Policy/Config/Browser/SyncFavoritesBetweenIEAndMicrosoftEdge | |Data type | Integer | -|Allowed values |
    • **0 (default)** - Synchronization is turned off.
    • **1** - Synchronization is turned on.
    | +|Allowed values |
    • **0 (default)** - Turn off synchronization.
    • **1** - Turn on synchronization.
    | ## Prevent access to the about:flags page >*Supported versions: Windows 10, version 1607 or later* From 6bf65f32102ba5813e9693155d5cd77c4c539bfc Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 31 May 2018 09:01:57 -0700 Subject: [PATCH 072/319] added best practice back --- .../domain-member-maximum-machine-account-password-age.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md index d7cba5795f..54bd39472d 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md @@ -32,8 +32,9 @@ For more information, see [Machine Account Password Process](https://blogs.techn ### Best practices -It is often advisable to set **Domain member: Maximum machine account password age** to about 30 days. +1. It is often advisable to set **Domain member: Maximum machine account password age** to about 30 days. Setting the value to fewer days can increase replication and impact domain controllers. For example, in Windows NT domains, machine passwords were changed every 7 days. The additional replication churn would impact domain controllers in large organizations with many computers or slow links between sites. +2. Some organizations pre-build computers and then store them for later use or ship them to remote locations. When a computer starts after being offline more than 30 days, the Netlogon service will notice the password age and initiate a secure channel to a domain controller to change it. If the secure channel cannot be established, the computer will not authenticate with the domain. For this reason, some organizations might want to create a special organizational unit (OU) for computers that are prebuilt, and configure the value for this policy setting to a larger number of days. ### Location From 90ac253c7699441eaeff8bc80c2e699b78cce959 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 31 May 2018 09:06:00 -0700 Subject: [PATCH 073/319] added best practice back --- .../domain-member-maximum-machine-account-password-age.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md index 54bd39472d..c9cb9862fb 100644 --- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: brianlic-msft -ms.date: 04/19/2017 +ms.date: 05/31/2018 --- # Domain member: Maximum machine account password age From 549cbd571b1b80da79b711a50eada5ba3368b306 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 31 May 2018 16:07:17 +0000 Subject: [PATCH 074/319] Merged PR 8650: fix AD acct fix AD acct --- windows/configuration/setup-kiosk-digital-signage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/setup-kiosk-digital-signage.md b/windows/configuration/setup-kiosk-digital-signage.md index 5d83e51050..a2b8efc53b 100644 --- a/windows/configuration/setup-kiosk-digital-signage.md +++ b/windows/configuration/setup-kiosk-digital-signage.md @@ -200,7 +200,7 @@ Clear-AssignedAccess > >OS edition: Windows 10 Pro (version 1709) for UWP only; Ent, Edu for both app types > ->Account type: Local standard user +>Account type: Local standard user, Active Directory >[!IMPORTANT] >When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](https://support.microsoft.com/help/324737/how-to-turn-on-automatic-logon-in-windows). From bac61db6f13c172259675d6e8669bd00414e4398 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Thu, 31 May 2018 16:11:05 +0000 Subject: [PATCH 075/319] Merged PR 8652: what's new - 1805 --- store-for-business/images/edu-icon.png | Bin 0 -> 6872 bytes .../manage-private-store-settings.md | 4 ++-- ...tory-microsoft-store-business-education.md | 7 +++++- ...-new-microsoft-store-business-education.md | 21 +++++++++++++----- 4 files changed, 23 insertions(+), 9 deletions(-) create mode 100644 store-for-business/images/edu-icon.png diff --git a/store-for-business/images/edu-icon.png b/store-for-business/images/edu-icon.png new file mode 100644 index 0000000000000000000000000000000000000000..49009f70851c7f60ed89ffdb1352499865065e4b GIT binary patch literal 6872 zcmdT}30zZG)<^5qDxziAx`jv^Tpr1L*#p56a6w2=WCxd*mlp_RBMA_|t+og#D1zWp zfucZNC@u^NE}(w6RVXl^C!T0u%%&)-DIOSp=wVs~7vF7Ukpg!tG8kivi1Y0TwptEgAj35%K`WEW)f_FC*w2>(#=2=Tk* zbpi?A{G|j3g$gIotr-vo(+~oaZ4EOhY=kzCfKXs2nZhK)REPp|C=3pjO&EL;fi#s! z%yDyEI4BETafyK%jgmtqhlht-hf}Q;ssJ*~X0yo@gp42%pn%j7at*45N92{{q zrjjT%5`~>&4Hq2ZZs*?6=EW*gR6qn(0jT+Fx!vcV7`TSw>x9TF34O6Q%3&MaIgAREswc0&G ziId%MwIWo7;S0im#92eus5Nf*8-ISlc0fM7StAj@W3O)IHx9tHl6R2mR)$HH90wJS zY7{DWg+e-nouxw_Cpb6|th^+0ks@3@TW7%_IqryRa4r$Rhy_s)@OFpkIv61UPb?0F zGC;})z!aexbR;nyf|>3xlS2ov0~?udh!rAF;$^G*&9 zOH~T7L<$zvZi{#Xrv(lSn9X27h&4gc2DVfRmN-fPQuPe2$Y`twH4& z?&QcN0$Z&m5)lVyi*O7PBM_U$#vp`6!yvXuOowO`oQY#X91+8;q5X~uEK~4Wo2C0bnS?I;1>QTHo? zFxVrPd`2w6Y(!T=-Z;%2*J@nQ2wbHetW7*LU~nXrjEHEPrU=P5d2Fda^MeN=laWS3BV!$jM5@J*u06dKbvBYdKBx1mH z3c?g2Am#(gNG0!7>uvJ;s}^UmM5j;0pgWf1A#WVhU#K`JHV|Y?m*%*LNEn!wyannX z2C9Mm;ej}S(;pOo0W!5htO-X|xP1V?;Csr8E-Jd9fSCSPbu}9H$BKjOW>Z)w6%wIB z79^t5Uh!+)zd3@R7QL1-KV6taQJ^{*>Fs4fNUOd$`$ zRU;s!L{%X7G$2j6M6pUCBcMv9RD$(a9&(smG8k;U=3g3mcKRHD2HARex7)%yS z0bL-I3Be42HWmY;LEuOdBN!dLso*&JXS5BU;uH=QB+kGo{-KGZD;guaih+F}l0C!m z9@1$f82TYFj3*tq-h;n)XX%GS?mr{%y>X(UFwQ`!D1;z%(8q{rC?rI1284^nEQCpA zQ(>BT$R{HU-2YLW-fIsg#u;K9h9NPF2JTL9U=Irwi@*q@GQs)J64B8=v}a`Z_}_rL z_dxCcYpMIN=JyZk!~a^G`rEgGc8C1?PH5oTap2ros5^=JZ@M^d>v=vDiQq1b1Dg5a z_I{`l|Ip0T?N|J}4gGN6I^x!PsAmNC>$>6ag930d{HOt!gRVpc9wZnXNwxvcEFL*I z+PiD_K5bYlHEx-H?ioqPHtWb~}@OCy55N%oxhS`U}MFs$rzAJ<8E`=;*MbmFTo zEK=lqDzjv3GXo!4o+y?y%<=TK@b%D~`_99o@q`7>=cB_e3y+_1vl_?0;4Eo;($fU_ z-zRmYRRr9*^{S`)vO`< zO-a*3IHN?G(O3Q}7R(RMo6sGy;`-so0bVHKJRL^Y?96^jrC266Bu3LS#X)JKX%AG_80M; z`I)Idf0z8tQO_&s`}y^EBoFnYPg>7i5x#y(LE+f6oAc6noT#xeAM1D91%*uF97|ZC z6XjePXJE8UCt<7LUQ#QNaM4~PT!!ew`^*+qI+g96qZ1V`5Z>LSlP+m3H92VtG;{ir zG@5A+2ICfxW-Uq4t=YFa&N9{QtFO9ho)u}autqqG)0Lsoagf@RBz{0j>DB5qZRV%5 zf{vB#Pt*RO8=O<8X^X%hE-r?XnHX3jOd^5bs%2ZO%55?~eQ^Lc*?sH94K_Ds%xj$A z_4TUVL3T+;-J-VAxDf|#1#h>?j&x|MhH5wG*PNwpp(03`H0j|rt8aI$GWq4HP3`X1 zhwQoKwZ<2dgcG-1ZT(wG@+U!4#zpUHN)ZqbT#V(Fz3?O%l5O3((tf>$)mfGYWhQz* zTkD$>e^tMGb?AeWJ5#eGArqlNS}7qrI5SaOc~u5twLZ1`V%}^o{piwd0(sOg4~_5m z`361rS+}HyXAzc}TwfRUn(<_!=ZrvF-=1B;!I_^%Rb5rSY&f_=KiYD1T5GltGD%`- zkUj1Pqj^RN0?{Sk8}sHE6h5TG`q2|6Y?_$1FY#t&oX^XKwG}gh4*6(zcJYmTw?y-Z z7tjTk$C74#2LJp$-PEi&pXqjOH>vm(#*c71VX&&p@9wLf$OnHtMM{1~+=(&?m8lCD&URT>B zObr{`ULR&@U*K*1bFpj@u)p}Z{OisD&+-hnyDjVQ%1s-HiYV%BeYUmDuVR|S zt8YEOtkL)0ysYBWuCrf$JL@SByl*{1uI+1xxL^Lnc(cI8*OO~+(|hSzYVT5Q>$b4# zLT3xZ41-N~Ui%#mOWs3%?6uhOe#Dtv%H6|xlc#d+D3c?fc}I0<_qGcz!$o7K2FDd7#-6NrWS(%V zdi?#}@!`tbpU?gFz{9MU$y4`F(@1;(8zf>!w&{~cJ%ultvyyCL5_Yj#5gaVW;??X;~Ki}Xtj|Pns|{6_vb<?6i4 zJX;C7-Hc${dj1H=j4Mmzr<>c7EGsMpbLYGaFg?0=*Lf`N+|1C|t4oi}INMV704Mhr zG-X$d@1%tP`1(=OOfKbY(4k`EUG}6K{0v+1;}IpfQ3GE$&G~75_z5%p=oQwRlN$rfYy+;m22G4)ArsxwOUZr z9JEy|jm+z;2(W>qe^+``r52>*=Uh~pGj9kp6SwU-o!;Q(YB4UUIW0GD@{2lb3#3>X zRg85hT>TnvUuZbnBy{cj(kh3)5n53(U3$|aAUj~!j^_3Z+v9=9!)&KbED6c&O2K41 zkGvuuo>%8i&DX41*|Dwshk3KFy}BHkmS=JL5hwh5=q2}S9apik_6%Oq7v;6d)cRC+ zmmB`sZC7h6Wb-3`J(Cl{-re3KJ;q46yvptc?}s&O-M63pp5(STDZ8s>3Mu8bA@`>C z*&f&^yC$V#Y%F{8M$94KQ26?S$x$wO}zOI;Y)2McN>}u!Q=9XY{yU?V?Nwdqh zomS=3OYU|t%Co0U%4o04tan(Jp0@MpF{LHr8+xg|q%qEum0Prrcg>(DIq|lk-OQQW zyg|Lb9C6HeCuO;Qbm5pZmNW~1%A>W^G`_$p+p1L7TDpK(z~br$W_3NjumSpA8?xJc zm3f|zdtLs4nuk7wl%whY)UKp9AJK2`TNJ!EiWS - Apps recently added to your inventory, including line-of-business (LOB) apps and new purchases, will take up to 36 hours to add to the private store. That time begins when the product is purchased, or added to your inventory.
    - It will take an additional 36 hours for the product to be searchable in private store, even if you see the app available from the private store tab. | - 15 minutes: available on private store tab
    - 36 hours: searchable in private store
    - 36 hours: available on private store tab, if the product has just been added to inventory | +| Add a product to the private store
    - Apps recently added to your inventory, including line-of-business (LOB) apps and new purchases, will take up to 36 hours to add to the private store. That time begins when the product is purchased, or added to your inventory.
    - It will take an additional 36 hours for the product to be searchable in private store, even if you see the app available from the private store tab. | - 15 minutes: available on private store tab
    - 36 hours: searchable in private store
    - 36 hours: searchable in private store tab | | Remove a product from private store | - 15 minutes: private store tab
    - 36 hours: searchable in private store | -| Accept a new LOB app into your inventory (under **Products & services)**) | 36 hours | +| Accept a new LOB app into your inventory (under **Products & services)**) | - 15 minutes: available on private store tab
    - 36 hours: searchable in private store | | Create a new collection | 15 minutes| | Edit or remove a collection | 15 minutes | | Create private store tab | 4-6 hours | diff --git a/store-for-business/release-history-microsoft-store-business-education.md b/store-for-business/release-history-microsoft-store-business-education.md index 59e3fc2354..d7484344ae 100644 --- a/store-for-business/release-history-microsoft-store-business-education.md +++ b/store-for-business/release-history-microsoft-store-business-education.md @@ -8,7 +8,7 @@ ms.pagetype: store author: TrudyHa ms.author: TrudyHa ms.topic: conceptual -ms.date: 4/26/2018 +ms.date: 5/31/2018 --- # Microsoft Store for Business and Education release history @@ -17,6 +17,11 @@ Microsoft Store for Business and Education regularly releases new and improved f Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) +## April 2018 +- **Assign apps to larger groups** - We're making it easier for admins to assign apps to groups of people. Admins can assign licenses to groups of any size, and include subgroups within those groups. We’ll figure out who’s in those groups, and assign licenses to people in the groups (skipping people who already have licenses). Along the way, we’ll let you know how many licenses are needed, and provide an estimate on the time required to assign licenses. +- **Change collection order in private store** - Private store collections make it easy for groups of people to find the apps that they need. Now, you can customize the order of your private store collections. +- **Office 365 subscription management** - We know that sometimes customers need to cancel a subscription. While we don't want to lose a customer, we want the process for managing subscriptions to be easy. Now, you can delete your Office 365 subscription without calling Support. From Microsoft Store for Business and Education, you can request to delete an Office 365 subscription. We'll wait three days before permanently deleting the subscription. In case of a mistake, customers are welcome to reactivate subscriptions during the three-day period. + ## March 2018 - **Performance improvements in private store** - We've made it significantly faster for you to udpate the private store. Many changes to the private store are available immediately after you make them. [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-performance) - **Private store collection updates** - We’ve made it easier to find apps when creating private store collections – now you can search and filter results. diff --git a/store-for-business/whats-new-microsoft-store-business-education.md b/store-for-business/whats-new-microsoft-store-business-education.md index 2849a71cfc..fc29d300b3 100644 --- a/store-for-business/whats-new-microsoft-store-business-education.md +++ b/store-for-business/whats-new-microsoft-store-business-education.md @@ -8,7 +8,7 @@ ms.pagetype: store author: TrudyHa ms.author: TrudyHa ms.topic: conceptual -ms.date: 4/26/2018 +ms.date: 5/31/2018 --- # What's new in Microsoft Store for Business and Education @@ -17,15 +17,19 @@ Microsoft Store for Business and Education regularly releases new and improved f ## Latest updates for Store for Business and Education -**April 2018** +**May 2018** | | | |--------------------------------------|---------------------------------| -| ![License assign icon](images/license-assign-icon.png) |**Assign apps to larger groups**

    We're making it easier for admins to assign apps to groups of people. Admins can assign licenses to groups of any size, and include subgroups within those groups. We’ll figure out who’s in those groups, and assign licenses to people in the groups (skipping people who already have licenses). Along the way, we’ll let you know how many licenses are needed, and provide an estimate on the time required to assign licenses.

    **Applies to**:
    Microsoft Store for Business
    Microsoft Store for Education | -| ![Private store icon](images/private-store-icon.png) |**Change collection order in private store**

    Private store collections make it easy for groups of people to find the apps that they need. Now, you can customize the order of your private store collections.

    **Applies to**:
    Microsoft Store for Business
    Microsoft Store for Education | -| ![Office logo icon](images/office-logo.png) |**Office 365 subscription management**

    We know that sometimes customers need to cancel subscription. While we don't want to lose a customer, we want the process for managing subscriptions to be easy. Now, you can delete your Office 365 subscription without calling Support. From Microsoft Store for Business and Education, you can request to delete an Office 365 subscription. We'll wait three days before permanently deleting the subscription. In case of a mistake, customers are welcome to reactivate subscriptions during the three-day period.

    **Applies to**:
    Microsoft Store for Business
    Microsoft Store for Education | - +| ![performance icon](images/edu-icon.png) |**Immersive Reader app in Microsoft Store for Education**

    Microsoft Immersive Reader is now available for education organizations using Microsoft Store for Education. This app is a free tool that uses proven techniques to improve reading and writing for people regardless of their age or ability. You can add the app to your private store, so students can easily install and use it. Check out and download [Immersive Reader](https://educationstore.microsoft.com/en-us/store/details/immersive-reader/9PJZQZ821DQ2).

    **Applies to**:
    Microsoft Store for Education | + + \ No newline at end of file From 2a16e70b02edbd90add739e161521e77da1c66b7 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 5 Jun 2018 10:18:28 -0700 Subject: [PATCH 106/319] Removed monospace, added little location disclaimers before some tables --- ...pplication-publishing-and-client-interaction.md | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index a3563907c0..bd399c1e22 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -69,7 +69,7 @@ Additional details for the table are provided in the section below and throughou ### Package store -The App-V Client manages the applications assets mounted in the package store. This default storage location is %ProgramData%\App-V, but you can configure it during or after setup by using the **Set-AppVClientConfiguration** Windows PowerShell cmdlet, which modifies the local registry (`PackageInstallationRoot` value under the HKLM\Software\Microsoft\AppV\Client\Streaming key). The package store must be located at a local path on the client operating system. The individual packages are stored in the package store in subdirectories named after the Package GUID and Version GUID. +The App-V Client manages the applications assets mounted in the package store. This default storage location is %ProgramData%\App-V, but you can configure it during or after setup by using the **Set-AppVClientConfiguration** Windows PowerShell cmdlet, which modifies the local registry (**PackageInstallationRoot** value under the HKLM\Software\Microsoft\AppV\Client\Streaming key). The package store must be located at a local path on the client operating system. The individual packages are stored in the package store in subdirectories named after the Package GUID and Version GUID. Example of a path to a specific application: @@ -95,6 +95,8 @@ The App-V Client manages the following two file-based locations: ### Machine catalog +The locations described in this table can be found in the %programdata%\Microsoft\AppV\Client\Catalog\ folder. + ||| |---|---| |Description|Stores package documents that are available to users on the machine when packages are added and published. However, if a package is “global” at publishing time, the integrations are available to all users.

    If a package is non-global, the integrations are published only for specific users, but there are still global resources that are modified and visible to anyone on the client computer (such as when the package directory is in a shared disk location).

    If a package is available to a user on the computer (global or non-global), the manifest is stored in the Machine Catalog. When a package is published globally, there is a Dynamic Configuration file, stored in the Machine Catalog; therefore, the determination of whether a package is global is defined according to whether there is a policy file (UserDeploymentConfiguration file) in the Machine Catalog.| @@ -105,6 +107,8 @@ The App-V Client manages the following two file-based locations: ### User catalog +The locations described in this table can be found in the appdata\roaming\Microsoft\AppV\Client\Catalog\ folder. + ||| |---|---| |Description|Created during the publishing process. Contains information used for publishing the package, and for making sure that a package is provisioned to a specific user at launch. Created in a roaming location and includes user-specific publishing information.

    When a package is published for a user, the policy file is stored in the User Catalog. At the same time, a copy of the manifest is also stored in the User Catalog. When a package entitlement is removed for a user, the relevant package files are removed from the User Catalog. Looking at the user catalog, an administrator can view the presence of a Dynamic Configuration file, which indicates that the package is entitled for that user.

    For roaming users, the User Catalog needs to be in a roaming or shared location to preserve the legacy App-V behavior of targeting users by default. Entitlement and policy are tied to a user, not a computer, so they should roam with the user once they are provisioned.| @@ -155,6 +159,8 @@ There are two package registry locations and two connection group locations wher #### Single Package VReg +The registries in the following table are located in the Registry\Client\Packages\PkgGUID\ folder. + |Location|Description| |---|---| |COW|- Machine Registry\Client\Packages\PkgGUID\REGISTRY (Only elevate process can write)
    - User Registry\Client\Packages\PkgGUID\REGISTRY (User Roaming anything written under HKCU except Software\Classes
    - User Registry Classes\Client\Packages\PkgGUID\REGISTRY (HKCU\Software\Classes writes and HKLM for non-elevated process)| @@ -163,6 +169,8 @@ There are two package registry locations and two connection group locations wher #### Connection Group VReg +The registries in the following table are located in the Machine Registry\Client\PackageGroups\GrpGUID\ and User Registry Classes\Client\PackageGroups\GrpGUID\ folders. + |Location|Description| |---|---| |COW|- Machine Registry\Client\PackageGroups\GrpGUID\REGISTRY (only elevate process can write)
    - User Registry\Client\PackageGroups\GrpGUID\REGISTRY (Anything written to HKCU except Software\Classes)
    - User Registry Classes\Client\PackageGroups\GrpGUID\REGISTRY| @@ -278,7 +286,7 @@ App-V supports folder redirection of the roaming AppData folder (%AppData%). Whe A typical package has several locations mapped in the user’s backing store for settings in both AppData\\Local and AppData\\Roaming. These locations are the Copy on Write locations that are stored per user in the user’s profile, and that are used to store changes made to the package VFS directories and to protect the default package VFS. -The following table shows local and roaming locations, when folder redirection has not been implemented. +The following table shows local and roaming locations when folder redirection has not been implemented. | VFS directory in package | Mapped location of backing store | |---|---| @@ -288,7 +296,7 @@ The following table shows local and roaming locations, when folder redirection h | appv\_ROOT | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\appv_ROOT| | AppData | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\<GUID>\AppData | -The following table shows local and roaming locations, when folder redirection has been implemented for %AppData%, and the location has been redirected (typically to a network location). +The following table shows local and roaming locations when folder redirection has been implemented for %AppData% and the location has been redirected (typically to a network location). | VFS directory in package | Mapped location of backing store | |---|---| From d3c2b03303e4a0caed58c3fb893a1b806e52bf54 Mon Sep 17 00:00:00 2001 From: MikeBlodge Date: Tue, 5 Jun 2018 13:05:56 -0700 Subject: [PATCH 107/319] editing metadata --- education/windows/s-mode-switch-to-edu.md | 9 +++++---- windows/deployment/windows-10-pro-in-s-mode.md | 4 ++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/education/windows/s-mode-switch-to-edu.md b/education/windows/s-mode-switch-to-edu.md index 73aa07a2c3..3c85be7184 100644 --- a/education/windows/s-mode-switch-to-edu.md +++ b/education/windows/s-mode-switch-to-edu.md @@ -1,7 +1,7 @@ --- title: Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode -description: Overview of Windows 10 Pro Education in S mode, switching options, and system requirements -keywords: S mode Switch, switch in S mode, Switch S mode, Windows 10 Pro Education in S mode, S mode, system requirements, Overview, Windows 10 Pro in S mode, Education, EDU +description: Switching out of Windows 10 Pro in S mode to Windows 10 Pro Education in S mode. The S mode switch documentation describes the requirements and process for Switching to Windows 10 Pro Education in S mode. +keywords: Windows 10 S switch, S mode Switch, switch in S mode, Switch S mode, Windows 10 Pro Education in S mode, S mode, system requirements, Overview, Windows 10 Pro in S mode, Education, EDU ms.mktglfcycl: deploy ms.localizationpriority: high ms.prod: w10 @@ -13,11 +13,12 @@ author: Mikeblodge --- # Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode - -S mode is an enhanced security mode of Windows 10 – streamlined for security and superior performance. With Windows 10 in S mode, everyone can download and install Microsoft-verified apps from the Microsoft Store for Education – this keep devices running fast and secure day in and day out. +The S mode switch motion enables users to switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode. This gives users access to the Microsoft Store for Education as well as other Education offers. ## Benefits of Windows 10 Pro in S mode for Education +S mode is an enhanced security mode of Windows 10 – streamlined for security and superior performance. With Windows 10 in S mode, everyone can download and install Microsoft-verified apps from the Microsoft Store for Education – this keep devices running fast and secure day in and day out. + - **Microsoft-verified security** - It reduces risk of malware and exploitations that harm students and educators, because only Microsoft-verified apps can be installed. - **Performance that lasts** - Provides all-day battery life to keep students on task and not tripping over cords. Also, verified apps won’t degrade device performance over time. - **Streamlined for Speed** - Offers faster log-in times so teachers spend less time waiting and more time teaching. diff --git a/windows/deployment/windows-10-pro-in-s-mode.md b/windows/deployment/windows-10-pro-in-s-mode.md index c28bb0c1bd..fa10f10cee 100644 --- a/windows/deployment/windows-10-pro-in-s-mode.md +++ b/windows/deployment/windows-10-pro-in-s-mode.md @@ -1,7 +1,7 @@ --- title: Windows 10 Pro in S mode -description: Overview of Windows 10 Pro in S mode, switching options, and system requirements -keywords: S mode Switch, Switch in S mode, s mode switch, Windows 10 S, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Pro in S mode +description: Overview of Windows 10 Pro/Enterprise in S mode. S mode switch options are also outlined in this document. Switching out of S mode is optional. +keywords: Windows 10 S switch, S mode Switch, Switch in S mode, s mode switch, Windows 10 S, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Pro in S mode ms.mktglfcycl: deploy ms.localizationpriority: high ms.prod: w10 From 1fd5125817aa2e50990158efa84923b8ac76f58d Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Tue, 5 Jun 2018 20:52:00 +0000 Subject: [PATCH 108/319] Merged PR 8804: Fixing bugs 17776623 and 17624369 --- ...system-components-to-microsoft-services.md | 24 ++++++++++++------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 8c98fdf633..a948b817ad 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -7,16 +7,16 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high -author: brianlic-msft -ms.author: brianlic-msft -ms.date: 04/09/2018 +author: danihalfin +ms.author: daniha +ms.date: 06/05/2018 --- # Manage connections from Windows operating system components to Microsoft services **Applies to** -- Windows 10 Enterprise edition +- Windows 10 Enterprise, version 1607 and newer - Windows Server 2016 If you're looking for content on what each diagnostic data level means and how to configure it in your organization, see [Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md). @@ -32,7 +32,10 @@ This baseline was created in the same way as the [Windows security baselines](/w Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. -You should not extract this package to the windows\\system32 folder because it will not apply correctly. +You should not extract this package to the windows\\system32 folder because it will not apply correctly. + +>[!IMPORTANT] +> As part of the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887), MDM functionallity is disabled. If you manage devices through MDM, make sure [cloud notifications are enabled](#bkmk-priv-notifications). Applying the Windows Restricted Traffic Limited Functionality Baseline is the same as applying each setting covered in this article. It is recommended that you restart a device after making configuration changes to it. @@ -87,12 +90,12 @@ Here's a list of changes that were made to this article for Windows 10, version The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all of these connections. ->[!NOTE] ->For some settings, MDM policies only partly cover capabilities available through Group Policy. See each setting’s section for more details. - ### Settings for Windows 10 Enterprise edition -The following table lists management options for each setting, beginning with Windows 10 Enterprise version 1703. +The following table lists management options for each setting, beginning with Windows 10 Enterprise version 1607. + +>[!NOTE] +>For some settings, MDM policies only partly cover capabilities available through Group Policy. See each setting’s section for more details. | Setting | UI | Group Policy | MDM policy | Registry | Command line | | - | :-: | :-: | :-: | :-: | :-: | @@ -1075,6 +1078,9 @@ To turn off **Choose apps that can use your microphone**: ###     17.5 Notifications +>[!IMPORTANT] +>Disabling notifications will also disable the ability to manage the device through MDM. If you are using an MDM solution, make sure cloud notifications are enabled through one of the options below. + To turn off notifications network usage: - Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications** > **Turn off Notifications network usage** From eba24edeba93514eecc20ff80bc683b30a11f90e Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 5 Jun 2018 15:52:12 -0700 Subject: [PATCH 109/319] added texttransform --- .../microsoft-recommended-block-rules.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index 4bbf440bbc..b3f44ab315 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -78,7 +78,7 @@ For October 2017, we are announcing an update to system.management.automation.dl Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet: ``` - + 10.0.0.0 {A244370E-44C9-4C06-B551-F6016E563076} @@ -132,6 +132,7 @@ Microsoft recommends that you block the following Microsoft-signed applications + @@ -508,6 +509,7 @@ Microsoft recommends that you block the following Microsoft-signed applications + From 4b54eebda95719c0f6072bbe6803cbdc14d303ae Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 5 Jun 2018 16:02:13 -0700 Subject: [PATCH 110/319] fixed case for EventID --- ...windows-event-forwarding-to-assist-in-intrusion-detection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index 8e5b6d0232..e42efc4ec8 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -630,7 +630,7 @@ Here are the minimum steps for WEF to operate: - + From 2811c27e80881aab34a292e8c825187dcbe3e055 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 5 Jun 2018 16:37:56 -0700 Subject: [PATCH 111/319] Editorial change and added caption to image --- .../appv-application-publishing-and-client-interaction.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index bd399c1e22..e30c2e41a4 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -269,7 +269,7 @@ App-V stores data, which represents the state of the user’s catalog, in the fo Together, these files and registry settings represent the user’s catalog, so either both must be roamed, or neither must be roamed for a given user. App-V does not support roaming %AppData%, but not roaming the user’s profile (registry), or vice versa. >[!NOTE] ->The **Repair-AppvClientPackage** cmdlet does not repair the publishing state of packages, where the user’s App-V state under HKEY_CURRENT_USER is missing or mismatched with the data in %appdata%. +>The **Repair-AppvClientPackage** cmdlet doesn't repair the publishing state of packages where the user’s App-V state under HKEY_CURRENT_USER is missing or mismatched with the data in %appdata%. ### Registry-based data @@ -420,6 +420,7 @@ The process then configures the client for package or connection group additions This completes an App-V package add for the publishing refresh process. The next step is publishing the package to a specific target (machine or user). ![Package add file and registry data](images/packageaddfileandregistrydata.png) +**Package add file and registry data** #### Publishing an App-V package From cbc89d418794aad278a69f017b7657b5d5921e37 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 5 Jun 2018 16:58:26 -0700 Subject: [PATCH 112/319] Caption --- .../app-v/appv-application-publishing-and-client-interaction.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index e30c2e41a4..48f6a6768a 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -450,6 +450,7 @@ During the Publishing Refresh operation, the specific publishing operation, **Pu Publishing an App-V Package that is part of a Connection Group is very similar to the above process. For connection groups, the path that stores the specific catalog information includes PackageGroups as a child of the Catalog Directory. Review the Machine and User Catalog information in the preceding sections for details. ![package add file and registry data - global](images/packageaddfileandregistrydata-global.png) +**Package add file and registry data—global** ### Application launch @@ -475,6 +476,7 @@ After the Publishing Refresh process, the user launches and then relaunches an A 7. The Application launches. For any missing files in the package store (sparse files), App-V will stream fault the files on an as needed basis. ![package add file and registry data - stream](images/packageaddfileandregistrydata-stream.png) + **Package add file and registry data—stream** ### Upgrading an App-V package From 11aad88252cc635218d6463a478fae7ddad81257 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 5 Jun 2018 17:21:26 -0700 Subject: [PATCH 113/319] added vulnerabilirt and countermeasure --- .../security-policy-settings/create-global-objects.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/windows/security/threat-protection/security-policy-settings/create-global-objects.md b/windows/security/threat-protection/security-policy-settings/create-global-objects.md index ba22997a67..b8a4c7c248 100644 --- a/windows/security/threat-protection/security-policy-settings/create-global-objects.md +++ b/windows/security/threat-protection/security-policy-settings/create-global-objects.md @@ -76,6 +76,16 @@ This section describes how an attacker might exploit a feature or its configurat ### Vulnerability +The **Create global objects** user right is required for a user account to create global objects in Remote Desktop sessions. Users can still create session-specfic objects without being assigned this user right. Assigning this right can be a security risk. + +By default, members of the **Administrators** group, the System account, and services that are started by the Service Control Manager are assigned the **Create global objects** user right. Users who are added to the **Remote Desktop Users** group also have this user right. + +### Countermeasure + +When non-administrators need to access a server using Remote Desktop, add the users to the **Remote Desktop Users** group rather than assining them this user right. + +### Vulnerability + >**Caution:**  A user account that is given this user right has complete control over the system, and it can lead to the system being compromised. We highly recommend that you do not assign this right to any user accounts.   Windows examines a user's access token to determine the level of the user's privileges. Access tokens are built when users log on to the local device or connect to a remote device over a network. When you revoke a privilege, the change is immediately recorded, but the change is not reflected in the user's access token until the next time the user logs on or connects. Users with the ability to create or modify tokens can change the level of access for any currently logged on account. They could escalate their privileges or create a denial-of-service (DoS) condition. From a56694d55297fb2fe6f591ee8457ff45d5a05ce8 Mon Sep 17 00:00:00 2001 From: Ajay Vijayvargiya Date: Wed, 6 Jun 2018 14:35:47 +0530 Subject: [PATCH 114/319] Update network-access-allow-anonymous-sidname-translation.md --- .../network-access-allow-anonymous-sidname-translation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md b/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md index f5d8338e71..b684158c99 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md @@ -29,7 +29,7 @@ Misuse of this policy setting is a common error that can cause data loss or prob - Enabled - An anonymous user can request the SID attribute for another user. An anonymous user with knowledge of an administrator's SID could contact a computer that has this policy enabled and use the SID to get the administrator's name. This setting affects the SID-to-name translation as well as the name-to-SID translation + An anonymous user can request the SID attribute for another user. An anonymous user with knowledge of an administrator's SID could contact a computer that has this policy enabled and use the SID to get the administrator's name. This setting affects the SID-to-name translation as well as the name-to-SID translation. - Disabled @@ -52,7 +52,7 @@ The following table lists the actual and effective default values for this polic | Server type or GPO | Default value | | - | - | | Default Domain Policy| Not defined| -| Default Domain Controller Policy | Note defined| +| Default Domain Controller Policy | Not defined| | Stand-Alone Server Default Settings | Disabled| | DC Effective Default Settings | Enabled| | Member Server Effective Default Settings| Disabled| From 38988f718d39741764961a0e761b0b4573d9495f Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Wed, 6 Jun 2018 15:06:55 +0000 Subject: [PATCH 115/319] Merged PR 8829: Add link to blog post; update metadata --- devices/hololens/change-history-hololens.md | 3 +-- devices/hololens/hololens-encryption.md | 3 +-- devices/hololens/hololens-enroll-mdm.md | 3 +-- devices/hololens/hololens-install-apps.md | 3 +-- devices/hololens/hololens-kiosk.md | 4 +--- devices/hololens/hololens-microsoft-layout-app.md | 4 +--- devices/hololens/hololens-microsoft-remote-assist-app.md | 4 +--- devices/hololens/hololens-multiple-users.md | 4 +--- devices/hololens/hololens-provisioning.md | 4 +--- devices/hololens/hololens-public-preview-apps.md | 4 +--- devices/hololens/hololens-requirements.md | 4 +--- devices/hololens/hololens-setup.md | 4 +--- devices/hololens/hololens-updates.md | 4 +--- devices/hololens/hololens-upgrade-enterprise.md | 4 +--- devices/hololens/hololens-whats-new.md | 4 +--- devices/hololens/index.md | 4 +--- devices/surface-hub/accessibility-surface-hub.md | 4 +--- .../admin-group-management-for-surface-hub.md | 4 +--- .../appendix-a-powershell-scripts-for-surface-hub.md | 4 +--- ...ctivesync-policies-for-surface-hub-device-accounts.md | 4 +--- devices/surface-hub/change-history-surface-hub.md | 4 +--- devices/surface-hub/change-surface-hub-device-account.md | 4 +--- .../surface-hub/connect-and-display-with-surface-hub.md | 4 +--- .../create-a-device-account-using-office-365.md | 4 +--- .../create-and-test-a-device-account-surface-hub.md | 4 +--- devices/surface-hub/device-reset-surface-hub.md | 4 +--- ...nces-between-surface-hub-and-windows-10-enterprise.md | 4 +--- devices/surface-hub/enable-8021x-wired-authentication.md | 4 +--- ...xchange-properties-for-surface-hub-device-accounts.md | 4 +--- .../surface-hub/finishing-your-surface-hub-meeting.md | 4 +--- devices/surface-hub/first-run-program-surface-hub.md | 4 +--- .../hybrid-deployment-surface-hub-device-accounts.md | 4 +--- devices/surface-hub/index.md | 4 +--- devices/surface-hub/install-apps-on-surface-hub.md | 4 +--- .../surface-hub/local-management-surface-hub-settings.md | 4 +--- .../manage-settings-with-mdm-for-surface-hub.md | 4 +--- devices/surface-hub/manage-surface-hub-settings.md | 4 +--- devices/surface-hub/manage-surface-hub.md | 4 +--- .../manage-windows-updates-for-surface-hub.md | 9 ++++++--- devices/surface-hub/miracast-over-infrastructure.md | 4 +--- devices/surface-hub/miracast-troubleshooting.md | 4 +--- devices/surface-hub/monitor-surface-hub.md | 4 +--- ...on-premises-deployment-surface-hub-device-accounts.md | 4 +--- .../on-premises-deployment-surface-hub-multi-forest.md | 4 +--- .../online-deployment-surface-hub-device-accounts.md | 4 +--- ...assword-management-for-surface-hub-device-accounts.md | 4 +--- .../physically-install-your-surface-hub-device.md | 4 +--- .../prepare-your-environment-for-surface-hub.md | 4 +--- .../surface-hub/provisioning-packages-for-surface-hub.md | 4 +--- devices/surface-hub/remote-surface-hub-management.md | 4 +--- devices/surface-hub/save-bitlocker-key-surface-hub.md | 4 +--- devices/surface-hub/set-up-your-surface-hub.md | 4 +--- devices/surface-hub/setup-worksheet-surface-hub.md | 4 +--- devices/surface-hub/skype-hybrid-voice.md | 4 +--- devices/surface-hub/support-solutions-surface-hub.md | 4 +--- devices/surface-hub/surface-hub-authenticator-app.md | 4 +--- devices/surface-hub/surface-hub-downloads.md | 4 +--- devices/surface-hub/surface-hub-recovery-tool.md | 4 +--- devices/surface-hub/surface-hub-start-menu.md | 4 +--- devices/surface-hub/surface-hub-wifi-direct.md | 4 +--- devices/surface-hub/surfacehub-whats-new-1703.md | 4 +--- devices/surface-hub/troubleshoot-surface-hub.md | 4 +--- .../use-fully-qualified-domain-name-surface-hub.md | 4 +--- .../use-room-control-system-with-surface-hub.md | 4 +--- devices/surface-hub/whiteboard-collaboration.md | 4 +--- .../wireless-network-management-for-surface-hub.md | 4 +--- 66 files changed, 71 insertions(+), 194 deletions(-) diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md index 312d0a523b..68f9c695ce 100644 --- a/devices/hololens/change-history-hololens.md +++ b/devices/hololens/change-history-hololens.md @@ -2,10 +2,9 @@ title: Change history for Microsoft HoloLens documentation description: This topic lists new and updated topics for HoloLens. keywords: change history -ms.prod: w10 +ms.prod: hololens ms.mktglfcycl: manage ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/hololens/hololens-encryption.md b/devices/hololens/hololens-encryption.md index c600771609..8210e1f2fb 100644 --- a/devices/hololens/hololens-encryption.md +++ b/devices/hololens/hololens-encryption.md @@ -1,9 +1,8 @@ --- title: Enable Bitlocker encryption for HoloLens (HoloLens) description: Enable Bitlocker device encryption to protect files stored on the HoloLens -ms.prod: w10 +ms.prod: hololens ms.mktglfcycl: manage -ms.pagetype: hololens, devices ms.sitesec: library author: jdeckerms ms.author: jdecker diff --git a/devices/hololens/hololens-enroll-mdm.md b/devices/hololens/hololens-enroll-mdm.md index fde1f15636..5f79d72c2e 100644 --- a/devices/hololens/hololens-enroll-mdm.md +++ b/devices/hololens/hololens-enroll-mdm.md @@ -1,9 +1,8 @@ --- title: Enroll HoloLens in MDM (HoloLens) description: Enroll HoloLens in mobile device management (MDM) for easier management of multiple devices. -ms.prod: w10 +ms.prod: hololens ms.mktglfcycl: manage -ms.pagetype: hololens, devices ms.sitesec: library author: jdeckerms ms.author: jdecker diff --git a/devices/hololens/hololens-install-apps.md b/devices/hololens/hololens-install-apps.md index d33b78b2a9..3de34452cf 100644 --- a/devices/hololens/hololens-install-apps.md +++ b/devices/hololens/hololens-install-apps.md @@ -1,9 +1,8 @@ --- title: Install apps on HoloLens (HoloLens) description: The recommended way to install apps on HoloLens is to use Microsoft Store for Business. -ms.prod: w10 +ms.prod: hololens ms.mktglfcycl: manage -ms.pagetype: hololens, devices ms.sitesec: library author: jdeckerms ms.author: jdecker diff --git a/devices/hololens/hololens-kiosk.md b/devices/hololens/hololens-kiosk.md index d1be189b4b..0abcc7ac79 100644 --- a/devices/hololens/hololens-kiosk.md +++ b/devices/hololens/hololens-kiosk.md @@ -1,9 +1,7 @@ --- title: Set up HoloLens in kiosk mode (HoloLens) description: Use a kiosk configuration to lock down the apps on HoloLens. -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: hololens, devices +ms.prod: hololens ms.sitesec: library author: jdeckerms ms.author: jdecker diff --git a/devices/hololens/hololens-microsoft-layout-app.md b/devices/hololens/hololens-microsoft-layout-app.md index 6e782af99f..d2357ed2ee 100644 --- a/devices/hololens/hololens-microsoft-layout-app.md +++ b/devices/hololens/hololens-microsoft-layout-app.md @@ -1,9 +1,7 @@ --- title: Microsoft Layout description: How to get and deploy the Microsoft Layout app throughout your organization -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: hololens, devices +ms.prod: hololens ms.sitesec: library author: alhopper-msft ms.author: alhopper diff --git a/devices/hololens/hololens-microsoft-remote-assist-app.md b/devices/hololens/hololens-microsoft-remote-assist-app.md index cea23cde18..221c650ada 100644 --- a/devices/hololens/hololens-microsoft-remote-assist-app.md +++ b/devices/hololens/hololens-microsoft-remote-assist-app.md @@ -1,9 +1,7 @@ --- title: Microsoft Remote Assist description: How to get and deploy the Microsoft Remote Assist app throughout your organization -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: hololens, devices +ms.prod: hololens ms.sitesec: library author: alhopper-msft ms.author: alhopper diff --git a/devices/hololens/hololens-multiple-users.md b/devices/hololens/hololens-multiple-users.md index 2f75216d91..f5bbdf30af 100644 --- a/devices/hololens/hololens-multiple-users.md +++ b/devices/hololens/hololens-multiple-users.md @@ -1,9 +1,7 @@ --- title: Share HoloLens with multiple people (HoloLens) description: You can configure HoloLens to be shared by multiple Azure Active Directory accounts. -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: hololens, devices +ms.prod: hololens ms.sitesec: library author: jdeckerms ms.author: jdecker diff --git a/devices/hololens/hololens-provisioning.md b/devices/hololens/hololens-provisioning.md index 3db745d872..86631b4976 100644 --- a/devices/hololens/hololens-provisioning.md +++ b/devices/hololens/hololens-provisioning.md @@ -1,9 +1,7 @@ --- title: Configure HoloLens using a provisioning package (HoloLens) description: Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: hololens, devices +ms.prod: hololens ms.sitesec: library author: jdeckerms ms.author: jdecker diff --git a/devices/hololens/hololens-public-preview-apps.md b/devices/hololens/hololens-public-preview-apps.md index dc61a8e6e2..e3a966f008 100644 --- a/devices/hololens/hololens-public-preview-apps.md +++ b/devices/hololens/hololens-public-preview-apps.md @@ -1,9 +1,7 @@ --- title: Preview new mixed reality apps for HoloLens description: Here's how to download and distribute new mixed reality apps for HoloLens, free for a limited time during public preview -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: hololens, devices +ms.prod: hololens ms.sitesec: library author: alhopper ms.author: alhopper diff --git a/devices/hololens/hololens-requirements.md b/devices/hololens/hololens-requirements.md index 7120c2c082..402cb33a40 100644 --- a/devices/hololens/hololens-requirements.md +++ b/devices/hololens/hololens-requirements.md @@ -1,9 +1,7 @@ --- title: HoloLens in the enterprise requirements and FAQ (HoloLens) description: Requirements and FAQ for general use, Wi-Fi, and device management for HoloLens in the enterprise. -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: hololens, devices +ms.prod: hololens ms.sitesec: library author: jdeckerms ms.author: jdecker diff --git a/devices/hololens/hololens-setup.md b/devices/hololens/hololens-setup.md index 513cc01e01..8850ba0f96 100644 --- a/devices/hololens/hololens-setup.md +++ b/devices/hololens/hololens-setup.md @@ -1,9 +1,7 @@ --- title: Set up HoloLens (HoloLens) description: The first time you set up HoloLens, you'll need a Wi-Fi network and either a Microsoft or Azure Active Directory account. -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: hololens, devices +ms.prod: hololens ms.sitesec: library author: jdeckerms ms.author: jdecker diff --git a/devices/hololens/hololens-updates.md b/devices/hololens/hololens-updates.md index db02ac16fe..0b91b6f361 100644 --- a/devices/hololens/hololens-updates.md +++ b/devices/hololens/hololens-updates.md @@ -1,9 +1,7 @@ --- title: Manage updates to HoloLens (HoloLens) description: Administrators can use mobile device management to manage updates to HoloLens devices. -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: hololens, devices +ms.prod: hololens ms.sitesec: library author: jdeckerms ms.author: jdecker diff --git a/devices/hololens/hololens-upgrade-enterprise.md b/devices/hololens/hololens-upgrade-enterprise.md index 8af44caabc..b855080450 100644 --- a/devices/hololens/hololens-upgrade-enterprise.md +++ b/devices/hololens/hololens-upgrade-enterprise.md @@ -1,9 +1,7 @@ --- title: Unlock Windows Holographic for Business features (HoloLens) description: HoloLens provides extra features designed for business when you upgrade to Windows Holographic for Business. -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: hololens, devices +ms.prod: hololens ms.sitesec: library author: jdeckerms ms.author: jdecker diff --git a/devices/hololens/hololens-whats-new.md b/devices/hololens/hololens-whats-new.md index 9fd9e4d5de..75556a83db 100644 --- a/devices/hololens/hololens-whats-new.md +++ b/devices/hololens/hololens-whats-new.md @@ -1,9 +1,7 @@ --- title: What's new in Microsoft HoloLens (HoloLens) description: Windows Holographic for Business gets new features in Windows 10, version 1803. -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: hololens, devices +ms.prod: hololens ms.sitesec: library author: jdeckerms ms.author: jdecker diff --git a/devices/hololens/index.md b/devices/hololens/index.md index 3ec29c73a2..90e76edb5e 100644 --- a/devices/hololens/index.md +++ b/devices/hololens/index.md @@ -1,9 +1,7 @@ --- title: Microsoft HoloLens (HoloLens) description: HoloLens provides extra features designed for business in the Commercial Suite. -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: hololens, devices +ms.prod: hololens ms.sitesec: library author: jdeckerms ms.author: jdecker diff --git a/devices/surface-hub/accessibility-surface-hub.md b/devices/surface-hub/accessibility-surface-hub.md index 3fbf1e269e..618afe96b7 100644 --- a/devices/surface-hub/accessibility-surface-hub.md +++ b/devices/surface-hub/accessibility-surface-hub.md @@ -3,9 +3,7 @@ title: Accessibility (Surface Hub) description: Accessibility settings for the Microsoft Surface Hub can be changed by using the Settings app. You'll find them under Ease of Access. Your Surface Hub has the same accessibility options as Windows 10. ms.assetid: 1D44723B-1162-4DF6-99A2-8A3F24443442 keywords: Accessibility settings, Settings app, Ease of Access -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: surfacehub +ms.prod: surface-hub ms.sitesec: library author: jdeckerms ms.author: jdecker diff --git a/devices/surface-hub/admin-group-management-for-surface-hub.md b/devices/surface-hub/admin-group-management-for-surface-hub.md index 2803f47304..5771b3f3c5 100644 --- a/devices/surface-hub/admin-group-management-for-surface-hub.md +++ b/devices/surface-hub/admin-group-management-for-surface-hub.md @@ -3,10 +3,8 @@ title: Admin group management (Surface Hub) description: Every Microsoft Surface Hub can be configured individually by opening the Settings app on the device. ms.assetid: FA67209E-B355-4333-B903-482C4A3BDCCE keywords: admin group management, Settings app, configure Surface Hub -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub, security author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md index 36df6680a5..7dafdcf898 100644 --- a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md +++ b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md @@ -3,10 +3,8 @@ title: PowerShell for Surface Hub (Surface Hub) description: PowerShell scripts to help set up and manage your Microsoft Surface Hub. ms.assetid: 3EF48F63-8E4C-4D74-ACD5-461F1C653784 keywords: PowerShell, set up Surface Hub, manage Surface Hub -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md b/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md index cd10c695db..f34a48b0b7 100644 --- a/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md +++ b/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md @@ -3,10 +3,8 @@ title: Applying ActiveSync policies to device accounts (Surface Hub) description: The Microsoft Surface Hub's device account uses ActiveSync to sync mail and calendar. This allows people to join and start scheduled meetings from the Surface Hub, and allows them to email any whiteboards they have made during their meeting. ms.assetid: FAABBA74-3088-4275-B58E-EC1070F4D110 keywords: Surface Hub, ActiveSync policies -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md index 3d35042b08..1a7df44a44 100644 --- a/devices/surface-hub/change-history-surface-hub.md +++ b/devices/surface-hub/change-history-surface-hub.md @@ -2,10 +2,8 @@ title: Change history for Surface Hub description: This topic lists new and updated topics for Surface Hub. keywords: change history -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/change-surface-hub-device-account.md b/devices/surface-hub/change-surface-hub-device-account.md index 9e7f3c004d..bef2ff6610 100644 --- a/devices/surface-hub/change-surface-hub-device-account.md +++ b/devices/surface-hub/change-surface-hub-device-account.md @@ -3,10 +3,8 @@ title: Change the Microsoft Surface Hub device account description: You can change the device account in Settings to either add an account if one was not already provisioned, or to change any properties of an account that was already provisioned. ms.assetid: AFC43043-3319-44BC-9310-29B1F375E672 keywords: change device account, change properties, Surface Hub -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/connect-and-display-with-surface-hub.md b/devices/surface-hub/connect-and-display-with-surface-hub.md index 225d3e235a..4a5167db40 100644 --- a/devices/surface-hub/connect-and-display-with-surface-hub.md +++ b/devices/surface-hub/connect-and-display-with-surface-hub.md @@ -2,10 +2,8 @@ title: Connect other devices and display with Surface Hub description: You can connect other device to your Surface Hub to display content. ms.assetid: 8BB80FA3-D364-4A90-B72B-65F0F0FC1F0D -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md index cc1d0ec9cd..6b6492acc1 100644 --- a/devices/surface-hub/create-a-device-account-using-office-365.md +++ b/devices/surface-hub/create-a-device-account-using-office-365.md @@ -3,10 +3,8 @@ title: Create a device account using UI (Surface Hub) description: If you prefer to use a graphical user interface, you can create a device account for your Microsoft Surface Hub with either the Office 365 UI or the Exchange Admin Center. ms.assetid: D11BCDC4-DABA-4B9A-9ECB-58E02CC8218C keywords: create device account, Office 365 UI, Exchange Admin center, Office 365 admin center, Skype for Business, mobile device mailbox policy -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md index cc60ff723c..3895e5aea7 100644 --- a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md +++ b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md @@ -3,10 +3,8 @@ title: Create and test a device account (Surface Hub) description: This topic introduces how to create and test the device account that Microsoft Surface Hub uses to communicate with Microsoft Exchange and Skype. ms.assetid: C8605B5F-2178-4C3A-B4E0-CE32C70ECF67 keywords: create and test device account, device account, Surface Hub and Microsoft Exchange, Surface Hub and Skype -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/device-reset-surface-hub.md b/devices/surface-hub/device-reset-surface-hub.md index 281dc1b880..b4ee4473f6 100644 --- a/devices/surface-hub/device-reset-surface-hub.md +++ b/devices/surface-hub/device-reset-surface-hub.md @@ -3,10 +3,8 @@ title: Device reset (Surface Hub) description: You may wish to reset your Microsoft Surface Hub. ms.assetid: 44E82EEE-1905-464B-A758-C2A1463909FF keywords: reset Surface Hub -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md index 40c7b012de..ae478d22b4 100644 --- a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md +++ b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md @@ -2,10 +2,8 @@ title: Differences between Surface Hub and Windows 10 Enterprise description: This topic explains the differences between Windows 10 Team and Windows 10 Enterprise. keywords: change history -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: isaiahng ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/enable-8021x-wired-authentication.md b/devices/surface-hub/enable-8021x-wired-authentication.md index ff69e90418..8407392860 100644 --- a/devices/surface-hub/enable-8021x-wired-authentication.md +++ b/devices/surface-hub/enable-8021x-wired-authentication.md @@ -1,10 +1,8 @@ --- title: Enable 802.1x wired authentication description: 802.1x Wired Authentication MDM policies have been enabled on Surface Hub devices. -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md b/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md index 40f93af750..2975a20db0 100644 --- a/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md +++ b/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md @@ -3,10 +3,8 @@ title: Microsoft Exchange properties (Surface Hub) description: Some Microsoft Exchange properties of the device account must be set to particular values to have the best meeting experience on Microsoft Surface Hub. ms.assetid: 3E84393B-C425-45BF-95A6-D6502BA1BF29 keywords: Microsoft Exchange properties, device account, Surface Hub, Windows PowerShell cmdlet -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/finishing-your-surface-hub-meeting.md b/devices/surface-hub/finishing-your-surface-hub-meeting.md index bfc104fa22..c56335e042 100644 --- a/devices/surface-hub/finishing-your-surface-hub-meeting.md +++ b/devices/surface-hub/finishing-your-surface-hub-meeting.md @@ -2,10 +2,8 @@ title: End session - ending a Surface Hub meeting description: To end a Surface Hub meeting, tap End session. Surface Hub cleans up the application state, operating system state, and the user interface so that Surface Hub is ready for the next meeting. keywords: I am Done, end Surface Hub meeting, finish Surface Hub meeting, clean up Surface Hub meeting -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/first-run-program-surface-hub.md b/devices/surface-hub/first-run-program-surface-hub.md index d488122210..2574c2cbf6 100644 --- a/devices/surface-hub/first-run-program-surface-hub.md +++ b/devices/surface-hub/first-run-program-surface-hub.md @@ -3,10 +3,8 @@ title: First-run program (Surface Hub) description: The term \ 0034;first run \ 0034; refers to the series of steps you'll go through the first time you power up your Microsoft Surface Hub, and means the same thing as \ 0034;out-of-box experience \ 0034; (OOBE). This section will walk you through the process. ms.assetid: 07C9E84C-1245-4511-B3B3-75939AD57C49 keywords: first run, Surface Hub, out-of-box experience, OOBE -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md index eabfb6c6cd..e0111f0b35 100644 --- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md @@ -3,10 +3,8 @@ title: Hybrid deployment (Surface Hub) description: A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub. ms.assetid: 7BFBB7BE-F587-422E-9CE4-C9DDF829E4F1 keywords: hybrid deployment, device account for Surface Hub, Exchange hosted on-prem, Exchange hosted online -ms.prod: w10 -ms.mktglfcycl: deploy +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md index e966b4a42f..b819e54b9a 100644 --- a/devices/surface-hub/index.md +++ b/devices/surface-hub/index.md @@ -2,10 +2,8 @@ title: Microsoft Surface Hub admin guide description: Documents related to the Microsoft Surface Hub. ms.assetid: 69C99E91-1441-4318-BCAF-FE8207420555 -ms.prod: w10 -ms.mktglfcycl: explore +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/install-apps-on-surface-hub.md b/devices/surface-hub/install-apps-on-surface-hub.md index 69f12c9881..ffa77e640e 100644 --- a/devices/surface-hub/install-apps-on-surface-hub.md +++ b/devices/surface-hub/install-apps-on-surface-hub.md @@ -3,10 +3,8 @@ title: Install apps on your Microsoft Surface Hub description: Admins can install apps can from either the Microsoft Store or the Microsoft Store for Business. ms.assetid: 3885CB45-D496-4424-8533-C9E3D0EDFD94 keywords: install apps, Microsoft Store, Microsoft Store for Business -ms.prod: w10 -ms.mktglfcycl: deploy +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub, store author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/local-management-surface-hub-settings.md b/devices/surface-hub/local-management-surface-hub-settings.md index 9bff610bcf..b53d27448f 100644 --- a/devices/surface-hub/local-management-surface-hub-settings.md +++ b/devices/surface-hub/local-management-surface-hub-settings.md @@ -2,10 +2,8 @@ title: Local management Surface Hub settings description: How to manage Surface Hub settings with Settings. keywords: manage Surface Hub, Surface Hub settings -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md index a21025c060..13af52d485 100644 --- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md +++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md @@ -3,10 +3,8 @@ title: Manage settings with an MDM provider (Surface Hub) description: Microsoft Surface Hub provides an enterprise management solution to help IT administrators manage policies and business applications on these devices using a mobile device management (MDM) solution. ms.assetid: 18EB8464-6E22-479D-B0C3-21C4ADD168FE keywords: mobile device management, MDM, manage policies -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub, mobility author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/manage-surface-hub-settings.md b/devices/surface-hub/manage-surface-hub-settings.md index a4a53440fb..ac7d714624 100644 --- a/devices/surface-hub/manage-surface-hub-settings.md +++ b/devices/surface-hub/manage-surface-hub-settings.md @@ -2,10 +2,8 @@ title: Manage Surface Hub settings description: This section lists topics for managing Surface Hub settings. keywords: Surface Hub accessibility settings, device account, device reset, windows updates, wireless network management -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/manage-surface-hub.md b/devices/surface-hub/manage-surface-hub.md index 47c62571ef..9518232b8b 100644 --- a/devices/surface-hub/manage-surface-hub.md +++ b/devices/surface-hub/manage-surface-hub.md @@ -3,10 +3,8 @@ title: Manage Microsoft Surface Hub description: How to manage your Surface Hub after finishing the first-run program. ms.assetid: FDB6182C-1211-4A92-A930-6C106BCD5DC1 keywords: manage Surface Hub -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/manage-windows-updates-for-surface-hub.md b/devices/surface-hub/manage-windows-updates-for-surface-hub.md index d3e78f1ff7..c769840d86 100644 --- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md +++ b/devices/surface-hub/manage-windows-updates-for-surface-hub.md @@ -3,10 +3,8 @@ title: Windows updates (Surface Hub) description: You can manage Windows updates on your Microsoft Surface Hub by setting the maintenance window, deferring updates, or using Windows Server Update Services (WSUS). ms.assetid: A737BD50-2D36-4DE5-A604-55053D549045 keywords: manage Windows updates, Surface Hub, Windows Server Update Services, WSUS -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article @@ -132,6 +130,11 @@ A default maintenance window is set for all new Surface Hubs: To change the maintenance window using MDM, set the **MOMAgent** node in the [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). See [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) for more details. +## More information + +- [Blog post: Servicing, Flighting, and Managing updates for Surface Hub (With Intune, of course!)](https://blogs.technet.microsoft.com/y0av/2018/05/31/7-3/) + + ## Related topics [Manage Microsoft Surface Hub](manage-surface-hub.md) diff --git a/devices/surface-hub/miracast-over-infrastructure.md b/devices/surface-hub/miracast-over-infrastructure.md index a6a44e2d03..fb81f8e16d 100644 --- a/devices/surface-hub/miracast-over-infrastructure.md +++ b/devices/surface-hub/miracast-over-infrastructure.md @@ -1,10 +1,8 @@ --- title: Miracast on existing wireless network or LAN description: Windows 10 enables you to send a Miracast stream over a local network. -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/miracast-troubleshooting.md b/devices/surface-hub/miracast-troubleshooting.md index 3c6c085881..6f3bdf62ec 100644 --- a/devices/surface-hub/miracast-troubleshooting.md +++ b/devices/surface-hub/miracast-troubleshooting.md @@ -1,10 +1,8 @@ --- title: Troubleshoot Miracast on Surface Hub description: Learn how to resolve issues with Miracast on Surface Hub. -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/monitor-surface-hub.md b/devices/surface-hub/monitor-surface-hub.md index 6b10bdc4c5..ac60abe27d 100644 --- a/devices/surface-hub/monitor-surface-hub.md +++ b/devices/surface-hub/monitor-surface-hub.md @@ -3,10 +3,8 @@ title: Monitor your Microsoft Surface Hub description: Monitoring for Microsoft Surface Hub devices is enabled through Microsoft Operations Management Suite (OMS). ms.assetid: 1D2ED317-DFD9-423D-B525-B16C2B9D6942 keywords: monitor Surface Hub, Microsoft Operations Management Suite, OMS -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md index aadc1fa22e..15d5c2746e 100644 --- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md @@ -3,10 +3,8 @@ title: On-premises deployment single forest (Surface Hub) description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment. ms.assetid: 80E12195-A65B-42D1-8B84-ECC3FCBAAFC6 keywords: single forest deployment, on prem deployment, device account, Surface Hub -ms.prod: w10 -ms.mktglfcycl: deploy +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.date: 06/01/2018 diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md index 3c92823a8b..b367367025 100644 --- a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md +++ b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md @@ -2,10 +2,8 @@ title: On-premises deployment multi-forest (Surface Hub) description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a multi-forest, on-premises deployment. keywords: multi forest deployment, on prem deployment, device account, Surface Hub -ms.prod: w10 -ms.mktglfcycl: deploy +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.date: 06/01/2018 diff --git a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md index c253d82d11..d5c567a57f 100644 --- a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md @@ -3,10 +3,8 @@ title: Online deployment with Office 365 (Surface Hub) description: This topic has instructions for adding a device account for your Microsoft Surface Hub when you have a pure, online deployment. ms.assetid: D325CA68-A03F-43DF-8520-EACF7C3EDEC1 keywords: device account for Surface Hub, online deployment -ms.prod: w10 -ms.mktglfcycl: deploy +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/password-management-for-surface-hub-device-accounts.md b/devices/surface-hub/password-management-for-surface-hub-device-accounts.md index c17507564e..be86720a3a 100644 --- a/devices/surface-hub/password-management-for-surface-hub-device-accounts.md +++ b/devices/surface-hub/password-management-for-surface-hub-device-accounts.md @@ -3,10 +3,8 @@ title: Password management (Surface Hub) description: Every Microsoft Surface Hub device account requires a password to authenticate and enable features on the device. ms.assetid: 0FBFB546-05F0-430E-905E-87111046E4B8 keywords: password, password management, password rotation, device account -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub, security author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/physically-install-your-surface-hub-device.md b/devices/surface-hub/physically-install-your-surface-hub-device.md index fb4c19723b..f750d07a4f 100644 --- a/devices/surface-hub/physically-install-your-surface-hub-device.md +++ b/devices/surface-hub/physically-install-your-surface-hub-device.md @@ -3,10 +3,8 @@ title: Physically install Microsoft Surface Hub description: The Microsoft Surface Hub Readiness Guide will help make sure that your site is ready for the installation. ms.assetid: C764DBFB-429B-4B29-B4E8-D7F0073BC554 keywords: Surface Hub, readiness guide, installation location, mounting options -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub, readiness author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md index 5ac57b764e..b9239014a4 100644 --- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md +++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md @@ -3,10 +3,8 @@ title: Prepare your environment for Microsoft Surface Hub description: This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Microsoft Surface Hub. ms.assetid: 336A206C-5893-413E-A270-61BFF3DF7DA9 keywords: prepare environment, features of Surface Hub, create and test device account, check network availability -ms.prod: w10 -ms.mktglfcycl: plan +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/provisioning-packages-for-surface-hub.md b/devices/surface-hub/provisioning-packages-for-surface-hub.md index 8646da068a..ad3c3d7d7e 100644 --- a/devices/surface-hub/provisioning-packages-for-surface-hub.md +++ b/devices/surface-hub/provisioning-packages-for-surface-hub.md @@ -3,10 +3,8 @@ title: Create provisioning packages (Surface Hub) description: For Windows 10, settings that use the registry or a configuration service provider (CSP) can be configured using provisioning packages. ms.assetid: 8AA25BD4-8A8F-4B95-9268-504A49BA5345 keywords: add certificate, provisioning package -ms.prod: w10 -ms.mktglfcycl: deploy +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/remote-surface-hub-management.md b/devices/surface-hub/remote-surface-hub-management.md index d4b921b254..5038e225b5 100644 --- a/devices/surface-hub/remote-surface-hub-management.md +++ b/devices/surface-hub/remote-surface-hub-management.md @@ -2,10 +2,8 @@ title: Remote Surface Hub management description: This section lists topics for managing Surface Hub. keywords: remote management, MDM, install apps, monitor Surface Hub, Operations Management Suite, OMS -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/save-bitlocker-key-surface-hub.md b/devices/surface-hub/save-bitlocker-key-surface-hub.md index 5fedc2bf80..3a013dd827 100644 --- a/devices/surface-hub/save-bitlocker-key-surface-hub.md +++ b/devices/surface-hub/save-bitlocker-key-surface-hub.md @@ -3,10 +3,8 @@ title: Save your BitLocker key (Surface Hub) description: Every Microsoft Surface Hub is automatically set up with BitLocker drive encryption software. Microsoft strongly recommends that you make sure you back up your BitLocker recovery keys. ms.assetid: E11E4AB6-B13E-4ACA-BCE1-4EDC9987E4F2 keywords: Surface Hub, BitLocker, Bitlocker recovery keys -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub, security author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/set-up-your-surface-hub.md b/devices/surface-hub/set-up-your-surface-hub.md index 876fd56138..80178e7c22 100644 --- a/devices/surface-hub/set-up-your-surface-hub.md +++ b/devices/surface-hub/set-up-your-surface-hub.md @@ -3,10 +3,8 @@ title: Set up Microsoft Surface Hub description: Set up instructions for Surface Hub include a setup worksheet, and a walkthrough of the first-run program. ms.assetid: 4D1722BC-704D-4471-BBBE-D0500B006221 keywords: set up instructions, Surface Hub, setup worksheet, first-run program -ms.prod: w10 -ms.mktglfcycl: deploy +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/setup-worksheet-surface-hub.md b/devices/surface-hub/setup-worksheet-surface-hub.md index f74f466fe8..f66fce4ef7 100644 --- a/devices/surface-hub/setup-worksheet-surface-hub.md +++ b/devices/surface-hub/setup-worksheet-surface-hub.md @@ -3,10 +3,8 @@ title: Setup worksheet (Surface Hub) description: When you've finished pre-setup and are ready to start first-time setup for your Microsoft Surface Hub, make sure you have all the information listed in this section. ms.assetid: AC6F925B-BADE-48F5-8D53-8B6FFF6EE3EB keywords: Setup worksheet, pre-setup, first-time setup -ms.prod: w10 -ms.mktglfcycl: deploy +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/skype-hybrid-voice.md b/devices/surface-hub/skype-hybrid-voice.md index 8ad23c643f..4b3c12deab 100644 --- a/devices/surface-hub/skype-hybrid-voice.md +++ b/devices/surface-hub/skype-hybrid-voice.md @@ -2,10 +2,8 @@ title: Online or hybrid deployment using Skype Hybrid Voice environment (Surface Hub) description: This topic explains how to enable Skype for Business Cloud PBX with on premises PSTN connectivity via Cloud Connector Edition or Skype for Business 2015 pool. keywords: hybrid deployment, Skype Hybrid Voice -ms.prod: w10 -ms.mktglfcycl: deploy +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/support-solutions-surface-hub.md b/devices/surface-hub/support-solutions-surface-hub.md index b40eaef7de..66d4455737 100644 --- a/devices/surface-hub/support-solutions-surface-hub.md +++ b/devices/surface-hub/support-solutions-surface-hub.md @@ -3,10 +3,8 @@ title: Top support solutions for Microsoft Surface Hub description: Find top solutions for common issues using Surface Hub. ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A keywords: Troubleshoot common problems, setup issues -ms.prod: w10 -ms.mktglfcycl: support +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: kaushika-msft ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/surface-hub-authenticator-app.md b/devices/surface-hub/surface-hub-authenticator-app.md index b4bbecf00d..d5f9dc8d57 100644 --- a/devices/surface-hub/surface-hub-authenticator-app.md +++ b/devices/surface-hub/surface-hub-authenticator-app.md @@ -1,10 +1,8 @@ --- title: Sign in to Surface Hub with Microsoft Authenticator description: Use Microsoft Authenticator on your mobile device to sign in to Surface Hub. -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/surface-hub-downloads.md b/devices/surface-hub/surface-hub-downloads.md index 0f35d022a9..257bc6b58b 100644 --- a/devices/surface-hub/surface-hub-downloads.md +++ b/devices/surface-hub/surface-hub-downloads.md @@ -1,10 +1,8 @@ --- title: Useful downloads for Microsoft Surface Hub description: Downloads related to the Microsoft Surface Hub. -ms.prod: w10 -ms.mktglfcycl: explore +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/surface-hub-recovery-tool.md b/devices/surface-hub/surface-hub-recovery-tool.md index c185f07d3c..81c91723b7 100644 --- a/devices/surface-hub/surface-hub-recovery-tool.md +++ b/devices/surface-hub/surface-hub-recovery-tool.md @@ -3,10 +3,8 @@ title: Using the Surface Hub Recovery Tool description: How to use the Surface Hub Recovery Tool to re-image the SSD. ms.assetid: FDB6182C-1211-4A92-A930-6C106BCD5DC1 keywords: manage Surface Hub -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/surface-hub-start-menu.md b/devices/surface-hub/surface-hub-start-menu.md index 1be0ee8978..5e6469aab1 100644 --- a/devices/surface-hub/surface-hub-start-menu.md +++ b/devices/surface-hub/surface-hub-start-menu.md @@ -1,10 +1,8 @@ --- title: Configure Surface Hub Start menu description: Use MDM to customize the Start menu on Surface Hub. -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/surface-hub-wifi-direct.md b/devices/surface-hub/surface-hub-wifi-direct.md index 3f933415fc..c4051021b6 100644 --- a/devices/surface-hub/surface-hub-wifi-direct.md +++ b/devices/surface-hub/surface-hub-wifi-direct.md @@ -2,10 +2,8 @@ title: How Surface Hub addresses Wi-Fi Direct security issues description: This topic provides guidance on Wi-Fi Direct security risks. keywords: change history -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/surfacehub-whats-new-1703.md b/devices/surface-hub/surfacehub-whats-new-1703.md index 5c18d5d2d8..1473174177 100644 --- a/devices/surface-hub/surfacehub-whats-new-1703.md +++ b/devices/surface-hub/surfacehub-whats-new-1703.md @@ -1,9 +1,7 @@ --- title: What's new in Windows 10, version 1703 for Surface Hub description: Windows 10, version 1703 (Creators Update) brings new features to Microsoft Surface Hub. -ms.prod: w10 -ms.mktglfcycl: manage -ms.pagetype: devices +ms.prod: surface-hub ms.sitesec: library author: jdeckerms ms.author: jdecker diff --git a/devices/surface-hub/troubleshoot-surface-hub.md b/devices/surface-hub/troubleshoot-surface-hub.md index d33bb2ca55..a6158edff8 100644 --- a/devices/surface-hub/troubleshoot-surface-hub.md +++ b/devices/surface-hub/troubleshoot-surface-hub.md @@ -3,10 +3,8 @@ title: Troubleshoot Microsoft Surface Hub description: Troubleshoot common problems, including setup issues, Exchange ActiveSync errors. ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A keywords: Troubleshoot common problems, setup issues, Exchange ActiveSync errors -ms.prod: w10 -ms.mktglfcycl: support +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md index 8ae6d82f72..c9183716e7 100644 --- a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md +++ b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md @@ -7,10 +7,8 @@ ms.author: jdecker ms.topic: article ms.date: 07/27/2017 ms.localizationpriority: medium -ms.prod: w10 -ms.mktglfcycl: support +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub --- # Configure domain name for Skype for Business diff --git a/devices/surface-hub/use-room-control-system-with-surface-hub.md b/devices/surface-hub/use-room-control-system-with-surface-hub.md index 8bcdde0580..7c5fc0e5d9 100644 --- a/devices/surface-hub/use-room-control-system-with-surface-hub.md +++ b/devices/surface-hub/use-room-control-system-with-surface-hub.md @@ -3,10 +3,8 @@ title: Using a room control system (Surface Hub) description: Room control systems can be used with your Microsoft Surface Hub. ms.assetid: DC365002-6B35-45C5-A2B8-3E1EB0CB8B50 keywords: room control system, Surface Hub -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/whiteboard-collaboration.md b/devices/surface-hub/whiteboard-collaboration.md index dd9606c9c3..08346d20b4 100644 --- a/devices/surface-hub/whiteboard-collaboration.md +++ b/devices/surface-hub/whiteboard-collaboration.md @@ -1,10 +1,8 @@ --- title: Set up and use Whiteboard to Whiteboard collaboration description: Microsoft Whiteboard’s latest update includes the capability for two Surface Hubs to collaborate in real time on the same board. -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker ms.topic: article diff --git a/devices/surface-hub/wireless-network-management-for-surface-hub.md b/devices/surface-hub/wireless-network-management-for-surface-hub.md index c7aac74ce4..516ddeab67 100644 --- a/devices/surface-hub/wireless-network-management-for-surface-hub.md +++ b/devices/surface-hub/wireless-network-management-for-surface-hub.md @@ -3,10 +3,8 @@ title: Wireless network management (Surface Hub) description: Microsoft Surface Hub offers two options for network connectivity to your corporate network and Internet wireless, and wired. While both provide network access, we recommend you use a wired connection. ms.assetid: D2CFB90B-FBAA-4532-B658-9AA33CAEA31D keywords: network connectivity, wired connection -ms.prod: w10 -ms.mktglfcycl: manage +ms.prod: surface-hub ms.sitesec: library -ms.pagetype: surfacehub, networking author: jdeckerms ms.author: jdecker ms.topic: article From 7149176ecded8d3f5d6a886f23ac47747dc59216 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Wed, 6 Jun 2018 09:17:15 -0700 Subject: [PATCH 116/319] Spacing fix for captions --- .../appv-application-publishing-and-client-interaction.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 48f6a6768a..b4a36706c2 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -420,6 +420,7 @@ The process then configures the client for package or connection group additions This completes an App-V package add for the publishing refresh process. The next step is publishing the package to a specific target (machine or user). ![Package add file and registry data](images/packageaddfileandregistrydata.png) + **Package add file and registry data** #### Publishing an App-V package @@ -450,6 +451,7 @@ During the Publishing Refresh operation, the specific publishing operation, **Pu Publishing an App-V Package that is part of a Connection Group is very similar to the above process. For connection groups, the path that stores the specific catalog information includes PackageGroups as a child of the Catalog Directory. Review the Machine and User Catalog information in the preceding sections for details. ![package add file and registry data - global](images/packageaddfileandregistrydata-global.png) + **Package add file and registry data—global** ### Application launch @@ -476,6 +478,7 @@ After the Publishing Refresh process, the user launches and then relaunches an A 7. The Application launches. For any missing files in the package store (sparse files), App-V will stream fault the files on an as needed basis. ![package add file and registry data - stream](images/packageaddfileandregistrydata-stream.png) + **Package add file and registry data—stream** ### Upgrading an App-V package From 3e32a4ad06b78423b140c43515ba57a9d099131f Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Wed, 6 Jun 2018 09:50:13 -0700 Subject: [PATCH 117/319] Editorial changes --- .../appv-application-publishing-and-client-interaction.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index b4a36706c2..d4937d1ba9 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -71,7 +71,7 @@ Additional details for the table are provided in the section below and throughou The App-V Client manages the applications assets mounted in the package store. This default storage location is %ProgramData%\App-V, but you can configure it during or after setup by using the **Set-AppVClientConfiguration** Windows PowerShell cmdlet, which modifies the local registry (**PackageInstallationRoot** value under the HKLM\Software\Microsoft\AppV\Client\Streaming key). The package store must be located at a local path on the client operating system. The individual packages are stored in the package store in subdirectories named after the Package GUID and Version GUID. -Example of a path to a specific application: +The following is an example of a path to a specific application: ```syntax C:\ProgramData\App-V\PackGUID\VersionGUID @@ -81,7 +81,7 @@ To change the default location of the package store during setup, see [Enable th ### Shared Content Store -If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high-performance network location (such as a SAN) is preferable. For more information, see [Shared Content Store in Microsoft App-V 5.0 - Behind the Scenes](https://blogs.technet.microsoft.com/appv/2013/07/22/shared-content-store-in-microsoft-app-v-5-0-behind-the-scenes/). +If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). In VDI environments where local storage can be limited, it's important to use as little disk space as possible. You can minimize disk space usage by streaming applications from a high-performance network location (such as a SAN). For more information, see [Shared Content Store in Microsoft App-V 5.0 - Behind the Scenes](https://blogs.technet.microsoft.com/appv/2013/07/22/shared-content-store-in-microsoft-app-v-5-0-behind-the-scenes/). >[!NOTE] >The machine and package store must be located on a local drive, even when you’re using Shared Content Store configurations for the App-V Client. @@ -478,7 +478,7 @@ After the Publishing Refresh process, the user launches and then relaunches an A 7. The Application launches. For any missing files in the package store (sparse files), App-V will stream fault the files on an as needed basis. ![package add file and registry data - stream](images/packageaddfileandregistrydata-stream.png) - + **Package add file and registry data—stream** ### Upgrading an App-V package From 39934d5b30d7593f96556652a58e5143f92fe570 Mon Sep 17 00:00:00 2001 From: nicksev <38920847+nicksev@users.noreply.github.com> Date: Wed, 6 Jun 2018 10:40:48 -0700 Subject: [PATCH 118/319] Update teacher-get-minecraft.md I've re-written the beginning of this article to have more context and content relevant for teachers. I've left the Distribute section and below largely untouched, but we do need to update the screenshots at some point. --- education/windows/teacher-get-minecraft.md | 41 +++++++++++++--------- 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/education/windows/teacher-get-minecraft.md b/education/windows/teacher-get-minecraft.md index eb7e30081b..9e459af597 100644 --- a/education/windows/teacher-get-minecraft.md +++ b/education/windows/teacher-get-minecraft.md @@ -21,35 +21,44 @@ ms.topic: conceptual - Windows 10 -Learn how teachers can get and distribute Minecraft: Education Edition. +The following article describes how teachers can get and distribute Minecraft: Education Edition. +Minecraft: Education Edition is available for anyone to trial, and subscriptions can be purchased by qualified educational institutions directly in the Microsoft Store for Education, via volume licensing agreements and through partner resellers. -## Add Minecraft to your Microsoft Store for Education +To get started, go to http://education.minecraft.net/ and select **GET STARTED**. -1. Go to [http://education.minecraft.net/](http://education.minecraft.net/) and select **GET STARTED**. +## Try Minecraft: Education Edition for Free - +Minecraft: Education Edition is available for anyone to try, but there is a limit to the number of logins allowed before purchasing a subscription is required. -2. Enter your email address. +To learn more and get started, go to http://education.minecraft.net/ and select **GET STARTED**. - - -3. Select **Get the app**. This will take you to Microsoft Store for Ecucation to download the app. You will also receive an email with instructions and a link to the Store. +## Purchase Minecraft: Education Edition for Teachers and Students - +Minecraft: Education Edition is licensed via yearly subscriptions that are purchased through the Microsoft Store for Education, via volume licensing agreements and through partner resellers. -4. Sign in to Microsoft Store for Education with your email address. +>[!Note] +>M:EE is available on many platforms, but all license purchases can only be done through one of the three methods listed above. -5. Read and accept the Microsoft Store for Business and Education Service Agreement, and then select **Next**. +As a teacher, you may purchase subscription licenses for you and your students directly through the Microsoft Store for Education, or you may already have access to licenses at your school (through a volume license agreement) if you have an Office 365 account. -6. **Minecraft: Education Edition** opens in the Microsoft Store for Education. Select **Get the app**. This places **Minecraft: Education Edition** in your Microsoft Store inventory. +>[!Note] +>If you already have Office 365, you may already have Minecraft: Education Edition licenses for your school! M:EE is included in many volume license agreements, however, only the administrators at your school will be able to assign and manage those licenses. If you have an Office 365 account, check with your school administration or IT administrator prior to purchasing M:EE directly. + +You can purchase individual Minecraft: Education Edition subscriptions for you and other teachers and students directly in the Microsoft Store for Education. + +To purchase individual Minecraft: Education Edition subscriptions (i.e. direct purchase): + +1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your Office 365 account. +2. Click on [Minecraft: Education Edition](https://educationstore.microsoft.com/en-us/store/details/minecraft-education-edition/9nblggh4r2r6) (or use Search the Store to find it) +3. Click **Buy** + +>[!Note] +>Administrators can restrict the ability for teachers to purchase applications in the Microsoft Store for Education. If you do not have the ability to Buy, contact your school administration or IT administrator. - - -If you need additional licenses for **Minecraft: Education Edition**, see [Purchase additional licenses](https://docs.microsoft.com/education/windows/education-scenarios-store-for-business#purchase-additional-licenses). ## Distribute Minecraft -After Minecraft: Education Edition is added to your Microsoft Store for Education inventory, you have three options: +After Minecraft: Education Edition licenses have been purchased, either directly, through a volume license agreement or through a partner reseller, those licenses will be added to your Microsoft Store for Education. From there you have three options: - You can install the app on your PC. - You can assign the app to others. From 0b4c9314e0d565eee454fd195f4d55b85a14a1b0 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Wed, 6 Jun 2018 10:41:44 -0700 Subject: [PATCH 119/319] Editorial changes --- ...-application-publishing-and-client-interaction.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index d4937d1ba9..28c6a826f2 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -139,9 +139,9 @@ Before an application can access the package registry data, the App-V Client mus When a new package is added to the App-V Client, a copy of the REGISTRY.DAT file from the package is created at %ProgramData%\Microsoft\AppV\Client\VREG\{Version GUID}.dat. The name of the file is the version GUID with the .DAT extension. The reason this copy is made is to ensure that the actual hive file in the package is never in use, which would prevent the removal of the package at a later time. -**Registry.dat from Package Store** > **%ProgramData%\Microsoft\AppV\Client\Vreg\\{VersionGuid}.dat** +**Registry.dat from Package Store** > **%ProgramData%\Microsoft\AppV\Client\Vreg\\{VersionGUID}.dat** -When the first application from the package is launched on the client, the client stages or copies the contents out of the hive file, re-creating the package registry data in an alternate location under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\PackageGuid\Versions\VersionGuid\REGISTRY. The staged registry data has two distinct types of machine data and user data. Machine data is shared across all users on the machine. User data is staged for each user to a user-specific location HKCU\Software\Microsoft\AppV\Client\Packages\PackageGuid\Registry\User. The machine data is ultimately removed at package removal time, and the user data is removed on a user unpublish operation. +When the first application from the package is launched on the client, the client stages or copies the contents out of the hive file, re-creating the package registry data in an alternate location under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\PackageGuid\Versions\VersionGUID\REGISTRY. The staged registry data has two distinct types of machine data and user data. Machine data is shared across all users on the machine. User data is staged for each user to a user-specific location HKCU\Software\Microsoft\AppV\Client\Packages\PackageGUID\Registry\User. The machine data is ultimately removed at package removal time, and the user data is removed on a user unpublish operation. ### Package registry staging vs. connection group registry staging @@ -278,7 +278,7 @@ App-V registry roaming falls into two scenarios, as shown in the following table |Scenario|Description| |---|---| |Applications that are run as standard users|When a standard user launches an App-V application, both HKLM and HKCU for App-V applications are stored in the HKCU hive on the machine. This presents as two distinct paths:

    - HKLM's location is HKCU\SOFTWARE\Classes\AppV\Client\Packages\\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE
    - HKCU's location is HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\REGISTRY\USER\\{UserSID}\SOFTWARE

    The locations are enabled for roaming based on the operating system settings.| -|Applications that are run with elevation|When an application is launched with elevation:

    - HKLM data is stored in the HKLM hive on the local computer
    - HKCU data is stored in the User Registry location

    In this scenario, these settings are not roamed with normal operating system roaming configurations, and the resulting registry keys and values are stored in the following locations:

    - HKLM's location is HKLM\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\{UserSID}\REGISTRY\MACHINE\SOFTWARE
    - HKCU's location is HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\Registry\User\\{UserSID}\SOFTWARE| +|Applications that are run with elevation|When an application is launched with elevation:

    - HKLM data is stored in the HKLM hive on the local computer
    - HKCU data is stored in the User Registry location

    In this scenario, these settings are not roamed with normal operating system roaming configurations, and the resulting registry keys and values are stored in the following locations:

    - HKLM's location is HKLM\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\{UserSID}\REGISTRY\MACHINE\SOFTWARE
    - HKCU's location is HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\Registry\User\\{UserSID}\SOFTWARE| ### App-V and folder redirection @@ -475,7 +475,7 @@ After the Publishing Refresh process, the user launches and then relaunches an A 6. After downloading, the App-V Client service consumes the manifest and deployment configuration files to configure the virtual environment and all App-V subsystems are loaded. -7. The Application launches. For any missing files in the package store (sparse files), App-V will stream fault the files on an as needed basis. +7. The Application launches. For any missing files in the package store (sparse files), App-V will stream fault the files on an as-needed basis. ![package add file and registry data - stream](images/packageaddfileandregistrydata-stream.png) @@ -489,7 +489,7 @@ The current version of App-V's package upgrade process differs from the older ve 1. The App-V Client performs a Publishing Refresh and discovers a newer version of an App-V Package. -2. Package entries are added to the appropriate catalog for the new version +2. Package entries are added to the appropriate catalog for the new version. 1. User targeted packages: the **UserDeploymentConfiguration.xml** and **UserManifest.xml** are placed on the machine in the user catalog at **appdata\\roaming\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID**. @@ -694,7 +694,7 @@ For details on App-V integration, see [Microsoft Application Virtualization 5.0 ### Software clients and application capabilities -App-V supports specific software clients and application capabilities extension points to register virtualized applications with the operating system's software client. This means users can select default programs for operations like email, instant messaging, and using the media player. This operation is performed in the control panel with **Set Program Access** and **Computer Defaults**, and configured during sequencing in the manifest or dynamic configuration files. Application capabilities are only supported when the App-V applications are published globally. +App-V supports specific software clients and application capabilities extension points to register virtualized applications with the operating system's software client. This means users can select default programs for operations like email, instant messaging, and using the media player. This operation is performed in the control panel with **Set Program Access** and **Computer Defaults**, and is configured during sequencing in the manifest or dynamic configuration files. Application capabilities are only supported when the App-V applications are published globally. The following is an example of software client registration of an App-V-based mail client. From b0d49ca8f7799fe6e23be695006a45c85907493c Mon Sep 17 00:00:00 2001 From: Patti Short Date: Wed, 6 Jun 2018 14:34:46 -0700 Subject: [PATCH 120/319] clarified some of the policies --- browsers/edge/available-policies.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 2ba0d202e0..e93509d40f 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -32,11 +32,11 @@ Computer Configuration\Administrative Templates\Windows Components\Microsoft Edg >*Supported versions: Windows 10, version 1803*
    >*Default setting: None* -You can configure Microsoft Edge to use a shared folder to store books from the Books Library. +You can configure Microsoft Edge to store books from the Books Library to a default, shared folder for Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads book files automatically to a common, shared folder, and prevents users from removing the book from the library. For this policy to work properly, users must be signed in with a school or work account. + +If you disable or don’t configure this policy, Microsoft Edge does not use a shared folder but downloads book files to a per-user folder for each user. -If enabled, a shared books folder is allowed. - -If disabled, a shared books folder not allowed. + **MDM settings in Microsoft Intune** | | | @@ -45,30 +45,30 @@ If disabled, a shared books folder not allowed. |Supported devices |Desktop | |URI full path |./Vendor/MSFT/Policy/Config/Browser/UseSharedFolderForBooks | |Data type |Integer | -|Allowed values |
    • **0** - No folder shared.
    • **1** - Use a shared folder.
    | +|Allowed values |
    • **0** - Disabled.
    • **1** - Enabled.
    | ## Allow Address bar drop-down list suggestions >*Supported versions: Windows 10, version 1703 or later* -The Address bar drop-down list, when enabled, allows the Address bar drop-down functionality in Microsoft Edge. By default, this policy is enabled. If disabled, you do not see the address bar drop-down functionality and disables the user-defined policy "Show search and site suggestions as I type." Therefore, because search suggestions are shown in the drop-down, this policy takes precedence over the [Configure search suggestions in Address bar](https://review.docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies?branch=pashort_edge-backlog_vsts15846461#configure-search-suggestions-in-address-bar) or [AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) policy. +By default, Microsoft Edge shows the Address bar drop-down list and makes it available. If you want to minimize network connections from Microsoft Edge to Microsoft service, we recommend disabling this policy. Disabling this policy turns off the Address bar drop-down list functionality. -If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend that you disable this policy. +When disabled, Microsoft Edge also disables the user-defined policy Show search and site suggestions as I type. Because the drop-down shows the search suggestions, this policy takes precedence over the [Configure search suggestions in Address bar](https://docs.microsoft.com/en-us/microsoft-edge/deploy/available-policies#configure-search-suggestions-in-address-bar) policy. **Microsoft Intune to manage your MDM settings** | | | |---|---| -|MDM name |[AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) | +|MDM name |Browser/[AllowAddressBarDropdown](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowaddressbardropdown) | |Supported devices |Desktop | |URI full path | ./Vendor/MSFT/Policy/Config/Browser/AllowAddressBarDropdown | |Data type | Integer | -|Allowed values |
    • **0** - Not Allowed. Address bar drop-down is disabled, which also disables the user-defined policy, "Show search and site suggestions as I type."
    • **1 (default)** - Allowed. Address bar drop-down is enabled.
    | +|Allowed values |
    • **0** - Disabled. Not allowed.
    • **1 (default)** - Enabled or not configured. Allowed.
    | ## Allow Adobe Flash >*Supported version: Windows 10* -Adobe Flash is integrated with Microsoft Edge and is updated via Windows Update. By default, this policy is enabled or not configured allowing you to use Adobe Flash Player in Microsoft Edge. +Adobe Flash is integrated with Microsoft Edge and updated via Windows Update. With this policy, you can configure Microsoft Edge to run Adobe Flash content or prevent Adobe Flash from running. **Microsoft Intune to manage your MDM settings** | | | @@ -77,12 +77,12 @@ Adobe Flash is integrated with Microsoft Edge and is updated via Windows Update. |Supported devices |Desktop | |URI full path | ./Vendor/MSFT/Policy/Config/Browser/AllowAdobeFlash | |Data type | Integer | -|Allowed values |
    • **0** - Adobe Flash cannot be used Microsoft Edge.
    • **1 (default)** - Adobe Flash can be used in Microsoft Edge.
    | +|Allowed values |
    • **0** - Disabled. Microsoft Edge prevents Adobe Flash content from running.
    • **1 (default)** - Enabled or not configured. Microsoft Edge runs Adobe Flash content.
    | ## Allow clearing browsing data on exit >*Supported versions: Windows 10, version 1703* -Your browsing data is the information that Microsoft Edge remembers and stores as you browse websites. Browsing data includes information you entered forms, passwords, and the websites you visited. By default, this policy is disabled or not configured, the browsing data is not cleared when exiting. When this policy is disabled or not configured, you can turn on and configure the Clear browsing data option under Settings. +By default, Microsoft Edge does not clear the browsing data on exit, but users can configure the _Clear browsing data_ option in Settings. Browsing data includes information you entered in forms, passwords, and even the websites visited. Enable this policy if you want to clear the browsing data automatically each time Microsoft Edge closes. **Microsoft Intune to manage your MDM settings** @@ -92,7 +92,7 @@ Your browsing data is the information that Microsoft Edge remembers and stores a |Supported devices |Desktop | |URI full path | ./Vendor/MSFT/Policy/Config/Browser/ClearBrowsingDataOnExit | |Data type | Integer | -|Allowed values |
    • **0 (default)** - Browsing data is not cleared on exit. The type of browsing data to clear can be configured by the employee in the Clear browsing data options under Settings.
    • **1** - Browsing data is cleared on exit.
    | +|Allowed values |
    • **0 (default)** - Disabled or not configured. Microsoft Edge does not clear the browsing data on exit, but users can configure the _Clear browsing data_ option in Settings.
    • **1** - Enabled. Clears the browsing data each time Microsoft Edge closes.
    | ## Allow configuration updates for the Books Library From f7333dd3316bc52e6e33d7601a0583d6a6b16963 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Thu, 7 Jun 2018 17:36:37 +0000 Subject: [PATCH 121/319] Merged PR 8879: Fixed footnote in two policies --- .../policy-configuration-service-provider.md | 10 +- .../mdm/policy-csp-system.md | 142 +++++++++++++++++- 2 files changed, 150 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 4b7797c7be..3f01008ea8 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 05/14/2018 +ms.date: 06/05/2018 --- # Policy CSP @@ -2974,6 +2974,12 @@ The following diagram shows the Policy configuration service provider in tree fo
    System/BootStartDriverInitialization
    +
    + System/ConfigureTelemetryOptInChangeNotification +
    +
    + System/ConfigureTelemetryOptInSettingsUx +
    System/DisableEnterpriseAuthProxy
    @@ -4587,6 +4593,8 @@ The following diagram shows the Policy configuration service provider in tree fo - [System/AllowLocation](./policy-csp-system.md#system-allowlocation) - [System/AllowTelemetry](./policy-csp-system.md#system-allowtelemetry) - [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization) +- [System/ConfigureTelemetryOptInChangeNotification](./policy-csp-system.md#system-configuretelemetryoptinchangenotification) +- [System/ConfigureTelemetryOptInSettingsUx](./policy-csp-system.md#system-configuretelemetryoptinsettingsux) - [System/DisableEnterpriseAuthProxy](./policy-csp-system.md#system-disableenterpriseauthproxy) - [System/DisableOneDriveFileSync](./policy-csp-system.md#system-disableonedrivefilesync) - [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 343d589daa..8f4da31f35 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -6,11 +6,13 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 05/14/2018 +ms.date: 06/05/2018 --- # Policy CSP - System +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
    @@ -46,6 +48,12 @@ ms.date: 05/14/2018
    System/BootStartDriverInitialization
    +
    + System/ConfigureTelemetryOptInChangeNotification +
    +
    + System/ConfigureTelemetryOptInSettingsUx +
    System/DisableEnterpriseAuthProxy
    @@ -683,6 +691,137 @@ ADMX Info:
    + +**System/ConfigureTelemetryOptInChangeNotification** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark4check mark4check mark4check mark4
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +This policy setting determines whether a device shows notifications about telemetry levels to people on first logon or when changes occur in Settings.  +If you set this policy setting to "Disable telemetry change notifications", telemetry level notifications stop appearing. +If you set this policy setting to "Enable telemetry change notifications" or don't configure this policy setting, telemetry notifications appear at first logon and when changes occur in Settings. + + + +ADMX Info: +- GP English name: *Configure telemetry opt-in change notifications.* +- GP name: *ConfigureTelemetryOptInChangeNotification* +- GP element: *ConfigureTelemetryOptInChangeNotification* +- GP path: *Data Collection and Preview Builds* +- GP ADMX file name: *DataCollection.admx* + + + + + + + + + + + + + +
    + + +**System/ConfigureTelemetryOptInSettingsUx** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark4check mark4check mark4check mark4
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +This policy setting determines whether people can change their own telemetry levels in Settings. This setting should be used in conjunction with the Allow Telemetry settings. + +If you set this policy setting to "Disable Telemetry opt-in Settings", telemetry levels are disabled in Settings, preventing people from changing them. + +If you set this policy setting to "Enable Telemetry opt-in Setings" or don't configure this policy setting, people can change their own telemetry levels in Settings. + +Note: +Set the Allow Telemetry policy setting to prevent people from sending diagnostic data to Microsoft beyond your organization's limit. + + + +ADMX Info: +- GP English name: *Configure telemetry opt-in setting user interface.* +- GP name: *ConfigureTelemetryOptInSettingsUx* +- GP element: *ConfigureTelemetryOptInSettingsUx* +- GP path: *Data Collection and Preview Builds* +- GP ADMX file name: *DataCollection.admx* + + + + + + + + + + + + + +
    + **System/DisableEnterpriseAuthProxy** @@ -1051,6 +1190,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. +- 5 - Added in the next major release of Windows 10. From 3e1db15848ecb5c982d671b32303027822fbb41a Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 7 Jun 2018 18:17:31 +0000 Subject: [PATCH 122/319] Merged PR 8883: Clarification The itsy bitsy spider went up the water spout --- .../upgrade/windows-10-downgrade-paths.md | 30 ++++--------------- 1 file changed, 5 insertions(+), 25 deletions(-) diff --git a/windows/deployment/upgrade/windows-10-downgrade-paths.md b/windows/deployment/upgrade/windows-10-downgrade-paths.md index d095a3d449..4422179d21 100644 --- a/windows/deployment/upgrade/windows-10-downgrade-paths.md +++ b/windows/deployment/upgrade/windows-10-downgrade-paths.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.localizationpriority: high ms.pagetype: mobile author: greg-lindsay -ms.date: 02/15/2018 +ms.date: 06/07/2018 --- # Windows 10 downgrade paths @@ -17,13 +17,11 @@ ms.date: 02/15/2018 ## Downgrading Windows 10 -This topic provides a summary of supported Windows 10 downgrade paths. You might need to downgrade the edition of Windows 10, for example, if an Enterprise license is expired. +This topic provides a summary of supported Windows 10 downgrade paths. You might need to downgrade the edition of Windows 10, for example, if an Enterprise license is expired. To perform a downgrade, you can use the same methods as when performing an [edition upgrade](windows-10-edition-upgrades.md). For example, you might downgrade an Enterprise edition by manually entering a valid Pro license key. If a downgrade is supported, then your apps and settings can be migrated from the current edition to the downgraded edition. If a path is not supported, then a clean install is required. -To perform a downgrade, you can use the same methods as when performing an [edition upgrade](windows-10-edition-upgrades.md). - -Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not supported, unless you are performing a rollback of a previous upgrade. You also cannot downgrade from a later version to an earlier version of the same edition (Ex: Windows 10 Pro 1709 to 1703) unless the rollback process is used. +Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 by entering a different product key is not supported. The only downgrade method available for this the rollback of a previous upgrade. You also cannot downgrade from a later version to an earlier version of the same edition (Ex: Windows 10 Pro 1709 to 1703) unless the rollback process is used. >**Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions. @@ -32,7 +30,8 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor ### Supported Windows 10 downgrade paths >[!NOTE] ->Edition changes that are considered upgrades (Ex: Pro to Enterprise) are not shown here. Switching between different editions of Pro is supported. This is not strictly considered an edition downgrade, but is included here for clarity. +>Edition changes that are considered upgrades (Ex: Pro to Enterprise) are not shown here.
    +>Switching between different editions of Pro is also not strictly considered an edition downgrade, but is included here for clarity. ✔ = Supported downgrade path
    @@ -48,7 +47,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor Pro Pro for Workstations Pro Education - S Education Enterprise LTSC Enterprise @@ -65,7 +63,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor - Pro @@ -73,7 +70,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor ✔ ✔ - ✔ @@ -84,7 +80,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor ✔ ✔ - ✔ @@ -95,18 +90,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor ✔ ✔ - ✔ - - - - - - S - - ✔ - ✔ - ✔ - @@ -117,7 +100,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor ✔ ✔ ✔ - ✔ @@ -129,7 +111,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor - @@ -140,7 +121,6 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 is not suppor ✔ ✔ ✔ - ✔ From d18ea151813980dd69ca192a03a83b0e97ad076f Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Thu, 7 Jun 2018 18:28:13 +0000 Subject: [PATCH 123/319] Merged PR 8881: Updated Updated advanced-hunting-reference-windows-defender-advanced-threat-protection.md --- ...ce-windows-defender-advanced-threat-protection.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md index 5919dad684..50820acbc3 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md @@ -28,10 +28,8 @@ ms.date: 06/01/2018 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) -## Advanced hunting table reference -When you run a query using Advanced hunting, a table with columns is returned as a result. - -Use the following table to understand what the columns represent, its data type, and their description. +## Advanced hunting column reference +To effectively build queries that span multiple tables, you need to understand the columns in the Advanced hunting schema. The following table lists all the available columns, along with their data types and descriptions. This information is also available in the schema representation in the Advanced hunting screen. | Column name | Data type | Description :---|:--- |:--- @@ -70,7 +68,7 @@ Use the following table to understand what the columns represent, its data type, | LocalIP | string | IP address assigned to the local machine used during communication | | LocalPort | int | TCP port on the local machine used during communication | | LoggedOnUsers | string | List of all users that are logged on the machine at the time of the event in JSON array format | -| LogonType | string | Type of logon session, specifically:

    - **Interactive** - User physically interacts with the machine using the local keyboard and screen.

    - **Remote interactive (RDP) logons** - User interacts with the machine remotely using Remote Desktop, Terminal Services, Remote Assistance, or other RDP clients.

    - **Network** - Session initiated when the machine is accessed using PsExec or when shared resources on the machine, such as printers and shared folders, are accessed.

    - **Batch** - Session initiated by scheduled tasks.

    - **Service** - Session initiated by services as they start.
    +| LogonType | string | Type of logon session, specifically:

    - **Interactive** - User physically interacts with the machine using the local keyboard and screen

    - **Remote interactive (RDP) logons** - User interacts with the machine remotely using Remote Desktop, Terminal Services, Remote Assistance, or other RDP clients

    - **Network** - Session initiated when the machine is accessed using PsExec or when shared resources on the machine, such as printers and shared folders, are accessed

    - **Batch** - Session initiated by scheduled tasks

    - **Service** - Session initiated by services as they start
    | MachineGroup | string | Machine group of the machine. This group is used by role-based access control to determine access to the machine. | | MachineId | string | Unique identifier for the machine in the service | | MD5 | string | MD5 hash of the file that the recorded action was applied to | @@ -88,16 +86,16 @@ Use the following table to understand what the columns represent, its data type, | ProcessIntegrityLevel | string | Integrity level of the newly created process. Windows assigns integrity levels to processes based on certain characteristics, such as if they were launched from an internet downloaded. These integrity levels influence permissions to resources. | | ProcessTokenElevation | string | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the newly created process | | ProviderId | string | Unique identifier for the Event Tracing for Windows (ETW) provider that collected the event log | -| RemoteComputerName | string | Name of the machine that performed a remote operation on the affected machine. Depending on the event being reported, this name could be a fully-qualified domain name (FQDN), a NetBIOS name, or a host name without domain information. | | | RegistryKey | string | Registry key that the recorded action was applied to | | RegistryValueData | string | Data of the registry value that the recorded action was applied to | | RegistryValueName | string | Name of the registry value that the recorded action was applied to | | RegistryValueType | string | Data type, such as binary or string, of the registry value that the recorded action was applied to | +| RemoteComputerName | string | Name of the machine that performed a remote operation on the affected machine. Depending on the event being reported, this name could be a fully-qualified domain name (FQDN), a NetBIOS name, or a host name without domain information. | | RemoteIP | string | IP address that was being connected to | | RemotePort | int | TCP port on the remote device that was being connected to | | RemoteUrl | string | URL or fully qualified domain name (FQDN) that was being connected to | -| SHA1 | string | SHA-1 of the file that the recorded action was applied to | | ReportId | long | Event identifier based on a repeating counter. To identify unique events, this column must be used in conjunction with the ComputerName and EventTime columns. | +| SHA1 | string | SHA-1 of the file that the recorded action was applied to | | SHA256 | string | SHA-256 of the file that the recorded action was applied to. This field is usually not populated—use the SHA1 column when available. | >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-belowfoldlink) From d648b40d6dc66bce26ee0a22f220fbd38c980ede Mon Sep 17 00:00:00 2001 From: Adam Gross Date: Thu, 7 Jun 2018 13:43:16 -0500 Subject: [PATCH 124/319] Update resolution-procedures.md --- windows/deployment/upgrade/resolution-procedures.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md index 5a48e7d896..d0b6fcc004 100644 --- a/windows/deployment/upgrade/resolution-procedures.md +++ b/windows/deployment/upgrade/resolution-procedures.md @@ -738,7 +738,7 @@ Also see the following sequential list of modern setup (mosetup) error codes wit | 0XC190020d | MOSETUP_E_DOWNLOADDISKSPACE_CANCEL | The user has chosen to cancel as the device does not have enough disk space to download. | | 0XC190020e | MOSETUP_E_INSTALLDISKSPACE_BLOCK | The system does not pass the diskspace requirements to install the payload. | | 0XC190020f | MOSETUP_E_INSTALLDISKSPACE_CANCEL | The user has chosen to cancel as the device does not have enough disk space to install. | -| 0XC1900210 | MOSETUP_E_COMPAT_SCANONLY | The user has use the setup.exe command line to do scanonly, not to install the OS. | +| 0XC1900210 | MOSETUP_E_COMPAT_SCANONLY | The user has used the setup.exe command line to do scanonly, not to install the OS. | | 0XC1900211 | MOSETUP_E_DOWNLOAD_UNPACK_DISKSPACE_BLOCK | The system does not pass the disk space requirements to download and unpack media. | | 0XC1900212 | MOSETUP_E_DOWNLOAD_UNPACK_DISKSPACE_MULTIARCH_BLOCK | The system does not pass the disk space requirements to download and unpack multi-architecture media. | | 0XC1900213 | MOSETUP_E_NO_OFFER_FOUND | There was no offer found that matches the required criteria. | From d55002ae4346d4b697207bf676f7bb0576a8cadb Mon Sep 17 00:00:00 2001 From: Jan Backstrom Date: Thu, 7 Jun 2018 12:06:07 -0700 Subject: [PATCH 125/319] Updating Note content Adding link to new TEI article in the Edge IT Center and removing extraneous text. Minor edits/cleanup --- browsers/edge/Index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/browsers/edge/Index.md b/browsers/edge/Index.md index a18d463fa8..12e65e0580 100644 --- a/browsers/edge/Index.md +++ b/browsers/edge/Index.md @@ -24,9 +24,9 @@ Microsoft Edge is the new, default web browser for Windows 10, helping you to e Microsoft Edge lets you stay up-to-date through the Microsoft Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools. >[!Note] ->For more info about the potential impact of using Microsoft Edge in a large organization, you can download an infographic from here: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=55956). For a detailed report that provides you with a framework to evaluate the potential financial impact of adopting Microsoft Edge within your organization, you can download the full study here: [Total Economic Impact of Microsoft Edge: Forrester Study](https://www.microsoft.com/download/details.aspx?id=55847). +>For more information about the potential impact of using Microsoft Edge in a large organization, refer to the [Measuring the impact of Microsoft Edge](https://www.microsoft.com/itpro/microsoft-edge/technical-benefits) topic on the Microsoft Edge IT Center. ->Also, if you've arrived here looking for Internet Explorer 11 content, you'll need to go to the [Internet Explorer 11 (IE11)](https://docs.microsoft.com/en-us/internet-explorer/) area. +>If you are looking for Internet Explorer 11 content, please visit the [Internet Explorer 11 (IE11)](https://docs.microsoft.com/en-us/internet-explorer/) area. ## In this section From a83dcdec710d0c1027256fb506cb3f458530dfcb Mon Sep 17 00:00:00 2001 From: Chris Nylen <30357366+chnylen@users.noreply.github.com> Date: Thu, 7 Jun 2018 18:03:32 -0400 Subject: [PATCH 126/319] Update windows-analytics-get-started.md Fixed a typo. --- windows/deployment/update/windows-analytics-get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/windows-analytics-get-started.md b/windows/deployment/update/windows-analytics-get-started.md index 380e966c13..2bd55d23db 100644 --- a/windows/deployment/update/windows-analytics-get-started.md +++ b/windows/deployment/update/windows-analytics-get-started.md @@ -107,7 +107,7 @@ After data is sent from devices to Microsoft, it generally takes 48-56 hours for ## Deploy additional optional settings -Certain of the Windows Analytics features have additional settings you can use. +Certain Windows Analytics features have additional settings you can use. - **Update Compliance** is only compatible with Windows 10 desktop devices (workstations and laptops). To use the Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a partner antivirus application), and must have enabled cloud-delivered protection, as described in [Utilize Microsoft cloud-delivered protection in Windows Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Troubleshoot Windows Defender Antivirus reporting in Update Compliance](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting) topic for help with ensuring that the configuration is correct. From 1e57c7112bed9f2b504b0b8b84bcae58dbc90713 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 7 Jun 2018 15:56:11 -0700 Subject: [PATCH 127/319] new flow --- ...ows-defender-advanced-threat-protection.md | 48 ++++++++++++------- 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md index 595710cac3..db4d4d1e03 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 05/01/2018 +ms.date: 06/06/2018 --- # Configure alert notifications in Windows Defender ATP @@ -41,29 +41,45 @@ Only users assigned to the Global administrator role can manage notification rul The email notification includes basic information about the alert and a link to the portal where you can do further investigation. -## Set up email notifications for alerts -The email notifications feature is turned off by default. Turn it on to start receiving email notifications. +## Create rules for alert notifications +You can create rules that determine the machines and alert severities to send email notifications for and the notification recipients. -1. On the navigation pane, select **Settings** > **Alert notifications**. -2. Toggle the setting between **On** and **Off**. -3. Select the alert severity level that youd like your recipients to receive: - - **High** Select this level to send notifications for high-severity alerts. - - **Medium** Select this level to send notifications for medium-severity alerts. - - **Low** - Select this level to send notifications for low-severity alerts. - - **Informational** - Select this level to send notification for alerts that might not be considered harmful but good to keep track of. -4. In **Email recipients to notify on new alerts**, type the email address then select the + sign. -5. Click **Save preferences** when youve completed adding all the recipients. -Check that email recipients are able to receive the email notifications by selecting **Send test email**. All recipients in the list will receive the test email. +1. In the navigation pane, select **Settings** > **Alert notifications**. + +2. Click **Add notification rule**. + +3. Specify the General information: + - **Rule name** + - **Machines** - Choose whether to notify recipients for alerts on all machines (Global administrator role only) or on selected machine groups. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md). + - **Alert severity** - Choose the alert severity level + +4. Click **Next**. + +5. Enter the recipient's email address then click **Add recipient**. You can add multiple email addresses. + +6. Check that email recipients are able to receive the email notifications by selecting **Send test email**. + +7. Click **Save notification rule**. Here's an example email notification: ![Image of example email notification](images/atp-example-email-notification.png) -## Remove email recipients +## Edit a notification rule +1. Select the notification rule you'd like to edit. + +2. Update the General and Recipient tab information. + +3. Click **Save notification rule**. + + +## Delete notification rule + +1. Select the notification rule you'd like to delete. + +2. Click **Delete**. -1. Select the trash bin icon beside the email address youd like to remove. -2. Click **Save preferences**. ## Troubleshoot email notifications for alerts This section lists various issues that you may encounter when using email notifications for alerts. From 1587be2070083e66a7723643e48b1aa655dd57e2 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Thu, 7 Jun 2018 23:41:30 +0000 Subject: [PATCH 128/319] Merged PR 8906: Added note to deprecated policie --- .../mdm/policy-csp-localpoliciessecurityoptions.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 7f888cd8b6..49a48f512a 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -808,6 +808,10 @@ GP Info: + +> [!Warning] +> Starting in the next major version of Windows, this policy is deprecated. + Domain member: Digitally encrypt or sign secure channel data (always) This security setting determines whether all secure channel traffic initiated by the domain member must be signed or encrypted. @@ -883,6 +887,10 @@ GP Info: + +> [!Warning] +> Starting in the next major version of Windows, this policy is deprecated. + Domain member: Digitally encrypt secure channel data (when possible) This security setting determines whether a domain member attempts to negotiate encryption for all secure channel traffic that it initiates. @@ -955,6 +963,10 @@ GP Info: + +> [!Warning] +> Starting in the next major version of Windows, this policy is deprecated. + Domain member: Disable machine account password changes Determines whether a domain member periodically changes its computer account password. If this setting is enabled, the domain member does not attempt to change its computer account password. If this setting is disabled, the domain member attempts to change its computer account password as specified by the setting for Domain Member: Maximum age for machine account password, which by default is every 30 days. From c15a4ac2ea7c8bfe3dd5b808b0804f3544900941 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Fri, 8 Jun 2018 12:39:48 +0000 Subject: [PATCH 129/319] Merged PR 8910: Added Privacy/AllowCrossDeviceClipboard to Policy CSP --- .../policy-configuration-service-provider.md | 26 ++ .../mdm/policy-csp-privacy.md | 363 +++++++++++++++++- 2 files changed, 388 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 3f01008ea8..403a5e2cb4 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -2322,6 +2322,9 @@ The following diagram shows the Policy configuration service provider in tree fo
    Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
    +
    + Privacy/AllowCrossDeviceClipboard +
    Privacy/AllowInputPersonalization
    @@ -2403,6 +2406,18 @@ The following diagram shows the Policy configuration service provider in tree fo
    Privacy/LetAppsAccessEmail_UserInControlOfTheseApps
    +
    + Privacy/LetAppsAccessGazeInput +
    +
    + Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps +
    +
    + Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps +
    +
    + Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps +
    Privacy/LetAppsAccessLocation
    @@ -2550,6 +2565,9 @@ The following diagram shows the Policy configuration service provider in tree fo
    Privacy/PublishUserActivities
    +
    + Privacy/UploadUserActivities +
    ### RemoteAssistance policies @@ -4454,6 +4472,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Printers/PointAndPrintRestrictions](./policy-csp-printers.md#printers-pointandprintrestrictions) - [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions-user) - [Printers/PublishPrinters](./policy-csp-printers.md#printers-publishprinters) +- [Privacy/AllowCrossDeviceClipboard](./policy-csp-privacy.md#privacy-allowcrossdeviceclipboard) - [Privacy/AllowInputPersonalization](./policy-csp-privacy.md#privacy-allowinputpersonalization) - [Privacy/DisableAdvertisingId](./policy-csp-privacy.md#privacy-disableadvertisingid) - [Privacy/EnableActivityFeed](./policy-csp-privacy.md#privacy-enableactivityfeed) @@ -4530,6 +4549,7 @@ The following diagram shows the Policy configuration service provider in tree fo - [Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-forcedenytheseapps) - [Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps](./policy-csp-privacy.md#privacy-letappssyncwithdevices-userincontroloftheseapps) - [Privacy/PublishUserActivities](./policy-csp-privacy.md#privacy-publishuseractivities) +- [Privacy/UploadUserActivities](./policy-csp-privacy.md#privacy-uploaduseractivities) - [RemoteAssistance/CustomizeWarningMessages](./policy-csp-remoteassistance.md#remoteassistance-customizewarningmessages) - [RemoteAssistance/SessionLogging](./policy-csp-remoteassistance.md#remoteassistance-sessionlogging) - [RemoteAssistance/SolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-solicitedremoteassistance) @@ -4734,7 +4754,13 @@ The following diagram shows the Policy configuration service provider in tree fo - [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) - [Experience/AllowCortana](#experience-allowcortana) - [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment) +- [Privacy/AllowCrossDeviceClipboard](#privacy-allowcrossdeviceclipboard) - [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) +- [Privacy/LetAppsAccessGazeInput](#privacy-letappsaccessgazeinput) +- [Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps](#privacy-letappsaccessgazeinput-forceallowtheseapps) +- [Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps](#privacy-letappsaccessgazeinput-forcedenytheseapps) +- [Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps](#privacy-letappsaccessgazeinput-userincontroloftheseapps) +- [Privacy/UploadUserActivities](#privacy-uploaduseractivities) - [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) - [Security/RequireDeviceEncryption](#security-requiredeviceencryption) - [Settings/AllowDateTime](#settings-allowdatetime) diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index eb2b36eac7..23a98eaa7b 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -6,11 +6,13 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 05/14/2018 +ms.date: 06/05/2018 --- # Policy CSP - Privacy +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
    @@ -22,6 +24,9 @@ ms.date: 05/14/2018
    Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
    +
    + Privacy/AllowCrossDeviceClipboard +
    Privacy/AllowInputPersonalization
    @@ -103,6 +108,18 @@ ms.date: 05/14/2018
    Privacy/LetAppsAccessEmail_UserInControlOfTheseApps
    +
    + Privacy/LetAppsAccessGazeInput +
    +
    + Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps +
    +
    + Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps +
    +
    + Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps +
    Privacy/LetAppsAccessLocation
    @@ -250,6 +267,9 @@ ms.date: 05/14/2018
    Privacy/PublishUserActivities
    +
    + Privacy/UploadUserActivities +
    @@ -311,6 +331,72 @@ The following list shows the supported values:
    + +**Privacy/AllowCrossDeviceClipboard** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    check mark5check mark5check mark5check mark5check mark5
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +Added in Windows 10, next major version. Specifies whether clipboard items roam across devices. When this is allowed, an item copied to the clipboard is uploaded to the cloud so that other devices can access. Also, when this is allowed, a new clipboard item on the cloud is downloaded to a device so that user can paste on the device. + +Most restricted value is 0. + + + +ADMX Info: +- GP English name: *Allow Clipboard synchronization across devices* +- GP name: *AllowCrossDeviceClipboard* +- GP path: *System/OS Policies* +- GP ADMX file name: *OSPolicy.admx* + + + +The following list shows the supported values: + +0 – Not allowed. +1 (default) – Allowed. + + + + + + + + + + +
    + **Privacy/AllowInputPersonalization** @@ -1804,6 +1890,214 @@ ADMX Info:
    + +**Privacy/LetAppsAccessGazeInput** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    check mark5check mark5check mark5check mark5check mark5
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +This policy setting specifies whether Windows apps can access the eye tracker. + + + + + + + + + + + + + +
    + + +**Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    check mark5check mark5check mark5check mark5check mark5
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the eye tracker. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps. + + + + + + + + + + + + + +
    + + +**Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    check mark5check mark5check mark5check mark5check mark5
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the eye tracker. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps. + + + + + + + + + + + + + +
    + + +**Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    check mark5check mark5check mark5check mark5check mark5
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the eye tracker privacy setting for the listed apps. This setting overrides the default LetAppsAccessGazeInput policy setting for the specified apps. + + + + + + + + + + + + + +
    + **Privacy/LetAppsAccessLocation** @@ -4478,6 +4772,66 @@ The following list shows the supported values: + +
    + + +**Privacy/UploadUserActivities** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    check mark5check mark5check mark5check mark5check mark5
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +Allows ActivityFeed to upload published 'User Activities'. + + + +ADMX Info: +- GP English name: *Allow upload of User Activities* +- GP name: *UploadUserActivities* +- GP path: *System/OS Policies* +- GP ADMX file name: *OSPolicy.admx* + + + + + + + + + + + +
    Footnote: @@ -4486,13 +4840,20 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. +- 5 - Added in the next major release of Windows 10. ## Privacy policies supported by Windows Holographic for Business +- [Privacy/AllowCrossDeviceClipboard](#privacy-allowcrossdeviceclipboard) - [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) +- [Privacy/LetAppsAccessGazeInput](#privacy-letappsaccessgazeinput) +- [Privacy/LetAppsAccessGazeInput_ForceAllowTheseApps](#privacy-letappsaccessgazeinput-forceallowtheseapps) +- [Privacy/LetAppsAccessGazeInput_ForceDenyTheseApps](#privacy-letappsaccessgazeinput-forcedenytheseapps) +- [Privacy/LetAppsAccessGazeInput_UserInControlOfTheseApps](#privacy-letappsaccessgazeinput-userincontroloftheseapps) +- [Privacy/UploadUserActivities](#privacy-uploaduseractivities) From 2efe65312e037aa8c658a3b932770ca49ea6466f Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Fri, 8 Jun 2018 15:48:35 +0000 Subject: [PATCH 130/319] Merged PR 8914: UI updates updates for remove from private store --- ...ventory-management-microsoft-store-for-business.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/store-for-business/app-inventory-management-microsoft-store-for-business.md b/store-for-business/app-inventory-management-microsoft-store-for-business.md index 378577a85c..b15ad00612 100644 --- a/store-for-business/app-inventory-management-microsoft-store-for-business.md +++ b/store-for-business/app-inventory-management-microsoft-store-for-business.md @@ -9,7 +9,7 @@ ms.pagetype: store author: TrudyHa ms.author: TrudyHa ms.topic: conceptual -ms.date: 10/16/2017 +ms.date: 06/07/2018 --- # App inventory management for Microsoft Store for Business and Education @@ -100,9 +100,10 @@ If you decide that you don't want an app available for employees to install on t **To remove an app from the private store** -1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com). -2. Click **Manage**, and then choose **Apps & software**. -3. Find an app, click the ellipses under **Action**, choose **Remove from private store**, and then click **Remove**. +1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com). +2. Click **Manage**, and then choose **Products & services**. +3. Find an app, click the ellipses, choose **Remove from private store**, and then click **Remove**. +4. Choose the private store collection, and then under **In collection**, switch to **Off**. The app will still be in your inventory, but your employees will not have access to the app from your private store. @@ -110,7 +111,7 @@ The app will still be in your inventory, but your employees will not have access 1. Sign in to the [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://businessstore.microsoft.com). 2. Click **Manage**, and then choose **Inventory**. -3. Find an app, click the ellipses under **Action**, and then choose **Assign to people**. +3. Find an app, click the ellipses, and then choose **Assign to people**. 4. Type the email address for the employee that you're assigning the app to, and click **Confirm**. Employees will receive an email with a link that will install the app on their device. Click the link to start the Microsoft Store app, and then click **Install**. Also, in the Microsoft Store app, they can find the app under **My Library**. From dc3f7282d55e3c222c3753008b307a6eb505f9ba Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Fri, 8 Jun 2018 10:25:27 -0700 Subject: [PATCH 131/319] Editorial and formatting changes --- ...ation-publishing-and-client-interaction.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 28c6a826f2..0eecec1c8d 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -115,7 +115,7 @@ The locations described in this table can be found in the appdata\roaming\Micros |Default storage location|appdata\roaming\Microsoft\AppV\Client\Catalog\Packages\PkgGUID\VerGUID| |Files in the user catalog|- UserManifest.xml
    - DynamicConfiguration.xml or UserDeploymentConfiguration.xml| |Additional user catalog location, used when the package is part of a connection group|The following location is in addition to the specific package location mentioned above:

    appdata\roaming\Microsoft\AppV\Client\Catalog\PackageGroups\PkgGroupGUID\PkgGroupVerGUID| -|Additional file in the machine catalog when the package is part of a connection group|**UserPackageGroupDescriptor.xml**| +|Additional file in the machine catalog when the package is part of a connection group|UserPackageGroupDescriptor.xml| ### Shortcut backups @@ -211,7 +211,7 @@ App-V manages the Package Store, which is the location where the expanded asset ### Add packages -App-V Packages are staged upon addition to the computer with the App-V Client. The App-V Client provides on-demand staging. When publishing or manually entering the **Add-AppVClientPackage** cmdlet, the data structure is built in the package store (C:\\programdata\\App-V\\{PkgGUID}\\{VerGUID}). The package files identified in the publishing block defined in the **StreamMap.xml** file are added to the system, and the top level folders and child files are staged to ensure proper application assets exist at launch. +App-V Packages are staged upon addition to the computer with the App-V Client. The App-V Client provides on-demand staging. When publishing or manually entering the **Add-AppVClientPackage** cmdlet, the data structure is built in the package store (C:\\programdata\\App-V\\{PkgGUID}\\{VerGUID}). The package files identified in the publishing block defined in the StreamMap.xml file are added to the system, and the top level folders and child files are staged to ensure proper application assets exist at launch. ### Mounting packages @@ -224,7 +224,7 @@ The App-V Client can be configured to change the default behavior of streaming. |Policy|Description| |---|---| |AllowHighCostLaunch|Allows streaming over 3G and cellular networks| -|AutoLoad|Specifies the Background Load setting:
    **0** – Disabled
    **1** – Previously Used Packages only
    **2** – All Packages| +|AutoLoad|Specifies the Background Load setting:
    0 – Disabled
    1 – Previously Used Packages only
    2 – All Packages| |PackageInstallationRoot|The root folder for the package store in the local machine| |PackageSourceRoot|The root override where packages should be streamed from| |SharedContentStoreMode|Enables the use of Shared Content Store for VDI scenarios| @@ -379,7 +379,7 @@ The process then configures the client for package or connection group additions 2. The package file is opened and the **AppXManifest.xml** and **StreamMap.xml** files are downloaded to the Package Store. - 3. Completely stream publishing block data defined in the **StreamMap.xml**. Publishing block data is stored in Package Store\\PkgGUID\\VerGUID\\Root. + 3. Completely stream publishing block data defined in the **StreamMap.xml** file. Publishing block data is stored in Package Store\\PkgGUID\\VerGUID\\Root. - Icons: Targets of extension points. - Portable Executable Headers (PE Headers): Targets of extension points that contain the base information about the image need on disk, accessed directly or through file types. @@ -393,7 +393,7 @@ The process then configures the client for package or connection group additions All other files are created when the directory is listed as sparse on disk and streamed on demand. - 5. Create the machine catalog entries. Create the **Manifest.xml** and **DeploymentConfiguration.xml** from the package files (if no **DeploymentConfiguration.xml** file in the package a placeholder is created). + 5. Create the machine catalog entries. Create the **Manifest.xml** and **DeploymentConfiguration.xml** files from the package files (if no **DeploymentConfiguration.xml** file in the package a placeholder is created). 6. Create location of the package store in the registry **HKLM\\Software\\Microsoft\\AppV\\Client\\Packages\\PkgGUID\\Versions\\VerGUID\\Catalog**. @@ -431,7 +431,7 @@ During the Publishing Refresh operation, the specific publishing operation, **Pu 1. Package entries are added to the user catalog - 1. User targeted packages: the **UserDeploymentConfiguration.xml** and **UserManifest.xml** are placed on the machine in the User Catalog. + 1. User targeted packages: the **UserDeploymentConfiguration.xml** and **UserManifest.xml** files are placed on the machine in the User Catalog. 2. Machine targeted (global) packages: the **UserDeploymentConfiguration.xml** is placed in the Machine Catalog. @@ -491,7 +491,7 @@ The current version of App-V's package upgrade process differs from the older ve 2. Package entries are added to the appropriate catalog for the new version. - 1. User targeted packages: the **UserDeploymentConfiguration.xml** and **UserManifest.xml** are placed on the machine in the user catalog at **appdata\\roaming\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID**. + 1. User targeted packages: the **UserDeploymentConfiguration.xml** and **UserManifest.xml** files are placed on the machine in the user catalog at **appdata\\roaming\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID**. 2. Machine targeted (global) packages: the **UserDeploymentConfiguration.xml** is placed in the machine catalog at **%programdata%\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID**. @@ -545,8 +545,8 @@ Use the following example scenarios as a guide for updating packages. App-V Packages can be published in one of two ways; as user, which entitles an App-V package to a specific user or group of users, or as global, which entitles the App-V package to the entire machine for all users of the machine. Once a package upgrade has been pended and the App-V package is not in use, consider the two types of publishing: -- **Globally published**: the application is published to a machine; all users on that machine can use it. The upgrade will happen when the App-V Client Service starts, which effectively means a machine restart. -- **User-published**: the application is published to a user. If there are multiple users on the machine, the application can be published to a subset of the users. The upgrade will happen when the user signs in or when it is published again (periodically, ConfigMgr Policy refresh and evaluation, or an App-V periodic publishing/refresh, or explicitly through Windows PowerShell commands). +- Global publishing is when the application is published to a machine; all users on that machine can use it. The upgrade will happen when the App-V Client Service starts, which effectively means a machine restart. +- User publishing is when the application is published to a user. If there are multiple users on the machine, the application can be published to a subset of the users. The upgrade will happen when the user signs in or when it is published again (periodically, ConfigMgr Policy refresh and evaluation, or an App-V periodic publishing/refresh, or explicitly through Windows PowerShell commands). ### Removing an App-V package @@ -560,9 +560,9 @@ The repair operation is easy to do but may affect many locations on the machine. The App-V Client and package architecture provides specific integration with the local operating system during the addition and publishing of packages. Three files define the integration or extension points for an App-V Package: -- **AppXManifest.xml**: Stored inside of the package with fallback copies stored in the package store and the user profile. Contains the options created during the sequencing process. -- **DeploymentConfig.xml**: Provides configuration information of computer- and user-based integration extension points. -- **UserConfig.xml**: A subset of the **Deploymentconfig.xml** that only provides user-based configurations and only targets user-based extension points. +- AppXManifest.xml is stored inside of the package with fallback copies stored in the package store and the user profile. Contains the options created during the sequencing process. +- DeploymentConfig.xml provides configuration information of computer- and user-based integration extension points. +- UserConfig.xml is a subset of the Deploymentconfig.xml file that only provides user-based configurations and only targets user-based extension points. ### Rules of integration @@ -688,7 +688,7 @@ The following table displays the supported shell extensions. The App-V Client supports publishing applications with support for COM integration and virtualization. COM integration allows the App-V Client to register COM objects on the local operating system and virtualization of the objects. For the purposes of this document, the integration of COM objects requires additional detail. -App-V supports registering COM objects from the package to the local operating system with two process types: Out-of-process and In-process. Registering COM objects is accomplished with one or a combination of multiple modes of operation for a specific App-V package that includes Off, Isolated, and Integrated. Integrated mode is configured for either the Out-of-process or In-process type. Configuration of COM modes and types is accomplished with dynamic configuration files (**deploymentconfig.xml** or **userconfig.xml**). +App-V supports registering COM objects from the package to the local operating system with two process types: Out-of-process and In-process. Registering COM objects is accomplished with one or a combination of multiple modes of operation for a specific App-V package that includes Off, Isolated, and Integrated. Integrated mode is configured for either the Out-of-process or In-process type. Configuration of COM modes and types is accomplished with dynamic configuration files (deploymentconfig.xml or userconfig.xml). For details on App-V integration, see [Microsoft Application Virtualization 5.0 Integration](https://blogs.technet.microsoft.com/appv/2013/01/03/microsoft-application-virtualization-5-0-integration). From 07e75322189926cea008b7e0b39989bc8dfbfc22 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Fri, 8 Jun 2018 10:26:50 -0700 Subject: [PATCH 132/319] Updated date metadata --- windows/application-management/app-v/appv-about-appv.md | 2 +- ...dd-or-remove-an-administrator-with-the-management-console.md | 2 +- .../appv-add-or-upgrade-packages-with-the-management-console.md | 2 +- .../app-v/appv-administering-appv-with-powershell.md | 2 +- ...istering-virtual-applications-with-the-management-console.md | 2 +- .../appv-allow-administrators-to-enable-connection-groups.md | 2 +- .../app-v/appv-application-publishing-and-client-interaction.md | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/application-management/app-v/appv-about-appv.md b/windows/application-management/app-v/appv-about-appv.md index c2421f0918..f0f2f8eb1a 100644 --- a/windows/application-management/app-v/appv-about-appv.md +++ b/windows/application-management/app-v/appv-about-appv.md @@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/18/2018 +ms.date: 06/08/2018 --- # What's new in App-V for Windows 10, version 1703 and earlier diff --git a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md index a7c0447d3e..c5a7ad334d 100644 --- a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md +++ b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md @@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 06/08/2018 --- # How to add or remove an administrator by using the Management Console diff --git a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md index 5f03b7e815..0ae1a703c8 100644 --- a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md +++ b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md @@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 06/08/2018 --- # How to add or upgrade packages by using the Management Console diff --git a/windows/application-management/app-v/appv-administering-appv-with-powershell.md b/windows/application-management/app-v/appv-administering-appv-with-powershell.md index 1a003ccf5c..b6cf8bf3d3 100644 --- a/windows/application-management/app-v/appv-administering-appv-with-powershell.md +++ b/windows/application-management/app-v/appv-administering-appv-with-powershell.md @@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 06/08/2018 --- # Administering App-V by using Windows PowerShell diff --git a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md index 5abc5df2bd..a7662c1689 100644 --- a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md +++ b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md @@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 06/08/2018 --- # Administering App-V Virtual Applications by using the Management Console diff --git a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md index d982f4b88b..36c4204881 100644 --- a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md +++ b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md @@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 06/08/2018 --- # How to allow only administrators to enable connection groups diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md index 0eecec1c8d..9ef9c0bee3 100644 --- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md +++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md @@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 06/08/2018 --- # Application publishing and client interaction From bbc1d059e3433ff07bb022d18d5afcc803d719a8 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 8 Jun 2018 12:33:06 -0700 Subject: [PATCH 133/319] added finder --- .../microsoft-recommended-block-rules.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index b3f44ab315..9ccc601294 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -59,6 +59,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you |Alex Ionescu | @aionescu| |Lee Christensen|@tifkin_| |Vladas Bulavas | Kaspersky Lab | +|Lasse Trolle Borup | Langkjaer Cyber Defence |
    From 4191e823361608e891d59daa22d1afd022a68efb Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 8 Jun 2018 12:40:44 -0700 Subject: [PATCH 134/319] added finder --- .../microsoft-recommended-block-rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index 9ccc601294..ae37d52989 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: high author: jsuther1974 -ms.date: 05/03/2018 +ms.date: 06/08/2018 --- # Microsoft recommended block rules From 204035dad996656cec2d0d76dd0104035c29a6f8 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 8 Jun 2018 14:14:16 -0700 Subject: [PATCH 135/319] fixed issue --- windows/whats-new/whats-new-windows-10-version-1803.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index 180c949a49..fad1f39565 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -169,7 +169,7 @@ In the Feedback and Settings page under Privacy Settings you can now delete the ### Security Baselines -A draft of the new [security baseline for Windows 10 version 1803](https://blogs.technet.microsoft.com/secguide/2018/03/27/security-baseline-for-windows-10-v1803-redstone-4-draft/) has been published. +The new [security baseline for Windows 10 version 1803](https://docs.microsoft.com/windows/security/threat-protection/security-compliance-toolkit-10) has been published. ### Windows Defender Antivirus From f7a9d43d7439d8df9e87541e0b9a5779a4211a0b Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 8 Jun 2018 14:16:28 -0700 Subject: [PATCH 136/319] fixed issue --- windows/whats-new/whats-new-windows-10-version-1803.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index fad1f39565..8107213fac 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library author: greg-lindsay -ms.date: 05/10/2018 +ms.date: 06/08/2018 ms.localizationpriority: high --- From 7ebd39f45254da85432b45ae1d1bdba0861f2817 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 8 Jun 2018 14:23:19 -0700 Subject: [PATCH 137/319] removed note about autdit mode not available --- .../applocker/configure-an-applocker-policy-for-audit-only.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md index 58bfcf7ebb..1127619715 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md @@ -21,8 +21,6 @@ This topic for IT professionals describes how to set AppLocker policies to **Aud After AppLocker rules are created within the rule collection, you can configure the enforcement setting to **Enforce rules** or **Audit only**. When AppLocker policy enforcement is set to **Enforce rules**, rules are enforced for the rule collection and all events are audited. When AppLocker policy enforcement is set to **Audit only**, rules are only evaluated but all events generated from that evaluation are written to the AppLocker log. - ->**Note:**  There is no audit mode for the DLL rule collection. DLL rules affect specific apps. Therefore, test the impact of these rules first before deploying them to production. To enable the DLL rule collection, see [Enable the DLL rule collection](enable-the-dll-rule-collection.md).   You can perform this task by using the Group Policy Management Console for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#bkmk-using-snapins). From 4c978edb61c62ef01c0c1be07be776ee33cc34e8 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 8 Jun 2018 14:26:22 -0700 Subject: [PATCH 138/319] removed note about audit mode not available --- .../applocker/configure-an-applocker-policy-for-audit-only.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md index 1127619715..3330eda208 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md @@ -7,7 +7,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: brianlic-msft -ms.date: 09/21/2017 +ms.date: 06/08/2018 --- # Configure an AppLocker policy for audit only From 3bbc5d43d1cc7184c3bb393f94bae28b831b811c Mon Sep 17 00:00:00 2001 From: Dune Desormeaux Date: Fri, 8 Jun 2018 16:14:11 -0700 Subject: [PATCH 139/319] Clarify WDATP + WDAV compatibility wording WDAV won't always be in passive mode if WDATP is enabled. Clarifying this. --- .../windows-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md index 6d409e7449..eae5b16c1e 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md @@ -71,7 +71,7 @@ Passive mode | Windows Defender AV will not be used as the antivirus app, and th Automatic disabled mode | Windows Defender AV will not be used as the antivirus app. Files will not be scanned and threats will not be remediated. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)]] Active mode | Windows Defender AV is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files will be scanned and threats remediated, and detection information will be reported in your configuration tool (such as Configuration Manager or the Windows Defender AV app on the machine itself). | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] -Passive mode is enabled if you are enrolled in Windows Defender ATP because [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks. +Passive mode is enabled if you are enrolled in Windows Defender ATP and you are using a third party antimalware product because [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks. Automatic disabled mode is enabled so that if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware or other threats, Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md), which uses the Windows Defender AV engine to periodically check for threats in addition to your main antivirus app. From 983cfd76af8cfa48f920e94c4b499a19668d1409 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Fri, 8 Jun 2018 23:19:00 +0000 Subject: [PATCH 140/319] Merged PR 8950: small formatting fix --- windows/privacy/manage-windows-endpoints.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/windows/privacy/manage-windows-endpoints.md b/windows/privacy/manage-windows-endpoints.md index d0be3c4145..e43a9ddff4 100644 --- a/windows/privacy/manage-windows-endpoints.md +++ b/windows/privacy/manage-windows-endpoints.md @@ -502,8 +502,7 @@ In addition to the endpoints listed for Windows 10 Enterprise, the following end | *.search.msn.com | TLSv1.2 | Used to retrieve Windows Spotlight metadata. | | *.wac.edgecastcdn.net | TLSv1.2 | Used by the Verizon Content Delivery Network to perform Windows updates. | | *.wns.windows.com | TLSv1.2 | Used for the Windows Push Notification Services (WNS). | -| *prod.do.dsp.mp.microsoft.com | TLSv1.2/ -HTTPS | Used for Windows Update downloads of apps and OS updates. | +| *prod.do.dsp.mp.microsoft.com | TLSv1.2\/HTTPS | Used for Windows Update downloads of apps and OS updates. | | .g.akamaiedge.net | HTTP | Used to check for updates to maps that have been downloaded for offline use. | | telecommand.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. | | 2.dl.delivery.mp.microsoft.com | HTTP | Enables connections to Windows Update. | @@ -594,8 +593,7 @@ TLSv1.2 | Used to check for updates to maps that have been downloaded for offlin | *.wac.edgecastcdn.net | TLSv1.2 | Used by the Verizon Content Delivery Network to perform Windows updates. | | *.wac.phicdn.net | HTTP | Used by the Verizon Content Delivery Network to perform Windows updates. | | *.wns.windows.com | TLSv1.2 | Used for the Windows Push Notification Services (WNS). | -| *prod.do.dsp.mp.microsoft.com | TLSv1.2/ -HTTPS | Used for Windows Update downloads of apps and OS updates. | +| *prod.do.dsp.mp.microsoft.com | TLSv1.2\/HTTPS | Used for Windows Update downloads of apps and OS updates. | | 3.dl.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update. | | 3.dl.delivery.mp.microsoft.com.c.footprint.net | HTTP | Enables connections to Windows Update. | | 3.tlu.dl.delivery.mp.microsoft.com | HTTP | Enables connections to Windows Update. | From 41d5e00c6a519f9c7eedd5553f7addd3706135bc Mon Sep 17 00:00:00 2001 From: Dune Desormeaux Date: Fri, 8 Jun 2018 16:20:59 -0700 Subject: [PATCH 141/319] Dudeso-dd clarity Switch to active voice --- .../windows-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md index eae5b16c1e..47d5189976 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md @@ -71,7 +71,7 @@ Passive mode | Windows Defender AV will not be used as the antivirus app, and th Automatic disabled mode | Windows Defender AV will not be used as the antivirus app. Files will not be scanned and threats will not be remediated. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)]] Active mode | Windows Defender AV is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files will be scanned and threats remediated, and detection information will be reported in your configuration tool (such as Configuration Manager or the Windows Defender AV app on the machine itself). | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] -Passive mode is enabled if you are enrolled in Windows Defender ATP and you are using a third party antimalware product because [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks. +If you are enrolled in Windows Defender ATP and you are using a third party antimalware product then passive mode is enabled because [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks. Automatic disabled mode is enabled so that if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware or other threats, Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md), which uses the Windows Defender AV engine to periodically check for threats in addition to your main antivirus app. From 046155ed06c52330fb5df8df1bab69ca2a4ba7b8 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Fri, 8 Jun 2018 16:46:29 -0700 Subject: [PATCH 142/319] New round of revisions --- ...ment-configuration-file-with-powershell.md | 47 +++++++------ ...user-configuration-file-with-powershell.md | 34 ++++++---- .../appv-auto-clean-unpublished-packages.md | 67 +++++++------------ .../app-v/appv-available-mdm-settings.md | 23 ++++++- 4 files changed, 95 insertions(+), 76 deletions(-) diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md index ce1b3601b9..42754ef837 100644 --- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md +++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md @@ -1,6 +1,6 @@ --- -title: How to Apply the Deployment Configuration File by Using Windows PowerShell (Windows 10) -description: How to Apply the Deployment Configuration File by Using Windows PowerShell +title: How to apply the deployment configuration file by using Windows PowerShell (Windows 10) +description: How to apply the deployment configuration file by using Windows PowerShell for Windows 10. author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy @@ -8,35 +8,42 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- +# How to apply the deployment configuration file by using Windows PowerShell +>Applies to: Windows 10, version 1607 -# How to Apply the Deployment Configuration File by Using Windows PowerShell +The dynamic deployment configuration file is applied when a package is added or set to a computer running the App-V client before the package has been published. The file configures the default settings of the package that all users share on the computer running the App-V client. This section will tell you how to use a deployment configuration file. The procedure is based on the following example and assumes the following package and configuration files exist on a computer: -**Applies to** -- Windows 10, version 1607 +* C:\\Packages\\Contoso\\MyApp.appv +* C:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml -The dynamic deployment configuration file is applied when a package is added or set to a computer running the App-V client before the package has been published. The file configures the default settings for package for all users on the computer running the App-V client. This section describes the steps used to use a deployment configuration file. The procedure is based on the following example and assumes the following package and configuration files exist on a computer: +## Apply the deployment configuration file with Windows PowerShell -**c:\\Packages\\Contoso\\MyApp.appv** +>[!NOTE] +>The following procedure is an example that uses the following two file paths for the package and configuration files: + > + >* C:\\Packages\\Contoso\\MyApp.appv + >* C:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml + > +>If your package and configuration file use different file paths than the example, feel free to replace them as needed. -**c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml** +To specify a new default set of configurations for all users who will run the package on a specific computer, in a Windows PowerShell console, enter the following cmdlet: -**To Apply the Deployment Configuration File Using Windows PowerShell** +```PowerShell +Add-AppVClientPackage -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration C:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml +``` -- To specify a new default set of configurations for all users who will run the package on a specific computer, in a Windows PowerShell console, type the following: +>[!NOTE] +>This command captures the resulting object into $pkg. If the package is already present on the computer, the **Set-AppVclientPackage** cmdlet can be used to apply the deployment configuration document: + > + ```PowerShell + Set-AppVClientPackage -Name Myapp -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration C:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml + ``` - `Add-AppVClientPackage -Path c:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration c:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml` - - **Note**
    - This command captures the resulting object into $pkg. If the package is already present on the computer, the **Set-AppVclientPackage** cmdlet can be used to apply the deployment configuration document: - - `Set-AppVClientPackage -Name Myapp -Path c:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration c:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml` - -   ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics -[Operations for App-V](appv-operations.md) +* [Operations for App-V](appv-operations.md) diff --git a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md index a59c999681..2632d17e87 100644 --- a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md +++ b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md @@ -8,34 +8,42 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- +# How to apply the user configuration file by using Windows PowerShell - -# How to Apply the User Configuration File by Using Windows PowerShell - -**Applies to** -- Windows 10, version 1607 +>Applies to: Windows 10, version 1607 The dynamic user configuration file is applied when a package is published to a specific user and determines how the package will run. Use the following procedure to specify a user-specific configuration file. The following procedure is based on the example: -**c:\\Packages\\Contoso\\MyApp.appv** +* C:\\Packages\\Contoso\\MyApp.appv -**To apply a user Configuration file** +## Apply a user configuration file -1. To add the package to the computer using the Windows PowerShell console, type the following command: +Use the following procedure to specify a user-specific configuration file. - `Add-AppVClientPackage c:\Packages\Contoso\MyApp.appv` +>[!NOTE] +>The following procedure uses the following example file path for its package: + > + >* C:\\Packages\\Contoso\\MyApp.appv. + > +>f your package file uses a different file path than the example, feel free to replace it. -2. Use the following command to publish the package to the user and specify the updated the dynamic user configuration file: +1. Enter the following cmdlet to add the package to the computer using the Windows PowerShell console: - `Publish-AppVClientPackage $pkg -DynamicUserConfigurationPath c:\Packages\Contoso\config.xml` + ```PowerShell + Add-AppVClientPackage C:\Packages\Contoso\MyApp.appv + ``` +2. Enter the following cmdlet to publish the package to the user and specify the updated the dynamic user configuration file: + ```PowerShell + Publish-AppVClientPackage $pkg -DynamicUserConfigurationPath c:\Packages\Contoso\config.xml + ``` ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics -[Operations for App-V](appv-operations.md) +* [Operations for App-V](appv-operations.md) diff --git a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md index 23a9fe37c6..5292d2ed73 100644 --- a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md +++ b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md @@ -8,70 +8,55 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- +# Automatically clean up unpublished packages on the App-V client +>Applies to: Windows 10, version 1703 -# Automatically cleanup unpublished packages on the App-V client +Previous versions of App-V have required you to manually remove your unpublished packages from your client devices, to free up additional storage space. Windows 10, version 1703 introduces the ability to use PowerShell or Group Policy settings to automatically clean up your unpublished packages after a device restart. -**Applies to** -- Windows 10, version 1703 +## Clean up with PowerShell cmdlets -Previous versions of App-V have required you to manually remove your unpublished packages from your client devices, to free up additional storage space. Windows 10, version 1703 introduces the ability to use PowerShell or Group Policy settings to automatically cleanup your unpublished packages after a device restart. +You can enter PowerShell cmdlets to turn on the **AutoCleanupEnabled** setting, which will automatically clean up your unpublished App-V packages from your App-V client devices. -## Cleanup by using PowerShell commands -Using PowerShell, you can turn on the **AutoCleanupEnabled** setting to automatically cleanup your unpublished App-V packages from your App-V client devices. +### Turn on the AutoCleanupEnabled option -**To turn on the AutoCleanupEnabled option** +1. Open PowerShell as an admin and enter the following cmdlet to turn on the automatic package clean up functionality: -1. Open PowerShell as an admin and run the following command to turn on the automatic package cleanup functionality: - - ```ps1 + ```PowerShell Set-AppvClientConfiguration -AutoCleanupEnabled 1 ``` - The command runs and you should see the following info on the PowerShell screen: - - - - - - - - - - - - - - - - -
    NameValueSetbyGroupPolicy
    AutoCleanupEnabled1False
    + After running the cmdlet, you should see the following info on the PowerShell screen: -2. Run the following command to make sure the configuration is ready to automatically cleanup your packages. + |Name|Value|SetbyGroupPolicy| + |---|---|---| + |AutoCleanupEnabled|1|False| - ```ps1 +2. Run the following cmdlet to make sure the configuration is ready to automatically clean up your packages. + + ```PowerShell Get-AppvClientConfiguration ``` - You should see the **AutoCleanupEnabled** option turned on (shows a value of "1") in the configuration list. + If the **AutoCleanupEnabled** option shows a value of **1** in the configuration list, that means the setting is turned on. -## Cleanup by using Group Policy settings -Using Group Policy, you can turn on the **Enable automatic cleanup of unused appv packages** setting to automatically cleanup your unpublished App-V packages from your App-V client devices. +## Clean up with Group Policy settings -**To turn on the Enable automatic cleanup of unused appv packages setting** +Using Group Policy, you can turn on the **Enable automatic clean up of unused App-V packages** setting to automatically clean up your unpublished App-V packages from your App-V client devices. -1. Open your Group Policy editor and double-click the Administrative Templates\System\App-V\PackageManagement\Enable automatic cleanup of unused appv packages setting. +### Turn on the Enable automatic clean up of unused App-V packages setting -2. Click **Enabled**, and then click **OK**. +1. Open your Group Policy editor and select the **Administrative Templates\System\App-V\PackageManagement\Enable automatic cleanup of unused App-V packages** setting. - After your Group Policy updates, the setting is turned on and will cleanup any unpublished App-V packages on the App-V Client after restarting. +2. Select **Enabled**, then select **OK**. + + After your Group Policy updates and you reset the client, the setting will clean up any unpublished App-V packages on the App-V client. ### Related topics + - [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) - - [Download the Microsoft Application Virtualization 5.0 Client UI Application](https://www.microsoft.com/en-us/download/details.aspx?id=41186) - - [Using the App-V Client Management Console](appv-using-the-client-management-console.md) +## Have a suggestion for App-V? -**Have a suggestion for App-V?**

    -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). \ No newline at end of file +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). \ No newline at end of file diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md index 7d050134a8..7544ce59d5 100644 --- a/windows/application-management/app-v/appv-available-mdm-settings.md +++ b/windows/application-management/app-v/appv-available-mdm-settings.md @@ -8,9 +8,28 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- - # Available Mobile Device Management (MDM) settings for App-V -With Windows 10, version 1703, you can configure, deploy, and manage your App-V apps by using these Mobile Device Management (MDM) settings. For the full list of available settings, see the [EnterpriseAppVManagement CSP](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/enterpriseappvmanagement-csp) page. + +With Windows 10, version 1703, you can configure, deploy, and manage your App-V apps by using these Mobile Device Management (MDM) settings. For the full list of available settings, see the [EnterpriseAppVManagement CSP](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/enterpriseappvmanagement-csp) page. + +|Policy name|Supported versions|URI full path|Data type|Values| +|---|---|---|---|---| +|Name|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////Name|String|Read-only data, provided by your App-V packages.| +|Version|Windows 10, version 1703|||| +|Publisher|Windows 10, version 1703|||| +|InstallLocation|Windows 10, version 1703|||| +|InstallDate|Windows 10, version 1703|||| +|Users|Windows 10, version 1703|||| +|AppVPackageID|Windows 10, version 1703|||| +|AppVVersionID|Windows 10, version 1703|||| +|AppVPackageUri|Windows 10, version 1703|||| +|LastError|Windows 10, version 1703|||| +|LastErrorDescription|Windows 10, version 1703|||| +|SyncStatusDescription|Windows 10, version 1703|||| +|SyncProgress|Windows 10, version 1703|||| +|PublishXML|Windows 10, version 1703|||| +|Policy|Windows 10, version 1703|||| + From a72487a8239474b30943e627227b6294e4c3cf50 Mon Sep 17 00:00:00 2001 From: Yuhang Zhu Date: Mon, 11 Jun 2018 12:51:50 +0000 Subject: [PATCH 143/319] Merged PR 8963: Remove a statement from MicrosoftNetworkClient policy. This a real edit change. Thanks. --- .../policy-configuration-service-provider.md | 16 + ...policy-csp-localpoliciessecurityoptions.md | 365 +++++++++++++++--- 2 files changed, 317 insertions(+), 64 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 403a5e2cb4..921e2c246d 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -2048,12 +2048,18 @@ The following diagram shows the Policy configuration service provider in tree fo
    LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
    +
    + LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways +
    LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
    LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
    +
    + LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession +
    LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
    @@ -2075,6 +2081,9 @@ The following diagram shows the Policy configuration service provider in tree fo
    LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
    +
    + LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM +
    LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
    @@ -2084,6 +2093,9 @@ The following diagram shows the Policy configuration service provider in tree fo
    LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
    +
    + LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients +
    LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
    @@ -4407,17 +4419,21 @@ The following diagram shows the Policy configuration service provider in tree fo - [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetextforusersattemptingtologon) - [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetitleforusersattemptingtologon) - [LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior) +- [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsalways) - [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees) - [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers) +- [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession) - [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways) - [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsifclientagrees) - [LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccounts) - [LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccountsandshares) - [LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictanonymousaccesstonamedpipesandshares) - [LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam) +- [LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowlocalsystemtousecomputeridentityforntlm) - [LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests) - [LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-donotstorelanmanagerhashvalueonnextpasswordchange) - [LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel) +- [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedclients) - [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers) - [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-addremoteserverexceptionsforntlmauthentication) - [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-auditincomingntlmtraffic) diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 49a48f512a..ce338ff2ae 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -6,11 +6,14 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 04/06/2018 +ms.date: 06/05/2018 --- # Policy CSP - LocalPoliciesSecurityOptions +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. +
    @@ -81,12 +84,18 @@ ms.date: 04/06/2018
    LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
    +
    + LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways +
    LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
    LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
    +
    + LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession +
    LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
    @@ -108,6 +117,9 @@ ms.date: 04/06/2018
    LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
    +
    + LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM +
    LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
    @@ -117,6 +129,9 @@ ms.date: 04/06/2018
    LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
    +
    + LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients +
    LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
    @@ -838,15 +853,6 @@ GP Info: - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* - - - - - - - - -
    @@ -914,15 +920,6 @@ GP Info: - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* - - - - - - - - -
    @@ -985,15 +982,6 @@ GP Info: - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* - - - - - - - - -
    @@ -1495,6 +1483,83 @@ GP Info:
    + +**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways** + + +
    + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark5check mark5check mark5check mark5
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +

    + + + +Microsoft network client: Digitally sign communications (always) + +This security setting determines whether packet signing is required by the SMB client component. + +The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted. + +If this setting is enabled, the Microsoft network client will not communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server. + +Default: Disabled. + + +Notes + +All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later operating systems, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings: +Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing. +Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled. +Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing. +Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled. +SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors. +For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136. + + + +GP Info: +- GP English name: *Microsoft network client: Digitally sign communications (always)* +- GP path: *Windows Settings/Security Settings/Local Policies/Security Options* + + + + + + + + + + + + + +
    + **LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees** @@ -1618,6 +1683,72 @@ GP Info:
    + +**LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark5check mark5check mark5check mark5
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +Microsoft network server: Amount of idle time required before suspending a session + +This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity. + +Administrators can use this policy to control when a computer suspends an inactive SMB session. If client activity resumes, the session is automatically reestablished. + +For this policy setting, a value of 0 means to disconnect an idle session as quickly as is reasonably possible. The maximum value is 99999, which is 208 days; in effect, this value disables the policy. + +Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations. + + + +GP Info: +- GP English name: *Microsoft network server: Amount of idle time required before suspending session* +- GP path: *Windows Settings/Security Settings/Local Policies/Security Options* + + + + + + + + + + + + + +
    + **LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways** @@ -2051,6 +2182,78 @@ GP Info:
    + +**LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark5check mark5check mark5check mark5
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +Network security: Allow Local System to use computer identity for NTLM + +This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication. + +If you enable this policy setting, services running as Local System that use Negotiate will use the computer identity. This might cause some authentication requests between Windows operating systems to fail and log an error. + +If you disable this policy setting, services running as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonymously. + +By default, this policy is enabled on Windows 7 and above. + +By default, this policy is disabled on Windows Vista. + +This policy is supported on at least Windows Vista or Windows Server 2008. + +Note: Windows Vista or Windows Server 2008 do not expose this setting in Group Policy. + + + +GP Info: +- GP English name: *Network security: Allow Local System to use computer identity for NTLM* +- GP path: *Windows Settings/Security Settings/Local Policies/Security Options* + + + + + + + + + + + + + +
    + **LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests** @@ -2246,6 +2449,75 @@ GP Info:
    + +**LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark5check mark5check mark5check mark5
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +Network security: Minimum session security for NTLM SSP based (including secure RPC) clients + +This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are: + +Require NTLMv2 session security: The connection will fail if NTLMv2 protocol is not negotiated. +Require 128-bit encryption: The connection will fail if strong encryption (128-bit) is not negotiated. + +Default: + +Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements. + +Windows 7 and Windows Server 2008 R2: Require 128-bit encryption + + + +GP Info: +- GP English name: *Network security: Minimum session security for NTLM SSP based (including secure RPC) clients* +- GP path: *Windows Settings/Security Settings/Local Policies/Security Options* + + + + + + + + + + + + + +
    + **LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers** @@ -2359,15 +2631,6 @@ GP Info: - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* - - - - - - - - -
    @@ -2429,15 +2692,6 @@ GP Info: - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* - - - - - - - - -
    @@ -2499,15 +2753,6 @@ GP Info: - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* - - - - - - - - -
    @@ -2569,15 +2814,6 @@ GP Info: - GP path: *Windows Settings/Security Settings/Local Policies/Security Options* - - - - - - - - -
    @@ -3406,6 +3642,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. +- 5 - Added in the next major release of Windows 10. From df4de51f2c1c9ff924c6b3b2938d26838430f9e4 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 11 Jun 2018 13:08:15 +0000 Subject: [PATCH 144/319] Merged PR 8966: Remove outdated wifi requirement --- devices/hololens/hololens-setup.md | 1 - 1 file changed, 1 deletion(-) diff --git a/devices/hololens/hololens-setup.md b/devices/hololens/hololens-setup.md index 8850ba0f96..0f62fc2e6e 100644 --- a/devices/hololens/hololens-setup.md +++ b/devices/hololens/hololens-setup.md @@ -19,7 +19,6 @@ Before you get started setting up your HoloLens, make sure you have a Wi-Fi netw The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. You need to connect HoloLens to a Wi-Fi network with Internet connectivity so that the user account can be authenticated. - It can be an open Wi-Fi or password-protected Wi-Fi network. -- The Wi-Fi network cannot require you to navigate to a webpage to connect. - The Wi-Fi network cannot require certificates to connect. - The Wi-Fi network does not need to provide access to enterprise resources or intranet sites. From 9c18365310bd10f21e6e73f71f94b1ccbde60149 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Mon, 11 Jun 2018 10:03:07 -0700 Subject: [PATCH 145/319] Created updated table --- .../app-v/appv-available-mdm-settings.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md index 7544ce59d5..3e8fa55d1c 100644 --- a/windows/application-management/app-v/appv-available-mdm-settings.md +++ b/windows/application-management/app-v/appv-available-mdm-settings.md @@ -15,20 +15,20 @@ With Windows 10, version 1703, you can configure, deploy, and manage your App-V |Policy name|Supported versions|URI full path|Data type|Values| |---|---|---|---|---| |Name|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////Name|String|Read-only data, provided by your App-V packages.| -|Version|Windows 10, version 1703|||| -|Publisher|Windows 10, version 1703|||| -|InstallLocation|Windows 10, version 1703|||| -|InstallDate|Windows 10, version 1703|||| -|Users|Windows 10, version 1703|||| -|AppVPackageID|Windows 10, version 1703|||| -|AppVVersionID|Windows 10, version 1703|||| -|AppVPackageUri|Windows 10, version 1703|||| -|LastError|Windows 10, version 1703|||| -|LastErrorDescription|Windows 10, version 1703|||| -|SyncStatusDescription|Windows 10, version 1703|||| -|SyncProgress|Windows 10, version 1703|||| -|PublishXML|Windows 10, version 1703|||| -|Policy|Windows 10, version 1703|||| +|Version|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////Version|String|Read-only data, provided by your App-V packages.| +|Publisher|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////Publisher|String|Read-only data, provided by your App-V packages.| +|InstallLocation|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////InstallLocation|String|Read-only data, provided by your App-V packages.| +|InstallDate|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////InstallDate|String|Read-only data, provided by your App-V packages.| +|Users|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////Users|String|Read-only data, provided by your App-V packages.| +|AppVPackageID|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////AppVPackageID|String|Read-only data, provided by your App-V packages.| +|AppVVersionID|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////AppVVersionID|String|Read-only data, provided by your App-V packages.| +|AppVPackageUri|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////AppVPackageUri|String|Read-only data, provided by your App-V packages.| +|LastError|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/LastSync/LastError|String|Read-only data, provided by your App-V packages.| +|LastErrorDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/LastSync/LastErrorDescription|String|**0**: No errors returned during publish.
    **1**: Unpublish groups failed during publish.
    **2**: Publish no-group packages failed during publish.
    **3**: Publish group packages failed during publish.
    **4**: Unpublish packages failed during publish.
    **5**: New policy write failed during publish.
    **6**: Multiple non-fatal errors occurred during publish.| +|SyncStatusDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/LastSync/SyncStatusDescription|String|**0**: App-V publishing is idle.
    **1**: App-V connection groups publish in progress.
    **2**: App-V packages (non-connection group) publish in progress.
    **3**: App-V packages (connection group) publish in progress.
    **4**: App-V packages unpublish in progress.| +|SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/LastSync/SyncProgress|String|**0**: App-V Sync is idle.
    **1**: App-V Sync is initializing.
    **2**: App-V Sync is in progress.
    **3**: App-V Sync is complete.
    **4**: App-V Sync requires device reboot.| +|PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/Sync/PublishXML|String|Custom value, entered by admin.| +|Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVDynamicPolicy/configurationid/Policy|String|Custom value, entered by admin.| From 840bcc7b6cca660898932c8db701fd3f25ebca24 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 11 Jun 2018 10:14:47 -0700 Subject: [PATCH 146/319] added other entities for allowed blocked list settings --- ...ows-defender-advanced-threat-protection.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md index 4b6a427b67..f1e3dbc4a5 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/24/2018 +ms.date: 06/11/2018 --- # Manage automation allowed/blocked lists @@ -38,30 +38,31 @@ You can define the conditions for when entities are identified as malicious or s ## Create an allowed or blocked list 1. In the navigation pane, select **Settings** > **Automation allowed/blocked list**. -2. Select the type of entity you'd like to create an exclusion for. You can choose any of the following entities: +2. Select the tab of the type of entity you'd like to create an exclusion for. You can choose any of the following entities: - File hash - Certificate + - IP address + - DNS + - Email + - Process memory 3. Click **Add system exclusion**. -4. For each attribute specify the exclusion type, details, and the following required values: - - - **Files** - Hash value - - **Certificate** - PEM certificate file +4. For each attribute specify the exclusion type, details, and their corresponding required values. -5. Click **Update rule**. +5. Click **Add rule**. ## Edit a list 1. In the navigation pane, select **Settings** > **Automation allowed/blocked list**. -2. Select the type of entity you'd like to edit the list from. +2. Select the tab of the entity type you'd like to edit the list from. 3. Update the details of the rule and click **Update rule**. ## Delete a list 1. In the navigation pane, select **Settings** > **Automation allowed/blocked list**. -2. Select the type of entity you'd like to delete the list from. +2. Select the tab of the entity type you'd like to delete the list from. 3. Select the list type by clicking the check-box beside the list type. From da1c082a0a63f06c655ee551e74576227f4a0d84 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Mon, 11 Jun 2018 10:26:34 -0700 Subject: [PATCH 147/319] Attempt to shorten uri column --- .../app-v/appv-available-mdm-settings.md | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md index 3e8fa55d1c..9e95747a79 100644 --- a/windows/application-management/app-v/appv-available-mdm-settings.md +++ b/windows/application-management/app-v/appv-available-mdm-settings.md @@ -14,21 +14,21 @@ With Windows 10, version 1703, you can configure, deploy, and manage your App-V |Policy name|Supported versions|URI full path|Data type|Values| |---|---|---|---|---| -|Name|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////Name|String|Read-only data, provided by your App-V packages.| -|Version|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////Version|String|Read-only data, provided by your App-V packages.| -|Publisher|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////Publisher|String|Read-only data, provided by your App-V packages.| -|InstallLocation|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////InstallLocation|String|Read-only data, provided by your App-V packages.| -|InstallDate|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////InstallDate|String|Read-only data, provided by your App-V packages.| -|Users|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////Users|String|Read-only data, provided by your App-V packages.| -|AppVPackageID|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////AppVPackageID|String|Read-only data, provided by your App-V packages.| -|AppVVersionID|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////AppVVersionID|String|Read-only data, provided by your App-V packages.| -|AppVPackageUri|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement////AppVPackageUri|String|Read-only data, provided by your App-V packages.| -|LastError|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/LastSync/LastError|String|Read-only data, provided by your App-V packages.| -|LastErrorDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/LastSync/LastErrorDescription|String|**0**: No errors returned during publish.
    **1**: Unpublish groups failed during publish.
    **2**: Publish no-group packages failed during publish.
    **3**: Publish group packages failed during publish.
    **4**: Unpublish packages failed during publish.
    **5**: New policy write failed during publish.
    **6**: Multiple non-fatal errors occurred during publish.| -|SyncStatusDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/LastSync/SyncStatusDescription|String|**0**: App-V publishing is idle.
    **1**: App-V connection groups publish in progress.
    **2**: App-V packages (non-connection group) publish in progress.
    **3**: App-V packages (connection group) publish in progress.
    **4**: App-V packages unpublish in progress.| -|SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/LastSync/SyncProgress|String|**0**: App-V Sync is idle.
    **1**: App-V Sync is initializing.
    **2**: App-V Sync is in progress.
    **3**: App-V Sync is complete.
    **4**: App-V Sync requires device reboot.| -|PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/Sync/PublishXML|String|Custom value, entered by admin.| -|Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVDynamicPolicy/configurationid/Policy|String|Custom value, entered by admin.| +|Name|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///Name|String|Read-only data, provided by your App-V packages.| +|Version|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///Version|String|Read-only data, provided by your App-V packages.| +|Publisher|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///Publisher|String|Read-only data, provided by your App-V packages.| +|InstallLocation|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///InstallLocation|String|Read-only data, provided by your App-V packages.| +|InstallDate|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///InstallDate|String|Read-only data, provided by your App-V packages.| +|Users|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///Users|String|Read-only data, provided by your App-V packages.| +|AppVPackageID|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///AppVPackageID|String|Read-only data, provided by your App-V packages.| +|AppVVersionID|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///AppVVersionID|String|Read-only data, provided by your App-V packages.| +|AppVPackageUri|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///AppVPackageUri|String|Read-only data, provided by your App-V packages.| +|LastError|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/LastError|String|Read-only data, provided by your App-V packages.| +|LastErrorDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/LastErrorDescription|String|**0**: No errors returned during publish.
    **1**: Unpublish groups failed during publish.
    **2**: Publish no-group packages failed during publish.
    **3**: Publish group packages failed during publish.
    **4**: Unpublish packages failed during publish.
    **5**: New policy write failed during publish.
    **6**: Multiple non-fatal errors occurred during publish.| +|SyncStatusDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/SyncStatusDescription|String|**0**: App-V publishing is idle.
    **1**: App-V connection groups publish in progress.
    **2**: App-V packages (non-connection group) publish in progress.
    **3**: App-V packages (connection group) publish in progress.
    **4**: App-V packages unpublish in progress.| +|SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/SyncProgress|String|**0**: App-V Sync is idle.
    **1**: App-V Sync is initializing.
    **2**: App-V Sync is in progress.
    **3**: App-V Sync is complete.
    **4**: App-V Sync requires device reboot.| +|PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ Sync/PublishXML|String|Custom value, entered by admin.| +|Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVDynamicPolicy/ configurationid/Policy|String|Custom value, entered by admin.|
    From 148043f8e793881391661712b133c22022217788 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Mon, 11 Jun 2018 10:27:56 -0700 Subject: [PATCH 148/319] Added bullets --- .../app-v/appv-available-mdm-settings.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md index 9e95747a79..8b09c32feb 100644 --- a/windows/application-management/app-v/appv-available-mdm-settings.md +++ b/windows/application-management/app-v/appv-available-mdm-settings.md @@ -24,9 +24,9 @@ With Windows 10, version 1703, you can configure, deploy, and manage your App-V |AppVVersionID|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///AppVVersionID|String|Read-only data, provided by your App-V packages.| |AppVPackageUri|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///AppVPackageUri|String|Read-only data, provided by your App-V packages.| |LastError|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/LastError|String|Read-only data, provided by your App-V packages.| -|LastErrorDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/LastErrorDescription|String|**0**: No errors returned during publish.
    **1**: Unpublish groups failed during publish.
    **2**: Publish no-group packages failed during publish.
    **3**: Publish group packages failed during publish.
    **4**: Unpublish packages failed during publish.
    **5**: New policy write failed during publish.
    **6**: Multiple non-fatal errors occurred during publish.| -|SyncStatusDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/SyncStatusDescription|String|**0**: App-V publishing is idle.
    **1**: App-V connection groups publish in progress.
    **2**: App-V packages (non-connection group) publish in progress.
    **3**: App-V packages (connection group) publish in progress.
    **4**: App-V packages unpublish in progress.| -|SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/SyncProgress|String|**0**: App-V Sync is idle.
    **1**: App-V Sync is initializing.
    **2**: App-V Sync is in progress.
    **3**: App-V Sync is complete.
    **4**: App-V Sync requires device reboot.| +|LastErrorDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/LastErrorDescription|String|- **0**: No errors returned during publish.
    - **1**: Unpublish groups failed during publish.
    - **2**: Publish no-group packages failed during publish.
    - **3**: Publish group packages failed during publish.
    - **4**: Unpublish packages failed during publish.
    - **5**: New policy write failed during publish.
    - **6**: Multiple non-fatal errors occurred during publish.| +|SyncStatusDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/SyncStatusDescription|String|- **0**: App-V publishing is idle.
    - **1**: App-V connection groups publish in progress.
    - **2**: App-V packages (non-connection group) publish in progress.
    - **3**: App-V packages (connection group) publish in progress.
    - **4**: App-V packages unpublish in progress.| +|SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/SyncProgress|String|- **0**: App-V Sync is idle.
    - **1**: App-V Sync is initializing.
    - **2**: App-V Sync is in progress.
    - **3**: App-V Sync is complete.
    - **4**: App-V Sync requires device reboot.| |PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ Sync/PublishXML|String|Custom value, entered by admin.| |Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVDynamicPolicy/ configurationid/Policy|String|Custom value, entered by admin.| From 37e2e1acf6109387995f304f8b7521386ea843ec Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 11 Jun 2018 18:42:11 +0000 Subject: [PATCH 149/319] Merged PR 8974: add link for how to update HoloLens directly; update Intune kiosk profile --- devices/hololens/hololens-microsoft-layout-app.md | 2 +- devices/hololens/hololens-updates.md | 2 +- .../configuration/lock-down-windows-10-to-specific-apps.md | 5 +++-- windows/configuration/setup-kiosk-digital-signage.md | 4 +++- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/devices/hololens/hololens-microsoft-layout-app.md b/devices/hololens/hololens-microsoft-layout-app.md index d2357ed2ee..4f5540e858 100644 --- a/devices/hololens/hololens-microsoft-layout-app.md +++ b/devices/hololens/hololens-microsoft-layout-app.md @@ -25,7 +25,7 @@ Microsoft Layout works with a HoloLens, or with a Windows Mixed Reality headset | OS requirements | Details | |:----------------------------------|:-----------------------------------------------------------| -| Build 10.0.17134.77 or above | See [Manage updates to HoloLens](hololens-updates.md) for instructions on upgrading to this build. | +| Build 10.0.17134.77 or above | See [Update HoloLens](https://support.microsoft.com/help/12643/hololens-update-hololens) for instructions on upgrading to this build. | #### Windows Mixed Reality headset requirements diff --git a/devices/hololens/hololens-updates.md b/devices/hololens/hololens-updates.md index 0b91b6f361..e10552862b 100644 --- a/devices/hololens/hololens-updates.md +++ b/devices/hololens/hololens-updates.md @@ -12,7 +12,7 @@ ms.date: 04/30/2018 # Manage updates to HoloLens - +>**Looking for how to get the latest update? See [Update HoloLens](https://support.microsoft.com/help/12643/hololens-update-hololens).** Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. As with desktop devices, administrators can manage updates to the HoloLens operating system using [Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb). diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md index 7610e6fe75..34225059f4 100644 --- a/windows/configuration/lock-down-windows-10-to-specific-apps.md +++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md @@ -52,7 +52,7 @@ You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provi 12. Enter a friendly name for the configuration. 10. In **Kiosk Mode**, select **Multi app kiosk**. 13. Select an app type. - - For **Add Win32 app**, enter the **App Name** and **Identifier**. + - For **Add Win32 app**, enter a friendly name for the app in **App Name**, and enter the path to the app executable in **Identifier**. - For **Add managed apps**, select an app that you manage through Intune. - For **Add app by AUMID**, enter the Application User Model ID (AUMID) for an installed UWP app. 14. Select whether to enable the taskbar. @@ -61,7 +61,8 @@ You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provi 17. Select **OK**. You can add additional configurations or finish. 18. Assign the profile to a device group to configure the devices in that group as kiosks. - +>[!NOTE] +>Managed apps are apps that are in the Microsoft Store for Business that is synced with your Intune subscription. diff --git a/windows/configuration/setup-kiosk-digital-signage.md b/windows/configuration/setup-kiosk-digital-signage.md index 36581a3438..a2442ee9fb 100644 --- a/windows/configuration/setup-kiosk-digital-signage.md +++ b/windows/configuration/setup-kiosk-digital-signage.md @@ -270,7 +270,9 @@ The following steps explain how to configure a kiosk in Microsoft Intune. For ot 7. Select **Windows 10 and later** for the platform. 8. Select **Kiosk (Preview)** for the profile type. 9. Enter a friendly name for the kiosk configuration. -10. In **Kiosk Mode**, select **Single full-screen app kiosk**. +10. Select **Kiosk - 1 setting available**. +10. Select **Add** to add a kiosk configuration. +10. Enter a friendly name for the kiosk configuration, and then in **Kiosk Mode**, select **Single full-screen app kiosk**. 10. Select either **Select a managed app** to choose a kiosk app that is managed by Intune, or **Enter UWP app AUMID** to specify the kiosk app by AUMID, and then select the app or enter the AUMID as appropriate. 1. For the user account, select either **Autologon** to create a user account for the kiosk that will sign in automatically, or **Local user account** to configure an existing user account to run the kiosk. **Local user account** can be a local standard user account on the device or an Azure Active Directory account. 14. Select **OK**, and then select **Create**. From 8acf5994725441506f024dc89773edb32bd39547 Mon Sep 17 00:00:00 2001 From: danhwang1 <40180973+danhwang1@users.noreply.github.com> Date: Mon, 11 Jun 2018 11:45:40 -0700 Subject: [PATCH 150/319] Update supl-ddf-file.md We have recently made a change in our Location Platform pertaining to SUPL to increase the max number of root certificates from 3 to 6 (as mandated). As a result, we will need to update the necessary public documentation here: https://docs.microsoft.com/en-us/windows/client-management/mdm/supl-ddf-file --- .../client-management/mdm/supl-ddf-file.md | 198 +++++++++++++++++- 1 file changed, 197 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md index e6ed98d713..4ee4e4ad1d 100644 --- a/windows/client-management/mdm/supl-ddf-file.md +++ b/windows/client-management/mdm/supl-ddf-file.md @@ -171,7 +171,7 @@ The XML below is the current version for this CSP. - MCCMNPairs + MCCMNCPairs @@ -482,6 +482,201 @@ The XML below is the current version for this CSP. + + RootCertificate4 + + + + + Required. Specifies the root certificate for the H-SLP server. Windows Phone does not support a non-secure mode. If this node is not included, the configuration service provider will fail but may not return a specific error. + + + + + + + + + + + + + + + Name + + + + + + Specifies the name of the H-SLP root certificate as a string, in the format name.cer. + + + + + + + + + + + text/plain + + + + + Data + + + + + + The base 64 encoded blob of the H-SLP root certificate. + + + + + + + + + + + + + + + + + RootCertificate5 + + + + + Required. Specifies the root certificate for the H-SLP server. Windows Phone does not support a non-secure mode. If this node is not included, the configuration service provider will fail but may not return a specific error. + + + + + + + + + + + + + + + Name + + + + + + Specifies the name of the H-SLP root certificate as a string, in the format name.cer. + + + + + + + + + + + text/plain + + + + + Data + + + + + + The base 64 encoded blob of the H-SLP root certificate. + + + + + + + + + + + + + + + + + RootCertificate6 + + + + + Required. Specifies the root certificate for the H-SLP server. Windows Phone does not support a non-secure mode. If this node is not included, the configuration service provider will fail but may not return a specific error. + + + + + + + + + + + + + + + Name + + + + + + Specifies the name of the H-SLP root certificate as a string, in the format name.cer. + + + + + + + + + + + text/plain + + + + + Data + + + + + + The base 64 encoded blob of the H-SLP root certificate. + + + + + + + + + + + + + + + V2UPL1 @@ -662,6 +857,7 @@ The XML below is the current version for this CSP. + ```   From 92466c0e772bfd4e17fddcf0f2c80c95046c2826 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Mon, 11 Jun 2018 12:37:34 -0700 Subject: [PATCH 151/319] Adjusted spacing --- .../app-v/appv-available-mdm-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md index 8b09c32feb..1c5d1625d3 100644 --- a/windows/application-management/app-v/appv-available-mdm-settings.md +++ b/windows/application-management/app-v/appv-available-mdm-settings.md @@ -26,8 +26,8 @@ With Windows 10, version 1703, you can configure, deploy, and manage your App-V |LastError|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/LastError|String|Read-only data, provided by your App-V packages.| |LastErrorDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/LastErrorDescription|String|- **0**: No errors returned during publish.
    - **1**: Unpublish groups failed during publish.
    - **2**: Publish no-group packages failed during publish.
    - **3**: Publish group packages failed during publish.
    - **4**: Unpublish packages failed during publish.
    - **5**: New policy write failed during publish.
    - **6**: Multiple non-fatal errors occurred during publish.| |SyncStatusDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/SyncStatusDescription|String|- **0**: App-V publishing is idle.
    - **1**: App-V connection groups publish in progress.
    - **2**: App-V packages (non-connection group) publish in progress.
    - **3**: App-V packages (connection group) publish in progress.
    - **4**: App-V packages unpublish in progress.| -|SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/SyncProgress|String|- **0**: App-V Sync is idle.
    - **1**: App-V Sync is initializing.
    - **2**: App-V Sync is in progress.
    - **3**: App-V Sync is complete.
    - **4**: App-V Sync requires device reboot.| -|PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ Sync/PublishXML|String|Custom value, entered by admin.| +|SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/SyncProgress|String|- **0**: App-V Sync is idle.
    - **1**: App-V Sync is initializing.
    - **2**: App-V Sync is in progress.
    - **3**: App-V Sync is complete.
    - **4**: App-V Sync requires device reboot.| +|PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/Sync/PublishXML|String|Custom value, entered by admin.| |Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVDynamicPolicy/ configurationid/Policy|String|Custom value, entered by admin.| From 769a8b5bab997efd83405d5d51096f6afc8f6619 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Mon, 11 Jun 2018 13:06:27 -0700 Subject: [PATCH 152/319] Attempt to adjust spacing. --- .../app-v/appv-available-mdm-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md index 1c5d1625d3..7b4de19db8 100644 --- a/windows/application-management/app-v/appv-available-mdm-settings.md +++ b/windows/application-management/app-v/appv-available-mdm-settings.md @@ -26,8 +26,8 @@ With Windows 10, version 1703, you can configure, deploy, and manage your App-V |LastError|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/LastError|String|Read-only data, provided by your App-V packages.| |LastErrorDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/LastErrorDescription|String|- **0**: No errors returned during publish.
    - **1**: Unpublish groups failed during publish.
    - **2**: Publish no-group packages failed during publish.
    - **3**: Publish group packages failed during publish.
    - **4**: Unpublish packages failed during publish.
    - **5**: New policy write failed during publish.
    - **6**: Multiple non-fatal errors occurred during publish.| |SyncStatusDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/SyncStatusDescription|String|- **0**: App-V publishing is idle.
    - **1**: App-V connection groups publish in progress.
    - **2**: App-V packages (non-connection group) publish in progress.
    - **3**: App-V packages (connection group) publish in progress.
    - **4**: App-V packages unpublish in progress.| -|SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/SyncProgress|String|- **0**: App-V Sync is idle.
    - **1**: App-V Sync is initializing.
    - **2**: App-V Sync is in progress.
    - **3**: App-V Sync is complete.
    - **4**: App-V Sync requires device reboot.| -|PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/Sync/PublishXML|String|Custom value, entered by admin.| +|SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/SyncProgress|String|- **0**: App-V Sync is idle.
    - **1**: App-V Sync is initializing.
    - **2**: App-V Sync is in progress.
    - **3**: App-V Sync is complete.
    - **4**: App-V Sync requires device reboot.| +|PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/Sync/ PublishXML|String|Custom value, entered by admin.| |Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVDynamicPolicy/ configurationid/Policy|String|Custom value, entered by admin.| From 2e791f3bf1304fc2ad71c51c5a9f4b2aa7063454 Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Mon, 11 Jun 2018 21:27:30 +0000 Subject: [PATCH 153/319] Updated inclusive-classroom-it-admin.md --- education/get-started/inclusive-classroom-it-admin.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/education/get-started/inclusive-classroom-it-admin.md b/education/get-started/inclusive-classroom-it-admin.md index 16b5c8a0e2..6d3bb808df 100644 --- a/education/get-started/inclusive-classroom-it-admin.md +++ b/education/get-started/inclusive-classroom-it-admin.md @@ -37,10 +37,10 @@ ms.date: 03/18/2018 | Creating accessible content features | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | Office 365 Web | Office Mac | Office iPad | |---|---|---|---|---|---|---|---|---|---| -| Accessibility Checker |
    • All Office 365 authoring applications on PC, Mac, Web
    | | | | | | | | | -| Accessible Templates |
    • Word for PCs, Mac
    • Excel for PCs, Mac
    • PowerPoint for PCs, Mac
    • Sway on iOS, Web, Windows 10
    | | | | | | | | | -| Ability to add alt-text for images |
    • Word for PCs (includes automatic suggestions for image descriptions)
    • SharePoint Online (includes automatic suggestions for image descriptions)
    • PowerPoint for PCs (includes automatic suggestions for image descriptions)
    • OneNote (includes automatic extraction of text in images)
    • All Office 365 authoring applications (include ability to add alt-text manually)
    | | | | | | | | | -| Ability to add captions to videos |
    • PowerPoint for PCs
    • Sway on iOS, Web, Windows 10
    | | | | | | | | | +| Accessibility Checker |
    • All Office 365 authoring applications on PC, Mac, Web
    | |

    X

    | | | | | | | +| Accessible Templates |
    • Word for PCs, Mac
    • Excel for PCs, Mac
    • PowerPoint for PCs, Mac
    • Sway on iOS, Web, Windows 10
    | |

    X

    | | | | | | | +| Ability to add alt-text for images |
    • Word for PCs (includes automatic suggestions for image descriptions)
    • SharePoint Online (includes automatic suggestions for image descriptions)
    • PowerPoint for PCs (includes automatic suggestions for image descriptions)
    • OneNote (includes automatic extraction of text in images)
    • All Office 365 authoring applications (include ability to add alt-text manually)
    | |

    X

    | | | | | | | +| Ability to add captions to videos |
    • PowerPoint for PCs
    • Sway on iOS, Web, Windows 10
    | |

    X

    | | | | | | | | Export as tagged PDF |
    • Word for PCs, Mac
    • Sway on iOS, Web, Windows 10
    | | | | | | | | | | Ability to request accessible content |
    • Outlook Web Access
    | | | | | | | | |
    @@ -48,6 +48,5 @@ ms.date: 03/18/2018 | Communication features | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | Office 365 Web | Office Mac | Office iPad | |---|---|---|---|---|---|---|---|---|---| -| Translate Language of Document |
    • Word 2016
    • PowerPoint 2016
    | | | | | | | | | -| PowerPoint Translator |
    • PowerPoint 2016 Add-in
    | | | | | | | | | +| Microsoft Translator |
    • Word 2016
    • Excel 2016
    • "Translator for Outlook" Add-in
    • PowerPoint 2016 (and PowerPoint Garage Add-in
    |

    X

    |

    X

    |

    X

    |

    X

    |

    X

    | | | |
    \ No newline at end of file From c124f6d063f0900374e1fa2604aa397b800ae3a7 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Mon, 11 Jun 2018 15:41:07 -0700 Subject: [PATCH 154/319] Next attempt at spacing adjustment --- .../app-v/appv-available-mdm-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md index 7b4de19db8..b6a44c1356 100644 --- a/windows/application-management/app-v/appv-available-mdm-settings.md +++ b/windows/application-management/app-v/appv-available-mdm-settings.md @@ -26,8 +26,8 @@ With Windows 10, version 1703, you can configure, deploy, and manage your App-V |LastError|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/LastError|String|Read-only data, provided by your App-V packages.| |LastErrorDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/LastErrorDescription|String|- **0**: No errors returned during publish.
    - **1**: Unpublish groups failed during publish.
    - **2**: Publish no-group packages failed during publish.
    - **3**: Publish group packages failed during publish.
    - **4**: Unpublish packages failed during publish.
    - **5**: New policy write failed during publish.
    - **6**: Multiple non-fatal errors occurred during publish.| |SyncStatusDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/SyncStatusDescription|String|- **0**: App-V publishing is idle.
    - **1**: App-V connection groups publish in progress.
    - **2**: App-V packages (non-connection group) publish in progress.
    - **3**: App-V packages (connection group) publish in progress.
    - **4**: App-V packages unpublish in progress.| -|SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/SyncProgress|String|- **0**: App-V Sync is idle.
    - **1**: App-V Sync is initializing.
    - **2**: App-V Sync is in progress.
    - **3**: App-V Sync is complete.
    - **4**: App-V Sync requires device reboot.| -|PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/Sync/ PublishXML|String|Custom value, entered by admin.| +|SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/LastSync/SyncProgress|String|- **0**: App-V Sync is idle.
    - **1**: App-V Sync is initializing.
    - **2**: App-V Sync is in progress.
    - **3**: App-V Sync is complete.
    - **4**: App-V Sync requires device reboot.| +|PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/Sync/PublishXML|String|Custom value, entered by admin.| |Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVDynamicPolicy/ configurationid/Policy|String|Custom value, entered by admin.| From 05281c5b94d42d29d56c80c5121dfd1632af5004 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Mon, 11 Jun 2018 16:57:32 -0700 Subject: [PATCH 155/319] Continued updating articles --- ...to-packages-with-the-management-console.md | 49 ++++++++----------- 1 file changed, 21 insertions(+), 28 deletions(-) diff --git a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md index 58b23dd73f..86ded03016 100644 --- a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md +++ b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md @@ -8,60 +8,53 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- - - # How to Configure Access to Packages by Using the Management Console -**Applies to** -- Windows 10, version 1607 +>Applies to: Windows 10, version 1607 Before you deploy an App-V virtualized package, you must configure the Active Directory Domain Services (AD DS) security groups that will be allowed to access and run the applications. The security groups may contain computers or users. Entitling a package to a computer group publishes the package globally to all computers in the group. Use the following procedure to configure access to virtualized packages. -**To grant access to an App-V package** +## Grant access to an App-V package -1. Find the package you want to configure: +1. Find the package you want to configure: - 1. Open the App-V Management console. + 1. Open the App-V Management console. - 2. To display the **AD ACCESS** page, right-click the package to be configured, and select **Edit active directory access**. Alternatively, select the package and click **EDIT** in the **AD ACCESS** pane. + 1. Right-click the package to be configured, then select **Edit active directory access** to display the **AD ACCESS** page. Alternatively, select the package and select **EDIT** in the **AD ACCESS** pane. -2. Provision a security group for the package: +2. Provision a security group for the package: - 1. Go to the **FIND VALID ACTIVE DIRECTORY NAMES AND GRANT ACCESS** page. + 1. Go to the **FIND VALID ACTIVE DIRECTORY NAMES AND GRANT ACCESS** page. - 2. Using the format **mydomain** \\ **groupname**, type the name or part of the name of an Active Directory group object, and click **Check**. + 1. Using the format **mydomain** \\ **groupname**, enter the name or part of the name of an Active Directory group object, then select **Check**. - **Note**   - Ensure that you provide an associated domain name for the group that you are searching for. + >[!NOTE]   + >Ensure that you provide an associated domain name for the group that you are searching for. -   +3. Grant access to the package by first selecting the desired group, then selecting **Grant Access**. The newly added group is displayed in the **AD ENTITIES WITH ACCESS** pane. -3. To grant access to the package, select the desired group and click **Grant Access**. The newly added group is displayed in the **AD ENTITIES WITH ACCESS** pane. +4. Select **Close** to accept the default configuration settings and close the AD ACCESS page. -4. + To customize configurations for a specific group, select the **ASSIGNED CONFIGURATIONS** drop-down and select **Custom**. To make changes to your custom configurations, select **EDIT**. After you grant access, select **Close**. - To accept the default configuration settings and close the **AD ACCESS** page, click **Close**. +## Remove access to an App-V package - To customize configurations for a specific group, click the **ASSIGNED CONFIGURATIONS** drop-down and select **Custom**. To configure the custom configurations, click **EDIT**. After you grant access, click **Close**. +1. Find the package you want to configure: -**To remove access to an App-V package** + 1. Open the App-V Management console. -1. Find the package you want to configure: + 1. To display the **AD ACCESS** page, right-click the package to be configured, then select **Edit active directory access**. Alternatively, select the package, then select **EDIT** in the **AD ACCESS** pane. - 1. Open the App-V Management console. +2. Select the group you want to remove, then select **DELETE**. - 2. To display the **AD ACCESS** page, right-click the package to be configured, and select **Edit active directory access**. Alternatively, select the package and click **EDIT** in the **AD ACCESS** pane. - -2. Select the group you want to remove, and click **DELETE**. - -3. To close the **AD ACCESS** page, click **Close**. +3. Select **Close**. ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics -[Operations for App-V](appv-operations.md) +* [Operations for App-V](appv-operations.md) From c763226d7779d7c9452a8b6611e0a731e6a067e6 Mon Sep 17 00:00:00 2001 From: Peter Lewis Date: Tue, 12 Jun 2018 12:01:16 +0100 Subject: [PATCH 156/319] Fix spelling mistake Corrected 'ois' to 'is' --- devices/surface-hub/manage-windows-updates-for-surface-hub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/manage-windows-updates-for-surface-hub.md b/devices/surface-hub/manage-windows-updates-for-surface-hub.md index c769840d86..a01bbdbab3 100644 --- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md +++ b/devices/surface-hub/manage-windows-updates-for-surface-hub.md @@ -44,7 +44,7 @@ Microsoft publishes two types of Surface Hub releases broadly on an ongoing basi In order to improve release quality and simplify deployments, all new releases that Microsoft publishes for Windows 10, including Surface Hub, will be cumulative. This means new feature updates and quality updates will contain the payloads of all previous releases (in an optimized form to reduce storage and networking requirements), and installing the release on a device will bring it completely up to date. Also, unlike earlier versions of Windows, you cannot install a subset of the contents of a Windows 10 quality update. For example, if a quality update contains fixes for three security vulnerabilities and one reliability issue, deploying the update will result in the installation of all four fixes. -The Surface Hub operating system receives updates on the [Semi-Annual Channel](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes). Like other editions of Windows 10, the servicing lifetime ois finite. You must install new feature updates on machines running these branches in order to continue receiving quality updates. +The Surface Hub operating system receives updates on the [Semi-Annual Channel](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes). Like other editions of Windows 10, the servicing lifetime is finite. You must install new feature updates on machines running these branches in order to continue receiving quality updates. For more information on Windows as a Service, see [Overview of Windows as a service](https://technet.microsoft.com/itpro/windows/manage/waas-overview). From f762fd133f9936e4f6aafadca5b82cc089fdf059 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Tue, 12 Jun 2018 06:14:26 -0700 Subject: [PATCH 157/319] changed the GP path to the policy --- browsers/edge/emie-to-improve-compatibility.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md index fc8a612b80..b6c34c4968 100644 --- a/browsers/edge/emie-to-improve-compatibility.md +++ b/browsers/edge/emie-to-improve-compatibility.md @@ -43,14 +43,14 @@ Microsoft Edge doesn't support ActiveX controls, Browser Helper Objects, VBScrip ### Set up Microsoft Edge to use the Enterprise Mode site list -You must turn on the **Use Enterprise Mode Site List** Group Policy setting before Microsoft Edge can use the Enterprise Mode site list. This Group Policy applies to both Microsoft Edge and IE11, letting Microsoft Edge switch to IE11 as needed, based on the Enterprise Mode site list. For more info about IE11 and Enterprise Mode, see [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377). +You must turn on the **Configure the Enterprise Mode Site List** Group Policy setting before Microsoft Edge can use the Enterprise Mode site list. This Group Policy applies to both Microsoft Edge and IE11, letting Microsoft Edge switch to IE11 as needed, based on the Enterprise Mode site list. For more info about IE11 and Enterprise Mode, see [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377). > **Note**
    > If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.

    If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one. **To turn on Enterprise Mode using Group Policy** -1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Microsoft Edge\\Allows you to configure the Enterprise Mode Site list** setting.

    Turning this setting on also requires you to create and store a site list.

    ![Local Group Policy Editor for using a site list](images/edge-emie-grouppolicysitelist.png) +1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Microsoft Edge\\Configure the Enterprise Mode Site List** policy.

    Turning this setting on also requires you to create and store a site list.

    ![Local Group Policy Editor for using a site list](images/edge-emie-grouppolicysitelist.png) 2. Click **Enabled**, and then in the **Options** area, type the location to your site list. From 96c9a3a425f765ffd432d28053dca331103a068d Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Tue, 12 Jun 2018 13:45:04 +0000 Subject: [PATCH 158/319] Merged PR 8996: fix broken link for Surface Hub download --- devices/surface-hub/surface-hub-downloads.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/surface-hub-downloads.md b/devices/surface-hub/surface-hub-downloads.md index 257bc6b58b..8ddafa924a 100644 --- a/devices/surface-hub/surface-hub-downloads.md +++ b/devices/surface-hub/surface-hub-downloads.md @@ -18,7 +18,7 @@ This topic provides links to useful Surface Hub documents, such as product datas | --- | --- | | [Surface Hub Site Readiness Guide (PDF)](http://download.microsoft.com/download/3/8/8/3883E991-DFDB-4E70-8D28-20B26045FC5B/Surface-Hub-Site-Readiness-Guide_EN.pdf) | Make sure your site is ready for Surface Hub, including structural and power requirements, and get technical specs for Surface Hub. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/27/aa/27aa7dd7-7cb7-40ea-9bd6-c7de0795f68c.mov?n=04.07.16_installation_video_01_site_readiness.mov) | | [Surface Hub Setup Guide (English, French, Spanish) (PDF)](http://download.microsoft.com/download/0/1/6/016363A4-8602-4F01-8281-9BE5C814DC78/Setup-Guide_EN-FR-SP.pdf) | Get a quick overview of how to set up the environment for your new Surface Hub. | -| [Surface Hub Quick Reference Guide (PDF)](http://download.microsoft.com/download/9/E/E/9EE660F8-3FC6-4909-969E-89EA648F06DB/Surface Hub Quick Reference Guide_en-us.pdf) | Use this quick reference guide to get information about key features and functions of the Surface Hub. | +| [Surface Hub Quick Reference Guide (PDF)](http://download.microsoft.com/download/9/E/E/9EE660F8-3FC6-4909-969E-89EA648F06DB/Surface%20Hub%20Quick%20Reference%20Guide_en-us.pdf) | Use this quick reference guide to get information about key features and functions of the Surface Hub. | | [Surface Hub User Guide (PDF)](http://download.microsoft.com/download/3/6/B/36B6331E-0C63-4E71-A05D-EE88D05081F8/surface-hub-user-guide-en-us.pdf) | Learn how to use Surface Hub in scheduled or ad-hoc meetings. Invite remote participants, use the built-in tools, save data from your meeting, and more. | | [Surface Hub Replacement PC Drivers](https://www.microsoft.com/download/details.aspx?id=52210) | The Surface Hub Replacement PC driver set is available for those customers who have chosen to disable the Surface Hub’s internal PC and use an external computer with their 84” or 55” Surface Hub. This download is meant to be used with the Surface Hub Admin Guide , which contains further details on configuring a Surface Hub Replacement PC. | | [Surface Hub SSD Replacement Guide (PDF)](http://download.microsoft.com/download/1/F/2/1F202254-7156-459F-ABD2-39CF903A25DE/surface-hub-ssd-replacement-guide_en-us.pdf) | Learn how to replace the solid state drive (SSD) for the 55- and 84-inch Surface Hub. | From 0b0dedb2b287abddf0ba8ddc7d423e3e39d94522 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 12 Jun 2018 10:19:28 -0700 Subject: [PATCH 159/319] added links to how to set startup auth --- .../information-protection/bitlocker/bitlocker-security-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md index db335bddd1..a1988d5ced 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md @@ -27,7 +27,7 @@ The recommended practice for BitLocker configuration on an operating system driv ## What are the implications of using the sleep or hibernate power management options? -BitLocker on operating system drives in its basic configuration (with a TPM but without advanced authentication) provides additional security for the hibernate mode. However, BitLocker provides greater security when it is configured to use an advanced authentication mode (TPM+PIN, TPM+USB, or TPM+PIN+USB) with the hibernate mode. This method is more secure because returning from hibernation requires BitLocker authentication. As a best practice, we recommend that sleep mode be disabled and that you use TPM+PIN for the authentication method. +BitLocker on operating system drives in its basic configuration (with a TPM but without advanced authentication) provides additional security for the hibernate mode. However, BitLocker provides greater security when it is configured to use an advanced authentication mode (TPM+PIN, TPM+USB, or TPM+PIN+USB) with the hibernate mode. This method is more secure because returning from hibernation requires authentication. As a best practice, we recommend that sleep mode be disabled and that you use TPM+PIN for the authentication method. Startup authentication can be configured by using [Group Policy](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#a-href-idbkmk-unlockpol1arequire-additional-authentication-at-startup) or Mobile Device Management with the [Bitlocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp). ## What are the advantages of a TPM? From 691fcc8adcef630ede24ab5336814e0586e0a4ba Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 12 Jun 2018 10:23:42 -0700 Subject: [PATCH 160/319] first pass fixing links to dead OMS marketing page --- .../update/device-health-get-started.md | 13 ++++++++----- .../update/update-compliance-get-started.md | 8 ++++++-- .../upgrade/upgrade-readiness-get-started.md | 15 +++++++++------ .../upgrade/upgrade-readiness-requirements.md | 14 +++++++------- 4 files changed, 30 insertions(+), 20 deletions(-) diff --git a/windows/deployment/update/device-health-get-started.md b/windows/deployment/update/device-health-get-started.md index 81a57be6d4..5b3a7b3474 100644 --- a/windows/deployment/update/device-health-get-started.md +++ b/windows/deployment/update/device-health-get-started.md @@ -5,7 +5,7 @@ keywords: Device Health, oms, operations management suite, prerequisites, requir ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library -ms.date: 03/20/2018 +ms.date: 06/12/2018 ms.pagetype: deploy author: jaimeo ms.author: jaimeo @@ -24,13 +24,16 @@ Steps are provided in sections that follow the recommended setup process: -## Add Device Health to Microsoft Operations Management Suite +## Add Device Health to Microsoft Operations Management Suite or Azure Log Analytics -Device Health is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud-based servicing for monitoring and automating your on-premise and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/). +Device Health is offered as a solution in the Microsoft Operations Management Suite (OMS) and Azure Log Analytics, a collection of cloud-based servicing for monitoring and automating your on-premise and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/) or the Azure [Log Analytics overview](https://azure.microsoft.com/services/log-analytics/). -**If you are already using Windows Analytics**, you should use the same Azure Log Analytics workspace you're already using. find Device Health in the Solutions Gallery. Select the **Device Health** tile in the gallery and then click **Add** on the solution's details page. Device Health is now visible in your workspace. While you're in the Solutions Gallery, you should consider installing the [Upgrade Readiness](../upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md) and [Update Compliance](update-compliance-monitor.md) solutions as well, if you haven't already. +**If you are already using Windows Analytics**, you should use the same Azure Log Analytics workspace you're already using. Find Device Health in the Solutions Gallery. Select the **Device Health** tile in the gallery and then click **Add** on the solution's details page. Device Health is now visible in your workspace. While you're in the Solutions Gallery, you should consider installing the [Upgrade Readiness](../upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md) and [Update Compliance](update-compliance-monitor.md) solutions as well, if you haven't already. -**If you are not yet using Windows Analytics or Azure Log Analytics**, use the following steps to subscribe: +>[!NOTE] +>If you are already using OMS, you can also follow [this link](https://portal.mms.microsoft.com/#Workspace/ipgallery/details/details/index?IPId=DeviceHealthProd) to go directly to the Device Health solution and add it to your workspace. + +**If you are not yet using Windows Analytics or Azure Log Analytics**, follow these steps to subscribe: 1. Go to [Operations Management Suite](https://www.microsoft.com/en-us/cloud-platform/operations-management-suite) on Microsoft.com and click **Sign in**. [![Operations Management Suite bar with sign-in button](images/uc-02a.png)](images/uc-02.png) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 6cfecd1c73..9887546277 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -23,12 +23,16 @@ Steps are provided in sections that follow the recommended setup process: -## Add Update Compliance to Microsoft Operations Management Suite +## Add Update Compliance to Microsoft Operations Management Suite or Azure Log Analytics -Update Compliance is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud-based servicing for monitoring and automating your on-premise and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/). +Update Compliance is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud-based servicing for monitoring and automating your on-premise and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/) or the Azure [Log Analytics overview](https://azure.microsoft.com/services/log-analytics/). If you are already using OMS, skip to step **6** to add Update Compliance to your workspace. +>[!NOTE] +>If you are already using OMS, you can also follow [this link](https://portal.mms.microsoft.com/#Workspace/ipgallery/details/details/index?IPId=WaaSUpdateInsights) to go directly to the Device Health solution and add it to your workspace. + + If you are not yet using OMS, use the following steps to subscribe to OMS Update Compliance: 1. Go to [Operations Management Suite](https://www.microsoft.com/en-us/cloud-platform/operations-management-suite) on Microsoft.com and click **Sign in**. diff --git a/windows/deployment/upgrade/upgrade-readiness-get-started.md b/windows/deployment/upgrade/upgrade-readiness-get-started.md index e80d01d273..3ee8a1a528 100644 --- a/windows/deployment/upgrade/upgrade-readiness-get-started.md +++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: deploy author: jaimeo ms.author: jaimeo -ms.date: 03/20/2018 +ms.date: 06/12/2018 ms.localizationpriority: high --- @@ -35,7 +35,7 @@ When you are ready to begin using Upgrade Readiness, perform the following steps To enable system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what diagnostic data Microsoft collects and how that data is used and protected by Microsoft, see the following topics, refer to [Frequently asked questions and troubleshooting Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-FAQ-troubleshooting), which discusses the issues and provides links to still more detailed information. -## Add Upgrade Readiness to Operations Management Suite +## Add Upgrade Readiness to Operations Management Suite or Azure Log Analytics Upgrade Readiness is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/). @@ -44,11 +44,14 @@ Upgrade Readiness is offered as a solution in the Microsoft Operations Managemen If you are already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Select the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution's details page. Upgrade Readiness is now visible in your workspace. While you have this dialog open, you should also consider adding the [Device Health](../update/device-health-monitor.md) and [Update Compliance](../update/update-compliance-monitor.md) solutions as well, if you haven't already. To do so, just select the check boxes for those solutions. -If you are not using OMS: +>[!NOTE] +>If you are already using OMS, you can also follow [this link](https://portal.mms.microsoft.com/#Workspace/ipgallery/details/details/index?IPId=CompatibilityAssessment) to go directly to the Upgrade Readiness solution and add it to your workspace. -1. Go to the [Upgrade Readiness page on Microsoft.com](https://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and select **New Customers >** to start the process. -2. Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. -3. Create a new OMS workspace. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**. +If you are not using OMS or Azure Log Analytics: + +1. Go to [Log Analytics](https://azure.microsoft.com/services/log-analytics/) on Microsoft.com and select **Start free** to start the setup process. During the process, you’ll create a workspace and add the Upgrade Readiness solution to it. +2. Sign in to Operations Management Suite (OMS or Azure Log Analytics You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. +3. Create a new workspace. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**. 4. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator. > If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens. diff --git a/windows/deployment/upgrade/upgrade-readiness-requirements.md b/windows/deployment/upgrade/upgrade-readiness-requirements.md index 21dfb741d1..538d13cb2a 100644 --- a/windows/deployment/upgrade/upgrade-readiness-requirements.md +++ b/windows/deployment/upgrade/upgrade-readiness-requirements.md @@ -5,7 +5,7 @@ keywords: windows analytics, oms, operations management suite, prerequisites, re ms.prod: w10 author: jaimeo ms.author: -ms.date: 03/15/2018 +ms.date: 06/12/2018 ms.localizationpriority: high --- @@ -32,19 +32,19 @@ See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-1 ### Windows 10 Keeping Windows 10 up to date involves deploying a feature update, and Upgrade Readiness tools help you prepare and plan for these Windows updates. -The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility updates are installed. You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com). +The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility updates are installed. You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com). While Upgrade Readiness can be used to assist with updating devices from Windows 10 Long-Term Servicing Channel (LTSC) to Windows 10 Semi-Annual Channel, Upgrade Readiness does not support updates to Windows 10 LTSC. The Long-Term Servicing Channel of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not a supported target with Upgrade Readiness. See [Windows as a service overview](../update/waas-overview.md#long-term-servicing-channel) to understand more about LTSC. -## Operations Management Suite +## Operations Management Suite or Azure Log Analytics -Upgrade Readiness is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing on premise and cloud computing environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/). +Upgrade Readiness is offered as a solution in Microsoft Operations Management Suite (OMS) and Azure Log Analytics, a collection of cloud based services for managing on premise and cloud computing environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/) or the Azure [Log Analytics overview](https://azure.microsoft.com/services/log-analytics/). -If you’re already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Click the Upgrade Readiness tile in the gallery and then click Add on the solution’s details page. Upgrade Readiness is now visible in your workspace. +If you’re already using OMS or Azure Log Analytics, you’ll find Upgrade Readiness in the Solutions Gallery. Click the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution’s details page. Upgrade Readiness is now visible in your workspace. You can also -If you are not using OMS, go to the [Upgrade Readiness page](https://www.microsoft.com/en-us/windowsforbusiness/simplified-updates) on Microsoft.com and select **Sign up** to kick off the OMS onboarding process. During the onboarding process, you’ll create an OMS workspace and add the Upgrade Readiness solution to it. +If you are not using OMS or Azure Log Analytics, go to [Log Analytics](https://azure.microsoft.com/services/log-analytics/) on Microsoft.com and select **Start free** to start the setup process. During the process, you’ll create a workspace and add the Upgrade Readiness solution to it. -Important: You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory, use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. You also need an Azure subscription to link to your OMS workspace. The account you used to create the workspace must have administrator permissions on the Azure subscription in order to link the workspace to the Azure account. Once the link has been established, you can revoke the administrator permissions. +>[!IMPORTANT] You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory, use a Work >or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. You also need an Azure subscription to link to your OMS workspace. The account you used to create the workspace must have administrator permissions on the Azure subscription in order to link the workspace to the Azure account. Once the link has been established, you can revoke the administrator permissions. ## System Center Configuration Manager integration From ff9f493205532351390043b00a4859451d2f2bbf Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 12 Jun 2018 10:24:27 -0700 Subject: [PATCH 161/319] added links to how to set startup auth --- .../bitlocker/bitlocker-security-faq.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md index a1988d5ced..13ee71372a 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security localizationpriority: high author: brianlic-msft -ms.date: 05/03/2018 +ms.date: 06/12/2018 --- # BitLocker Security FAQ @@ -27,7 +27,7 @@ The recommended practice for BitLocker configuration on an operating system driv ## What are the implications of using the sleep or hibernate power management options? -BitLocker on operating system drives in its basic configuration (with a TPM but without advanced authentication) provides additional security for the hibernate mode. However, BitLocker provides greater security when it is configured to use an advanced authentication mode (TPM+PIN, TPM+USB, or TPM+PIN+USB) with the hibernate mode. This method is more secure because returning from hibernation requires authentication. As a best practice, we recommend that sleep mode be disabled and that you use TPM+PIN for the authentication method. Startup authentication can be configured by using [Group Policy](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#a-href-idbkmk-unlockpol1arequire-additional-authentication-at-startup) or Mobile Device Management with the [Bitlocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp). +BitLocker on operating system drives in its basic configuration (with a TPM but without additional startup authentication) provides additional security for the hibernate mode. However, BitLocker provides greater security when it is configured to use an additional startup authentication factor (TPM+PIN, TPM+USB, or TPM+PIN+USB) with the hibernate mode. This method is more secure because returning from hibernation requires authentication. For increased security, we recommend that sleep mode be disabled and that you use TPM+PIN for the authentication method. Startup authentication can be configured by using [Group Policy](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#a-href-idbkmk-unlockpol1arequire-additional-authentication-at-startup) or Mobile Device Management with the [Bitlocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp). ## What are the advantages of a TPM? From 49a75ea072dd6c8affa016687153e01b9e1c598a Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 12 Jun 2018 10:25:42 -0700 Subject: [PATCH 162/319] Cleaning up for pull request Going to try something funky with that big table. --- ...ment-configuration-file-with-powershell.md | 14 +- ...user-configuration-file-with-powershell.md | 18 +- .../appv-auto-clean-unpublished-packages.md | 16 +- .../app-v/appv-available-mdm-settings.md | 202 +----------------- 4 files changed, 23 insertions(+), 227 deletions(-) diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md index 42754ef837..a3958c5d49 100644 --- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md +++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md @@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 06/12/2018 --- # How to apply the deployment configuration file by using Windows PowerShell @@ -20,12 +20,12 @@ The dynamic deployment configuration file is applied when a package is added or ## Apply the deployment configuration file with Windows PowerShell >[!NOTE] ->The following procedure is an example that uses the following two file paths for the package and configuration files: +>The following example cmdlet uses the following two file paths for the package and configuration files: > >* C:\\Packages\\Contoso\\MyApp.appv >* C:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml > ->If your package and configuration file use different file paths than the example, feel free to replace them as needed. +>If your package and configuration files use different file paths than the example, feel free to replace them as needed. To specify a new default set of configurations for all users who will run the package on a specific computer, in a Windows PowerShell console, enter the following cmdlet: @@ -35,10 +35,10 @@ Add-AppVClientPackage -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentCon >[!NOTE] >This command captures the resulting object into $pkg. If the package is already present on the computer, the **Set-AppVclientPackage** cmdlet can be used to apply the deployment configuration document: - > - ```PowerShell - Set-AppVClientPackage -Name Myapp -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration C:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml - ``` + + ```PowerShell + Set-AppVClientPackage -Name Myapp -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration C:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml + ``` ## Have a suggestion for App-V? diff --git a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md index 2632d17e87..c115854e06 100644 --- a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md +++ b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md @@ -1,12 +1,12 @@ --- -title: How to Apply the User Configuration File by Using Windows PowerShell (Windows 10) -description: How to Apply the User Configuration File by Using Windows PowerShell +title: How to apply the user configuration file by using Windows PowerShell (Windows 10) +description: How to apply the user configuration file by using Windows PowerShell (Windows 10). author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 06/12/2018 --- # How to apply the user configuration file by using Windows PowerShell @@ -14,22 +14,18 @@ ms.date: 04/19/2017 The dynamic user configuration file is applied when a package is published to a specific user and determines how the package will run. -Use the following procedure to specify a user-specific configuration file. The following procedure is based on the example: - -* C:\\Packages\\Contoso\\MyApp.appv - ## Apply a user configuration file -Use the following procedure to specify a user-specific configuration file. +You can follow these steps to specify a user-specific configuration file: >[!NOTE] >The following procedure uses the following example file path for its package: > >* C:\\Packages\\Contoso\\MyApp.appv. > ->f your package file uses a different file path than the example, feel free to replace it. +>f your package file uses a different file path than the example, feel free to replace it as needed. -1. Enter the following cmdlet to add the package to the computer using the Windows PowerShell console: +1. Enter the following cmdlet in Windows PowerShell to add the package to the computer: ```PowerShell Add-AppVClientPackage C:\Packages\Contoso\MyApp.appv @@ -37,7 +33,7 @@ Use the following procedure to specify a user-specific configuration file. 2. Enter the following cmdlet to publish the package to the user and specify the updated the dynamic user configuration file: ```PowerShell - Publish-AppVClientPackage $pkg -DynamicUserConfigurationPath c:\Packages\Contoso\config.xml + Publish-AppVClientPackage $pkg -DynamicUserConfigurationPath C:\Packages\Contoso\config.xml ``` ## Have a suggestion for App-V? diff --git a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md index 5292d2ed73..bb51d5cad8 100644 --- a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md +++ b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md @@ -1,18 +1,18 @@ --- -title: Automatically cleanup unpublished packages on the App-V client (Windows 10) -description: How to automatically clean-up any unpublished packages on your App-V client devices. +title: Automatically clean up unpublished packages on the App-V client (Windows 10) +description: How to automatically clean up any unpublished packages on your App-V client devices. author: eross-msft ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 06/12/2018 --- # Automatically clean up unpublished packages on the App-V client >Applies to: Windows 10, version 1703 -Previous versions of App-V have required you to manually remove your unpublished packages from your client devices, to free up additional storage space. Windows 10, version 1703 introduces the ability to use PowerShell or Group Policy settings to automatically clean up your unpublished packages after a device restart. +If you wanted to free up additional storage space in previous versions of App-V, you would have had to manually remove your unpublished packages from your client devices. Windows 10, version 1703 introduces the ability to use PowerShell or Group Policy settings to automatically clean up your unpublished packages after restarting your device. ## Clean up with PowerShell cmdlets @@ -20,7 +20,7 @@ You can enter PowerShell cmdlets to turn on the **AutoCleanupEnabled** setting, ### Turn on the AutoCleanupEnabled option -1. Open PowerShell as an admin and enter the following cmdlet to turn on the automatic package clean up functionality: +1. Open PowerShell as an admin and enter the following cmdlet to turn on the automatic package cleanup functionality: ```PowerShell Set-AppvClientConfiguration -AutoCleanupEnabled 1 @@ -32,7 +32,7 @@ You can enter PowerShell cmdlets to turn on the **AutoCleanupEnabled** setting, |---|---|---| |AutoCleanupEnabled|1|False| -2. Run the following cmdlet to make sure the configuration is ready to automatically clean up your packages. +1. Run the following cmdlet to check if the configuration has the cleanup setting turned on. ```PowerShell Get-AppvClientConfiguration @@ -41,9 +41,9 @@ You can enter PowerShell cmdlets to turn on the **AutoCleanupEnabled** setting, ## Clean up with Group Policy settings -Using Group Policy, you can turn on the **Enable automatic clean up of unused App-V packages** setting to automatically clean up your unpublished App-V packages from your App-V client devices. +Using Group Policy, you can turn on the **Enable automatic cleanup of unused App-V packages** setting to automatically clean up your unpublished App-V packages from your App-V client devices. -### Turn on the Enable automatic clean up of unused App-V packages setting +### Turn on the Enable automatic cleanup of unused App-V packages setting 1. Open your Group Policy editor and select the **Administrative Templates\System\App-V\PackageManagement\Enable automatic cleanup of unused App-V packages** setting. diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md index b6a44c1356..6c749e9884 100644 --- a/windows/application-management/app-v/appv-available-mdm-settings.md +++ b/windows/application-management/app-v/appv-available-mdm-settings.md @@ -28,204 +28,4 @@ With Windows 10, version 1703, you can configure, deploy, and manage your App-V |SyncStatusDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/SyncStatusDescription|String|- **0**: App-V publishing is idle.
    - **1**: App-V connection groups publish in progress.
    - **2**: App-V packages (non-connection group) publish in progress.
    - **3**: App-V packages (connection group) publish in progress.
    - **4**: App-V packages unpublish in progress.| |SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/LastSync/SyncProgress|String|- **0**: App-V Sync is idle.
    - **1**: App-V Sync is initializing.
    - **2**: App-V Sync is in progress.
    - **3**: App-V Sync is complete.
    - **4**: App-V Sync requires device reboot.| |PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/Sync/PublishXML|String|Custom value, entered by admin.| -|Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVDynamicPolicy/ configurationid/Policy|String|Custom value, entered by admin.| - - -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Policy nameSupported versionsDetails
    NameWindows 10, version 1703 -
      -
    • URI full path. ./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/<enterprise_id>/<package_family_name>/<package_full_name>/Name
      • -
    • Data type. String
      • -
    • Value. Read-only data, provided by your App-V packages.
      • -
    -
    VersionWindows 10, version 1703 -
      -
    • URI full path. ./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/<enterprise_id>/<package_family_name>/<package_full_name>/Version
      • -
    • Data type. String
      • -
    • Value. Read-only data, provided by your App-V packages.
      • -
    -
    PublisherWindows 10, version 1703 -
      -
    • URI full path. ./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/<enterprise_id>/<package_family_name>/<package_full_name>/Publisher
      • -
    • Data type. String
      • -
    • Value. Read-only data, provided by your App-V packages.
      • -
    -
    InstallLocationWindows 10, version 1703 -
      -
    • URI full path. ./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/<enterprise_id>/<package_family_name>/<package_full_name>/InstallLocation
      • -
    • Data type. String
      • -
    • Value. Read-only data, provided by your App-V packages.
      • -
    -
    InstallDateWindows 10, version 1703 -
      -
    • URI full path. ./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/<enterprise_id>/<package_family_name>/<package_full_name>/InstallDate
      • -
    • Data type. String
      • -
    • Value. Read-only data, provided by your App-V packages.
      • -
    -
    UsersWindows 10, version 1703 -
      -
    • URI full path. ./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/<enterprise_id>/<package_family_name>/<package_full_name>/Users
      • -
    • Data type. String
      • -
    • Value. Read-only data, provided by your App-V packages.
      • -
    -
    AppVPackageIDWindows 10, version 1703 -
      -
    • URI full path. ./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/<enterprise_id>/<package_family_name>/<package_full_name>/AppVPackageID
      • -
    • Data type. String
      • -
    • Value. Read-only data, provided by your App-V packages.
      • -
    -
    AppVVersionIDWindows 10, version 1703 -
      -
    • URI full path. ./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/<enterprise_id>/<package_family_name>/<package_full_name>/AppVVersionID
      • -
    • Data type. String
      • -
    • Value. Read-only data, provided by your App-V packages.
      • -
    -
    AppVPackageUriWindows 10, version 1703 -
      -
    • URI full path. ./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/<enterprise_id>/<package_family_name>/<package_full_name>/AppVPackageUri
      • -
    • Data type. String
      • -
    • Value. Read-only data, provided by your App-V packages.
      • -
    -
    LastErrorWindows 10, version 1703 -
      -
    • URI full path. ./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/LastSync/LastError
      • -
    • Data type. String
      • -
    • Value. Read-only data, provided by your App-V client.
      • -
    -
    LastErrorDescriptionWindows 10, version 1703 -
      -
    • URI full path. ./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/LastSync/LastErrorDescription
      • -
    • Data type. String
      • -
    • Values. -
        -
      • 0. No errors returned during publish.
        • -
      • 1. Unpublish groups failed during publish.
        • -
      • 2. Publish no-group packages failed during publish.
        • -
      • 3. Publish group packages failed during publish.
        • -
      • 4. Unpublish packages failed during publish.
        • -
      • 5. New policy write failed during publish.
        • -
      • 6. Multiple non-fatal errors occurred during publish.
        • -
      -
      • -
    -
    SyncStatusDescriptionWindows 10, version 1703 -
      -
    • URI full path. ./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/LastSync/SyncStatusDescription
      • -
    • Data type. String
      • -
    • Values. -
        -
      • 0. App-V publishing is idle.
        • -
      • 1. App-V connection groups publish in progress.
        • -
      • 2. App-V packages (non-connection group) publish in progress.
        • -
      • 3. App-V packages (connection group) publish in progress.
        • -
      • 4. App-V packages unpublish in progress.
        • -
      -
      • -
    -
    SyncProgressWindows 10, version 1703 -
      -
    • URI full path. ./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/LastSync/SyncProgress
      • -
    • Data type. String
      • -
    • Values. -
        -
      • 0. App-V Sync is idle.
        • -
      • 1. App-V Sync is initializing.
        • -
      • 2. App-V Sync is in progress.
        • -
      • 3. App-V Sync is complete.
        • -
      • 4. App-V Sync requires device reboot.
        • -
      -
      • -
    -
    PublishXMLWindows 10, version 1703 -
      -
    • URI full path. ./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/Sync/PublishXML
      • -
    • Data type. String
      • -
    • Value. Custom value, entered by admin.
      • -
    -
    PolicyWindows 10, version 1703 -
      -
    • URI full path. ./Vendor/MSFT/EnterpriseAppVManagement/AppVDynamicPolicy/configurationid/Policy
      • -
    • Data type. String
      • -
    • Value. Custom value, entered by admin.
      • -
    -
    \ No newline at end of file +|Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVDynamicPolicy/ configurationid/Policy|String|Custom value, entered by admin.| \ No newline at end of file From 274ecc83c3c8159d5ab5c48dcd920bdfe64b0ac0 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 12 Jun 2018 10:26:33 -0700 Subject: [PATCH 163/319] added links to how to set startup auth --- .../information-protection/bitlocker/bitlocker-security-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md index 13ee71372a..6aac433261 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md @@ -27,7 +27,7 @@ The recommended practice for BitLocker configuration on an operating system driv ## What are the implications of using the sleep or hibernate power management options? -BitLocker on operating system drives in its basic configuration (with a TPM but without additional startup authentication) provides additional security for the hibernate mode. However, BitLocker provides greater security when it is configured to use an additional startup authentication factor (TPM+PIN, TPM+USB, or TPM+PIN+USB) with the hibernate mode. This method is more secure because returning from hibernation requires authentication. For increased security, we recommend that sleep mode be disabled and that you use TPM+PIN for the authentication method. Startup authentication can be configured by using [Group Policy](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#a-href-idbkmk-unlockpol1arequire-additional-authentication-at-startup) or Mobile Device Management with the [Bitlocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp). +BitLocker on operating system drives in its basic configuration (with a TPM but without additional startup authentication) provides additional security for the hibernate mode. However, BitLocker provides greater security when it is configured to use an additional startup authentication factor (TPM+PIN, TPM+USB, or TPM+PIN+USB) with the hibernate mode. This method is more secure because returning from hibernation requires authentication. For improved security, we recommend that sleep mode be disabled and that you use TPM+PIN for the authentication method. Startup authentication can be configured by using [Group Policy](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#a-href-idbkmk-unlockpol1arequire-additional-authentication-at-startup) or Mobile Device Management with the [Bitlocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp). ## What are the advantages of a TPM? From 4d22e79913ec5ec7a2b975c554a71af6815f5a20 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 12 Jun 2018 10:37:48 -0700 Subject: [PATCH 164/319] Attempted spacing fix for middle column --- .../app-v/appv-available-mdm-settings.md | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md index 6c749e9884..b53a68364c 100644 --- a/windows/application-management/app-v/appv-available-mdm-settings.md +++ b/windows/application-management/app-v/appv-available-mdm-settings.md @@ -14,18 +14,18 @@ With Windows 10, version 1703, you can configure, deploy, and manage your App-V |Policy name|Supported versions|URI full path|Data type|Values| |---|---|---|---|---| -|Name|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///Name|String|Read-only data, provided by your App-V packages.| -|Version|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///Version|String|Read-only data, provided by your App-V packages.| -|Publisher|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///Publisher|String|Read-only data, provided by your App-V packages.| -|InstallLocation|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///InstallLocation|String|Read-only data, provided by your App-V packages.| -|InstallDate|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///InstallDate|String|Read-only data, provided by your App-V packages.| -|Users|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///Users|String|Read-only data, provided by your App-V packages.| -|AppVPackageID|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///AppVPackageID|String|Read-only data, provided by your App-V packages.| -|AppVVersionID|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///AppVVersionID|String|Read-only data, provided by your App-V packages.| -|AppVPackageUri|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPackageManagement/ ///AppVPackageUri|String|Read-only data, provided by your App-V packages.| -|LastError|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/LastError|String|Read-only data, provided by your App-V packages.| -|LastErrorDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/LastErrorDescription|String|- **0**: No errors returned during publish.
    - **1**: Unpublish groups failed during publish.
    - **2**: Publish no-group packages failed during publish.
    - **3**: Publish group packages failed during publish.
    - **4**: Unpublish packages failed during publish.
    - **5**: New policy write failed during publish.
    - **6**: Multiple non-fatal errors occurred during publish.| -|SyncStatusDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/ LastSync/SyncStatusDescription|String|- **0**: App-V publishing is idle.
    - **1**: App-V connection groups publish in progress.
    - **2**: App-V packages (non-connection group) publish in progress.
    - **3**: App-V packages (connection group) publish in progress.
    - **4**: App-V packages unpublish in progress.| -|SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/LastSync/SyncProgress|String|- **0**: App-V Sync is idle.
    - **1**: App-V Sync is initializing.
    - **2**: App-V Sync is in progress.
    - **3**: App-V Sync is complete.
    - **4**: App-V Sync requires device reboot.| -|PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVPublishing/Sync/PublishXML|String|Custom value, entered by admin.| -|Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/AppVDynamicPolicy/ configurationid/Policy|String|Custom value, entered by admin.| \ No newline at end of file +|Name|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement// //Name|String|Read-only data, provided by your App-V packages.| +|Version|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement// //Version|String|Read-only data, provided by your App-V packages.| +|Publisher|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement// //Publisher|String|Read-only data, provided by your App-V packages.| +|InstallLocation|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement// //InstallLocation|String|Read-only data, provided by your App-V packages.| +|InstallDate|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement// //InstallDate|String|Read-only data, provided by your App-V packages.| +|Users|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement// //Users|String|Read-only data, provided by your App-V packages.| +|AppVPackageID|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement// //AppVPackageID|String|Read-only data, provided by your App-V packages.| +|AppVVersionID|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement// //AppVVersionID|String|Read-only data, provided by your App-V packages.| +|AppVPackageUri|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPackageManagement// //AppVPackageUri|String|Read-only data, provided by your App-V packages.| +|LastError|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/
    AppVPublishing/LastSync/LastError|String|Read-only data, provided by your App-V packages.| +|LastErrorDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/LastErrorDescription|String|- **0**: No errors returned during publish.
    - **1**: Unpublish groups failed during publish.
    - **2**: Publish no-group packages failed during publish.
    - **3**: Publish group packages failed during publish.
    - **4**: Unpublish packages failed during publish.
    - **5**: New policy write failed during publish.
    - **6**: Multiple non-fatal errors occurred during publish.| +|SyncStatusDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/SyncStatusDescription|String|- **0**: App-V publishing is idle.
    - **1**: App-V connection groups publish in progress.
    - **2**: App-V packages (non-connection group) publish in progress.
    - **3**: App-V packages (connection group) publish in progress.
    - **4**: App-V packages unpublish in progress.| +|SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/SyncProgress|String|- **0**: App-V Sync is idle.
    - **1**: App-V Sync is initializing.
    - **2**: App-V Sync is in progress.
    - **3**: App-V Sync is complete.
    - **4**: App-V Sync requires device reboot.| +|PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/Sync/PublishXML|String|Custom value, entered by admin.| +|Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVDynamicPolicy/ configurationid/Policy|String|Custom value, entered by admin.| \ No newline at end of file From cdebda815d631819f1d4ac932d5c0c99abd2a3e4 Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Tue, 12 Jun 2018 17:40:24 +0000 Subject: [PATCH 165/319] Updated inclusive-classroom-it-admin.md --- education/get-started/inclusive-classroom-it-admin.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/get-started/inclusive-classroom-it-admin.md b/education/get-started/inclusive-classroom-it-admin.md index 6d3bb808df..bcff2649a4 100644 --- a/education/get-started/inclusive-classroom-it-admin.md +++ b/education/get-started/inclusive-classroom-it-admin.md @@ -16,7 +16,7 @@ ms.date: 03/18/2018 |Reading features|Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | Office 365 Web | Office Mac | Office iPad | |---|---|---|---|---|---|---|---|---|---| -| Read aloud with simultaneous highlighting |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS
    | |

    X

    |

    X

    |

    X

    | |

    X

    | | | +| Read aloud with simultaneous highlighting | OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    Word 2016, Word Online, Word Mac, Word for iOS
    Outlook 2016, Outlook Web Access
    Office Lens on iOS | |

    X

    |

    X

    |

    X

    | |

    X

    | | | | Adjustable text spacing and font size |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iPad
    • Outlook Web Access
    • Office Lens on iOS
    | |

    X

    |

    X

    |

    X

    | |

    X

    | | | | Syllabification |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word Online
    • Outlook Web Access
    | |

    X

    |

    X

    |

    X

    | |

    X

    | | | | Parts of speech identification |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS
    | |

    X

    | | | |

    X

    | |

    X

    | From 73311e46a1db5125647ccfac28e05eb1b1b5b579 Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Tue, 12 Jun 2018 17:46:51 +0000 Subject: [PATCH 166/319] Updated inclusive-classroom-it-admin.md, testing headings --- education/get-started/inclusive-classroom-it-admin.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/education/get-started/inclusive-classroom-it-admin.md b/education/get-started/inclusive-classroom-it-admin.md index bcff2649a4..4ce644acdc 100644 --- a/education/get-started/inclusive-classroom-it-admin.md +++ b/education/get-started/inclusive-classroom-it-admin.md @@ -14,6 +14,9 @@ ms.author: alhughes ms.date: 03/18/2018 --- +# Inclusive Classroom IT Admin Guide + +## Inclusive Classroom features |Reading features|Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | Office 365 Web | Office Mac | Office iPad | |---|---|---|---|---|---|---|---|---|---| | Read aloud with simultaneous highlighting | OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    Word 2016, Word Online, Word Mac, Word for iOS
    Outlook 2016, Outlook Web Access
    Office Lens on iOS | |

    X

    |

    X

    |

    X

    | |

    X

    | | | @@ -45,7 +48,6 @@ ms.date: 03/18/2018 | Ability to request accessible content |
    • Outlook Web Access
    | | | | | | | | |
    - | Communication features | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | Office 365 Web | Office Mac | Office iPad | |---|---|---|---|---|---|---|---|---|---| | Microsoft Translator |
    • Word 2016
    • Excel 2016
    • "Translator for Outlook" Add-in
    • PowerPoint 2016 (and PowerPoint Garage Add-in
    |

    X

    |

    X

    |

    X

    |

    X

    |

    X

    | | | | From 13238fcf3e90753450b81f1c31ca00d5833af540 Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Tue, 12 Jun 2018 17:54:09 +0000 Subject: [PATCH 167/319] Updated inclusive-classroom-it-admin.md --- .../get-started/inclusive-classroom-it-admin.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/education/get-started/inclusive-classroom-it-admin.md b/education/get-started/inclusive-classroom-it-admin.md index 4ce644acdc..1367c70c95 100644 --- a/education/get-started/inclusive-classroom-it-admin.md +++ b/education/get-started/inclusive-classroom-it-admin.md @@ -17,14 +17,14 @@ ms.date: 03/18/2018 # Inclusive Classroom IT Admin Guide ## Inclusive Classroom features -|Reading features|Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | Office 365 Web | Office Mac | Office iPad | +|Reading features|Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | |---|---|---|---|---|---|---|---|---|---| -| Read aloud with simultaneous highlighting | OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    Word 2016, Word Online, Word Mac, Word for iOS
    Outlook 2016, Outlook Web Access
    Office Lens on iOS | |

    X

    |

    X

    |

    X

    | |

    X

    | | | -| Adjustable text spacing and font size |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iPad
    • Outlook Web Access
    • Office Lens on iOS
    | |

    X

    |

    X

    |

    X

    | |

    X

    | | | -| Syllabification |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word Online
    • Outlook Web Access
    | |

    X

    |

    X

    |

    X

    | |

    X

    | | | -| Parts of speech identification |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS
    | |

    X

    | | | |

    X

    | |

    X

    | -| Line focus mode |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS
    | | | | | |

    X

    | | | -| Picture Dictionary |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS
    | | | | | |

    X

    | |

    X

    | +| Read aloud with simultaneous highlighting | OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    Word 2016, Word Online, Word Mac, Word for iOS
    Outlook 2016, Outlook Web Access
    Office Lens on iOS | |

    X

    |

    X

    |

    X

    | | +| Adjustable text spacing and font size |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iPad
    • Outlook Web Access
    • Office Lens on iOS
    | |

    X

    |

    X

    |

    X

    | | +| Syllabification |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word Online
    • Outlook Web Access
    | |

    X

    |

    X

    |

    X

    | | +| Parts of speech identification |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS
    | |

    X

    | | | | +| Line focus mode |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS
    | | | | | | +| Picture Dictionary |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS
    | | | | | |
    | Writing and proofing features | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | Office 365 Web | Office Mac | Office iPad | From 0ecac91aae729a9c46418e51c7942cb834f959fc Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 12 Jun 2018 11:05:29 -0700 Subject: [PATCH 168/319] Cleanup --- ...ss-to-packages-with-the-management-console.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md index 86ded03016..f9a3d2bb7e 100644 --- a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md +++ b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md @@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 06/12/2018 --- # How to Configure Access to Packages by Using the Management Console @@ -22,22 +22,22 @@ Use the following procedure to configure access to virtualized packages. 1. Open the App-V Management console. - 1. Right-click the package to be configured, then select **Edit active directory access** to display the **AD ACCESS** page. Alternatively, select the package and select **EDIT** in the **AD ACCESS** pane. + 1. Right-click the package to be configured, then select **Edit active directory access** to display the **AD Access** page. Alternatively, select the package and select **Edit** in the **AD Access** pane. 2. Provision a security group for the package: - 1. Go to the **FIND VALID ACTIVE DIRECTORY NAMES AND GRANT ACCESS** page. + 1. Go to the **Find valid Active Directory names and grant access** page. 1. Using the format **mydomain** \\ **groupname**, enter the name or part of the name of an Active Directory group object, then select **Check**. >[!NOTE]   >Ensure that you provide an associated domain name for the group that you are searching for. -3. Grant access to the package by first selecting the desired group, then selecting **Grant Access**. The newly added group is displayed in the **AD ENTITIES WITH ACCESS** pane. +3. Grant access to the package by first selecting the desired group, then selecting **Grant Access**. The newly added group is displayed in the **AD entities with access** pane. -4. Select **Close** to accept the default configuration settings and close the AD ACCESS page. +4. Select **Close** to accept the default configuration settings and close the AD Access page. - To customize configurations for a specific group, select the **ASSIGNED CONFIGURATIONS** drop-down and select **Custom**. To make changes to your custom configurations, select **EDIT**. After you grant access, select **Close**. + To customize configurations for a specific group, select the **Assigned configurations** drop-down menu, then select **Custom**. To make changes to your custom configurations, select **Edit**. After you grant access, select **Close**. ## Remove access to an App-V package @@ -45,9 +45,9 @@ Use the following procedure to configure access to virtualized packages. 1. Open the App-V Management console. - 1. To display the **AD ACCESS** page, right-click the package to be configured, then select **Edit active directory access**. Alternatively, select the package, then select **EDIT** in the **AD ACCESS** pane. + 1. To display the **AD Access** page, right-click the package to be configured, then select **Edit active directory access**. Alternatively, select the package, then select **Edit** in the **AD Access** pane. -2. Select the group you want to remove, then select **DELETE**. +2. Select the group you want to remove, then select **Delete**. 3. Select **Close**. From c1e22d64cb659727e61d1f667154e46e5774a200 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 12 Jun 2018 11:06:22 -0700 Subject: [PATCH 169/319] Spacing edit --- .../app-v/appv-available-mdm-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md index b53a68364c..4d0eaf7540 100644 --- a/windows/application-management/app-v/appv-available-mdm-settings.md +++ b/windows/application-management/app-v/appv-available-mdm-settings.md @@ -27,5 +27,5 @@ With Windows 10, version 1703, you can configure, deploy, and manage your App-V |LastErrorDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/LastErrorDescription|String|- **0**: No errors returned during publish.
    - **1**: Unpublish groups failed during publish.
    - **2**: Publish no-group packages failed during publish.
    - **3**: Publish group packages failed during publish.
    - **4**: Unpublish packages failed during publish.
    - **5**: New policy write failed during publish.
    - **6**: Multiple non-fatal errors occurred during publish.| |SyncStatusDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/SyncStatusDescription|String|- **0**: App-V publishing is idle.
    - **1**: App-V connection groups publish in progress.
    - **2**: App-V packages (non-connection group) publish in progress.
    - **3**: App-V packages (connection group) publish in progress.
    - **4**: App-V packages unpublish in progress.| |SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/SyncProgress|String|- **0**: App-V Sync is idle.
    - **1**: App-V Sync is initializing.
    - **2**: App-V Sync is in progress.
    - **3**: App-V Sync is complete.
    - **4**: App-V Sync requires device reboot.| -|PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/Sync/PublishXML|String|Custom value, entered by admin.| -|Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVDynamicPolicy/ configurationid/Policy|String|Custom value, entered by admin.| \ No newline at end of file +|PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/
    AppVPublishing/Sync/PublishXML|String|Custom value, entered by admin.| +|Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVDynamicPolicy/
    configurationid/Policy|String|Custom value, entered by admin.| \ No newline at end of file From b83f8f41c34bc5136e6e2a2678d355293f3affe3 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Tue, 12 Jun 2018 11:26:02 -0700 Subject: [PATCH 170/319] Add new functionality for existing ASR rule. --- .../attack-surface-reduction-exploit-guard.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 5fcdb543ec..344fe9385a 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 05/30/2018 +ms.date: 06/12/2018 --- @@ -127,6 +127,8 @@ Office apps, such as Word or Excel, will not be allowed to create child processe This is a typical malware behavior, especially for macro-based attacks that attempt to use Office apps to launch or download malicious executables. +In Windows 10, version 1803 and later, this rule also blocks suspicious apps from being launched through Outlook or Access. + ### Rule: Block Office applications from creating executable content This rule targets typical behaviors used by suspicious and malicious add-ons and scripts (extensions) that create or launch executable files. This is a typical malware technique. From 9b80f217466ba7935adef9e180a6bf591f3f77ef Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Tue, 12 Jun 2018 11:47:21 -0700 Subject: [PATCH 171/319] Add reviewer changes. --- .../attack-surface-reduction-exploit-guard.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 344fe9385a..4085972ad5 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -123,12 +123,10 @@ This rule blocks the following file types from being run or launched from an ema ### Rule: Block Office applications from creating child processes -Office apps, such as Word or Excel, will not be allowed to create child processes. +Office apps will not be allowed to create child processes. This includes Word, Excel, PowerPoint, OneNote, Outlook, and Access. This is a typical malware behavior, especially for macro-based attacks that attempt to use Office apps to launch or download malicious executables. -In Windows 10, version 1803 and later, this rule also blocks suspicious apps from being launched through Outlook or Access. - ### Rule: Block Office applications from creating executable content This rule targets typical behaviors used by suspicious and malicious add-ons and scripts (extensions) that create or launch executable files. This is a typical malware technique. From 3a2606394c93471343771cc38fcc355844beec6a Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Tue, 12 Jun 2018 19:23:14 +0000 Subject: [PATCH 172/319] Updated inclusive-classroom-it-admin.md, fixed up the tables --- .../inclusive-classroom-it-admin.md | 54 +++++++++---------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/education/get-started/inclusive-classroom-it-admin.md b/education/get-started/inclusive-classroom-it-admin.md index 1367c70c95..0deaac12fc 100644 --- a/education/get-started/inclusive-classroom-it-admin.md +++ b/education/get-started/inclusive-classroom-it-admin.md @@ -18,37 +18,37 @@ ms.date: 03/18/2018 ## Inclusive Classroom features |Reading features|Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | -|---|---|---|---|---|---|---|---|---|---| -| Read aloud with simultaneous highlighting | OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    Word 2016, Word Online, Word Mac, Word for iOS
    Outlook 2016, Outlook Web Access
    Office Lens on iOS | |

    X

    |

    X

    |

    X

    | | -| Adjustable text spacing and font size |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iPad
    • Outlook Web Access
    • Office Lens on iOS
    | |

    X

    |

    X

    |

    X

    | | -| Syllabification |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word Online
    • Outlook Web Access
    | |

    X

    |

    X

    |

    X

    | | -| Parts of speech identification |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS
    | |

    X

    | | | | -| Line focus mode |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS
    | | | | | | -| Picture Dictionary |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS
    | | | | | | +|---|---|---|---|---|---|---| +| Read aloud with simultaneous highlighting |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (Not including Word for iOS, Word Online, Outlook Web Access, or Office Lens)

    |

    X

    |

    X

    (Not including Outlook PC)

    |

    X

    (Not including any OneNote apps or Outlook PC)

    | +| Adjustable text spacing and font size |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iPad
    • Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (Not including Word for iOS, Word Online, Outlook Web Access, or Office Lens)

    |

    X

    |

    X

    |

    X

    (Not including any OneNote apps)

    | +| Syllabification |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word Online
    • Outlook Web Access
    | |

    X

    (Not including Word for iOS, Word Online, Outlook Web Access)

    |

    X

    (Not including Word iOS)

    |

    X

    (Not including Word iOS)

    |

    X

    (Not including any OneNote apps or Word iOS)

    | +| Parts of speech identification |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (Not including Word Online, Outlook Web Access)

    |

    X

    (Not including any OneNote apps)

    |

    X

    (Not including any OneNote apps)

    |

    X

    (Not including any OneNote apps)

    | +| Line focus mode |
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (Not including Word Online, Outlook Web Access)

    |

    X

    (Not including any OneNote apps)

    |

    X

    (Not including any OneNote apps)

    |

    X

    (Not including any OneNote apps)

    | +| Picture Dictionary |
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (Not including Word Online, Outlook Web Access)

    |

    X

    (Not including any OneNote apps)

    |

    X

    (Not including any OneNote apps)

    |

    X

    (Not including any OneNote apps)

    |
    -| Writing and proofing features | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | Office 365 Web | Office Mac | Office iPad | -|---|---|---|---|---|---|---|---|---|---| -| Dictation |
    • OneNote 2016, OneNote for Windows 10
    • Word 2016
    • Outlook 2016
    • PowerPoint 2016
    | |

    X

    |

    X

    | | | | | | -| Spelling suggestions for phonetic misspellings |
    • Word 2016, Word Online, Word for Mac
    • Outlook 2016
    | |

    X

    |

    X

    |

    X

    | | | | | -| Synonyms alongside spelling suggestions that can be read aloud |
    • Word 2016
    • Outlook 2016
    | |

    X

    |

    X

    |

    X

    | | | | | -| Grammar checks |
    • Word 2016, Word Online, Word for Mac
    • Outlook 2016
    | |

    X

    |

    X

    | | | | | | -| Customizable writing critiques |
    • Word 2016, Word for Mac
    • Outlook 2016
    | |

    X

    |

    X

    | | | | | | -| Tell me what you want to do |
    • Office 2016
    • Office Online
    • Office on iOS, Android, Windows 10
    | |

    X

    |

    X

    |

    X

    | |

    X

    | | | -| Editor |
    • Word 2016
    | |

    X

    |

    X

    | | | | | | +| Writing and proofing features | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | +|---|---|---|---|---|---|---| +| Dictation |
    • OneNote 2016, OneNote for Windows 10
    • Word 2016
    • Outlook 2016
    • PowerPoint 2016
    | |

    X

    |

    X

    | | | +| Spelling suggestions for phonetic misspellings |
    • Word 2016, Word Online, Word for Mac
    • Outlook 2016
    | |

    X

    |

    X

    |

    X

    | | +| Synonyms alongside spelling suggestions that can be read aloud |
    • Word 2016
    • Outlook 2016
    | |

    X

    |

    X

    |

    X

    | | +| Grammar checks |
    • Word 2016, Word Online, Word for Mac
    • Outlook 2016
    | |

    X

    |

    X

    | | | +| Customizable writing critiques |
    • Word 2016, Word for Mac
    • Outlook 2016
    | |

    X

    |

    X

    | | | +| Tell me what you want to do |
    • Office 2016
    • Office Online
    • Office on iOS, Android, Windows 10
    | |

    X

    |

    X

    |

    X

    | | +| Editor |
    • Word 2016
    | |

    X

    |

    X

    | | |
    -| Creating accessible content features | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | Office 365 Web | Office Mac | Office iPad | -|---|---|---|---|---|---|---|---|---|---| -| Accessibility Checker |
    • All Office 365 authoring applications on PC, Mac, Web
    | |

    X

    | | | | | | | -| Accessible Templates |
    • Word for PCs, Mac
    • Excel for PCs, Mac
    • PowerPoint for PCs, Mac
    • Sway on iOS, Web, Windows 10
    | |

    X

    | | | | | | | -| Ability to add alt-text for images |
    • Word for PCs (includes automatic suggestions for image descriptions)
    • SharePoint Online (includes automatic suggestions for image descriptions)
    • PowerPoint for PCs (includes automatic suggestions for image descriptions)
    • OneNote (includes automatic extraction of text in images)
    • All Office 365 authoring applications (include ability to add alt-text manually)
    | |

    X

    | | | | | | | -| Ability to add captions to videos |
    • PowerPoint for PCs
    • Sway on iOS, Web, Windows 10
    | |

    X

    | | | | | | | -| Export as tagged PDF |
    • Word for PCs, Mac
    • Sway on iOS, Web, Windows 10
    | | | | | | | | | -| Ability to request accessible content |
    • Outlook Web Access
    | | | | | | | | | +| Creating accessible content features | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | +|---|---|---|---|---|---|---| +| Accessibility Checker |
    • All Office 365 authoring applications on PC, Mac, Web
    | |

    X

    | | | | +| Accessible Templates |
    • Word for PCs, Mac
    • Excel for PCs, Mac
    • PowerPoint for PCs, Mac
    • Sway on iOS, Web, Windows 10
    | |

    X

    | | | | +| Ability to add alt-text for images |
    • Word for PCs (includes automatic suggestions for image descriptions)
    • SharePoint Online (includes automatic suggestions for image descriptions)
    • PowerPoint for PCs (includes automatic suggestions for image descriptions)
    • OneNote (includes automatic extraction of text in images)
    • All Office 365 authoring applications (include ability to add alt-text manually)
    | |

    X

    | | | | +| Ability to add captions to videos |
    • PowerPoint for PCs
    • Sway on iOS, Web, Windows 10
    | |

    X

    | | | | +| Export as tagged PDF |
    • Word for PCs, Mac
    • Sway on iOS, Web, Windows 10
    | | | | | | +| Ability to request accessible content |
    • Outlook Web Access
    | | | | | |
    -| Communication features | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | Office 365 Web | Office Mac | Office iPad | -|---|---|---|---|---|---|---|---|---|---| -| Microsoft Translator |
    • Word 2016
    • Excel 2016
    • "Translator for Outlook" Add-in
    • PowerPoint 2016 (and PowerPoint Garage Add-in
    |

    X

    |

    X

    |

    X

    |

    X

    |

    X

    | | | | +| Communication features | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | +|---|---|---|---|---|---|---| +| Microsoft Translator |
    • Word 2016
    • Excel 2016
    • "Translator for Outlook" Add-in
    • PowerPoint 2016 (and PowerPoint Garage Add-in)
    |

    X

    |

    X

    |

    X

    |

    X

    |

    X

    |
    \ No newline at end of file From 596329a76b5009bc00112ffbe93ceaa3bc68d3e8 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 12 Jun 2018 12:24:16 -0700 Subject: [PATCH 173/319] Edit spacing --- .../application-management/app-v/appv-available-mdm-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md index 4d0eaf7540..3c0cae1e21 100644 --- a/windows/application-management/app-v/appv-available-mdm-settings.md +++ b/windows/application-management/app-v/appv-available-mdm-settings.md @@ -28,4 +28,4 @@ With Windows 10, version 1703, you can configure, deploy, and manage your App-V |SyncStatusDescription|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/SyncStatusDescription|String|- **0**: App-V publishing is idle.
    - **1**: App-V connection groups publish in progress.
    - **2**: App-V packages (non-connection group) publish in progress.
    - **3**: App-V packages (connection group) publish in progress.
    - **4**: App-V packages unpublish in progress.| |SyncProgress|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVPublishing/LastSync/SyncProgress|String|- **0**: App-V Sync is idle.
    - **1**: App-V Sync is initializing.
    - **2**: App-V Sync is in progress.
    - **3**: App-V Sync is complete.
    - **4**: App-V Sync requires device reboot.| |PublishXML|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/
    AppVPublishing/Sync/PublishXML|String|Custom value, entered by admin.| -|Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/ AppVDynamicPolicy/
    configurationid/Policy|String|Custom value, entered by admin.| \ No newline at end of file +|Policy|Windows 10, version 1703|./Vendor/MSFT/EnterpriseAppVManagement/
    AppVDynamicPolicy/configurationid/Policy|String|Custom value, entered by admin.| \ No newline at end of file From 267d6b1e42cb7642f7a1b5605075a2cac7d8cdb3 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Tue, 12 Jun 2018 19:44:52 +0000 Subject: [PATCH 174/319] Merged PR 9009: fix link --- devices/hololens/hololens-provisioning.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens-provisioning.md b/devices/hololens/hololens-provisioning.md index 86631b4976..c1a90edadb 100644 --- a/devices/hololens/hololens-provisioning.md +++ b/devices/hololens/hololens-provisioning.md @@ -22,7 +22,7 @@ Some of the HoloLens configurations that you can apply in a provisioning package - Set up a Wi-Fi connection - Apply certificates to the device -To create provisioning packages, you must install Windows Configuration Designer [from Microsoft Store]((https://www.microsoft.com/store/apps/9nblggh4tx22)) or [from the Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). If you install Windows Configurations Designer from the Windows ADK, select **Configuration Designer** from the **Select the features you want to install** dialog box. +To create provisioning packages, you must install Windows Configuration Designer [from Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22) or [from the Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). If you install Windows Configurations Designer from the Windows ADK, select **Configuration Designer** from the **Select the features you want to install** dialog box. From 26a9473445983b5435f5f1ff17a105b4f4a6b8da Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 12 Jun 2018 13:03:25 -0700 Subject: [PATCH 175/319] added new topic for isg --- .../TOC.md | 1 + ...control-with-intelligent-security-graph.md | 142 ++++++++++++++++++ 2 files changed, 143 insertions(+) create mode 100644 windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.md b/windows/security/threat-protection/windows-defender-application-control/TOC.md index 4bf7c5ff89..1d9c033045 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.md +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.md @@ -18,6 +18,7 @@ ### [Merge WDAC policies](merge-windows-defender-application-control-policies.md) ### [Enforce WDAC policies](enforce-windows-defender-application-control-policies.md) ### [Deploy WDAC with a managed installer](use-windows-defender-application-control-with-managed-installer.md) +### [Deploy WDAC with Intelligent Security Graph (ISG)](use-windows-defender-application-control-with-intelligent-security-graph.md) ### [Deploy WDAC policies using Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md) ### [Deploy WDAC policies using Intune](deploy-windows-defender-application-control-policies-using-intune.md) ### [Use code signing to simplify application control for classic Windows applications](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md new file mode 100644 index 0000000000..57f5838a42 --- /dev/null +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md @@ -0,0 +1,142 @@ +--- +title: Deploy Windows Defender Application Control with Intelligent Security Graph (ISG) (Windows 10) +description: Automatically authorize applications that Microsoft’s ISG recognizes as having known good reputation. +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: high +author: mdsakibMSFT +ms.date: 03/01/2018 +--- + +# Use Windows Defender Application Control (WDAC) with the Microsoft Intelligent Security Graph + +**Applies to:** + +- Windows 10 +- Windows Server 2016 + + +```code + + + + + + + + + + + + + + + + + + + + + + + +``` + +## Enable service enforcement in AppLocker policy + +Since many installation processes rely on services, it is typically necessary to enable tracking of services. +Correct tracking of services requires the presence of at least one rule in the rule collection – a simple audit only rule will suffice. +For example: + +```code + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` + +### Enable the managed installer option in WDAC policy + +In order to enable trust for the binaries laid down by managed installers, the Allow: Managed Installer option must be specified in your WDAC policy. +This can be done by using the [Set-RuleOption cmdlet](https://docs.microsoft.com/powershell/module/configci/set-ruleoption). +An example of the managed installer option being set in policy is shown below. + +```code + + + + + + + + + + + + + + + + + +``` + +## Security considerations with managed installer + +Since managed installer is a heuristic-based mechanism, it does not provide the same security guarantees that explicit allow or deny rules do. +It is best suited for deployment to systems where each user is configured as a standard user and where all software is deployed and installed by a software distribution solution, such as System Center Configuration Manager. + +Users with administrator privileges or malware running as an administrator user on the system may be able to circumvent the intent of Windows Defender Application Control when the managed installer option is allowed. +If the authorized managed installer process performs installations in the context of a user with standard privileges, then it is possible that standard users or malware running as standard user may be able to circumvent the intent of Windows Defender Application Control. +Some application installers include an option to automatically run the application at the end of the installation process. If this happens when the installer is run by a managed installer, then the managed installer's heuristic tracking and authorization may continue to apply to all files created during the first run of the application. This could result in over-authorization for executables that were not intended. +To avoid this, ensure that the application deployment solution being used as a managed installer limits running applications as part of installation. + +## Known limitations with managed installer + +- Application execution control based on managed installer does not support applications that self-update. +If an application deployed by a managed installer subsequently updates itself, the updated application files will no longer include the managed installer origin information and will not be authorized to run. +Enterprises should deploy and install all application updates using the managed installer. +In some cases, it may be possible to also designate an application binary that performs the self-updates as a managed installer. +Proper review for functionality and security should be performed for the application before using this method. + +- Although WDAC policies can be deployed in both audit and enforced mode, the managed installer option is currently only recommended for use with policies set to enforced except in lab environments. +Using the managed installer option with WDAC policies set to audit only may result in unexpected behavior if the policy is subsequently changed to enforced mode. + +- Modern apps deployed through a managed installer will not be tracked by the managed installer heuristic and will need to be separately authorized in your WDAC policy. + +- Executables that extract files and then attempt to execute may not be allowed by the managed installer heuristic. +In some cases, it may be possible to also designate an application binary that performs such an operation as a managed installer. +Proper review for functionality and security should be performed for the application before using this method. + +- The managed installer heuristic does not authorize drivers. +The WDAC policy must have rules that allow the necessary drivers to run. + +- In some cases, the code integrity logs where WDAC errors and warnings are written will contain error events for native images generated for .NET assemblies. +Typically, the error is functionally benign as a blocked native image will result in the corresponding assembly being re-interpreted. +Review for functionality and performance for the related applications using the native images maybe necessary in some cases. From 1b3717b4e850e9916028733b3cf8cd0f2e666b80 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Tue, 12 Jun 2018 13:27:24 -0700 Subject: [PATCH 176/319] fixing some typos --- windows/deployment/update/update-compliance-get-started.md | 2 +- windows/deployment/upgrade/upgrade-readiness-get-started.md | 2 +- windows/deployment/upgrade/upgrade-readiness-requirements.md | 5 +++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 9887546277..9d1b01ce0f 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -30,7 +30,7 @@ Update Compliance is offered as a solution in the Microsoft Operations Managemen If you are already using OMS, skip to step **6** to add Update Compliance to your workspace. >[!NOTE] ->If you are already using OMS, you can also follow [this link](https://portal.mms.microsoft.com/#Workspace/ipgallery/details/details/index?IPId=WaaSUpdateInsights) to go directly to the Device Health solution and add it to your workspace. +>If you are already using OMS, you can also follow [this link](https://portal.mms.microsoft.com/#Workspace/ipgallery/details/details/index?IPId=WaaSUpdateInsights) to go directly to the Update Compliance solution and add it to your workspace. If you are not yet using OMS, use the following steps to subscribe to OMS Update Compliance: diff --git a/windows/deployment/upgrade/upgrade-readiness-get-started.md b/windows/deployment/upgrade/upgrade-readiness-get-started.md index 3ee8a1a528..2972c0ff9c 100644 --- a/windows/deployment/upgrade/upgrade-readiness-get-started.md +++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md @@ -50,7 +50,7 @@ If you are already using OMS, you’ll find Upgrade Readiness in the Solutions G If you are not using OMS or Azure Log Analytics: 1. Go to [Log Analytics](https://azure.microsoft.com/services/log-analytics/) on Microsoft.com and select **Start free** to start the setup process. During the process, you’ll create a workspace and add the Upgrade Readiness solution to it. -2. Sign in to Operations Management Suite (OMS or Azure Log Analytics You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. +2. Sign in to Operations Management Suite (OMS) or Azure Log Analytics. You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. 3. Create a new workspace. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**. 4. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator. diff --git a/windows/deployment/upgrade/upgrade-readiness-requirements.md b/windows/deployment/upgrade/upgrade-readiness-requirements.md index 538d13cb2a..7695e28a28 100644 --- a/windows/deployment/upgrade/upgrade-readiness-requirements.md +++ b/windows/deployment/upgrade/upgrade-readiness-requirements.md @@ -21,7 +21,7 @@ To perform an in-place upgrade, user computers must be running the latest versio The compatibility update that sends diagnostic data from user computers to Microsoft data centers works with Windows 7 SP1 and Windows 8.1 only. Upgrade Readiness cannot evaluate Windows XP or Windows Vista for upgrade eligibility. - + If you need to update user computers to Windows 7 SP1 or Windows 8.1, use Windows Update or download and deploy the applicable package from the Microsoft Download Center. @@ -44,7 +44,8 @@ If you’re already using OMS or Azure Log Analytics, you’ll find Upgrade Read If you are not using OMS or Azure Log Analytics, go to [Log Analytics](https://azure.microsoft.com/services/log-analytics/) on Microsoft.com and select **Start free** to start the setup process. During the process, you’ll create a workspace and add the Upgrade Readiness solution to it. ->[!IMPORTANT] You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory, use a Work >or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. You also need an Azure subscription to link to your OMS workspace. The account you used to create the workspace must have administrator permissions on the Azure subscription in order to link the workspace to the Azure account. Once the link has been established, you can revoke the administrator permissions. +>[!IMPORTANT] +>You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory, use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. You also need an Azure subscription to link to your OMS workspace. The account you used to create the workspace must have administrator permissions on the Azure subscription in order to link the workspace to the Azure account. Once the link has been established, you can revoke the administrator permissions. ## System Center Configuration Manager integration From 1e12726a502bb1f81f9de09cedeadf8a8c2cb2c8 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 12 Jun 2018 14:04:09 -0700 Subject: [PATCH 177/319] Finished cleanup --- ...y-the-deployment-configuration-file-with-powershell.md | 7 ++----- ...v-apply-the-user-configuration-file-with-powershell.md | 8 ++++---- .../app-v/appv-available-mdm-settings.md | 4 ++-- 3 files changed, 8 insertions(+), 11 deletions(-) diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md index a3958c5d49..f55d0d1e05 100644 --- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md +++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md @@ -12,10 +12,7 @@ ms.date: 06/12/2018 >Applies to: Windows 10, version 1607 -The dynamic deployment configuration file is applied when a package is added or set to a computer running the App-V client before the package has been published. The file configures the default settings of the package that all users share on the computer running the App-V client. This section will tell you how to use a deployment configuration file. The procedure is based on the following example and assumes the following package and configuration files exist on a computer: - -* C:\\Packages\\Contoso\\MyApp.appv -* C:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml +When you add or set a package to a computer running the App-V client before it's been published, a dynamic deployment configuration file is applied to it. The dynamic deployment configuration file configures the default settings for the package that all users share on the computer running the App-V client. This section will tell you how to use a deployment configuration file. ## Apply the deployment configuration file with Windows PowerShell @@ -34,7 +31,7 @@ Add-AppVClientPackage -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentCon ``` >[!NOTE] ->This command captures the resulting object into $pkg. If the package is already present on the computer, the **Set-AppVclientPackage** cmdlet can be used to apply the deployment configuration document: +>This command captures the resulting object into $pkg. If the package is already present on the computer, you can use the **Set-AppVclientPackage** cmdlet to apply the deployment configuration document: ```PowerShell Set-AppVClientPackage -Name Myapp -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration C:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml diff --git a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md index c115854e06..b51f7ac212 100644 --- a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md +++ b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md @@ -12,18 +12,18 @@ ms.date: 06/12/2018 >Applies to: Windows 10, version 1607 -The dynamic user configuration file is applied when a package is published to a specific user and determines how the package will run. +When you publish a package to a specific user, you'll also need to specify a dynamic user configuration file to tell that package how to run. ## Apply a user configuration file -You can follow these steps to specify a user-specific configuration file: +Here's how to specify a user-specific configuration file: >[!NOTE] ->The following procedure uses the following example file path for its package: +>The following example cmdlets use this example file path for its package: > >* C:\\Packages\\Contoso\\MyApp.appv. > ->f your package file uses a different file path than the example, feel free to replace it as needed. +>If your package file uses a different file path than the example, feel free to replace it as needed. 1. Enter the following cmdlet in Windows PowerShell to add the package to the computer: diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md index 3c0cae1e21..9ccb2510ea 100644 --- a/windows/application-management/app-v/appv-available-mdm-settings.md +++ b/windows/application-management/app-v/appv-available-mdm-settings.md @@ -6,11 +6,11 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 06/12/2018 --- # Available Mobile Device Management (MDM) settings for App-V -With Windows 10, version 1703, you can configure, deploy, and manage your App-V apps by using these Mobile Device Management (MDM) settings. For the full list of available settings, see the [EnterpriseAppVManagement CSP](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/enterpriseappvmanagement-csp) page. +With Windows 10, version 1703, you can configure, deploy, and manage your App-V apps with the following Mobile Device Management (MDM) settings. For the full list of available settings, see the [EnterpriseAppVManagement CSP](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/enterpriseappvmanagement-csp) page. |Policy name|Supported versions|URI full path|Data type|Values| |---|---|---|---|---| From 326a6637c42d37100cb6c98c2bee6e70a5ffb4c4 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 12 Jun 2018 14:09:06 -0700 Subject: [PATCH 178/319] Attempt to fix cmdlet formatting --- ...ply-the-deployment-configuration-file-with-powershell.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md index f55d0d1e05..1fe64baff9 100644 --- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md +++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md @@ -33,9 +33,9 @@ Add-AppVClientPackage -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentCon >[!NOTE] >This command captures the resulting object into $pkg. If the package is already present on the computer, you can use the **Set-AppVclientPackage** cmdlet to apply the deployment configuration document: - ```PowerShell - Set-AppVClientPackage -Name Myapp -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration C:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml - ``` + ```PowerShell + Set-AppVClientPackage -Name Myapp -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration C:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml + ``` ## Have a suggestion for App-V? From bdbea031da2c54910b31f5f32ac28bbb108032ff Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 12 Jun 2018 14:28:50 -0700 Subject: [PATCH 179/319] Attempt to fix formatting again for powershell cmdlet --- ...ply-the-deployment-configuration-file-with-powershell.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md index 1fe64baff9..220186db45 100644 --- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md +++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md @@ -33,9 +33,9 @@ Add-AppVClientPackage -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentCon >[!NOTE] >This command captures the resulting object into $pkg. If the package is already present on the computer, you can use the **Set-AppVclientPackage** cmdlet to apply the deployment configuration document: - ```PowerShell - Set-AppVClientPackage -Name Myapp -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration C:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml - ``` + ```PowerShell + Set-AppVClientPackage -Name Myapp -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration C:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml + ``` ## Have a suggestion for App-V? From 2ca39b9ba2e77070b0894ef0fba582e6bdae0e4e Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 12 Jun 2018 14:30:14 -0700 Subject: [PATCH 180/319] Attempt to fix formatting again with brackets --- ...y-the-deployment-configuration-file-with-powershell.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md index 220186db45..90a114d137 100644 --- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md +++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md @@ -32,10 +32,10 @@ Add-AppVClientPackage -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentCon >[!NOTE] >This command captures the resulting object into $pkg. If the package is already present on the computer, you can use the **Set-AppVclientPackage** cmdlet to apply the deployment configuration document: - - ```PowerShell - Set-AppVClientPackage -Name Myapp -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration C:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml - ``` +> +> ```PowerShell +> Set-AppVClientPackage -Name Myapp -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration C:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml +> ``` ## Have a suggestion for App-V? From c0fa70b9c025b0cfb0377a9708071550d405376c Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Tue, 12 Jun 2018 21:44:36 +0000 Subject: [PATCH 181/319] Updated inclusive-classroom-it-admin.md, added final 3 sections --- .../inclusive-classroom-it-admin.md | 36 ++++++++++++++++--- 1 file changed, 32 insertions(+), 4 deletions(-) diff --git a/education/get-started/inclusive-classroom-it-admin.md b/education/get-started/inclusive-classroom-it-admin.md index 0deaac12fc..4daed3a54b 100644 --- a/education/get-started/inclusive-classroom-it-admin.md +++ b/education/get-started/inclusive-classroom-it-admin.md @@ -1,7 +1,7 @@ --- title: Inclusive Classroom IT Admin Guide description: Learning which Inclusive Classroom features are available in which apps and in which versions of Microsoft Office. -keywords: Test +keywords: Inclusive Classroom, Admin, Administrator, Microsoft Intune, Intune, Ease of Access, Office 365, account ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library @@ -11,12 +11,19 @@ ms.pagetype: edu ROBOTS: noindex,nofollow author: alhughes ms.author: alhughes -ms.date: 03/18/2018 +ms.date: 06/12/2018 --- # Inclusive Classroom IT Admin Guide +The following guide will show you what Inclusive Classroom features are available in which apps and which versions of Office. +You will also learn how to deploy apps using Intune, turn on or off Ease of access settings for users, and change how you pay for your Office 365 subscription. -## Inclusive Classroom features +1. [Inclusive Classroom features](#features) +2. [Deploying apps with Microsoft Intune](#intune) +3. [How to disable the Ease of Accesss settings for text in Windows 10](#ease) +4. [How to change your Office 365 account from monthly, semi-annual, or yearly](#account) + +## Inclusive Classroom features |Reading features|Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | |---|---|---|---|---|---|---| | Read aloud with simultaneous highlighting |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (Not including Word for iOS, Word Online, Outlook Web Access, or Office Lens)

    |

    X

    |

    X

    (Not including Outlook PC)

    |

    X

    (Not including any OneNote apps or Outlook PC)

    | @@ -51,4 +58,25 @@ ms.date: 03/18/2018 | Communication features | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | |---|---|---|---|---|---|---| | Microsoft Translator |
    • Word 2016
    • Excel 2016
    • "Translator for Outlook" Add-in
    • PowerPoint 2016 (and PowerPoint Garage Add-in)
    |

    X

    |

    X

    |

    X

    |

    X

    |

    X

    | -
    \ No newline at end of file +
    + +## Deploying apps with Microsoft Intune +Microsoft Intune can be used to deploy apps such as Immersive Reader and Mirosoft Translator to all the computers connected in the same groups. +1. Go to the Intune for Education portal and login with your account. +2. Select the **Apps** page. +3. Find the app your looking for either in the included list or if it's not there you can select **Add app** and download it from the Microsoft Store. +4. Selecting your app will show you if it has been deployed to any of the groups that have been set up. From the **Groups** page you can select **Change group assignment** and choose which groups you want to deploy the app(s) to. + +## How to disable the Ease of Accesss settings for text in Windows 10 +The Ease of Access settings in Windows 10 are very useful accessibility tools, but not every one needs them activated for their computer. With the following instructions you can turn off users ability to get to the Ease of access settings. +1. Go to the Intune for Education portal and login with your account. +2. Select the **Groups** page and then select your desired group. +3. Select **Settings** and under the **User access and device settings** section you find the toggle to set Ease of access to **Blocked** or **Not blocked**. +4. Select **Save** after making your selection. + +## How to change your Office 365 account from monthly, semi-annual, or yearly +Depending on how you plan to do billing, you can have Office 365 accounts that are set to renew monthly, semi-annually, or yearly. +1. Sign in to your services and subscriptions with your Microsoft account. +2. Find the subscription in the list, then select **Change how you pay**. + >**Note:** If you don't see **Change how you pay**, it could be because auto-renew is not turned on. You won't be able to change how you pay if auto-renew is off because the subscription has already been paid and will end when its duration expires. +3. Choose a new way to pay from the list or select **Add a new way to pay** and follow the instructions. \ No newline at end of file From 9a9257760d00e1b8a9e70a9431528ceeee2dcd32 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 12 Jun 2018 14:58:38 -0700 Subject: [PATCH 182/319] Next attempt to fix formatting --- ...ply-the-deployment-configuration-file-with-powershell.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md index 90a114d137..9010d42763 100644 --- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md +++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md @@ -33,9 +33,9 @@ Add-AppVClientPackage -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentCon >[!NOTE] >This command captures the resulting object into $pkg. If the package is already present on the computer, you can use the **Set-AppVclientPackage** cmdlet to apply the deployment configuration document: > -> ```PowerShell -> Set-AppVClientPackage -Name Myapp -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration C:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml -> ``` +> ```PowerShell +> Set-AppVClientPackage -Name Myapp -Path C:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration C:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml +> ``` ## Have a suggestion for App-V? From 750fbbabb8e7b7e8425a0952e168d68458bf673c Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 12 Jun 2018 15:21:45 -0700 Subject: [PATCH 183/319] Fixed formatting and placement of related topics section for consistency --- .../app-v/appv-auto-clean-unpublished-packages.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md index bb51d5cad8..25e56caeaf 100644 --- a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md +++ b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md @@ -51,12 +51,12 @@ Using Group Policy, you can turn on the **Enable automatic cleanup of unused App After your Group Policy updates and you reset the client, the setting will clean up any unpublished App-V packages on the App-V client. -### Related topics +## Have a suggestion for App-V? + +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). + +## Related topics - [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) - [Download the Microsoft Application Virtualization 5.0 Client UI Application](https://www.microsoft.com/en-us/download/details.aspx?id=41186) -- [Using the App-V Client Management Console](appv-using-the-client-management-console.md) - -## Have a suggestion for App-V? - -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). \ No newline at end of file +- [Using the App-V Client Management Console](appv-using-the-client-management-console.md) \ No newline at end of file From d2bb6ad6664ece3cdacfe3b75056256968e7961c Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Tue, 12 Jun 2018 23:40:56 +0000 Subject: [PATCH 184/319] Updated inclusive-classroom-it-admin.md --- .../get-started/inclusive-classroom-it-admin.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/education/get-started/inclusive-classroom-it-admin.md b/education/get-started/inclusive-classroom-it-admin.md index 4daed3a54b..e095d037d3 100644 --- a/education/get-started/inclusive-classroom-it-admin.md +++ b/education/get-started/inclusive-classroom-it-admin.md @@ -15,8 +15,8 @@ ms.date: 06/12/2018 --- # Inclusive Classroom IT Admin Guide -The following guide will show you what Inclusive Classroom features are available in which apps and which versions of Office. -You will also learn how to deploy apps using Intune, turn on or off Ease of access settings for users, and change how you pay for your Office 365 subscription. +The following guide will show you what Inclusive Classroom features are available in which apps and which versions of Microsoft Office. +You will also learn how to deploy apps using Microsoft Intune, turn on or off Ease of access settings for users, and change how you pay for your Office 365 subscription. 1. [Inclusive Classroom features](#features) 2. [Deploying apps with Microsoft Intune](#intune) @@ -64,19 +64,19 @@ You will also learn how to deploy apps using Intune, turn on or off Ease of acce Microsoft Intune can be used to deploy apps such as Immersive Reader and Mirosoft Translator to all the computers connected in the same groups. 1. Go to the Intune for Education portal and login with your account. 2. Select the **Apps** page. -3. Find the app your looking for either in the included list or if it's not there you can select **Add app** and download it from the Microsoft Store. +3. Find the app you're looking for either in the included list or, if it's not there, you can select **Add app** and download it from the Microsoft Store. 4. Selecting your app will show you if it has been deployed to any of the groups that have been set up. From the **Groups** page you can select **Change group assignment** and choose which groups you want to deploy the app(s) to. -## How to disable the Ease of Accesss settings for text in Windows 10 +## How to disable the Ease of Access settings for text in Windows 10 The Ease of Access settings in Windows 10 are very useful accessibility tools, but not every one needs them activated for their computer. With the following instructions you can turn off users ability to get to the Ease of access settings. 1. Go to the Intune for Education portal and login with your account. 2. Select the **Groups** page and then select your desired group. -3. Select **Settings** and under the **User access and device settings** section you find the toggle to set Ease of access to **Blocked** or **Not blocked**. +3. Select **Settings** and under the **User access and device settings** section you will find the toggle to set **Ease of access** to **Blocked** or **Not blocked**. 4. Select **Save** after making your selection. ## How to change your Office 365 account from monthly, semi-annual, or yearly Depending on how you plan to do billing, you can have Office 365 accounts that are set to renew monthly, semi-annually, or yearly. -1. Sign in to your services and subscriptions with your Microsoft account. +1. Sign-in to your services and subscriptions with your Microsoft account. 2. Find the subscription in the list, then select **Change how you pay**. >**Note:** If you don't see **Change how you pay**, it could be because auto-renew is not turned on. You won't be able to change how you pay if auto-renew is off because the subscription has already been paid and will end when its duration expires. 3. Choose a new way to pay from the list or select **Add a new way to pay** and follow the instructions. \ No newline at end of file From e2cb4b031ab11b5695b30b435ef8e6ba34d75011 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 12 Jun 2018 17:24:28 -0700 Subject: [PATCH 185/319] update applies to, fix char, modify console use --- ...evel-windows-defender-advanced-threat-protection.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md index a542df63b1..677d282889 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Onboard previous versions of Windows on Windows Defender ATP description: Onboard supported previous versions of Windows machines so that they can send sensor data to the Windows Defender ATP sensor -keywords: onboard, windows, 7, 8, oms, sp1, enterprise, pro, down level +keywords: onboard, windows, 7, oms, sp1, enterprise, pro, down level search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 06/11/2018 +ms.date: 06/17/2018 --- # Onboard Windows previous versions of Windows @@ -19,15 +19,13 @@ ms.date: 06/11/2018 - Windows 7 SP1 Enterprise - Windows 7 SP1 Pro -- Windows 8.1 Enterprise -- Windows 8.1 Pro - Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] -Windows Defender ATP extends support to also include down-level operating systems, providing advanced attack detection and investigation capabilities, seamlessly through the Windows Defender Security Center console. +Windows Defender ATP extends support to also include down-level operating systems, providing advanced attack detection and investigation capabilities on supported Windows versions. -To onboard down-level Windows client endpoints to Windows Defender ATP, youll need to: +To onboard down-level Windows client endpoints to Windows Defender ATP, you'll need to: - Configure and update System Center Endpoint Protection clients. - Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Windows Defender ATP as instructed below. From 99c0736647e9edddff7cbc6cfaec77009de4bbaa Mon Sep 17 00:00:00 2001 From: Martin Adler <1208749+EagleIJoe@users.noreply.github.com> Date: Wed, 13 Jun 2018 12:51:37 +0200 Subject: [PATCH 186/319] Corrected examples XML syntax Upper case boolean values caused parser error Ending XML closing tag invalidates file --- .../app-v/appv-auto-batch-updating.md | 92 +++++++++---------- 1 file changed, 45 insertions(+), 47 deletions(-) diff --git a/windows/application-management/app-v/appv-auto-batch-updating.md b/windows/application-management/app-v/appv-auto-batch-updating.md index 1d96b18fb8..ff99b0273a 100644 --- a/windows/application-management/app-v/appv-auto-batch-updating.md +++ b/windows/application-management/app-v/appv-auto-batch-updating.md @@ -41,29 +41,28 @@ Updating multiple apps at the same time requires that you create a **ConfigFile* **Example:** ```XML - - - Skype for Windows Update - D:\Install\Update\SkypeforWindows - SkypeSetup.exe - /S - C:\App-V_Package\Microsoft_Apps\skypeupdate.appv - 20 - True - True - - - Microsoft Power BI Update - D:\Install\Update\PowerBI - PBIDesktop.msi - /S - C:\App-V_Package\MS_Apps\powerbiupdate.appv - 20 - True - True - - - + + + Skype for Windows Update + D:\Install\Update\SkypeforWindows + SkypeSetup.exe + /S + C:\App-V_Package\Microsoft_Apps\skypeupdate.appv + 20 + true + true + + + Microsoft Power BI Update + D:\Install\Update\PowerBI + PBIDesktop.msi + /S + C:\App-V_Package\MS_Apps\powerbiupdate.appv + 20 + true + true + + ``` 3. Save your completed file under the name **ConfigFile**. @@ -101,29 +100,28 @@ Updating multipe apps at the same time requires that you create a **ConfigFile** ```XML - - - Skype for Windows Update - D:\Install\Update\SkypeforWindows - SkypeSetup.exe - /S - C:\App-V_Package\Microsoft_Apps\skypeupdate.appv - 20 - False - True - - - Microsoft Power BI Update - D:\Install\Update\PowerBI - PBIDesktop.msi - /S - C:\App-V_Package\MS_Apps\powerbiupdate.appv - 20 - False - True - - - + + + Skype for Windows Update + D:\Install\Update\SkypeforWindows + SkypeSetup.exe + /S + C:\App-V_Package\Microsoft_Apps\skypeupdate.appv + 20 + false + true + + + Microsoft Power BI Update + D:\Install\Update\PowerBI + PBIDesktop.msi + /S + C:\App-V_Package\MS_Apps\powerbiupdate.appv + 20 + false + true + + ``` ### Start the App-V Sequencer interface and app installation process @@ -157,4 +155,4 @@ There are three types of log files that occur when you sequence multiple apps at ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). \ No newline at end of file +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). From 9ab71bdb870712272a40959d82dff6fa8c1d547b Mon Sep 17 00:00:00 2001 From: Frank Gorgenyi Date: Wed, 13 Jun 2018 12:37:34 +0000 Subject: [PATCH 187/319] Merged PR 9015: Change Quick Pair to Swift Pair. Change Quick Pair to Swift Pair. --- windows/client-management/mdm/policy-csp-bluetooth.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md index 519bdfeb1f..1fb3b009d6 100644 --- a/windows/client-management/mdm/policy-csp-bluetooth.md +++ b/windows/client-management/mdm/policy-csp-bluetooth.md @@ -236,14 +236,14 @@ The following list shows the supported values: -Added in Windows 10, version 1803. This policy allows the IT admin to block users on these managed devices from using Quick Pair and other proximity based scenarios. +Added in Windows 10, version 1803. This policy allows the IT admin to block users on these managed devices from using Swift Pair and other proximity based scenarios. The following list shows the supported values: -- 0 - Disallow. Block users on these managed devices from using Quick Pair and other proximity based scenarios -- 1 - Allow. Allow users on these managed devices to use Quick Pair and other proximity based scenarios +- 0 - Disallow. Block users on these managed devices from using Swift Pair and other proximity based scenarios +- 1 - Allow. Allow users on these managed devices to use Swift Pair and other proximity based scenarios From 18f3d7f9b13a10de950050a888ccd3deb47c0780 Mon Sep 17 00:00:00 2001 From: Christopher McClister Date: Wed, 13 Jun 2018 08:26:54 -0700 Subject: [PATCH 188/319] Added ms.collection meta data to Education hub per Lauren Moynihan --- education/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/education/index.md b/education/index.md index 424b52680d..c78b456b9e 100644 --- a/education/index.md +++ b/education/index.md @@ -6,6 +6,7 @@ description: Learn about product documentation and resources available for schoo author: CelesteDG ms.topic: hub-page ms.author: celested +ms.collection: ITAdminEDU ms.date: 10/30/2017 ---
    From 79dfc736790d239eb0172e2ea9365323a5fc00f2 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Wed, 13 Jun 2018 08:52:54 -0700 Subject: [PATCH 189/319] Updated metadata dates --- ...v-apply-the-deployment-configuration-file-with-powershell.md | 2 +- .../appv-apply-the-user-configuration-file-with-powershell.md | 2 +- .../app-v/appv-auto-clean-unpublished-packages.md | 2 +- .../application-management/app-v/appv-available-mdm-settings.md | 2 +- ...-configure-access-to-packages-with-the-management-console.md | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md index 9010d42763..8d3a64000e 100644 --- a/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md +++ b/windows/application-management/app-v/appv-apply-the-deployment-configuration-file-with-powershell.md @@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 06/12/2018 +ms.date: 06/13/2018 --- # How to apply the deployment configuration file by using Windows PowerShell diff --git a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md index b51f7ac212..d8a04ef887 100644 --- a/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md +++ b/windows/application-management/app-v/appv-apply-the-user-configuration-file-with-powershell.md @@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 06/12/2018 +ms.date: 06/13/2018 --- # How to apply the user configuration file by using Windows PowerShell diff --git a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md index 25e56caeaf..cd9c6096a7 100644 --- a/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md +++ b/windows/application-management/app-v/appv-auto-clean-unpublished-packages.md @@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 06/12/2018 +ms.date: 06/13/2018 --- # Automatically clean up unpublished packages on the App-V client diff --git a/windows/application-management/app-v/appv-available-mdm-settings.md b/windows/application-management/app-v/appv-available-mdm-settings.md index 9ccb2510ea..d254a8b4b7 100644 --- a/windows/application-management/app-v/appv-available-mdm-settings.md +++ b/windows/application-management/app-v/appv-available-mdm-settings.md @@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 06/12/2018 +ms.date: 06/13/2018 --- # Available Mobile Device Management (MDM) settings for App-V diff --git a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md index f9a3d2bb7e..f44af0a19a 100644 --- a/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md +++ b/windows/application-management/app-v/appv-configure-access-to-packages-with-the-management-console.md @@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 06/12/2018 +ms.date: 06/13/2018 --- # How to Configure Access to Packages by Using the Management Console From 436fe714e3178bc5f9be0c3b65482a4cacdac780 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 13 Jun 2018 09:56:48 -0700 Subject: [PATCH 190/319] added bold to code snippet --- ...control-with-intelligent-security-graph.md | 151 ++++++------------ 1 file changed, 53 insertions(+), 98 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md index 57f5838a42..c5c738cc8e 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md @@ -15,11 +15,39 @@ ms.date: 03/01/2018 - Windows 10 - Windows Server 2016 +Application execution control can be difficult to implement in enterprises that do not have processes to effectively control the deployment of applications centrally through an IT managed system. +In such environments, users are empowered to acquire the applications they need for work, making accounting for all the applications that would need to be authorized for execution control a daunting task. -```code +Windows 10, version 1709 (also known as the Windows 10 Fall Creators Update) provides a new option, known as Intelligent Security Graph (ISG) authorization, that allows IT administrators to automatically authorize applications that Microsoft’s ISG recognizes as having known good reputation. The ISG option helps IT organizations take a significant first step towards going from having no application control at all to a simple means of preventing the execution of unknown and known bad software. + +## How does the integration between WDAC and the Intelligent Security Graph work? + +The ISG relies on Microsoft’s vast security intelligence and machine learning analytics to help classify applications as having known good reputation. When users download applications on a system with WDAC enabled with the ISG authorization option specified, the reputation of the downloaded file, commonly an installer, is used to determine whether to run the installer and then that original reputation information is passed along to any files that were written by the installer. When any of these files try to execute after they are installed the reputation data is used to help make the right policy authorization decision. + +After that initial download and installation, the WDAC component will check for the presence of the positive reputation information when evaluating other application execution control rules specified in the policy. If there are no deny rules present for the file, it will be authorized based on the known good reputation classification. + +The reputation data on the client is rechecked periodically and enterprises can also specify that any cached reputation results are flushed on reboot. + +>[!NOTE] +>Admins needs to ensure that there is a WDAC policy in place to allow the system to boot and run any other authorized applications that may not be classified as being known good by the Intelligent Security Graph, for example custom line-of-business (LOB) apps. Since the Intelligent Security Graph is powered by global prevalence data, internal LOB apps may not be recognized as being known good. Other mechanisms like managed installer and explicit rules will help cover internal applications. Both System Center Configuration Manager (SCCM) and Microsoft Intune can be used to create and push a WDAC policy to your client machines. + +Other examples of WDAC policies are available in C:\Windows\schemas\CodeIntegrity\ExamplePolicies and can help authorize Windows OS components, WHQL signed drivers and all Store apps. Admins can reference and customize them as needed for their Windows Defender Application Control deployment or [create a custom WDAC policy](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy). + +## Configuring Intelligent Security Graph authorization for Windows Defender Application Control + +Setting up the ISG authorization is easy regardless of what management solution you use. Configuring the ISG option involves these basic steps: + +- [Ensure that the ISG option is enabled in the WDAC policy XML](#ensure-that-the-intelligent-security-graph-option-is-enabled-in-the-wdac-policy-xml) +- [Enable the necessary services to allow WDAC to use the ISG correctly on the client](#enable-the-necessary-services-to-allow-wdac-to-use-the-isg-correctly-on-the-client) + +### Ensure that the Intelligent Security Graph option is enabled in the WDAC policy XML + +In order to enable trust for executables based on classifications in the ISG, the Enabled: Intelligent Security Graph authorization option must be specified in the WDAC policy. This can be done with the Set-RuleOption cmdlet. In addition it is recommended from a security perspective to also enable the Enabled:Invalidate EAs on Reboot option to invalidate the cached ISG results on reboot to force rechecking of applications against the ISG. Caution is advised if devices will regularly transition to and from environments that may not be able to access the ISG. An example of both options being set is shown below. + +
      
      
-       
+       
      
      
        
@@ -27,12 +55,12 @@ ms.date: 03/01/2018
      
        
      
-     
-       
-     
-     
-       
-     
+     
+       
+     
+     
+       
+     
      
        
      
@@ -40,103 +68,30 @@ ms.date: 03/01/2018
        
      
  
+
    + +### Enable the necessary services to allow WDAC to use the ISG correctly on the client + +In order for the heuristics used by the ISG to function properly, a number of component in Windows need to be enabled. The easiest way to do this is to run the appidtel executable in c:\windows\system32. + +``` +appidtel start ``` -## Enable service enforcement in AppLocker policy +For WDAC policies deployed over MDM using the AppLocker CSP this step is not required as the CSP will enable the necessary components. ISG enabled through the SCCM WDAC UX will not need this step but if custom policies are being deployed outside of the WDAC UX through SCCM then this step is required. -Since many installation processes rely on services, it is typically necessary to enable tracking of services. -Correct tracking of services requires the presence of at least one rule in the rule collection – a simple audit only rule will suffice. -For example: +## Security considerations with using the Intelligent Security Graph -```code - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -``` +Since the ISG is a heuristic-based mechanism, it does not provide the same security guarantees that explicit allow or deny rules do. It is best suited for deployment to systems where each user is configured as a standard user and there are other monitoring systems in place like Windows Defender Advanced Threat Protection to help provide optics into what users are doing. -### Enable the managed installer option in WDAC policy +Users with administrator privileges or malware running as an administrator user on the system may be able to circumvent the intent of WDAC when the ISG option is allowed by circumventing or corrupting the heuristics used to assign reputation to application executables. The ISG option uses the same heuristic tracking as managed installer and so for application installers that include an option to automatically run the application at the end of the installation process the heuristic may over-authorize. -In order to enable trust for the binaries laid down by managed installers, the Allow: Managed Installer option must be specified in your WDAC policy. -This can be done by using the [Set-RuleOption cmdlet](https://docs.microsoft.com/powershell/module/configci/set-ruleoption). -An example of the managed installer option being set in policy is shown below. +## Known limitations with using the Intelligent Security Graph -```code - - - - - - - - - - - - - - - - - -``` +Since the ISG relies on identifying executables as being known good there are cases where it may classify legitimate executables as unknown leading to blocks that need to be resolved either with a rule in the WDAC policy, a catalog signed by a certificate trusted in WDAC policy or by deployment through a WDAC managed installer. Typically this is due to an installer or application using a dynamic file as part of execution. These files do not tend to build up known good reputation. Auto-updating applications have also been observed using this mechanism and may be flagged by the ISG. -## Security considerations with managed installer +Modern apps are not supported with the ISG heuristic and will need to be separately authorized in your WDAC policy. As modern apps are signed by the Microsoft Store and Microsoft Store for Business it is straightforward to authorize modern apps with signer rules in the WDAC policy. -Since managed installer is a heuristic-based mechanism, it does not provide the same security guarantees that explicit allow or deny rules do. -It is best suited for deployment to systems where each user is configured as a standard user and where all software is deployed and installed by a software distribution solution, such as System Center Configuration Manager. +The ISG heuristic does not authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run. -Users with administrator privileges or malware running as an administrator user on the system may be able to circumvent the intent of Windows Defender Application Control when the managed installer option is allowed. -If the authorized managed installer process performs installations in the context of a user with standard privileges, then it is possible that standard users or malware running as standard user may be able to circumvent the intent of Windows Defender Application Control. -Some application installers include an option to automatically run the application at the end of the installation process. If this happens when the installer is run by a managed installer, then the managed installer's heuristic tracking and authorization may continue to apply to all files created during the first run of the application. This could result in over-authorization for executables that were not intended. -To avoid this, ensure that the application deployment solution being used as a managed installer limits running applications as part of installation. - -## Known limitations with managed installer - -- Application execution control based on managed installer does not support applications that self-update. -If an application deployed by a managed installer subsequently updates itself, the updated application files will no longer include the managed installer origin information and will not be authorized to run. -Enterprises should deploy and install all application updates using the managed installer. -In some cases, it may be possible to also designate an application binary that performs the self-updates as a managed installer. -Proper review for functionality and security should be performed for the application before using this method. - -- Although WDAC policies can be deployed in both audit and enforced mode, the managed installer option is currently only recommended for use with policies set to enforced except in lab environments. -Using the managed installer option with WDAC policies set to audit only may result in unexpected behavior if the policy is subsequently changed to enforced mode. - -- Modern apps deployed through a managed installer will not be tracked by the managed installer heuristic and will need to be separately authorized in your WDAC policy. - -- Executables that extract files and then attempt to execute may not be allowed by the managed installer heuristic. -In some cases, it may be possible to also designate an application binary that performs such an operation as a managed installer. -Proper review for functionality and security should be performed for the application before using this method. - -- The managed installer heuristic does not authorize drivers. -The WDAC policy must have rules that allow the necessary drivers to run. - -- In some cases, the code integrity logs where WDAC errors and warnings are written will contain error events for native images generated for .NET assemblies. -Typically, the error is functionally benign as a blocked native image will result in the corresponding assembly being re-interpreted. -Review for functionality and performance for the related applications using the native images maybe necessary in some cases. +In some cases, the code integrity logs where WDAC errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, the error is functionally benign as a blocked native image will result in the corresponding assembly being re-interpreted. Review for functionality and performance for the related applications using the native images maybe necessary in some cases. \ No newline at end of file From a33af7a063e817c9dd78174e6b196fd2c63e774d Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Wed, 13 Jun 2018 13:32:24 -0700 Subject: [PATCH 191/319] Corrected ASR rule functions. --- .../attack-surface-reduction-exploit-guard.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 4085972ad5..ef39fda490 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 06/12/2018 +ms.date: 06/13/2018 --- @@ -174,7 +174,6 @@ This rule attempts to block Office files that contain macro code that is capable This rule blocks the following file types from being run or launched unless they meet prevalence or age criteria set by admins, or they are in a trusted list or exclusion list: - Executable files (such as .exe, .dll, or .scr) -- Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file) ### Rule: Use advanced protection against ransomware From e7903a90bbcc957f988d2d36f2e6274084f47ae4 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 13 Jun 2018 13:52:18 -0700 Subject: [PATCH 192/319] fixed formatting --- ...control-with-intelligent-security-graph.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md index c5c738cc8e..f5dfca7d37 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md @@ -22,7 +22,7 @@ Windows 10, version 1709 (also known as the Windows 10 Fall Creators Update) pro ## How does the integration between WDAC and the Intelligent Security Graph work? -The ISG relies on Microsoft’s vast security intelligence and machine learning analytics to help classify applications as having known good reputation. When users download applications on a system with WDAC enabled with the ISG authorization option specified, the reputation of the downloaded file, commonly an installer, is used to determine whether to run the installer and then that original reputation information is passed along to any files that were written by the installer. When any of these files try to execute after they are installed the reputation data is used to help make the right policy authorization decision. +The ISG relies on Microsoft’s vast security intelligence and machine learning analytics to help classify applications as having known good reputation. When users download applications on a system with WDAC enabled with the ISG authorization option specified, the reputation of the downloaded file, commonly an installer, is used to determine whether to run the installer and then that original reputation information is passed along to any files that were written by the installer. When any of these files try to execute after they are installed, the reputation data is used to help make the right policy authorization decision. After that initial download and installation, the WDAC component will check for the presence of the positive reputation information when evaluating other application execution control rules specified in the policy. If there are no deny rules present for the file, it will be authorized based on the known good reputation classification. @@ -42,9 +42,9 @@ Setting up the ISG authorization is easy regardless of what management solution ### Ensure that the Intelligent Security Graph option is enabled in the WDAC policy XML -In order to enable trust for executables based on classifications in the ISG, the Enabled: Intelligent Security Graph authorization option must be specified in the WDAC policy. This can be done with the Set-RuleOption cmdlet. In addition it is recommended from a security perspective to also enable the Enabled:Invalidate EAs on Reboot option to invalidate the cached ISG results on reboot to force rechecking of applications against the ISG. Caution is advised if devices will regularly transition to and from environments that may not be able to access the ISG. An example of both options being set is shown below. +In order to enable trust for executables based on classifications in the ISG, the **Enabled: Intelligent Security Graph authorization** option must be specified in the WDAC policy. This can be done with the Set-RuleOption cmdlet. In addition, it is recommended from a security perspective to also enable the **Enabled:Invalidate EAs on Reboot** option to invalidate the cached ISG results on reboot to force rechecking of applications against the ISG. Caution is advised if devices will regularly transition to and from environments that may not be able to access the ISG. The following example shows both options being set. -
    +```code
  
      
        
@@ -55,12 +55,12 @@ In order to enable trust for executables based on classifications in the ISG, th
      
        
      
-     
-       
-     
-     
-       
-     
+    
+      
+    
+    
+       
+    
      
        
      
@@ -68,7 +68,7 @@ In order to enable trust for executables based on classifications in the ISG, th
        
      
  
-
    +``` ### Enable the necessary services to allow WDAC to use the ISG correctly on the client @@ -88,9 +88,9 @@ Users with administrator privileges or malware running as an administrator user ## Known limitations with using the Intelligent Security Graph -Since the ISG relies on identifying executables as being known good there are cases where it may classify legitimate executables as unknown leading to blocks that need to be resolved either with a rule in the WDAC policy, a catalog signed by a certificate trusted in WDAC policy or by deployment through a WDAC managed installer. Typically this is due to an installer or application using a dynamic file as part of execution. These files do not tend to build up known good reputation. Auto-updating applications have also been observed using this mechanism and may be flagged by the ISG. +Since the ISG relies on identifying executables as being known good, there are cases where it may classify legitimate executables as unknown, leading to blocks that need to be resolved either with a rule in the WDAC policy, a catalog signed by a certificate trusted in the WDAC policy or by deployment through a WDAC managed installer. Typically, this is due to an installer or application using a dynamic file as part of execution. These files do not tend to build up known good reputation. Auto-updating applications have also been observed using this mechanism and may be flagged by the ISG. -Modern apps are not supported with the ISG heuristic and will need to be separately authorized in your WDAC policy. As modern apps are signed by the Microsoft Store and Microsoft Store for Business it is straightforward to authorize modern apps with signer rules in the WDAC policy. +Modern apps are not supported with the ISG heuristic and will need to be separately authorized in your WDAC policy. As modern apps are signed by the Microsoft Store and Microsoft Store for Business. it is straightforward to authorize modern apps with signer rules in the WDAC policy. The ISG heuristic does not authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run. From a84f2885449ccb019c65048e9c19d06cf8b925ca Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 13 Jun 2018 13:56:08 -0700 Subject: [PATCH 193/319] fixed formatting --- ...ndows-defender-application-control-with-managed-installer.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md index efb071bcb1..badaf77f39 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: high author: mdsakibMSFT -ms.date: 03/01/2018 +ms.date: 06/13/2018 --- # Deploy Managed Installer for Windows Defender Application Control From 1650ac230c4b901630c9680ebb31c309a2e57356 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Wed, 13 Jun 2018 14:01:22 -0700 Subject: [PATCH 194/319] Incorp review --- .../attack-surface-reduction-exploit-guard.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md index 4085972ad5..c1ad13b4dd 100644 --- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md +++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md @@ -11,7 +11,7 @@ ms.pagetype: security localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 06/12/2018 +ms.date: 06/13/2018 --- @@ -187,6 +187,9 @@ Local Security Authority Subsystem Service (LSASS) authenticates users who log i >[!IMPORTANT] >[Exclusions do not apply to this rule](customize-attack-surface-reduction.md#exclude-files-and-folders). + >[!NOTE] + >Some apps are coded to enumerate all running processes and to attempt opening them with exhaustive permissions. This results in the app accessing LSASS even when it's not necessary. ASR will deny the app's process open action and log the details to the security event log. Entry in the event log for access denial by itself is not an indication of the presence of a malicious threat. + ### Rule: Block process creations originating from PSExec and WMI commands This rule blocks processes through PsExec and WMI commands from running, to prevent remote code execution that can spread malware attacks. From facc92390c2c008d60e772efc1edc7fe874b90ec Mon Sep 17 00:00:00 2001 From: Zane <34351912+zburtondbrs@users.noreply.github.com> Date: Wed, 13 Jun 2018 16:02:17 -0500 Subject: [PATCH 195/319] Update set-the-default-browser-using-group-policy.md The KB does not specify that this is a computer policy. Since there is not an equivalent user policy, I think that this should be explicitly stated. --- .../set-the-default-browser-using-group-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md index 899c3da6e3..900f6cbb17 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md +++ b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md @@ -17,7 +17,7 @@ You can use the Group Policy setting, **Set a default associations configuration **To set the default browser as Internet Explorer 11** -1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.

    +1. Open your Group Policy editor and go to the **Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.

    Turning this setting on also requires you to create and store a default associations configuration file, locally or on a network share. For more information about creating this file, see [Export or Import Default Application Associations]( https://go.microsoft.com/fwlink/p/?LinkId=618268). ![set default associations group policy setting](images/setdefaultbrowsergp.png) From 3f87dc491dbdba52acb699e5b5c0926809cefd10 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 13 Jun 2018 14:02:51 -0700 Subject: [PATCH 196/319] minor updates --- ...privacy-windows-defender-advanced-threat-protection.md | 6 +++--- ...censing-windows-defender-advanced-threat-protection.md | 2 +- ...rements-windows-defender-advanced-threat-protection.md | 6 +++--- ...ot-siem-windows-defender-advanced-threat-protection.md | 8 ++++---- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md index 7a7abff824..1f6735881b 100644 --- a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 03/06/2018 +ms.date: 06/13/2018 --- # Windows Defender ATP data storage and privacy @@ -27,7 +27,7 @@ This section covers some of the most frequently asked questions regarding privac ## What data does Windows Defender ATP collect? -Microsoft will collect and store information from your configured machines in a database specific to the service for administration, tracking, and reporting purposes. +Windows Defender ATP will collect and store information from your configured machines in a customer dedicate and segregated tenant specific to the service for administration, tracking, and reporting purposes. Information collected includes file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and machine details (such as machine identifiers, names, and the operating system version). @@ -51,7 +51,7 @@ In all scenarios, data is encrypted using 256-bit [AES encyption](https://en.wik ## Do I have the flexibility to select where to store my data? -When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in the United Kingdom, Europe, or in the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Customer data in de-identified form may also be stored in the central storage and processing systems in the United States. +When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in the European Union, the United Kingdom, or the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Customer data in de-identified form may also be stored in the central storage and processing systems in the United States. ## Is my data isolated from other customer data? Yes, your data is isolated through access authentication and logical segregation based on customer identifier. Each customer can only access data collected from its own organization and generic data that Microsoft provides. diff --git a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md index e64acc561c..30c94ffd40 100644 --- a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md @@ -66,7 +66,7 @@ When accessing the [Windows Defender ATP portal](https://SecurityCenter.Windows. You will need to set up your preferences for the Windows Defender ATP portal. -3. When onboarding the service for the first time, you can choose to store your data in the Microsoft Azure datacenters in the United Kingdom, Europe, or The United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation. +3. When onboarding the service for the first time, you can choose to store your data in the Microsoft Azure datacenters in the European Union, the United Kingdom, or the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation. > [!WARNING] > This option cannot be changed without completely offboarding from Windows Defender ATP and completing a new enrollment process. diff --git a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md index c4a8127477..bd53b3a21d 100644 --- a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -36,14 +36,14 @@ For more information, see [Windows 10 Enterprise edition](https://www.microsoft. ### Licensing requirements Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers: -- Windows 10 Enterprise E5 -- Windows 10 Education E5 +- Windows 10 Enterprise E5 +- Windows 10 Education E5 - Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5 For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2). ### Network and data storage and configuration requirements -When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: in the United Kingdom, Europe, or United States datacenter. +When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter. > [!NOTE] > - You cannot change your data storage location after the first-time setup. diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md index ba867a62e4..eb4b206317 100644 --- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md @@ -63,10 +63,10 @@ If you encounter an error when trying to get a refresh token when using the thre - For Threat intelligence API: `https://WindowsDefenderATPCustomerTiConnector` 5. Add the following URL: - - For US: `https://winatpmanagement-us.securitycenter.windows.com/UserAuthenticationCallback`. - - For Europe: `https://winatpmanagement-eu.securitycenter.windows.com/UserAuthenticationCallback` - - For United Kingdom: `https://winatpmanagement-uk.securitycenter.windows.com/UserAuthenticationCallback` - + - For the European Union: `https://winatpmanagement-eu.securitycenter.windows.com/UserAuthenticationCallback` + - For the United Kingdom: `https://winatpmanagement-uk.securitycenter.windows.com/UserAuthenticationCallback` + - For the United States: `https://winatpmanagement-us.securitycenter.windows.com/UserAuthenticationCallback`. + 6. Click **Save**. >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troubleshootsiem-belowfoldlink) From 71d2e1e786e30009f3965a6be272a1a3b8300ad6 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 13 Jun 2018 14:17:05 -0700 Subject: [PATCH 197/319] typo --- ...orage-privacy-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md index 1f6735881b..872a54ee9b 100644 --- a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md @@ -27,7 +27,7 @@ This section covers some of the most frequently asked questions regarding privac ## What data does Windows Defender ATP collect? -Windows Defender ATP will collect and store information from your configured machines in a customer dedicate and segregated tenant specific to the service for administration, tracking, and reporting purposes. +Windows Defender ATP will collect and store information from your configured machines in a customer dedicated and segregated tenant specific to the service for administration, tracking, and reporting purposes. Information collected includes file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and machine details (such as machine identifiers, names, and the operating system version). From 3d417b579cb5b4eb36bb5138848946614ce23637 Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Wed, 13 Jun 2018 14:24:29 -0700 Subject: [PATCH 198/319] Revert "Update supl-ddf-file.md" --- .../client-management/mdm/supl-ddf-file.md | 198 +----------------- 1 file changed, 1 insertion(+), 197 deletions(-) diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md index 4ee4e4ad1d..e6ed98d713 100644 --- a/windows/client-management/mdm/supl-ddf-file.md +++ b/windows/client-management/mdm/supl-ddf-file.md @@ -171,7 +171,7 @@ The XML below is the current version for this CSP. - MCCMNCPairs + MCCMNPairs @@ -482,201 +482,6 @@ The XML below is the current version for this CSP. - - RootCertificate4 - - - - - Required. Specifies the root certificate for the H-SLP server. Windows Phone does not support a non-secure mode. If this node is not included, the configuration service provider will fail but may not return a specific error. - - - - - - - - - - - - - - - Name - - - - - - Specifies the name of the H-SLP root certificate as a string, in the format name.cer. - - - - - - - - - - - text/plain - - - - - Data - - - - - - The base 64 encoded blob of the H-SLP root certificate. - - - - - - - - - - - - - - - - - RootCertificate5 - - - - - Required. Specifies the root certificate for the H-SLP server. Windows Phone does not support a non-secure mode. If this node is not included, the configuration service provider will fail but may not return a specific error. - - - - - - - - - - - - - - - Name - - - - - - Specifies the name of the H-SLP root certificate as a string, in the format name.cer. - - - - - - - - - - - text/plain - - - - - Data - - - - - - The base 64 encoded blob of the H-SLP root certificate. - - - - - - - - - - - - - - - - - RootCertificate6 - - - - - Required. Specifies the root certificate for the H-SLP server. Windows Phone does not support a non-secure mode. If this node is not included, the configuration service provider will fail but may not return a specific error. - - - - - - - - - - - - - - - Name - - - - - - Specifies the name of the H-SLP root certificate as a string, in the format name.cer. - - - - - - - - - - - text/plain - - - - - Data - - - - - - The base 64 encoded blob of the H-SLP root certificate. - - - - - - - - - - - - - - - V2UPL1 @@ -857,7 +662,6 @@ The XML below is the current version for this CSP. - ```   From 57d57e319c5160365e228cfcea219843476ecf32 Mon Sep 17 00:00:00 2001 From: Luis Masieri <32968351+lmasieri@users.noreply.github.com> Date: Wed, 13 Jun 2018 14:29:15 -0700 Subject: [PATCH 199/319] Update whats-new-microsoft-store-business-education.md --- .../whats-new-microsoft-store-business-education.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store-for-business/whats-new-microsoft-store-business-education.md b/store-for-business/whats-new-microsoft-store-business-education.md index fc29d300b3..e2988a84c9 100644 --- a/store-for-business/whats-new-microsoft-store-business-education.md +++ b/store-for-business/whats-new-microsoft-store-business-education.md @@ -68,7 +68,7 @@ We’ve been working on bug fixes and performance improvements to provide you a - Bug fixes and performance improvements [October 2017](release-history-microsoft-store-business-education.md#october-2017) -- Bug fixes and permformance improvements +- Bug fixes and performance improvements [September 2017](release-history-microsoft-store-business-education.md#september-2017) - Manage Windows device deployment with Windows Autopilot Deployment From 8d57c7fd279afa47296b097d02db39f7b2052b9d Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Wed, 13 Jun 2018 22:38:16 +0000 Subject: [PATCH 200/319] Updated inclusive-classroom-it-admin.md, final changes before pull request --- .../inclusive-classroom-it-admin.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/education/get-started/inclusive-classroom-it-admin.md b/education/get-started/inclusive-classroom-it-admin.md index e095d037d3..63c0d3cb23 100644 --- a/education/get-started/inclusive-classroom-it-admin.md +++ b/education/get-started/inclusive-classroom-it-admin.md @@ -20,18 +20,18 @@ You will also learn how to deploy apps using Microsoft Intune, turn on or off Ea 1. [Inclusive Classroom features](#features) 2. [Deploying apps with Microsoft Intune](#intune) -3. [How to disable the Ease of Accesss settings for text in Windows 10](#ease) +3. [How to show/hide the Ease of Accesss settings for text in Windows 10](#ease) 4. [How to change your Office 365 account from monthly, semi-annual, or yearly](#account) ## Inclusive Classroom features |Reading features|Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | |---|---|---|---|---|---|---| -| Read aloud with simultaneous highlighting |

    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (Not including Word for iOS, Word Online, Outlook Web Access, or Office Lens)

    |

    X

    |

    X

    (Not including Outlook PC)

    |

    X

    (Not including any OneNote apps or Outlook PC)

    | -| Adjustable text spacing and font size |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iPad
    • Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (Not including Word for iOS, Word Online, Outlook Web Access, or Office Lens)

    |

    X

    |

    X

    |

    X

    (Not including any OneNote apps)

    | -| Syllabification |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word Online
    • Outlook Web Access
    | |

    X

    (Not including Word for iOS, Word Online, Outlook Web Access)

    |

    X

    (Not including Word iOS)

    |

    X

    (Not including Word iOS)

    |

    X

    (Not including any OneNote apps or Word iOS)

    | -| Parts of speech identification |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (Not including Word Online, Outlook Web Access)

    |

    X

    (Not including any OneNote apps)

    |

    X

    (Not including any OneNote apps)

    |

    X

    (Not including any OneNote apps)

    | -| Line focus mode |
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (Not including Word Online, Outlook Web Access)

    |

    X

    (Not including any OneNote apps)

    |

    X

    (Not including any OneNote apps)

    |

    X

    (Not including any OneNote apps)

    | -| Picture Dictionary |
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (Not including Word Online, Outlook Web Access)

    |

    X

    (Not including any OneNote apps)

    |

    X

    (Not including any OneNote apps)

    |

    X

    (Not including any OneNote apps)

    | +| Read aloud with simultaneous highlighting |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)

    |

    X

    |

    X

    (N/A for Outlook PC)

    |

    X

    (N/A for any OneNote apps or Outlook PC)

    | +| Adjustable text spacing and font size |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iPad
    • Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)

    |

    X

    |

    X

    |

    X

    (N/A for any OneNote apps)

    | +| Syllabification |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word Online
    • Outlook Web Access
    | |

    X

    (N/A for Word for iOS, Word Online, Outlook Web Access)

    |

    X

    (N/A for Word iOS)

    |

    X

    (N/A for Word iOS)

    |

    X

    (N/A for any OneNote apps or Word iOS)

    | +| Parts of speech identification |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (N/A for Word Online, Outlook Web Access)

    |

    X

    (ot includingN any OneNote apps)

    |

    X

    (N/A for any OneNote apps)

    |

    X

    (N/A for any OneNote apps)

    | +| Line focus mode |
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (N/A for Word Online, Outlook Web Access)

    |

    X

    (N/A for any OneNote apps)

    |

    X

    (N/A for any OneNote apps)

    |

    X

    (N/A for any OneNote apps)

    | +| Picture Dictionary |
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (N/A for Word Online, Outlook Web Access)

    |

    X

    (N/A for any OneNote apps)

    |

    X

    (N/A for any OneNote apps)

    |

    X

    (N/A for any OneNote apps)

    |
    | Writing and proofing features | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) | @@ -50,7 +50,7 @@ You will also learn how to deploy apps using Microsoft Intune, turn on or off Ea | Accessibility Checker |
    • All Office 365 authoring applications on PC, Mac, Web
    | |

    X

    | | | | | Accessible Templates |
    • Word for PCs, Mac
    • Excel for PCs, Mac
    • PowerPoint for PCs, Mac
    • Sway on iOS, Web, Windows 10
    | |

    X

    | | | | | Ability to add alt-text for images |
    • Word for PCs (includes automatic suggestions for image descriptions)
    • SharePoint Online (includes automatic suggestions for image descriptions)
    • PowerPoint for PCs (includes automatic suggestions for image descriptions)
    • OneNote (includes automatic extraction of text in images)
    • All Office 365 authoring applications (include ability to add alt-text manually)
    | |

    X

    | | | | -| Ability to add captions to videos |
    • PowerPoint for PCs
    • Sway on iOS, Web, Windows 10
    | |

    X

    | | | | +| Ability to add captions to videos |
    • PowerPoint for PCs
    • Sway on iOS, Web, Windows 10
    • Microsoft Stream (includes ability to have captions auto-generated for videos in English and Spanish)
    | |

    X

    | | | | | Export as tagged PDF |
    • Word for PCs, Mac
    • Sway on iOS, Web, Windows 10
    | | | | | | | Ability to request accessible content |
    • Outlook Web Access
    | | | | | |
    @@ -61,14 +61,14 @@ You will also learn how to deploy apps using Microsoft Intune, turn on or off Ea
    ## Deploying apps with Microsoft Intune -Microsoft Intune can be used to deploy apps such as Immersive Reader and Mirosoft Translator to all the computers connected in the same groups. -1. Go to the Intune for Education portal and login with your account. +Microsoft Intune can be used to deploy apps such as Immersive Reader and Microsoft Translator to all the devices connected in the same groups. +1. Go to the Intune for Education portal and log in with your account. 2. Select the **Apps** page. -3. Find the app you're looking for either in the included list or, if it's not there, you can select **Add app** and download it from the Microsoft Store. +3. Find the app you're looking for in the included list (if it's not there, you can select **Add app** and download it from the Microsoft Store). 4. Selecting your app will show you if it has been deployed to any of the groups that have been set up. From the **Groups** page you can select **Change group assignment** and choose which groups you want to deploy the app(s) to. -## How to disable the Ease of Access settings for text in Windows 10 -The Ease of Access settings in Windows 10 are very useful accessibility tools, but not every one needs them activated for their computer. With the following instructions you can turn off users ability to get to the Ease of access settings. +## How to show/hide the Ease of access settings for text in Windows 10 +The Ease of access settings in Windows 10 are very useful accessibility tools, but having those options could be a bit much for everyone in a group to have in their device. With the following instructions you can chose to hide or show the Ease of access settings on users' devices. 1. Go to the Intune for Education portal and login with your account. 2. Select the **Groups** page and then select your desired group. 3. Select **Settings** and under the **User access and device settings** section you will find the toggle to set **Ease of access** to **Blocked** or **Not blocked**. From 60bd0a25c33e11e93e8c4c641118bc77c73674d3 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 13 Jun 2018 15:54:10 -0700 Subject: [PATCH 201/319] update advanced hunting image --- .../images/advanced-hunting-query-example.PNG | Bin 43220 -> 45803 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-query-example.PNG b/windows/security/threat-protection/windows-defender-atp/images/advanced-hunting-query-example.PNG index 3958d9a532b7a30c36cc11fe670127b92c9ac911..dda65b5342035d2dc6afcd0f4eb51e21f7f92014 100644 GIT binary patch literal 45803 zcmeEtWl&tfvo8b>Zo%C`fZ!S=1ouFK1$PMUESf-YcZVbd3l72EoyFbVVOe02g?$_O z-}k<~FSl;ht9nyK0e$++^i21!r+a!%_*+#u?5E^U5fBit738Hg5D<_V5fBiS(NW

    %S-T;W;*N;GsW^YAE*2)g zS!vyD>@5)ZA-EXuCm6qKrnEE{btAf)47eSnVkuo)diux<5w)4jQ*Rf zZQ|l!<6wo*L9rVOr=k6Q-`&N`0^tf4bo3uKDMx#I3kNrZ>yeapI1TkT+j|=~I}3!O z(@7Qt1X=_IY039qS;s3r`bid#Fp&0(v@q*H+8iD||BR<4<4-Xp9VQXW@=spR3XcBL zc%`9da>oxYVWT=IssqTcjLNeuYAQOvlPA>aObN0`0=&TqWTs~#dU#Aj;^pGSdK$EN zf9rMQHLwivGnn&Rfr#8m1Q{3AOHqcHxX_UsVF;r%10zWbkGK3&F@KmO3=2jQTrZyk1C9kdwq zgH)MoW8zL-{gZ^H;W@3k+%*NndF>a|_G~k=T)dVhjNkUrg$6RJy7Ag4RpyWQ+oJ0k zpL&W7%!v`UtHqkfm~14EyN4ggOKp8c6vJouB+69V^FH3MhjA^Y)hx!J*Q z2wVhy4jB$jm4NLXk3}PFDq6bOfGWmuwvkNqznhDpi{$I?5oLN{&{GViYslxfmC^Q^ z_PHhUO4*_=aS`Nb8$5!zqRaZ))c?lNT|#4wv52o-3ms=e-4J+@wT|PnkW&`+CG1Zd zaMaC2W5n^T3r1RHz&OEmLuZCQ#la>$CzLG-4HY5I5Hoc zRDe4^rrjM%MIG9Kyq#a#Pzc7?-qSK^x__deZoMZI@qa-md&{R%#FuQfYmP5+rfcdw zryk!JlV7Y$$zJvi#|cdSdfnZV%lVjAlrl9e!oa3f=^+Xlq&Yoy#DPv= zIk%4i^>D~l;r@9t@F~t)_n}__v~#O2XcIx1(=qOb(L)MWG^oM7PW{;USWa$5HHRfP zcQu~65F2r{pX}u;xdkptX=;hCRpoMM2d8kOh%{MTE5Nq{xt!`js=nAjPachn?lOMy zAI)3;BoV}ga^hGlCt*ZgIAmEpW!fc4aa!}k&U}DfvIAqljv0^XyGznkn$7hWr*ae& z<*k`$NP*=WYV|#M`vz|gv#bW5+CPu|tB%G}dn5v%nt`8`9kqEJ@Q+JP4Xd2s9&r9EgEUJk9z6`)VdW#Q>bCzCnMU#B+?ocD%_Nz|dSIXUOW&rXm83vuF zKCNrz&gI{cA{BfzDIg!dw_g-lHAo$pT2tAofS@hmC{AzJFgs)D#oXfguGowEpW*qw z{IVGFaJ*RcIa<#XAOAGgVvH%bb;R|IrT~&W$8$9pdN4&LZG02Zez7Ej?!aSb>={n?Ifaa*9hBUANZJJgunwSEnBq@IWcCY$Exljb(arzckp&7H8}er11xYk>?mGl97q;r*TaVyNYMqEqws^ z+y}ZZuhN0Mun&VN6BtpAMb3flls9`vz9$}Nn0ql@!&wz1oq`g5ags`2-k=w=#K?jt zjp~WR2@6U$-s94bB7#q7hIxEY2*jSp?cd3U!kw7w*__i%X>iYV{l4w`j?Co`D-7HZ zT~m=pRwwK2E+v{wsd0B2^fuCo=Uru3)nPGS*wMxvVWK#u#dx25&yf^NP`_%DD@aJk#V7{pQ>%&ERqqSI#~B?6i{;(>W`m=Lided|R`Zi; zek56xMzj#{d232%7%DYGq0{g=d7VAb{#Sks6rvS>MArR|mmGzGUAN5;#($)>=W<{W zt1IYFvEwQC7R9D`L2I~F%dajWY4bI+xC2#Gkl!pKE1eEgf1cq6rA+3+^IRCK_VZJUQKrV+A_jhw29oK^F@Ek^sA=q1Su@+ywI}W!{sQ`q3rp* zRIdyJhO_D9uq0A|75HlX99{HjUDc?TRmh6of}wEOxjKivi_b*stLf?K`T5=M^I^)u zy{RR%A*He>1e(n*LhJY=MV8F#zb>y%eMv=o9-T-M5s}U-BnBj>DlT?Vj*Bl%x8+&7 zxR5yeJVr&#(4|5|R`Yy-r*G9|dTsVh`q$}@MOsSy_O~#ZXaz{J&`~Va@A(tPc zIgDB&Mv4Jzyf5?rI&9rM``tL9WEm}Lgv9au1%A#6i+>QMZ4LlE-+QW2DDsxbyjn-^y2*T zdnBY63v{M3aAWL!kG1J_I8`c==fXd9#s{3SIyPg}pX(17do|HJb+dMtizp~+cl`lB zwIo!eX>tbiq4JL~^n3XN=<@I5lid+wD{V%adz}kmi^ut*5B|?|3uW;qP@}gI^JF(` zoG~eIWnD|Enq>^GJzO}kcIhajo*q6nN2Eu(9uSJfFT^5mIp!%hT0LW`Dtp{}Mx)^x zF{Ow7FTC7lAHU1)P^z!8Z%6Ai>GT2sgrR$`7RaBeE*9<@ucUFsUS0%lY7}Y#ibSr1 z9-<#AEJk{XkB0y!W!`G6SDQ=WJ zUUvr|5(h?lJ1L_L~(j^W)GO&H(c-`=$|(d$EeQqlG_ zlb7?7dd%tUMV;d>D$=4`4~_~y57r5WY*Fq)Y})H<^-5b-&H&#I2dS3wG1FlgvoyDE z1VsT+t9JjQJbG7RR+QNa)YTgnR4S#d+IrU$#Nn8q!^w}t3GH|QB&W3mVYv}TL zGM_cCboEr$>85o3HYNYXzNUa}m#;q~eg-w#Ev@uDFo~e?T!ApKgj2eB)tIX-!E+%k zDs$o>&Joy1s6uRPci(G5ef!ZfyM2 z%@NGOY~?3W3Wt1NIrXyW!vPIXj8!g0a4f~Inb)Yf=Qb^*H~cn78uN7*OtV@P-qH<# z+o=F^cC{6}<%VC#YhZfL5Q;;q9WZOioin(j1epINCLn@r1L?dP|22qIJic9ABI0*K z(%>a-tA_YH8KN1War91MW$<&dt>LwgLF*NrUP%Taq z%hrW4OUU-8t33>UN9o0>;-@btIkwe}I_qRA;yu{o^c>tD-jx0w%s&50YXL7ltTAJR^5HS3siCClj<(gDy07TtjX*njC zkwtvSRWGZVML+LLRH_xPpURQ`Ljs4wNKTG#A4J18pW%-!xzyRre3IT6I`HLX364^T zZhC{2>7{i|dSicKzJ6{TD2Gb;j1U-pRFrx0Xl^ieE0=OVaMgEuzQ#mEY0!9eG+tV~COuE!+TLqrn$V0l zGnYHXWa$OHV~!lEQaUx6&4kicku%L!yKJjqj6;rnvj5=0v_W(6&U+5LaWc;-rG88W z)htzgbH;eW0`M}L%=8C`Oiz-k`1l^xjD9&X8tx@GY_6GL8P4QMtko==c?q8DmpRZm z|L)p$05#d`z7`$uV=x;-c$EIo?up}twH;%PU~0mBy$*dL<2!Tp&F}p0GFmJ}QWH)} zyd1oIS{dTn*_gq4`FHKx@cG*9;BrFRjl9z|n^6ox* z6j|a`ib*1m{K2ct`ArNJAKf$@!K*IPB|;%Z6S{F*b}%ngm$)%RoMyzT^nm29i&7^` zGK7vnOGee|!QPBww_2x;SbTtXOSe1MOk%(LI1`tb&g}a)J4y>MZe`zYkzm4$KRirl?;4fBW)4ux;HMg;Nq> zb&_=p8?SD>`@A-+Tp*#RV?W@O}m-nL|VWW&Q zGBN^DHA7=q<^3+j(9(WOMB9n-^hmGhIG70KY;0>#JJ)zUE@^k~G6d*wp z1{N*$#OiOwoPJim8IC6LW63WT)Wy*4yjGthNVo?YQ1?s$M)dgIFDV1AC^nxlgS*Z) zGLx|1!{!qQSTq1_j#z4se)Pb?)v@!KoDOxCp}Bo%x7~lB$+n06xQv$rT&#RxF4a}>P5buE zhYyUD@+@Yn3auZ1e2NfOxs*=ilN4LG>vDNSRmyri*mF;9yv!Bgje~Bs83Z9XR!*T> zIUwUoxycNbl=Bo7dqrV*Hi@mK1`JsxTkiRh8EW#;qd7Lp^v!GhOb_yVDWcu;jS1%{ zTu6Pqf*L(bFTTK6mYkf&FDq`m@s#c^rv&gmn#qPH7IX??>6;0+_dthpeh^;;@ z&hyf{q5?5_6cXlg&Ur*lH-u1$cj3nto&}Kmp<+8QganFdRZ{W$9JR&{}8ps z$FuGl&ofy~3DN#A?eh)FMaIs=;8J{bWOnC7B-Fx`AdXu{+gkI6(N#PRIR7%Z)Z0{q zvz_owM`_g!5)+yL64!kQ_H1ZW@s7@*cnnY0=LhmGvGtb&Xi zG|&2xV#QvYJIYyr3o^HTdX0EoRfW@a=Lpvw2aj)PBaTKmPi)At3=q zq!HM{b%LH&{W=H2u8QACfUAGa6$ z;sJld3$XSP3ZplQ>r5J8n@H6>ZRO>K7>EY>o#U$-rq^XpsDQ>S&rQ%}Dcj0S_q z8SESsrKGRmV1mFR9vBY%vS4>Uclu#SEcTf8Zb5jY5l8_%RNh^g#k+FxM2pGk5*0JA zA^hmgdye~hLtK&6@};YLK3&v!KS@WT3E^(#U0wfkMZa_wL$5#xYAbL${!~T7w%qq` z%+t0+brwqPS*9zuY16ELq#C<4RAx7yKYae6d;)W zFoVD{pLCc^?OCQs z(-uw=5piXEQ5?No-iszQLSnt10>M?wRtWNUJHBhgp8-O44LGN#4Rcxvw?NzhF2|Gb zfY%66E3q^Cmz&l$bTk}3-KMWTHGi`Ou0DB+yRC8KrxsYz6rPjrn0N`nicpNL4w#c` zfnK0`_rNe7~h z1qo~g5(7>ht$Ag?#11^nvDNze@CaXJsu)lkgW!jvVL2wsUW^Hc{56fXW8P?z*is^$ zX3QG8I$@A`V~Rvw@=L7D*U@aHb@HO2S`M%=^;% zta?DWK!7*AO09tR%8^x>ax&!h*f(*BdI{KSn`5=y$VDmpH|o!r@phFT0GvK2W1CvP z;0iH1R<&>-cWj5^e-V>$(?enSSi;JxxYueih<7il{#5pF%%3F)uXwUFZYhX60s|7e zOuwFS(N|=5A2#>ZStksoJl7}ezO;D!qLS8K;<=PFqVex6RfW9zztW1iro;~s|1t<6 z$^YK6>e2Kn3f>$k7+QZ~fNX=JmjgBMA(8we#1GA)(Epv!c*{d&_fy^f#lo5Y=cE6} zQ=RO^W(2t3+RIC1QLFRB|2_9HMT2G!6!s?scbjgH&!0axzB%7GF~Ise`FLh!5E}Nv z|7;oiPc_{S7=HYpy8wS=`BzyVLnQ+sOSDGHjGo>Q3yQWThVtmYWrlOa3rrXD69|JI zoN?~m%$x*!1;_j(65Aiqc^~iDYB@w*&d;=V4(XrXK9Y3Pw09}2CpW@2qAg=eHncrp_Y%;1-tIO3)JxOhAD``YG~nay zYWk}W`7KB!`d?`K-x0q&_C-`r^{%`Cih=CTx(0QNHJ=dF_Db-8RuYj7z3J4Vj=pvD z2$zL$z*;}aJ@yj{WUb$`wWL2=H->!Qidvb7*W6mKZO=6YdZD}N>h9=si5$`=&^PI{ z>jXq(v&yAc;h->W3zpT@<@_u+kbf}qd@eThhcReMQ-im$Kb(u5|RIO=oi8&ZgA2##3=t)Oq zy3odJ7X@yjtjLwWuVanxNgz#NMj?C5C4AF0Vh#P^W!KEA#^Ag`XS#Twb1)zOHSY1; zoK))f}_IGVJlUEsGAP91blc=>8R#c=a`AlzTfS2ZVL1h?~?DoUitG?5t{zbR@b zfsyI-&Cty8@aJa)^yf%Qgl`A;?76debYgwau!~?xyL-*U13JtV5B_Oh-?4{pH3+X9#RBz$>j-DJDUr zjAga#t(^_pjt%3>5jt~Af<(XQik-rEEu0$>k+);+b)invcr}#;y;4FKT75N}!?esS zO#FPS7uuEdG=W4_e6E_^YiAkA3FS6Z>|;hOA8){HMj0?@YA=lH1B|HxNlq1E#m-L6 zsHZe(3%T(QQ~QqIGM`A@>~5+4fTZVArbeEX=VW7PlQZ}r(lXvfbfA$lhn{|Nx9#r2 zs_n|dtVWpB#H5IZ4KsqwEo$(*UN)})3X5kE4vSk zd2VRSKJI&C%?~&58!}{O$K2dkt$D}76Cx`LNO>>K-F7%B9g?Si7$i}B9})aQJG?Gs z%s25=R%kC&|FO}AMnc4|BldXdQq3j6x|^rAW4|bJAY-Qg(CFiPG@JnK?kIPOw+B6X zG7AOLT9h$#-$0y8pA*wdjlak*DZuA=6U_K(G5=i1&n!`1QIVdNHRaQxvL%P2<2)UJ zj#Vb-3lrIOICc@U>n#1`2@5Mdy;b8#qEomwOEXyd@@NVXw&>mFYE!(e?AN}*W%j5C zJPSDM?I$rBX9oN-#KmAM=#Un4un(dpOu3K{9dR)l=04PHsrwr8dCJ>0uO39Q;DVc? zF*;p=_+eO@{=T-mR!RtabH*RWjPZ@6!p zX=~%|xl~~4m-zg}7HS9msV}?OC5;oU_R;$M12)MygQaC4$oE1AKUcB+=t2I05m$Cu zdSoNEG?u@BM2xrC!X0g$_;q^%iS8xH+!AU-dwpsiM6&<^(Q84uLfXA*McK5QeBA_3 zOG`aW(dEbh!WPKUjtTS}lxQzhxAM1c_$a_j;PXGkOABG9iv4-9uSgH0_Yh zL}66^@QMq>0MoxGls1^I?z_{Tv1`o7)eY#IUzZq@;5;(LqUBQz804!5>m zcPr;3)nswx&VWMNjh417s9oOds2x+7v14jh=7pRjrwu0<>GbcX<348z#7lX5Pq=>fwxHnIW>PT+Ycwf-uILPdF)###*`<yoox%JQG8Osj_$LtK~4weM@_?>aso32_&#uY zSrnZwC0{f)>w@;Xec`E2r~~ra6^YJ@{@X5kQfF;0t9$(#BfD3fBnZ=765uxpvPRZc zKpvdr`w5^4U)TJnQ{MC+>3t$VBS~l%@r|xPOS^vOQy6kW0(7LG(Ls@RBclNFVIfsG zDLSl*B5D9bfp(D8X+Vz*_!OFTnlOLds+TkL4Wz)R@?^lQxBXq&6K_Bx;D#(0Nl7v> zLH^v4QlD4!oyDABQvL5)VNM;7z>K$`0{O!3hJa!1aYsu6g*H+ok?wIK9+RLCAp)oU%X`m=+9 z3w-e}>Rr6BpC-m`M$f+F`r`~@Zc(&(ZAiX8eqt$|E=aIeiN99KD61`iRWlG3%QD5# zu`6VlDcTx+pX}1o7j)XnA=t+~Aeh)PQ4#OB-bjy`X|_PGINgo`ba@5| zxf`w7m5d3S9Yk(vwMBxMmh+EU#jJ`ZjyePiycE~5Mgxul&nFm35!cW9M!sD^za@iR z)CqgNpUZh&u`*|bxV#r!lenij!Xa#0=lX^j(_Q9AdFfEO#RCla)M2b<37D&?=<4%N zmZ;93jP_xl#D&(dc#34IC2lo4ZNYC@sq4&C#zKOZZC+p+E|Z~PPO2=G%wK4t_36)c zfo%z?8q6yxQX$rs_0&}9q7CncQ}3{{lr=O6FzAFC`}z|bibp=`bypNgeu?^2oxsx( z`xQ^(!bPRsaW@{EPeaEL6`d&Co^fwLC^eoctfLCBHr^t+?if_2-tYxsV|S#56et^G zac{?2-P%I0u(7G6bTzQS=EfhFLxgfo%&401MOi=Z(`Z%ho9T56DtCri6EJ5#bfTYy zt!i}(7D;r2Z2CR{&4-QO!+U81Y;Wrw3z}BTRG>(F??+QlNt8UUPh)WOWnS#Kt3$CaPnD_*bLLB9Q{FzXZg!{oZa6i zb@|v54?oR^Y%r~4bEcYglfvXF^9Go2XRe4A7klYRK?66I_v&F`S$T)@Mh3mG?EMay z?3D<3`(uQBcq~iXghV8%$U)@Aa|m`GT?$@r6s^(62+R{)++S4^J3dr6>Y_#qSh5KE zhuvZU*Y;O5V@nO8(hRi{@u^n~wy{t}!86rm^21JJ;I5uxfdU5`Jese$e!gMP|IMP8 z(|2Pfe!jW0bDpfIZrp0yJNcO}*;Q-nbNY*AzDj?2XYh-pIy@Q*BR6ql8 z`OAe{`AaH1Y?ao!$!yXSJpH&f?%H{lK^nN}I*>^u{nj4`z+f6hXqMt!M0t_YPw1G9 z^pK&PaxlVq9FwH(K|0i?%=k!n#35-B4d!vAGw*q-(az3rM?Nt8IgQooZrF|_keR7t zs7F?ei9HBkaun-8h~#zxSRW6}i(dTcoDm<-v1{ZRKBCSMjnVHk+@e^H{0ejG!R`{|#gz(;G`U=PFYRn1B29L! zu&Ng$w>BY-82rhqJDexaf@Kj)>g^LfF(#rYy!f>*B9q#w_&)nj9tHbSeK_rd8BZ?9 zc;V+gZ@pVkhj_zdfp)%pb>cP%qNUBJl4qx0PRrM0d)&>PVFKG3pQP=vUkPe*v$W?d zMv8!XPQ)6n34B(nPQWqyW2J#+BWu@Y!#)Z^-GzC8E@fBcukZ*N4OPUa#Z%6*p3!)7 zC764)f4&;+dFj@eNg1B79lwO@O>-jU5yk_49T`Ha zfhUZ|v*2Mit7W)jk@PuHN+6@rbJ(tBcZusq&z-OnygHN>$I?n(QB zX^oFm$g#?uG*el`3VlbWS&(k(%sq9F0n4kp%&+3m)*~RPI0_W7i7NO}B^VpRa^;yF zbyN?bJJ|iW47`jq*qY%|b_`SR-fw0N9=Y+lcw&0u;aJNVL54YECZR)0qt-$wMVH}A zhHMu56!&g%-n?vL98+}Pfjx4D^4US;02_p9fV6{j){~Gm9n`Z|YkZ>+IghURoRp5f z9Utabku@(x!Ua?F0~i-Y^3GA>am-S8qFW!)QPlDu>l-PKC`rUQ6(PkguO^O8`Kqyz znv4fiIJV+V#)8$he#HCvzB-rbj7{5(8-Z131Y|h?T3W53-eiOp{Q9t(kA<8xq)%1K(-&)Hvdr83=Ce%dZM6zp zX&o90T7124aP$T(4r!=+sZL6SQ4Jwa-50v&_y*U41cZdQdJAwJb8%tW=)j{P*|{Y* z$6HkV&CLFYWWelF=_y%{G}Dap>j_p<@dFL0v}~vi_w5FL3Ccu8I08TqgPai6KFpYv9th zzHV7Ax735)OkU6(?o*ua$BD$xmWJi^Ql8RDh6pn#4tNx3;3OAbIYn~|5s{9n3<&pY1r$UqGD8sKHmd}Y|F_9Nx#(S@<}*(vo~1At|TU@~=KU*4L6wXuuH@&*W{m6GKD=nO?PW81%;l=Gm%jZL6PoJLj{)$v{ z{vJfJvK-A_Dki7n++-B;aHn23-sI!meS9O?qo1p|`Q}|k7;PXq@C5I-lkfiFo6;V8 zZ;;rro!~{VMRE6zFTHjxY3&CibH%TD&mME;*a6%9aD1WkL559Te8=bcYgdWkAcIc2 z$PzB4uCu3{Pmb-hj113(xTqA=n$^8r2P36(2=?!y5* z9ef(c955X`fdyaD2&Mn<(IRDT?=@}a{%Qg+MDS;zoI`4xU>x}(4fctp;fD0A*Dw25 zJWT~3b@dGUcb=!rC07O6-h7L7*2{gltR#mO;O#VQF~0RHFXMpd+1xrs%9pJ%T;~zx z2;Py6@sCQzmj%so%(HpC2@86sl4}zJPYHLTtrYQn5<6X%Z9WUe_Q&?!F z5bAATji7M$&?dQWP{t{#Aa8iXrOb%pZJ_!0EOOIHp6-SN(5v-)+=W*cIMnS5o#^<& zz#Z5d!+O;gnu8{Her4qnLHiF$s!0byFa7W_F+;hhPJg6i>LgKHK=qX^O)Q1mOn8^R z?kz8TjhXY91HCc|Yx(6Dgg-un82+w|I&8lydMZPptcAflk=Uda7@hKJLiu-D zA{1>|ufJqQEs1lU4Co-BI!%$)rsbVqD}NhU9#XTKD4_qS{O~k^q&hBr7q!h|Ypr9x zyK}cDYwUY)FjnRQ7nBZQQefgz^;~K-#DoA-Atuviz)zier%iI?S9*>KO3X-$%#VJu zDP=?Jw3ZQ_<<%9j0X|N)k0U@)^X{}ETBA*{fV#n!l9VWYdN8JmWp}tslZ2I!6{(^2kDL$u z>MTDJLBGH0rjmrDEhOv)d*JuZqrVGCQMNo7cLW#JiLcO=ku5I9BtYy&+ot5l29y_EaFIpG!FqepbkxJk0P(2W{n4QH zuR9F8NI>l)8UGgfQ!D=M0}4x0deiIyT3=q?Vw{G)?+_`+ChbBUW$#@joyie_eJVQo z3ySH3Cr$MpdtnXfeHNnj_KMa1u$YX_Cq5vw%!5nIzQCFT?T9*0H<(G^vEv%t;hMhw zz9f_FwfTV)h5m!-??bYg&ye6BsLsO5T? zb9;vpSro9YNV`W1cs)Xc?(drLrxxP4w>ZX%U?%PC5hQ`k8xn$wSC z*tK!tZ~(`#6PPbJenxg)5pn;lZ)oD~-KD+c8E+~JHT45|HM5Yo;?{}mJS zA;84*l)LH1sE0{a<$SH_rB18&RmE0+Z2#!VB}HQGOraCxcsZgsfmi+Q+m7>%?xki@ zdX@JMY)s6pZ3_>wa{1?7hPUFB}*Tfu<`MQJ;_pj zzC862DN)QW8EWwMx6iY|rgifQc%(YIoBXBt`pwwOKlkoPwFnhhe^xa+w8ABhho9)< zdVcrr)13jnAA4h8GZX@^tI5BzJs5|Vb8MKZ{EFcd8W8>_#T(Tjkzr-Eynoo@BfxhCd=P-2L#x+Ymg>u)_Y?7>A3?~ z)2c*E@ACK#_y6{x=Bpzl0@pdU^=vAzox>|#z1}EDIb-WS5=rXMVo#3|vpyefm+HEo zqZdLN1|uAfxZ6XiB2GI>RL8TCLjCV^?fq8BGn@Up$c(xhk64^mC`hWB8B3CtJiR9) z#hn0RIVxjyM6R04FZx zW%*)<@GrW??8~U*;Ptt63D_-eety1H*6e8lds_v&x&As)=91^B8q)ejWL~!7nZ6@m zYvUCs7Nk88NK>%~?mue0j}SgF_#xmffRgoLY8hmE0|j}PQ&Y~Z%GhwrA$Eah;9W77 zVTrI%T)+jn(SGDvZ8Ag4l`sT0`9LOyYaD$@j z!;E@+2f?cxuMSu*@7OTUXuo(vOk!aSlGD|?P)SJNt5>^K$B~V@?R#qtDMg<$?F;xl zACMngSr%G=gNrY6Zk#A@dzTQ;!Q>sA7)#lYwbcdJ$U7`Ji_0EAn$iwzyI4y^5MCRv zIT_x7QQ>og-(A22Bysr6g3iPS-A4og_AcMgXh$3BqsBA-wy@w1X#{|zOeQu5wdm(L>08P$18`6n?J>;siq<@O zY`&qk*yt8HYcJ=MW_WiM=Q)exznxU_~qbcqY5O!=|tlZVpOlL z<=(N&YkWi&sSSfA+>Vy=4vaQnpmCIoUuL4 zE??`T6f?SBWmB8g;)bszsyFTqe5iCE#Pn6n(7RC3$lVgzzF1PgPV4ANs)VYE0<#a> zQ@hz>i^T$-Y=vz8HWK!uV|jP(fZKKNoTgoSuusy4{!6pz4%@OJx0NF?grob0#v>EQ z<^!?b2|v_XNc)a}+!?5~>B{xRNy>D3&0HSH{g-tZFf2s7n3;TDd!UAT$Cvxh}WUUB%!43*%54x}W~B(UaoTLLSrB*0FX zR?VuJeZa@tvd1J%D&uPj$69hs|LVF3tJ$@&n+?eM?bem=-8e2nOXY!oiJK)1tcB`r z)CV7vP~co-6$t1p_6C?tJ?y#!z`5Y?;+Y#P`aGwh<^Jg**(e>drhQAC_cErSq?rT` zaxeQ~v)$9p-%@8?Icu%FPxa%T(=TVu+e^p-M|@M~^~cT?zeM`%*PR})waDE49zM+) zXr$GsO}!iX@QU^b_nwW?ZFo>i8~p7xgN{%L%@1ggq{pe+Z#0M88+E3L9gW;m3pw4!sKRL4!sZJu7*eWr)+}a4o5{nv@6n0Z%f4k45)xaXYu&s@ zj-E{v5IDAVsbKIm(=y^4R;6V0U#T6T$X(uUp<3xiuyr-G0DU>p0{VGRpzTugIj&R% zNs4!m0s`*Vxxx1dc}E)~t?(NIgU2P%A;;7Tl~lC;i>pT)8F9g(B#aRiopa-FB?-I(kL3|PV99ty^ik$79ntUQt2WC#$ z>swiMrTcWMXJ;!c7KAJ(O}Lhk2aO@0sKVDa3;YzWnx&RA%2w@+Q>Ll6BJBQCMyIRHnv}|4gJK?LGJH9 zKVHsem>DxVswPA$D_2umcp=F5puAdbl|2LDhli@owTp4lv(wA)d-GR0LI!O)50oAy z?LAg$-CHUK*o9F!ON`mg6=~gVLlq+ie0r0k4Z>|JcUv2)qZ{HWo!Rg$IQy{AYrBW; zT8k)c*p6UcaQVf`c9wPn|F$~Z>^F}VfKaB6>Fin%-sjmgwBN2~H(G7C3b)*Bfy7nK z7QN%3Y5tz4$>VekZk{jOg)+L}k&T|dl2v)ASgYv0OE`q98e(t053@QO>;B#_`S3YF zQj*+SOWorwlKeEOCvx-x+6>dn+h}g-Y>ElwQOoi~`H=>KPJOEE zG(5AY>Lxj?CohkGy{X}!M6bGin3%2ld63`4YCR1Bi;Bi-xo3-Lx_=ZdTy-6?B8u5% zqOeQj)y~a9s@%JjC1Q2eT}1Me^}G?^>XXW;CB2k(!M&Xs_qT*(nt$PODHJPCEYC{B1m^5Ee!%ncS=d8 zAl+Tk-Q6JF-7x!ppZj*c%J8d&$)h#>je4b{JS_U3wAqs zypF#`$UTb7EC};TbQ~3but`~4DTS?5l}WL93^kvVVirbh1Qc&o55J>Poq82Jc~vJ4 zhjo6phqkWRd|Chd-WqS(DJ`so<?Yxi?hI(7!n^_hmX>1CZIDXQ%=L}Q4C!AmE(4Rv@lW;U9!&8aL5ithdJ&1FW9E{mQ;%tT%*XBz-Pc20)$v*v; zv?D5r4d$($P4u`3ekE)*u_e7&^|OnKiaRWa5fHLzl_KR?9e6LR zkNo(KvrA~{;KX!Me7VIaO^1@Q-V_IkP1i!e-9o>=#1ogjnn=BAj*KH=ryt|> zewS_8^HFyD`e04kS>h61I*Z)&7u9C%2TxR|Y+W+IV=?P4c%F^)`u4M>OS_9kb0p2T zt7%0M{fb)dxF? z_KDa*8;Viug6(JP2Sg#x5jJuB=DG>i>h5I2=g@V*FB>V=as0N_i}XHo&)~olT>(>f ztMLuN&G39B?R?dHR$uxyaL_m|^N6Kt>zh#5=a_L1_CAxO4_K%U5+!H0I}_+-91gs8 zTc{rVk+B97CTo~C!JbhKsG;izPk3+RxJhd>^5JG$hA(fvnL%d1llpm^`XTI$Kh65Q z9RnGTz?idHVYJ#migW)V$Lxp^FmGJDfvKa_WvOv$+4eM%iqo-OR3nb2b&iu-gYfBZ zd>?=QLFAF84(1__?@cAE!%)M|M&A_Bx^*+!RGVHva#NUGhF+S;X>$$T`~t&QCl+%= zBCGMTtJ~FEMHTaeeG)LkUnxlaW;lih-OfdInjJlaj{Bbsoz@SjJS|`9RnEVg>F{qr zBG5NaA=KYiGu^#kF=4ctM zp!BIT(BqE7t_k1Eth#adom2|f3-55(;QsTyS@n#JjOBGBXUTHKPq-EWbse2Px$c~M zt|*<)+hpcmo?l`*XaENxf48&Rk?w9L6i)f8hONjN`C>;F4`&4srFF!}48+PS(nc#3sgOGN(Mclh) zqV>rSW6ms8AK?}FhG}X(7E4%ia-0gOg3?A)mI#QkcSQc*B z$q#LbmI+`+wJ{9ihN~`K6}E!lh*-kN_S59v;R8ciwdUZ%KU*k%w+L#o|NH-8p@=$f ztXJ}5(eAhuLVv#Z4hL@q!-nqs&-g97G4lWEtI0KD$`y=(UzNe*E*taag`Ih>9V;qA zQgxFG)9-xo8=c`nnyBC@xREs!A=GO`>wtc5WZO_t2DfCH+~IBz6p&I=#bpUb>8=>> z6Wm15gHhs!BC0=rOZTwk4uS*w^Kj;gj8tZW;LCjeTs`=%YvSkZzZYk?R-x3h2?{&Mq4% zG*SoNzrfhf1=@>sNU2!DU&&Iuck%L5$}() zn9Dw`8Qh<=9aUTFQyXl(IA%4I*kctjB;Q}kzxmlH+!nD*OH4(TWo>8ImJx;_uBrJH z1%=_cKocY_jRNmSyyhibGIGe**s_#`D~XfH$2{g~IZ=)pU2G)U=`A26(#>-`dhXS+ z3Z^o3icZKyBNetn(m6m6gnxx+5W+V+;=YS1VjRwZZ|TEpY`oVV^}EVIV|>7h(A7J zuaX`_|B$<|3WF?iayi?+W_n*ZT&))Em8%Ym7E@8}RdyP~svr6!vl!1*q|+;v1Uu+II{RP-`fLjIzI5|`aZ#Cg4Nd1QqNQm+^9_&9XgJHy_v!S z_qK|y%=~k-`6yW*LE^d%%U+dvBObdS@wJP@&(^=|(^)877|id1?j}Vp*7BzIZ@T&y zuFMaED#VPe*feJZjtx?xy9PlnG z-qxX`{Q@Ed)Ube;wH#3qL2bD@+>~w)U0^_h(bxm}d70y*O-7pH=^NL4as(t>Y}J`z zxQ&$tFIEKn7EE_1!n}+q>&p|Ne2|d4yb6yqV=r-2#gVWo(Tc}s zgjwyrmY8Y6>UYTlZ$Im&odURVw9pdoPs)i8rUacT#yVvwsxSy`*rSWaH!_Y5*}Hsq z%#Cr;9U}v|UE!3$(j1F^i#Z6XeBuDaZLaNxnSH>Ytq3jHvQc@OZwP(URkhzp9)&$V63~!shjCH7LL(rifvq|eYCuZnxDvBxA#HX&o%Ld|%iXEj$hmx4;vVY~-k_`ohhweJ*S*+68A)j; zBHF41zwxPD<~bCpOzJ;`RYYCr4d#Yn@t9LQ^L+WN?hpym?D46wV`r5g_gh)R4~_t- zSw-Xx0M|Yrw)P?p7FBP~L+AD5m);peZ&P-DQawJ|?P2Mr)Z|7}egFA1SWok0XAQf! z+}u)Ykq@479;%*ujO&~8#h7O4LZn}A!pA)u;%IWnhbeax}Ry&USvu+es=+?zL zN)`_@)Ms3IE3-QZc@OCMNHqx6!Hq$@5-YJ4xQZ5b;<_PhPzu!DR!N{~?bz?m7ETSB zx0OJYYd*Wy!#!FUctT^#%wocuxT`6%a3H&^ZEJS`qc_6tAh+P^f-}o-U$R0#YYg47 zr#Sb9Pv`djJ;-nfbs48I3e2VnznU124`Ak`^A>4YrmX-q&`%vSksl1}NZtcUDLYxe zFi)zO+8I_!;^m{B>RekKCii^6jQ&mR&5c)7yNwr$D*2nnY|<%%GJCB0gOU&#elvo) zjqfg`?Dn$EO1`oMb$l}lz74%KFubFD7j!#GBhu!ZhG0$k*` zqCskD8k!%2xfr7}g!rPZcN)`*_da5?6e0*pn=DSA-KZ}Y$(yL@?ndz-GYN^{h=A_q zm{Yg5B#H{*=WMm&RlZuiT{|eOgMmzyHmt!|bhtSK?4FJ37Ie2b_nCMV+#%)8f{lWm zeFqz~Br=UPU)t97Pv9zod3rI9gFdn*_n)R&m3-3at}*qmOs{;z>POEqWn%Vmdh@I8 z^wnzygYT&nVraHKbSb%|%}p3Pv%ug@2F`kL_eqwt&HB5mvf2Qx+i1w@Y$Z^blu`)Z zV`Vm+n&O)#P`H=_yjVBfigLDT?x1E5*S3j6?1I!9(A{}V*({6g$pUkogsA~~Vw6lA8TgA^H5ZoBMot|{`#523O zU^IvLzQ_Hr@$AR5*8Gzs{msTMv0>W_2!QSJwwN3s+#rw#$51P-qoi}s*gkz>@rKYCHC|%syI>TbQKISt4ES`5t9gZOrfhdaz@lZuEo!Q!2?Sgr(KzOq zZwLyQJ(E8f0=1ebqJO?GudF2EMdGeSQ{Qol)7!GgWNIADq;B=~ui4;#jOPVX0+ZX6 z@U2!vfR^Jz7fklSMND-XjgWqsl;RACSpdTM2pclYR)Ub9zWA|fBiVf0-AZaX=_a?) zRoiuRqP@r)W+t#__|^c5aV`R7%96=K_+|rix4E*bcm;>fs`>O045W2sH7J4dcOvrp1BP1 z;ws&Ru53$#RK$3_rtM0=9mC>ktmIgylI){3aG%c{T&G>J!7XzdRW2l)_AWIu6TYy} z5*e-hR%j21J1wZs@%e_6k>I4`X{_g(u-SSq|dD^E)MQX)ZtS z>dm$sxP^(WG|cbtoR?20{o-EK^$SU$o^HzWRcH7TDMrm_1-Z92^p__t?XX?bp zSR*T%J%$-~>zj0*{S?1}7$9|3WG=|?ma2;!Vqa1434*IHal?7VOAF1Aeww-Z51mB# zUc9Z#W35jBYTD+T$R=>9WR0E-bq_TS1NzsJiyL#^JM`lq?5D4$mIsaT_@CSV=EG;w z^5t=v-+R^ClDypYYEU%mC$5}#`;wm63zX;@qZFj~t6CG9`CV;YsRA$s1z^Nx`57^d zG4Pm}B4E_PX!kg8@$PdhsFxdxO$P1b%BfUi(cSe$T^sW$)_(A3or0&H-y+AbALu>+*{Z`n0{s=R0MEwX#O{fVF7KpEsy{sdwg;Wuo9}xy4A#BJ zH_qF>>u`=%1AyDl)c3Ekeu$WqFjrkVk55DT0Wi+8?@!UlmJpzG4RzXn8NQ9{aV$2j zp4NN`BKGjCZp+aSA10?>QFI5vjPd)qS+vKtgKMD|?L3pJ_x1yGHx0~y^k1IFQtgtG z8_w)mj14==u`BxaH!SWz6*&OZ&O%v-7Rv3P))qf`%cp@L|DvQ7ZzU=t$fm5OQS*Y$ zZ4jno;O3malYpCJ){7_XN*^|k6$4AhrLMY%R9PP1wSetBn3DZ{?-XAZ-(YJ;PjQ@m zm4s{WAz*-~wKySBnwQT3X8a!PzgATDd>ad5T|t8c^r~Od`$Zvd2V#w$)(#E>Jc`na|mK&hrE=65reMH2Ug%bRO3Tr$pqAV}dw>0)0{Fiw5<@9R>VldIYB z2yp(g$I)La4XgQ#(A53gU*V`;C2)Oyglfk2VL%3|5kfKf=ZC8ZWi*U0nLFT6mnW&t z`HB5O!BKQ=kvkXNPdoo3bFSV%lRwCdCc3@-oj+H&t zaY~7I34Po;RP(5LvxMC@Z*JS628%dL?_=HNO>3?nEkNnZOG)CgZcQ-WH+@5_k-5HF z3KtroX&brjz)w?rCxh1UHK#xp#2hPjhg)5TGfY;UYjDa*C91hq&cw30$2Te6Wp4mi(V@9VyH zm=f;pI3nLO-kv!oA66ExF$Ic=Li^94be7K^n|tPaBzCfqm>;J}|4MoT8;HZt{}IbX zg9kmF>qe184t}17V1CH#Yajnfk{3KE-j>E9vu~{VQ^@mQP3@Jnwhl{G!p@xxM`F_R zwMl1xyBxGAB%#>tQk#aB87}g_+FPcWCi`g=5Pkk`K&H@>k3}D$$UzAIBhUFW|KAFC z7tOCF#}sLqcczVtcMA|q-scr0J^ha+_?1%COVq}O8MyJZ_S?6i)23{><0|J9uui=e z)7rwfM7gC?mdYr{hgGpg8QE&DoNML8Fdmy<v@$y^ z9Nc390%Qmf*t&XqCEVR%fM(S9c1LjACOFt%ShfPYXuuWY)f*mWdWTTTE4z!sw*7;~ zSW5a=KHfghua@MjFAmEcptYWVE;Srul0uW+fQ7Ku@!*9JcPKJ48lKE*t%h|3JU9lz zi9)0U$}{v!dAwWa>t~F1qwDF2)m!o+tw$c+u2`hM5v*$HlLJXSX%U9Sxydwo(U^>s?U$vfIZN!)RGo-4)!u+PR_~ppG@y zn=5PQYdModSkvNonf$jG;IBUV`+l4P9oydC-o(=KYfwwIO5g{@`NpN83 zVAD*YqnoxzO?+0tJJaI(RmLUqsFIw(a@Ly5gShxE`k&rl&xq5qO?>Q*menZSdHBvzb4pa-a9FX|=tNWCt(Q#3!evC5~lSYgt&pSXfxV%VKrD zRRP9zG>LDtlCrql(&bMLnL$J`u0eevn~Wl;t{N79MUt1F!efi_Rmg2=qiBzt#b_>y z`W1t>+B~((yz16VI#Oxf=F}FII(M8oKHlXGGXLgO{&zHaGr!BS)dFs%YvNe!5!EZn z8Dqt?4l@WKIz3~AT}|J5pWzH7arqqKylk0o#d$q0McvbTG(uYh3n4LJY3p-&Tl}=p za-U9H15Vsk3(d87(CeJ(9W1+o5o+OdW5F@ZYKOE*P*_(>qA<9*b39@O zyXb^aV6YHQc-$hG$vE3>T2JJ>3-@@GcGrq9{DeYxneNz=EC~kUe*e|l#zsu&o(lM9 zwbL>OFSi{h#G<@yD=OZz18S$=qpkF_+Xq@ei)BosB|hPQ)&cwJ`LrB9J{KDi`uBtc zdbMQN(Uf{)zok9iCNr3eDyOSD2t;l$8S*73ZTT=}cE!MmJBS3UZs3f}0|r- zqa7m-DS}^CikvpP#=(RanW|SrPq+|YhTioNsaN}ArdsIxT6&4Q(reuprUs$Cmik*o zFfGC`3(xua)3c%BsfMN|{oB=u7LmtT1i>i^m~aqb;hT)iYAipD-O-zyyPL-LJgWx! zZYLztWWM3ND#rv<`-<0|CFE@@L@L-51wvjwVZzWzKTaHnVLS~*`~Wv1N7CB1*=>>j zvhn^?*|hVDlgqiN&G74qDP8|YA@N6lLI{?$S6UG0Vhr!zBpZzher!p@DxedtB6T%R5ozCU+=?GS6u4jpR&W zv~HW3rCpQJFe4?}z$fF|jb=x4 zCTUBu0XxWt&RjQV?g+Sl2=zlMqLG~;JzI0 z-pCa-jnBW9@QE=E`O#mK^tR*v_}?8Qf9#Z^V?R1F3r~tS+WT+4Dih9b8u3x?G}}b0 zO}mPnoLq^6(moF~7b*V6qHHSyA8QjqsHSr@g8^3=6w~xR+^?yDjTm?~MDX8G-h40j zCy`vxbQ4pKeS8gkHVnLb29Qq4q+7RuydhVR=oUdb+bWm(ktSv9VDz0_ZlY_pVOL6s z6c}C0?Iiv$p%-uf^8{M-*??@7)5UzbbQg`s@#&9|ODdCJDYJtjFbrhAb{L7b?=d!B zCWYht3Z;#tzA5PV`6P&$<`Ww5Qqz+6g)J9rsjY|J3L?sfhK!qw{es|UwCB|7nU*4o3SazRO6>A&(g?Q~KWR{y4-3)nZ$ zDREH{ws&@xmzNm~OVjOo2R%mncScjZ?{>CDF0e8qzMEhjUi5iW*^jSd z8Y%=2W*r#X1bA3O#B{BPu`~=iejn){6}8bL@2?p+z>5OdP`U6eGs)Z~N-boZHdg;; z^1;A)#l3ei25iL>)8gzhh$G-51ZkR{$n1BeT1c5yqo>zbOHP7KU+8~l>;1iad!0F1 zT(A;6n1;|_X7h%u^IY}bk%!6(fQ>{98;?dFKr(_fXLc)utY_qx6P%sdJAJwp1zbby z@oP2`5IHPj5*A9xMSN7DhVHY%t)Zc@w7pI9p)}o;_YTH{m?XGl z@rhry;Tw}F&7g^7nBp5#TF4#&PANL;FpE2b;>~LlNxH9^AJcXE9wqc(cPYsZF{G%# zCj7*<` z#QgrZh||rrFffe64q2#&hQNUYJ4Mih*Nx;MY$;DA6^ME?d&Npux(txht>OOXy;2%< z2ak(}P05h<-o-zlp(=hd^=GG#t?`k<3?a!(6Q)p$+tHOW_?ZU)%_y7)F@EEH04E^_ zQOn3)jDYa5&!2eix%XtXV^DzncYoDmO^qPqV;Tr#4XM2I8mxw=9KY!1uQh*$!uCxo zOrdrBFA@URB!qL;CnASpf?dBy}sK$ePCvSM90hVQ2W!rcxp*q?o>6EH499 z?Y(2FPvN;(ZJ1c(XkUQkStLG;nfPB~FGx2HW)L1I4^ zK^}lE>2dN?BlMqJtXoaXx8aqvVjS^kd>I{S%iD&KFSYpu9H>RV+@_ErUwF#}Tu!$` z)IWSMDO5@~nPi6_aDP0%&&GcFHW~2;z&Z1#Bml&xQ8P*izAGN))p*qG zA3ML_e9rVQVWzyaY9%A&#l>g5_2pvhLr4vYfr6c7AuUhCdltt=pccX@o2Kx(=j&X5 z5%QvcdopzI2JX3U4l@<-WQv_Df}CEdsd9JJ@(}rRQa%`B;;}^jM;m^>R7AXP---q{ z)FHW??wT@LRMb8OPV(ZU*kiE@d5_HUsG0)UyS$>)c)H=AY~MBmiu)#}rb3`ECopio zah`#OMjX6P9T9_sy8WX}?NfqKOXv9F0va)CMYP&A!*q2U2DNm(HhMBrgtMO_Gacxt zIk5-rWD%ouY7+!V@n{*(I+xl?QkJ)J3y^QFkV>yQh*-zA#k)_QX93*D%<`;fWvvMJ z_i_>632?s@avdHnRS2g-ixTKfdR=@0rt=4`!86a*ET*#O%UCobV+m`SQBAAMeNB)-+DL z*ks=}&9Iin^WKij3OvlduGiw9!w=)dv=gk+w&4Vc=_8t6CCe5yu#!`8h>P0U(DNR! zeV=l5`o*e;7U*c9@1>(9cSrgbz<72i>REP$`B&!$H+at_Bq{>dkx}-0Yi9v7E%`Jp z+~B1axQF)_A81BrYEKul%Qi!%?k=f_SA}MMK-035sZ8DvGNRQ{o!IYPjo&Cz^k@mj zM&j0|K9~>+;1AfsO_kPaFEfcdqCJ{td<$rbSJ@ol1J~hG;y&ylC3oc_=`ZQ^iS&6l z?WhXZKHkvm3KGR!evziN_6-2OdUrDyhXAc7RP39U*kZAsaCzw)6O4lFyulH0xxwMu z7g}6=aVR>piyy(PkBxy?yF3>;iN&@d#-3uPa>?H(aTtxhmQ>{I-GqaLL?*!A1e_Pm zU%j*A8{`Y~YO*MZ04^8$4n{;fTIoSIG!oW~FWW=~Ld1HNw?itI8V6b!QU8FqPmKSQ zn8E$fOHfir_LU$$tq#bJUp ztyG{AEFYmy7r4MgMd6O_>3M@PvcE@n_3;lL%50reevIucnHIr83ct}YtjLLQCd3h+ zk;C>c45T>UUkC-PIdYwm%Jd}&hjicn$QZ)=VxTj~A7in5=Ifg)P4@3JJ@Ail^q{9o;MVNL?=K!jde4Zi&}15hK-$;b`f&nW+LeXNnK zT6G>cZ!FWfyvO3W)Boa|F0X+9Wk}9nJp~*gsj!z_5@10g0NX0c{^B9;aEu{CV#-XT zQ5DS2C;G#DeC;!;C4t~-oM=8F16ZrVLwivl^ZjFD(#hhx&lmJWMOxzL-jZWUJ>?FS zGAqY-JE`Oba{i*LtD!h zCT}1K)+&>7Z}*D^VN7H>&cdfzb`Pku@S>tt;bbKGkoJBqg$o@oM49pV#yI})dxidN znx0_4=A;~Kg;Pw^eD(Ov>4VDK8FQwxGVulGNXbFP{-&@4A0NXwjmp|MP zc)|q_XaWQRb%P>}P{0u?_f-e^M_*W7|53MEuI+wgQSOOKjl6BSz8a>eot>M0Ozu0y z-8Cd|k5i2i_9dwf3DI%^v9l2q2J*e9HQXv!_12GUUZ3q%iHM^q zETIdO*cOpAhF8K0SM#67ov6s>*BGo1&qfo@D?)ZetzuW|tPq+eL&lcU+0e4)jfYX3 z1b9S>J^q+|Tlh`3knrjjrr_+7PVikJCmX%AaO=KW`8nE`c{z0$lg_wsi?{#)Z_;Lp zghccn?Y_rB(0@Cn7$aEu(bM6o4SPy4I(4>25i;Y8SvMxiMj0bmq3s36Q_M0c4C(0h zL6slH-vrgJPO#Opf-qmi$lLlpW1vJMf`2;#_pm^J0G#CO9~tVTsIu%TD7L9LM!Wu2 z^PE@{=xk85u^f`{E{DzOte^@Su_rc%0Py4q((ar&OMps7u&`c7w%fWS{(@8gz_I(oT?4a&nc@0oOq~C^DE$R96i6&Bs%F zEBFJW(LEdip2E0A`!sYIyo||dSNO5`gA3l1?z(r5G*R}s1dR{KydC^shntey_3;Cl zj{WR7&)xj9G(GOoq>HXE8Lfi|TA#hJ{OkdN6OcAAolNfeX8t)SosnN0(@LAyAq`po zt=2DkF|H7tKQW^uE)yNQ%5wgfRgq{4@RIGA=q1}iMrSo?91O+vi_0K4@eKtQ0PpsuE>{JLEzPQrlqN;p}G4n?u3B=DEq5x zSRSekx|f-+-NfPXAVILOXUKrYm7}DT1}M|OC;ZBO0B8NVplOI~4+I;L$@I*!yBo-Rh-1pQPye0hNpaBgLIsErQIpsB$#NS`M-YIMe>o`of zd$v2rr!r&N`W!fm`IOjnS4;HS%`OXV2+l&vyVt-l7Z5g9_UytjvLWo2~^no3}C zaW%vxyF{$*?V~@wMy%kjg|OfQoBpMwiUKeI9=#0@)7($ne5I+=4T9vcXTu8eCXV3-zK+NI0B)py1M$;p!V#>{cu`qgv%u~P6BCJ zRDSsbAYP^7aIb1=Yg$Lke*E5ooe}pQx?kpWT*n0r#pdXjRouxhjf~#0@d?4)d{{u% zoZ#3!>V=rJwZHlC1J|JS#~!Y@sXGwM(tmYeY}|Y^O*mtTiFyxfzx?4;wH%gy`~$Vz zOz3gup64P`pC&ntCI}GnC5|saBpG_INwrxB1F`?XVsoFR(!!FK$FccBzY?UQu@oMk z;7(uU?2GH7S9@<0{*9`~I+1qor1^n@M?^%#P2=1EKzfF{)(i7IsbTCVUI5JkIusN` zZ3A~dj}hkSGEQN!>WeVed$AJMWopFe2&ma5R2!zX3DUWqyDHK(5XA*>ATU&l34apO zEJmL*9s<jRzJ_K)yhw}C|4a$RxoC>x!C zjo{(d2$PrBb!FUnaCuWs0C~O2*v%JsA@Wxbb!vag%`9rw0<0O9g zN__BjC;4!5XqmIzBW3sq2MU5Z%&=O4`U`&KBck3FNj-Fj^w>W_h_JsU>%>%;_l39| zyV~>vK)`hGDS>njNVpBqwSy*lLlRmZcp}~LKxSP6oE}Kti$?q$41V9(WIv7>B@2SM z0ToJvvd*9-n{I5iH(ts+(%?`9 zXvak_0xy|(N_j9}HT+%~Rd5z-1o+yB#RD5H-yht>ELw^Ped55t(C|5s)0^%bU_wJf z2{^4&6}yAd!A}v^ku@3U^P1FIe=CMz3^6@B7194p1oFgmEDO+j5WLigMoH>W=vOy> zIa@;1l`d#Wu0e$&qp=Z#BJB=gv@_Th`z7lr$grYK;Y_zD34Bn=7qOFPsY4BDI+T|^ zh#vLu_pzMSj7oG`_Y9y=F#QQ=rb|f|6H-dd8y!hGMR^uwA&_GCJy-JtC|VSTYU~MB z`+@-VdfJfIUZ=(Yi=S4ec7KZNjr06E!>@|*nobQyaCVC6uuN2u@&NlbRNycZ42`gBhS`3_yI+DOYYba9}6eDiMvD*5)`j{k|82()XB zjk7~ZpsoT3Xan_#9YcS~X8`pEq7+pUjt8Y&_12_F@54~}&;FboJi`RVz~M-6&>ns0A%C}s z{%y<$@N#4;rx%f;?I$%$V0d9bdMtFxBg53ff6+Gpy`e<^3uHF;f+}u6?@{IXZ^dv6 zqFE^<{1I?LYYk?+`B8=Zq$hbm@%H=i%#WPHJ*1*c&tCT9()^@_^@~;)=Nz8s0Bt0M zhfDzlkZ~yK1C75#xw;0M4FbBO=P@r%YnP-W~MX)1+A{al!X==laEyo-re3s z@=;)ejX`R@O_=l)*U>m3!b&N+izUN(9H zO~BzuQNPi#xwyExdV0h`_WktfQ|8a>N0;|b-3LXIwim* zb#s-D@a>L^>3RnY!CcOd!ZfKp)!PVg-HuAS*Q$G9o3LE~Y=^>prQ9yb0&p419EGh* zMNx-SKF@-0DV~P9k-=J5rHN~cz2UcJs_oSrQq-C-N=}oy0nly#N=g|(U6bm|gy9ZM zaGFxYWY?@j0`3W5%4e2duW3)-+w9(8B?@0>97(w+IM3ZLg{~HPdBUR`2Ocz9j3RfW zWY2!l+tqjmUFa=ypmgPoe@x_YB!w`29Fq(tdW{W-gz=5$>Sh5%+5Zh;0cuPo-J~r^ z5Sp3NzOr^86_fq#kI6yV=nx}i-^}zD6aDM)oPOS~?zAg9JLGT>C;odj%U3;sQJ||M z5xO|t2;zK~J|JFJ%E?bNNK(6j@%&pBb6R{0T z4W5cIMX((`^iH^6ZD2wOaRVl7>H6NF;bh!LSvK2-ai0}QTi`bBrytEm{le8Gd!dNf zF+=b@sLa>B^ZuGbwbF5c#LX2uvfSfinbmNAOUUVS>X%d}@#A;KVEPl!4whV}U^f!r z!-VEKD@5B+WLNQnr9Uv#W|!FW`o#EjU{%`~U^ezWf49_k}zU$yOeXXvvK6L6w((1)q}ERw+@|eV!+_o zHMKM01T26h64!YpG=dQ4w70e~{h8rs8UU}QRe0n;2`}(cXXFTL;&&UZ-cskE^=_wK zc)}*WX^CHz$Yn~bPynwLSlNOsKwOV&;ia~KIx(|dcOrf{y;Sy4@|ez52Xm_avHMD$ z2err5BS5;~qhInkVxAs?m(mpQ2Pr`TMzMW(n#b)+>!+kG?zA3GSe6`Yslc8?l#iFM z#^513R(?em8l4O2+j+&CjTUQ7HtV&-ISlu{yN@C)7TP|g&0p7kx9&YzT-h#6N#Ss# zH~=8UBsb3@Y6Cdl3_()59wTJlh77T62GdS^;{#DG)pb)$I~T!lx! z1{ZVL?;erWD^OW`wOkqB0E|*k* zAAaea>O3RGocBl3p9O6^^ZNY)G1t#t2PcsMvo}w%G2KiSIR5Gd)2suB<7Xzw`=~Teiz`lUJy)r4r+5sveK<#MpeUHCXN=tye z_-_SYsIPD1u;qq!ICFx(&;4%A2-N05VP9w_UIPu_EHcW^9W)mJbfSV{tRd~9Raqer zG9>vv`$M||m{^{nK$z$qFx2<|;cd0@cu}2UVxU$;tw<#Eo#n~Rg&XR>DkeGY9el5` zsws0|P~kGb#0b4)+{Ktc-Yh@#Hew7=bZLACrK2&?tlGLLX;I38v%$|t&Zh)G+^Vr7?O2lq$ zG-j+83m%@O`Ujr0eWx^qJ}!5;8a8WUuK1ktHw83t@$)ZKyWer+qWIwEG0Faakz{Y( zC39yv0h3?it(Cu@L7Exp39HuKy_MuF5K`B+oQqBKy(~-%b9NtSZBRX3xmwf<`6&O@ zEi5D-pyCFo!~<#v58>r6{O!7|;?Uf@w@NUaRW< zuk1Qkr)Qv;1`2u`>^IHtX0qEXK8mGaH47mI6O0C~utbVI&N=Sk~SAhrj~E+ zmnxrp%`?KVw^1+XAp7ZJ7sZwC)cX?oMgmq?*$Qi(AdO+zG7pGLIlP~-AUYfC3@&#+ z6M;mE*ZR=jM06YCRYc~Rx4*Q5q$-G|_A_s)G&xKFT~OT_CGp_}P~-HXTVra~8qi^( zNI-G{0ZO$wqM=-!%I$1DW0wBMid|#V3J{}E3~M{Z9oID{O~Q~ zTrs=5Cz-$D-VDVPuO2~g7R+PY7x)SAF~D0;-S7*BW;F$`dga1F34~+OVV`uf&II8j zt6XzO2O>t}jJTq^oo8((0bjk_wEM^UNUL&e(~bSF$*T{&I*!rjOIB6j0xv~Agw1Z( zJ-PW(g9?w1P=&iT#Fi@$G@H-agSuAJYj8+q`UO_1Zl=WPvlb#%b>e47+TfKBCr3YK z*`^3)8AJ@HaG5v!lJbaos;W&e_Y>C%0#9L@pNW6MyG4KlIzvLoD~0ME-?%%Oe^9e3 z<A(feDBkCoouG$kC{t;5#b=Spa2u_qv{$JSuuE+c?qWG6O+d)k!#Ik?i2xkY za=mh9*Or;tvw0yhMYRfK(19JCbc?;u*x;Ivm zbxC>Zeizb?hi4*=H9-p~pKa}*fK@|;uzmQpiuu9qM=)2jmBvz;y|p06OXG4y<>mD? zUV!_IZ-UHHKLLyk4PG?qzKsjZEKWJV_MU*SLw5k+_b-s5;ctQ$Wq;W_!C!ZJzyjDh z=A#_Z^zqeBZL@t#IBe6bucae;AuUEzo&<>2GvAOzW(|L$CFpI>Vb{6&K669#Nb+WW z$=I?syo~qyJ5+->Z)g}+wB!x^r(H6W_00%5MO61tgDVHy>-orMTtV{~XcATRGIn*} z0%CFq_L_ohLH(25^6HS9ZMV?pW0UV)ZtOl@gZtTWgQp>}!{m~~CUqGow*04e2{oHc zl5e0^24q>1Hv&PRnZx>@vTM+p*`im~93E(GV0N20F%m-oO^oZ~^XT);mzQvE+dB-;URX$L&_Y)5W^|;F=NSkY>tEdV4-M;_ zxZJ=#sC=xIPY0N<%8ETTORamMXQ6Q#!V{KkQdmpz^A`i^{%m&I66Oa!5F}(6&5T<8 z7(kF;+WWa5hp8dSgHMxka;+hB3NH{=HU2S2I%{tv%Sr|T?7zw2*wXJQZS8D8ZP4Oo zQ`UTJLT+m#4@YuOYy(me+wZmX=Q}h`tkQ^X&ryOqX(1AAt2LzQ)q1d2fj4 zzz(~?X8pt@!8*4AXW{4%J!m0!#77d30<;Qv0=zahJ`OX4@#(6Q%%j*pU_cKPb^4Pe zeJzbWyhBQH3;1N4gc_gX!GK1LsXN!G>7C!T9;cETdPjmWBmnp@mnDk;s0Ebf(j#p4 zj-v6K@eqKYfY?e)0Oz^GuNy$lH;?qMGQ`yR+{+IZ!Y}LJ3EIl?iBVGO{9aBJE_!?0 zn@tHO0;xp)y~fmwPrv5M>DQJKsuxYkIHO>MyuAyX8w=7$%7NYkjQ{*0`}lp1d()Sg zZ5lSMfrCSib3moi80b4f4jwFqOCc&*u{(uJIIQYcjaSi>`vvSxX@XTeUa#gRC1mVt zhB&f4w=Yn0`Z-~M2X?{2rtuzo<=B5u`0+i4=g-N%^5Fh=YO1ZU~ zT|cH!5G&ZSxg4ITbqxBP%t0#i_mw%@R?;a!V;?JIZz+=*}eeUJqP4k zPv=|4_lHf2Ee~pl9NHJC#D4@S6q<`UP7IBUNBgwIde-PPXZ97KKhNsW5lDATz$g8Q zh@d4QPz}*LnRqI>P$qJKFWC2HR>MvB%W_0>aA$=kOXIAmS6tIvQqhf1$brL@PWQIb zW@;x_jR)K^&#jd?D)H$|6dzEn;OX=S7YrTdM0o2uWmW%^H zJ~lk0h4SN+z5c7uK@COY5xujiYEEpXnY@nJjCd& z_^unDrCZ7P;2BbZF{N@upCSkWkB_?POXRhIQ*nr`gH(?`T?+D`00&dOfB~XBSR;7& z^us80YmB`?qP(%JcJq`iciq-0{?R*OFHp`)JLrUi%x-WM4T=>RzknMGU2f^;;bA4Z zXRIGFN)?x`!3Yza62P_ws=rYzYiNmnf2~F0WtME#EFhqV0rCBa;;$#h#bR?=`ksa< zC?pG?9c6R@32v4_VZ)Cr*p1IeAjRwyDv4Y(xclu{&40?S%Rl)dky>j#u>1L+DzF`V z!rp9EmAHgNYkz_5bHdY_1?!7N(EY~*;-V)bV|XQ0<7j=T55wfY{)X=2oJEf5p?!^a zU$U%UR%>bZ4RnxE)6~zb?~rKnS>)Pi*Br(dHkAry0>vYwzKKzMu}Yc$T?%795VSz! z2#}!bRnhq}ceZFI0~ZFeJw*ON2BeV~AK!4NyjS(9ogr!|w>5s-0&omz@>3rFRDwU9 z*>8{%cZ17$U@wfK$lfnFow3k(@EWWo&T9i{g30=%66q&1EEWdcn|+Jg)wX}6!MP%6 z`8v}LWOH3nQOaLl^;6~G2VuYTt2-9^KQe==Z%vI%IQWc-onOaRBgH@38O%KG2Wb!W z6;kF?#vc9+XmS;Gmijb zsb8xEI;;NPE|&1VZ6w=YHB41?+Oz3TS7r&y$k+eT)LDl`*=>J+012g~TSNgB>24$? zMM6?yq(MMIascTDl?G`Lq=u00E(vMrMuDMW7zTJZ=Q+>$ykCjK4!DH9LrjQj)~a~fGwAlWnPCAD^4|`_tP$9()#-QHZ&vyYs$F5df(2M zvR;pTVuIdPeg1pKhWKW)FLAhagFAL&kI#vV0nWh@nCK_ckEyHR8+%Yj?PL+y@)f*E z^lskF*AMgVB+i8QmB}{qv+SaOlpf@RwyKWB*C|iWMWDNOLtj?e?t2VJbGkaN4jGry zyZpHGK`|}}c#)>5H}59}K>iJinv&PH4R6j@4!fl&6U6ad#?NK(${C;2J^+Uo7-25l zpmDtK%GhKjTGzr-y|3BvhK>t4$o7E=g(bA;m z%g-NHzIK(d?5c9!luj9*E26@nXFq2N?fQmPJNgD)8jt&n{QnT!ig=+5rIvwiEY>Z3 z4LfoGMe~Pc_ioxF{s$Y{HcG^tKt%%#Af~9RtesExJ-|iNj4FeDy0`jt7BryIV6q|YZT%b*n1fpVC)KL|3btteE3Ob! zLqpV3g>CMDP9O~H3*FS~4IV)JtG%m9Z!G2JUkLFoRU-_X6p;lCuq{;^>i8B}vH(04 zI1O_9T6xYNG~NF-UYMTcLOit@a@@RWOO|N{RYnj}ux_YL^_UE6#}U_Myo4&SCg{MQ zW=)=iJ=PzzMXxxm9NAqK86##mwc?U(K-+8g6_OO6F!9Lg&G9`!uCoB)ws%&G-s{&j zZhK~$@fVD(Em-m#Ymx&X-v%SrAWr=2s8^z=6+ z$*!=ehKhA>1EzBJ3tD!LSTpUj5Y604^*E&6BgI zwQ%vSwZk8@goi|Hrq69tMv2oG9$V#CFa>Vz`6Tc`@CaxzA+_#VgKKsC-UgkHRsjY< z6pqco#5E4VWvN&dXNb;lArrEa#r?jF!f!r9^dY(WeZ69_&>9?N9Sdw_;LK6MPj|$< zJO)0Y`%R{;0yo=JE>|`a6UZx9A93IZ&k(nBU|*$ty(>kUfjB2=!$Q#*`)))h!;9Zo z7V~*DL)j#Pa!e?b#1n!Cs`CksE+&md_>8K@Bjbpoa1s|h@L!!FOsAgs!tg7JklPmn z(i+}kX19vS2!0glu&1C1!t*5qPQA9NCKdCWpBPmyd!7^EX`MVjM+qPw+mn>~9xNh# zJpKDnr46Dz38Lv`9hGN@H)H3At%=ZPJ4~s0cqEAV7j-sr8sry-ea9>RvLctU_Z;U_o#*s;#m|XX%vol7 z8FhpnxbNj=tlFWh=v~V{Ny$Yax0zv6u-i)P@yb;-*Wn+raOYyW+*I=GqkD)-RvCM5$f@|S8Jvx0vxwvT_As`Y9-5_+W@9SO@XaLUoe-c5<@qL4 z(w_WTE1NDZRyPOKu5ES-Kb(|^LGCGIT-#rNbGO>{ymbp_6)B|XTwF_#=*wv(ltB2W zNK*?IB;S60AzhuDy6|gUr=ZytmuuLtHQk=wP*gvl`g;Xt@?IHKqh-?St?cjcuI$u> zZ(fp}zNN3j8o6S!YK!Uf7O8T+SNKZ^EM?qJ66LgcLJ5U!R5MCw+Bn#B_vbxQT7+Xy z)F8HEel{^#C7cf2)p^b{#N|QZEAB%Z7OwE%F)b-K3yoiMxzkmNJoOI`+`AM}?x)@q z+7IP*Pp+Hc;@G9KAkdn z{!~-wIXN>Jav#edZm(lfj+&g$)LlLtz8;v=f8l;NmG9R~g&oC2?fY*O*gMM54~iq4~u{eEJHqAyUyB8>~hx`EYmfTw#+_EX;u5R$r&gzVp0? zUD-Qf{_S7%>iB~g$W$(LiVC_nB3;&C9+C0bk7lTVbsqLi&$!{u-#{OXODaORVhi7@H|8cdeq*Y(JF0X@}=jnVRg||rr%tXhVpGq9j|?1 z8p9*u!RlG3436`XJesJ@A@h~QYiaOdB(+2g!Qf9{o|L+Su@#UMQ(IqQ=ZRd=*7kvi zVRL%iIJM0o>5-jR;8X#D`og=atCt@STbc*{=4ht6Eujq~^x)YiiFf9Z-yy^4W#$8k z`1LwQ3!gDIWv-O8`B&<~=|&c6hyE7r$J^~2brB+^uJ5yYf9Nb|#;PxSZ(p)%Xqe*s z2Q5PXgtOxlx&!YHWB6`Er95Gy{Lv=-ow@t&hY;V-uZ?u0H@{d`*saZKZR#y`?xUWk zBuAdujmbrQzqt?f_5xv_;|FzfRR=y0Raal}u4@0M1=4Aj@^rqqgl^^p*@s}5KDXg4 z5+m6DbC@za|6w@vD|yJ+xA0+<^!Pa72V{{Du$y-Hx`iyh96 zeM#wu7(OWoEq^g?WZ_E6O7*>;sxxq82NDz%Bpo}uzD?#33Bm4y@)ZDS2bLm*WG9S3t$5-3~6&NnUu zF}EO98u|oZBO0tFrPQXRAT5$dRtIh&irJSY3p*&ULSzmrl)>9@R%?(mQ6$__Sd zAGe|Yu%{5q|74~hVhC8G=`!5_1acJsj;-?F`tBvfV3@{rfx$JD(((40Ms%dKv?-ij z{veE$Wk$=$ZW7kG&wkVDw$_UWK{0(&c{x^$`q(9v{C-1NPN63|9~GXvMFKWQV`aPXiY128GeT z=K_h;QgipdYo9o|ok4o)lu+V(W?WX_-8pF$^52Q2wxkFo@}*}?f4!ra9P*7SUp;l` zG=?k2uURIqxCm)|! zeJ&%P8I%P)!#G#h5!;517)G(zh~ zk}~?^!EjhJm|{i{a5vq`H?4M=yV>J!+Gu)Qk1s zTVbY$w#&E@5(!APyS|owl^7LCwF_7D#Q4~zdp%t#_cy95E#>bMJ$_%Ji-Vuv=JBIw zsJhZuMBmd3+Fv$|W?Ic3oE&Y(H)o>9KtZ8fu`5${ELcq7)$%*8hg0OhwK?tNNfuY9 zO@-8@Ij7;XvZ-HYy>p_FZR_V z;Y_J(u~P(<#h}ZpP3rv09=X7r!g85k)rHz8y}#=}xd!pR>TX(>gqUjiSvtL#YLRIA zXts=!4%EepGl^whmj9|V@Pu7F?6094x1~|sR;^zBslR_ng=wZ4C75-_{ZZ=eWb`H! zVT8}8Ih1(mhwQtpKzI%eSnb0UJdY!Z2eED|3p<)XAl4Eip*P~n0nNzW z3x@}(x-zI^8_F3AxYu7{SkG$>)Vo%#xn=KOeo>%d3`RD`<)=IC+fqzqht?_UI3B4D zypDjWk2W6*|3Hdl*Hs+T-{1LE zHEf3SUi)^CNz2on3HLb9!9nK@;ak|mUFA87)BMf&t?fdI%#1 zm6iHpxi=3J2q3NRDTHDRtUH-vGJ?M>**t_q&ealjP<;!phvID>%s*0f9f(!zg8vx` zKs)oC5b7${1qDUazXw8z2NhuaIpF(z{GWw_RSEH?do5EWHSzF^q(Xk5N2(Jd-a^97 zVp`7nBI4pr54g0ZDf*3;B8cVOXPv}LCm>jt$1`^!B$siL(3QUymx}>7hApas`O&70 zn62m^R3zk)zVsKgU@wr0XEH(H9HfQYbMTYB9rrS$6!RLH;B$m~i?;64Hx>F9bt@1E zspoS!8Eq<_$L7V>l8X+Yh{Kyxs#cwVty27`V{^dAPn8vv2XJ-bDS%9pKfa`}v3poD z#(2Wboa;6%aIeiu5s94M%(pKZ@?(q47a700C7t20KYb;gr315_aKa1o3e2@A{$8CeX0*LcKYPhnhP2ZEs(rk+}K4%1fMc zm$+{%BlZ4uPHf93Ji09O7h^5Lnd#@wU^^5lI@;jfCX@vMGF!66APQ&3%dMh0*=jfr zF4Km@`1RTHVP$Yc-EMW~oKNyVtkaq>vQzchIch>73R616wnS3PzuRkezEn5M^127* zvglXa2*7pXLv0eQ2NJsm)1adkFo;s6t)!qTa z=-w^8IGW>aO3UD#`S^z-vhBW3_vYp$Zlp-pur0p>7_Y!<%Wk22pKFnQ1>YMv zJip^gk8?@b6&+8N7-$U<;I3B+$YO5w7ylixesSK$nnQ3K0u(iYhc<_g!I5CY6|Oi% z%zzAi z5N*79firhQ-ks4%ET1G?WEPgUv75G=NWJXNf#)`eh7coc1Zcf$9U|7eUV;6lSyYfP z&eZbF*v37|cIk+oCOhMAzd!PuChGbcmP2r$<+9aggE=zsFra1eMz(oJmU?U3ZhUET?<3RhwB_M0t;AD&>9Z5~4~wK0Hv9(n zVsefw2qF8oxk=oR2R(DqmHy5G=x%(KY8IrM*EQbbXBwLk!J! z*1s2~u$Q?wa-4CP-_@e(DBsy?60&g5X5mnN7ksN_zVrxl>BSKXh-f5D4y&WrGnhSx z=1w$R6|mKYoGqidERQq1H{b187dg%QK)?VA0eRlkyp4mrk~MW><9aWO9T%jadXIC; zGBVaMs4+qn8ivJ^0*YhaO{<0Y_LG2(`1x)|Tgy-13HE1FXI%Ks`D<~by_2gs=5WdP zbmsTlOBg*EN2DCc^QGCu8KSnPpF3>`2L=Y4ZL;B(zq7fcBBYvzX{k0j+?@bCdjgU&ld& zo}~9;`7M&e+_K8racH8#hlP-;QKbup>yb<`_wBY>FB`E$rjcz#IeUv`?^yXCn{)V( zqW!`nG9nG+1!fUGmqrh*l!V{YFL+6j0mbo!r3GK-^_Bj(-d#=>UQtRZ<9bt_?;HPcPBUF6%Gk?fe+B)KGh1eVK=OSU?^5yAf-#OTGf7gv2505V9ZNxu(`A z_F#&p$5o8(_(H=Z?X~Jz<4B0<7mHmctMl^ByXLwZIPy9ixTF~o&B=-7rZc`7(;y(6 z_4Er0o6U~{r}p{UGc%V@paZFx1lwtaWBIE}S7y4=3X!x=&lfE8G*Ue~aBs9(QM~{J zCG+&#wdQqj6q1y;@hX~#l&pT^XjQq2A5*qOg_3j`Yt5UaeeOq(ude&z-E`vRA9dDO z^t!ABi+7lJ>P_{A20<>WARpPaYbeCyx#OPW;awAjmaS6=P)>b<4-)a06841zM>K5c zOOVE=F_8J#6I^+(G4!^9=tZ}iSO~SWlTgL`BT=!lV{dG3eqUU|%M7B7C1lue^)r#AyIQ3&`QxkSzEMhLP28>nk$w0EP zohn7JRj-=7x1o+)%9uOJGrh$uA>*pP*yd)IR%7~Up04NBlaC!Dlf;%b_)+h#Gq(gF2oFba#@tB+P zhClqbA3Bi45KKFIhT`o1zabI5SZ7L(ju2)!+HeHfKfTtBta1O}>~h@bo457fE^Ln_ zl)dzQJ}5&}lG;tZ=jO6_F1Y5elrsS-dijR^qPeE#f46@cD#Zw6@tkDI-Ctr0OQrT*u~382-*OZI(s{<;1ej8>FD$xg0QCYPIg0-E*<5gV{LD+s zWWE|KM5CyiAno|$2Ch`!VWF1AWSZ@r=4iy+@a2DcfI+WwbNgG2uz|!U7?4k&R!M0@ z7z1$5S0+nlt!-^9rXHjCC6`8gTcv?#e!;I%G-`VJoBzR2)!>RevM!5t5T?UipBIAo zwsEoj!bq3MLWPa8xsCvA<+CuHKUs6I8~Wlf`^iybS$p)hwLr?kLKQe(R?&q1I*ot>rZuh=Sj}U$arcHq%T@0h1e-o zxB;g$$GBC9Lirnv3B*6h0p2+LToN4WEIT+ts5#z(fDE8Dfw`!x3+lDd{?$RM;ymVR znDY6yNo+-+z;D8dNo}Z+Ha`fOkYmDe;9;|hi)5hzv>=#ts)u8Z#H$^|KuvP0^9>HK zeBtWBZbI8m8}&rc?2l;-ypYyV9%%;wr&U_SQzl`p2OYI~3~3@q18Z3KvpSfBL|SA@ zo&mObLxlSi)Z?b+x&cWo7E`uU;p6-&6$0(D5dQ2-Ez>4j4s#R4?}W5wpT8#|7bgcd z-!MLa{vwi@UoX6)N1~sQC&sUy=O(k4)e!;k zbhK}z_VWwiN&d5~iSZk-AAnJ02gp^kTGwqs&ex5%sHmvW%f!C$sTGF}_hym`lmQww zn1KNSqI&LY&26F|Qm#=#%PT}6LkFmNq^@?gX7s>GJ8l+Ct|+Hg&v@KkzQX$-7-41!E zO=bH@oHE1)S(+AV)4F-A5SSBy zxYjX~>+4wV?yi>%mvKZHdta7k3Pp`X@jD-GE&XvALvRBTGH-eJSWXLyrTyL0eE{a! zNKm4HWns*a->E^a=4;-mG`iT%5gI$fy))fl@@twJ(5~27IP714y%WcrHENxyE7aQ2 zLDt;dyuZIMZN0^fKAm-}gZDJhv_uI+t&ed$H;0xd~uYr9~me3-STq8>S9X%xzY0RcY1 z>G8C`$?B#I+nJC-G;p|1D04oasOJ?PsYo8`Q$#=JNc`z=3>~T1BOmN$MDd0BSE9Izd@B%ph9>lpLgUL;{*ANkq-;I;w7Y1-Iuc+=Xck+DIuYwF9CtOl$ zGZQSS%B2Q|P#ht@@R6Pp&b?EQ>4I$u(ur~)x{4+j=Y9Tr^1rvElM~~1^eXooCGM)< z4Z^T`@|#$TpaYNZR4?ewjY}N5-~vfP_(Db2my4XIIn*(fh&rKpGSPEWP*|$j9ssMN zFDV0*-#S?)3?}3g;Un|Q^Snl&6V%ok99v{m<%GS&{DI2VXIfuU?R$i*7r7^1AeE4t zUtS{^851rev;15&ECbI(2-ki{NfFR#do%c*7t7LHH))NL*IQ9p=^7Rmwtwu+?byM+ zX=yjr!pAoWczl{pl%Zj-_SAC4sfe}Khb*Z38kYWMfXk1&)2MU;yXxPLXgouP{`rs_ zV3<<>y+&yLI_Mvj_>Xilm-+yjPEf2RIMbCnmQ!sU|C^y^_(FPxIsZmH9nTBnpxO%P z{x=frmm$g?=(SMle-E?;imQUu;a@SvOgzWZ)P(V@`7H_=YEXh$f6AP@XJfs!`}E(L zVHa5h|2G><+zIwr)_-$-eP%ZGzaM4;MAJnm@Bf{7J8bQ{S%Rjf{|)EEJBOW14Gm&Y UenAdhLcrH^d3CwcXQuxD56x4Ik^lez literal 43220 zcmdSB2T+qu-!6`ikD?%;k08=5AkvZEQEAe9FA>n70BQC4>b{BzssjiDjqXA5W~c2iW9BVM>pNBNvC^$-<# z)g))&_R8JO#?ghS7}oa&Xu9JDG|5`JTDaIcx!F285Z%B1_$km%LTHz9bnHV16s+iT3sy730)t#*+MLd1P>{01E1U`e4_1W<>qPbVo7A`bV=w=dNsJMtA)Ke z(A9;g?t4u%(0q%~tZ(k(VC!H_^qp=c6lf#<*Z19BEG&uemqFP7=qBR`fmk}Y5gqg; zAc3}6lGuOc%^O5_?qbIUR>^YCK!Bq|LN{*wX?vDXW5xW zcUPDVy9EZk;EpMY+#U+mZoA-4w0z@;8x3UFAuc5`?WSVKZpM#WLMEKKed3?8zP|a& zzkj;uM7~NtKt-O@h2Gowv-7R`(9CxWfto$t95e)Pl_qeTo`eJ90I%ksg0b=6zGWqF z84G!s{i|(bxt&5537F&W)Hl`a@&F! zLXi_??bjr!#?7?iZpj_)jL%2hxwrlA4)ZA?suvY}2l3CDpUE?nNZ$^R_=X$kpK@YW zYoBWR_A~e&%K!;=Y*kcI#We5FEZdjX9Y5y^Ukx)XIksGU6=)H$$aM(V;EE)7kKG^e z+&|K?{Q=6*fm>N+GWF`6ghcjCc*+J_QZoxeagke8P~KO$J~vQmYqBY3X))PFd5M&P zi#MQ~X8GQ>G-56}uYrzuTvkOBZglNh`Z88TfqgO+rfUm&e)uMtTSw7uMCW3wiESe) zo0gv8309MmI;q6I4d89^4@C{-nR(hVu%&hE|>tKd(OHr{mo;VXp2?d{h$7uE+n~R%=Oehn{5~Som zkD>m#`fQx-z!6#_c!7$=^TEtqHn$Am}SXx|M%x zj$ta*+n{~QvjSP37lzZ@=#O`!x+!Zj)IGm3&ZQxBqS2u*x8tD+B zsnUfoN`#gUXPc923HPxqV7erRGzeb=upQpRPLdlz{) z_13)g14f}s;~WOuz)01C18w}D_-8t+hfVvsCpNlO7yIYACwout)m~?$YA{NW&`(t- zW?$HzPdU>NzG23pn?OG@Yl^Kg?=|a?4ejq|+&=p31fZVyW43!#<8Tuo>| zoTF311#F8Hqk`v*bl&A6Sx`2|=jUEoPZn^ae=e;j(9sI6@s-ZyR{ecrMZaE<_YB<7 z4OU8(RK^Y{*#4#$7qXvCdDo^E4F{Zt3^s|Ivyq1ZxVe{j{v#qvP|s+R3)4lZ}^?QloS=~ z$>CmYt&q`FSNRsnOGj{q?;$tIJeC~himRf6DBXjO3uh=t(I9a?ez&)8h)*4BMPdqs zLF$PC;<|7$VcflWo=c2)k+ECg))BaB#nFb_@H5dF)p%jGUO=<!@T3nq<4eReX#5e+yUJhDx!ja2MxUHqhA-9JUL zI`K^P6tDmDo8kt_8+IXJ{Z(&SZfx6GE2g|*baf+jAQ!)y{DMSausSelK`fLF)?*jf z;)?I-qH0_Wo}`_gEsOq)L@snT=dJx|I2ldztf|6g3ijoEBZVHwSB+2=7Q@N3t*g7k z0}mg%uQBFch|g*6eu}K(Hbm<_-wP7f`RAm0_QXFlg^~W^BCH{>NWX|y&SrbI&&K1umkMNa8H<7fHLt}z ztc@ZJICzMy-zBM--&DIdp`0P&8GqXrMVf3} zllw&F#jsESiz8Eh#x<&*3w_vDWVF4;iRZ_#Q<;cGQSKDEHCU_Ah$BjQSTcXQ@6IH- zC$IzSPOC3P8Q)ms|ALPps@)bQoKwTar$sf=w-Ri$-LWID#9Su$zBu`WUsM{0(MTCQ z=0(k zZdzVtM>_$Hip5U{+rOYcaw*6AP`l(|UvF!6z|wnQB`r0~jz}ekwc_{*Y$;@ zqrXJOIL?x9RgB-Zn0v6rxmC7iwkQ_5MZW6TZ0rm*buIFm;2!#d{8{ z)+-!8`-mp1j86-ny5z%VHYu+0Z4AA7tgGPmb0RfMMEz9xe7w4l^l^q7gJsiu(_z(_ zMsc&n6FsytizR#Up48^rl&U$ov3u6k--^Mk*jdL8*VA)(QEx4S!3-ha?*=v=)ln z{qffp=kFa0{9t+a$suU61vyAhD?9e-9QJ$V)05WU732(OYAnmr#bqX1d0P=j zW9DkXGQ<>b(k&JMRXnHtX7qauGSij_q*wxgJnQ7L0^Ta(e>Jc6~k z8ON7`|*d+p!?a;V*@Up+BTVs-_TJdpd6~Z-d;D7XrUxpyM%q@fW!Dmc6k`Pc{-BuR<4H%2YL-VI>t5DvNXMr1psgI~ zOx$!wZV2kTcHy30nS6cmwNDI|J>4RlbFB`sD6`uc;yuf2=Iukalp? zayE1K1>YhlipXqWk6}@Lb0|utHEfOHabRFz=;dFI(V7NvCXh)7(MtJVy0d%>Rudn( zH>hw>&43K=TzS?zzXAb5i+=GWNt`d88#GxYq^K zcU>&9+&1g!9Hnk+zWt)(-1zhSmn59x8^K1FB^_7?iFNq0fuT^rY6ZxXVxZCV3iv2$9>^fp;F^~6F>jz8& zSkjNo=9=yr9KpU1W0lVdnMVo8RWD=J9ETH{?{>&ylCnlcyjLOQ1?Oca^28EnwPWA7 zXO@i93MGWiIHtwN#% zEwd>`bFXma?b((C?1Eoy?R&xB+Ly`vjb04TUyt##%TkGtrq`5`_NZdkN zOWX#ft(i^LGcZ-gfFbAD91wr+S`bbrLq)4mkWOb$%)s7iTwI5&H*}UXmEcWuANn2B zlGn1gzamYJ@$W`Dwb}n7I~QE>WYDSKraE2DC1sy%kp=H@N|QAm9&Y%FnK}l3gRs_X zWl!hh*22|Vmh#@yz0{V&lf=28Y-e83g_rikH`qYO#t|ARO(`JHbhooFQNnLFYJ=}Q zEHP_sFxr(*A=&yniv;PV5FQ=O{zLEE6^zmdR|sNgFa(0k7p-_~C3&&pXCHjL(!u*~ z&gsXOfCaNU9_k*XvH3VVH@1pu6;xI6K^cza#Zmp^;o2*uOLcLA*@e|KGN~nKh8J2W z>6%Ir6-^H`F6&kMQ(%1pi{;QB*evMRN0t1R%bbEU{FfY7^3i^>KPQ6)$mFbbizoYw z*46uc%F6K3zlozlu2H)j^~U1tf|Ws}O9 zR_%>HJL5kY9ci~?v_VwUonVVu-z_zH!V3Bfa`yd0$uLj`lrUygz_XLGpC@W`iTLTp zu~1s0?UZjbW28iG&E;v_3aoeR<2xBi`q|Wi2L8hJ#R3_@M$h)<)}Ki0c(Kc7nbM1l z@^(v0cJbJ9hEv-5OoeJ*)g%d}88!HL_#g{-vcU1qsSwJ4w>kwcm({7l$V?XmCm0ct zkk>YZQ+INzq4f1fXH5s`csbdwZeeg??IvBpa6yBVAJxJ4OuP@=&A-MjXx7_1p8#K0 z;N;oJaU6&q{w1qm#EjbG?v(Pqsq9TD&!WVjy4IruKb^pfIR+!d`|=fJ8jMs|OB;C? z5lx?$XttjJy+BKbZ2MM3fDSwq042I$gvAb>k)gxdui-Ii*)3mk)E+XtVxas!<_wcX&j6cXlOpZAu0F!Sm{=o5cyHc&n4`?C2@vO|*il{p5LuV7XCK1RAZ zZ%6X_cuiZ>7!62HV%J)Arbd>j98|UxsFNrIK);Bsx9Dw@cn~ENXyV!@iA&3xL~cF1d=@PBgsmdq zeV@SN5WU?h$yZLii2ZN0!34C_JGwRZQeszFa$_f3htTV{q}17;_M2XKPNG2$4oyYf zEQdRGn-PSMzUN23C3d2z|CU;KT~(||=8eVb71hA)|F`%DWz+F%<*NNq$4nbJr_R5C z?jN)z#I8lI`+ZfSZ~2p7A}fAzQahp^YP(hue#!TiFkn5sH=tOeX-_e2T%SRqD>7{O z`$x?UZ|y8U=Jh`3bQJ~6zsXnbKdYVD3n*hfrN zx`pZ`(3pvXeS-h|DNdPgsy<5m;^-q@D$t6j@q@x9wF=E zu9WkgX0U%!)6WERQa8+Oja}x^+?2H)sD*5ppPkOAhI!e3@QIi#KtKw?e=0Q*zM&6= zg%22MhLlFwmRFVSBwtq72HPlZ@*xZ*m9IxglI~XLiDGK{E1q(FO)naozizieo{W?; zYEi|Q@tujjb*EEhaxuxRjTBl^Ev#AZXq$35HG=pSL)URE$05fGYLFCI8wNKt1*snE z*_?Q1Jyw2;C(4DPuUF4Qxwy)y^Z^g)Fq0WW9(U}%c58x4dXeB(1{w?o#m&|ALieXB zTRay-l_I#u!iw+XGcK}LSDQEw51h*rtuNa(D9hW9Q|vab!}54{OXnb z|Gf8U#l~dOOy$@MuS`vN^i2fjKz;U|hT`(NY^sTWF^19e^ft(JMwi@2PIn1vvox3VkGFD`%44uII zx$AFtXxHD%l&7eEM=Mb;fMi`#%i?C{2&-|G`$np%QNo;3E>nO>kk98L-OyRu^Pe(d zPL_%Kr$xGn*Ocf-WE!Uw0s{K)WP;GI0|EjBTa@;RBWXrtIu(2}GtLD{ls^h>7jJjP zWabMN-eh|$_OnyXh|Qz#7Jhq3DInnS#(C)DuyHo()v%qIOc1GzREqBE`iAyYi$}(; zuXNte%dfhLbjHONxZ#u+w%^ns2DzqPWm@&zviC0eUsaZ~FiA@zY^>hY1!rcS!CVCc z^|~DSuZa5({2AEEdt>sIsnMl>Sdtkpd;uSTSd{p_q>szfW|w#bNtHIJR7^-!f5`o7 z(u88%cEFInbizQ95V(}B+Cq%(NWO>_Li;V~!NV68rwY8M9*7U_?p;9Klty;?EA93^ z)2*BS^G?tL&q-F#4N@*p8A}a+GQJ#qjU-0L%PWrA_5_DAbQnQu6_QeH#J?UdHdVEG zE!F=X34cX>KHovZ?tOSY^3pWywNLcWVjQFXW@OavgRBP+ZhL5Mew+1ibgw0mch_9b z5EP@5{n*#$qXdCegB`y)+?KwkI^pL2#ZcJYc89t#FSZTV9-g-d43(x|h%I*{;7w)X`+5UbpG^P6NiXM{a3Tihnvi*Lae}C&|%54tF zx-;hQ{!{}rx+!C%phGZDrIzFv5#&xvCdu z^6Y7I`NWv)PIazlhx*zaf^oK^w~KYx7-)w!?sJ{ml#)Z0M+_OJT1-Y7{5Tc?isdyW=($b`o?{S}Jh;^@SeW=()*Nh?S!=q|B{nKs*E%R3yd#Shq*&$D!5GOBoKi=^bLk)cHp(sp*1G_Y2)@aI8Li{qA;xBClGE zl?!Xjhggq;*)J7$!Bkm9dt)#MmUZLhWhO0;i^r_T)q`UH@-Wwo^y*wZQU8>X0#c3E z{-73WK&EzrSb4}wzxBchZ0!g3YWf^mmsdl}t8{;}H8LOiI{v*Ezr1~!d5*R=Je*M} z>2Y;kWzsnVUFpOG=dVdW+Hzu>F|R#gP|e7PL_4PF7a++_`_Z%ktK-T0-ZXua<^u|* zArg7_%4^qWjxlZ}?qvn7k}}z>3E1HIov`RYdEEAn=9>@9nYSVXd_&}G-sq1Uef4oL zEIv{3dz~HY2djnFW*ViL6s+Ft;t2TT25H`Q?)T1a)K@5-rNz6I^(3mIuk&j${H=0l zU3Qe`NYVMz-_7*d;7CL3!$-~b%DSGgTkwWIH&FZ0mnEc z7f+|>TpNUpe@2#%uQ`y_XG-F1kMd-EY$i)--9+!)yDIqwQYfU)hJsu@zW1h&)OM_o zKw7A#h86NB*H3=;tLM!Qa=^0xVt_8Qb54{j@9Dn@0_jTs^{)d^>bsjC!u^&CP5gPW zlFLkSW3{30hzEv7h;P;l&KHUACU$@q&hFwF1!V%ghYo(`U1c)^i-%V{JJBCnrhudD zP}b)JGLVSK=KcTiDeQ7e=Kv9R)CD{MJz@BP*gjxeKQjGl^!laY>i;;s_3ozu6qUVlm%|0RhXqiFv^w4dQ z?4xpBp+xtMg;FFrq?m~N>I6)p?`d09kA<}DzQQV{#~vbuuZZPUbgxmc(B&z+23-48lvucDmai|tMet+tj z{SWn0lK)Hb#-uQzXB-W@W^5Ke$Sw!N#>Q-&NjzLJ^4e*zrAY-U^;AGzf5b9KJp>>n zr%d+63hEi-J?>PDWIof1^PAX|?m|4i@v`j!EsE$Bg(3;ov;1V>93G|ow>Y=HoPsVTWwF!V zcX@-f1zIkd#AK#wysZ^S$IQ4QS`=hFqAphd!nDw5ru0h!S(-5Q1T9Ldaq;s_N4Qf% zqQY?JdoBq^crlw^%dH=sc4b|zcYt|+yDZMX4b^NXmW*&g)1yB<+6yh@YdLob7L)YJ z-6ku#U}>1p-_wEJ2GOA^L_qqJ%^2}8gr4Y>UwsA(uGm;-Y?i zY;aa4eiuD*?w_)On=^w+_kp@eViRxd)BNn(5#V3NbEKVU!ua?dv~hM~sF=2BxAlRii_TAKMCU z{YF)Wh}B_GRg|^~Auawl=I+CP4_1xAd}h)*zABYE7~dR+{1lU}opRWI%~DXS?UyQ$ z@6QrEM*~Zn_DE=#bD?H;{%D8rl)+Ie8WsJ7=lyZ+6k6Nn zyQKxLEuBOf_N;V4I0M5M`REGXBc`kR%AyC)=mi|Cy{G37e_|xx0Xj38rF}kOzO(`i z+^t5$V2fT}tb}O*6QSEvv%xoLTJ&?0l*;}><8u5p*PY~&`1rS@Lciz=?KVsi7^7i* zL-t0&S%<8r94;kVB|$Wz;r9_5ZFZ{*mEw@54qLI5Z#nTVV&ijzGYbv>CUvcHr8Mzp zOd@59%PD@0`Y7Hms_Uk%8W0YI6K{{k^kX4=`ngWG#3&Byw%3T%gq-+Cy2RnJPzOfN zD&vc`@l}JEg~EItxFfk**RzF8jshlc;Z+d@Tc+wA$G%M2aE z-*&KkE`83SAUA$FsHmElZK+q6e2b2vbNn<6S^7-nu2g6GZ5~sbrdK;*!s4t8xR~s& zPt3i0-)}S+_S_Cb8&sd&oTGyOdAD}}ZVgBodEXFlWC~M#O)E9PS#giD@W?nk9uJ*t zaHu zGNExhae5hNa$JAGhAWRZa>5T;6HE6JlGUP?Uq_C{Sy6-js=uQ-&+zE;&B?+3NcVHThyN)Y%~ z$hm(*yCMbw?Kgf(b(UPd_dU3U>VYEU2^bpL!iQ)HnE5+YM6pBXBE*$bHNKUqokDF9OHaWxyCc6jU>bG7U%6g zC);nS$`4mwhQ8mNw|K!>gksmD=vWD-mvo|L(2cSEqp13U-NaC9$pAyqQ+uFmlK13S zhdHO(ltWD9;3vC~NrMbx?oBRcgC6!OO`+QB9}du-AWid_Mb|!^3-Z6TJHN*|M}3Rm z@F~u)?qE#q(sUcM+5r&7?_G37I);Ozh86#LVeUv%J6dRX^r^A!XznX_61RsYg}$Mt z91zJ|^-@+M$o(-{(8@XUqF+`6xCejOxFYIlX>7ZbTKjj z#aX?TUdp&pb^Q4OWh#Yp1EtAO#=dJxs&295obh?@iDI<14vK4X1096w)4T|A7l7pU#xQgxxX)c=wEdOL4)uu>XCcdoOR ziW1hHMbBlDX3@}>)BlE#&WL&0X8sd>_&hU^NtF#r5r3-RhMTiL`1FaYj6Oe^tfS|c zv;PUG?Qxq`J5OF(#|oq?z1Fxo(mYAEY9uO^qTlHiV9(*BHA9?8IXY@~RXxWyE)@X- z^5|VV?wBYl-A?WF48d|*sc*GSsr;eKBI<2hlqP8f z0;7n+H|xa?>1}{n*GCAb43bmemnzt@paqBG*+&hm?xUpTRC+U*r>#C~-RCmrZkK2( zca>?7dds7h^Icmxh$Mu+g(&p2N$pU|=M`~(t#H|Bfz`lW<3^#;^U@x?3=+%z3%wqq zfI#Ik3}Wr$3hd^!8JIAETBLi}q_1>aRp10owM}wBy}0ePdT;b zN$=d}Ou2+H`Jr_pxm0vq-l*N+PK15a0`hwL|DPk)K4>=E>(Ynz1 z4H|S1bB$?MFKgoz^;~i$H78Q+$9KPzQ6Msdn+}~e{*n2fyPgrW;fCQdV_4(8g`S9~ zT;{AT!DV@=rax0`3riK!O-V0HVXxZhj4^(ifBaQRpheEIq#y;Ys!{(0T2N!W$Z+Qy zZ(b8`rIms9QGF%JWyv#8n`fl1pI#Lk9Ff>G>!GT$`l`PDd$Rdj;xWd+ZWZl}K~!Fp zTR@*+($zR?BjO)CdzP{?@g-Ae9KTCJR~qk3N_L;7*WTN`;^$dCGux3~*K$^t2p|wk zDonC1jENfl`^JH95TK^tyYAy7`O1NcZ{BE(7N}y=-mFL64;$PYW?h7hJMTT}dKox) zLzFfWUuwy7?!WXe6lmsc%m4U|Owb^9w4uDly(Y= zY>EIS8=vB{GW1WOwX@}fq~M51`#iBznn{M~8^M$D>-0x}-OU%F?cBxZc7}sZ4^N9q z8xsilOd~MUZ}%&)uSeR2VeZ_K;jWu{6vxZ$6c->-AeG<0(~>6J0%Z>~K}$x1&?Qw$ zVjyQT>&vIQ7iUcAT+)sP%})Bd5}do1IQV_2H8o8`VQ#l8H`85JXf zvJfb$Qo<+!yp)j!>bM@^_y|bNV;s+&2zP<%+n=@@u=fu3cEOX0tAkI9=6D}u%>y{+ zU3hi&)p_gN=&q2;yK6+hNwDTz1o4LM(jJUg6P}2OsA>MMULfb8q@|sjFuWQ%YuLo% zOnq;qpN{|PG6{feUkzTJ_7MH=-&SuZSV1BM%(zRapu!$kgRxD(D}moJ6jAv6PcFcl z?6yTE7w6X4=*RY3uCn*;PwZk4h_`sT0bNMA2g`cpavj#h(lBUi@%`}&vh%Dshrryg zg!hcgM{vaQz!2U@;8KlNZ%fw~gStPV}8Inpk{ycXuBi zc&^NqRmuxO%$a|wLp>)2aOLbjf}6<1p0?*e7q z2GXUUDmGSQZ-s{@$u-3aT=pgxAgyPbw9XsvR3@VUt)2K?l8lN0x)-qQf3(bq zVN)cCA)4#ac*X&iTQ;Q1lzitp`D@oArJmDB&N7rm(HxSCpJGB6H$)?Ck-$2KSI$fK zk1wd~W;cCWMBleGhRTZ0z};K>d*2Vkm@OHVgtvN8*2biI;FH33=3-Ppq~zb^2?6DU zhwyJY+6A4vaqp+}JADj_GCL zvhVCSohGTiQK!0dOixf{IYIRtbW9^-ANTf=m-Mils&=8lYsL_R690>biN=8!U56Ou zD*LXejds1MmE$R+3Zv9RxK`l@W0kIDH9C*{^mC0^oXfG1t6RWilU_zC=P0n78_KFkIvv~;@?k3rH_ZUEO&y#ay_0I)&}lbM!|N%_;!ShnJ#`$1?}@%cdo9`x8a;8qRs7~*?O(R0+kP{Y zL+#s%mC@C+E)&>xQ`X*STltM!s&pdi7*>7T{-+A@`t`m0`BvaIyZjZdp%jHE8^D+P z8$I)_9FyL*z=X&i?2`6#~%*iwZ52IU8~NL9{3%{0^1ylmjIm5HnWy8Q!>Z1 zRs}UeyjQal^ORl6SJsz2zZ3y74i4ET_<;&GL&8_5-~Vh}GOw-|Z>|i)0Q|gDTs1w0H5ZVDn7tCW|~;;u+*+?-eZB$7Ug}W zLPTLS=@RmwhJnLrn&Mmor$9Vbl?n1`X(JSEe_frYAV`->XKvMG*A3cjn?zE}?H&aQ0)y$93)ImQ=l2`d<#i z1SwZlb|#;eh=2+V4`E}wl8!cj&u+}DJ6JMK{}$K+teiQ2nQQF+xmn%wYACk}X(V0( zI}0TN)0Go!!kNJ{A2x^CEwep7_@#S-?cM@ZhSL%!WQmo2m@q_~k53cl;E!53t8|a_ zWPwPVV^k2FZ*!u4IepvGA&a6IFHpMk)slt(h(e#>5;RizKN>7{%i>Wn! z2MA9dqaJ!p17mn2Zy+86!|6SJdSBIjrg;*tq-2nd3V@_1Ot${G1G(^k_JixIPg`>R zFpaD@j%hB%4aO17vdc9huR>*)Pb02S%N~h%*oA56lt}adq4Fd>S1%Jc< zPaR>rcO0>9-t7A({>Rk5AoQcNzl9keg~Jf;M`vp5&l%JUwO3qIsjXiOR!j8@KZ4)E+OHm3iZ>t3s@Ng)X8TYBcdBd8 z$`n5ykf?8a_eSOtCPPM%!JSaYzw$9|`*8~yG9gov{TJ`j<}dMC-gIeH*LpXQG?e;{ z-&VG8jouv4KK%APe9;3H0#p?N@RSh*cQwKKMA)lO@*sY1=;u5OI)Vx~uC)Q%YZQY| zke7cpW$zgUgLc-wr#E{zo#S6FnwWBW1opx^HCNOQKXBz1Rl*p6+`0G_X&>y=tS3dZ zbp&zOys|ct#PvtFGt9{32yiagj?UG>pzaNw;)^}U+Ld}Obu)eS zO-DWQrA#yv!OPhra9tgb3C=&W#sU2>^e-1Qwh?ft@Du06azAAR?iUdMtBzW464kqS z+dm9v6;1UTGlWMslI((4or>C2KT6U&IBo`rw&MDX)(HWF;8h#78)|5<^(Uj6M7TO> zC^m^W>cpL9K?^+)XC1u(qyn}*HV2=I^d}? zv#xaEtQ)y7bPtMaYQ3Zs#y68Xy(Kv;$*cre3%@DYlwo$Ab1rsSvcdO_V|W%B(eEA) z#hc$L`}2VU#0z8|0t8MCa0ZdOZMSQ6_Q(O=Hv5sd>7nYWhf8@`bchm0MAqv4 z`<(R@LIJMeX)YBO%5$kB3Hglaejq+t<_7NJVOWGC zI!58C?z(Wb>+V_1gYm7E*t0L))?-ufav%4I>W6d=Gmy#dBW!TXu>>=k@tKLG-(9mr zagdfOwVS%zyugLg?rehf7R+Mv>o?FjN3?efAtLowYi%Y3@dIg(V7l)(VUhzrGhRl7 zNq|_JiZsptT;XhmR6!x7B5dC?P8XRmEJ_^YZ!K0#~9UsIRzr1E-IG6D( zYUDu2kzx_?4%qYr>wE)FaeYIpjRd5PzSdUlZ!`=gAs2g!H|O}UT9!`Z+x&1<&1u!7 z2u$a(eCFKfC~m0-+MWhUcn{(~ca}vr7C}E z3xq@2k?MA3e7NT>lIg+M26(#AXu%HEl{c_k1P}G>( z!Tt~x<0@0oilr3}P+#aRYxMlp`hc=eW&P%<=a6F)xqinn->A!;Pir;yi;;{8fGXBK z%@@J=sFGf9M}L#3spOq$!P@zlI@Q{TVT(PL7-h^oecZJu5q5rsG*b?S8IYg9(HJ%Z z>>ub2?50CYTW9i>a{Z0FM9RB;dKYLp$4x@hp~-l}h=KkJI?(sfSN~zq0+3a`$AyT# zFa38HGO)9%)7ragV*&U~Q4918I@C{|TJF1QCt4yU&|83f(n+xUI#K3#p|14@w}UlIZ*LW-Q&+J$8T% z0^PA7Ts$ZnT739{b=Y`wA@_g0f6$h84Y*JKum2a|zx#E44-3;~QnHv5KoLxu5a4Yz z7t$1v5A7>WKnHybPFoy(0A`$Q5@Z#k4OHvf`7e_x{#STcc-XtL;c89a@{PosdN4~zGLVvI$jws zUg~}^-NNI*Wia#mP)mJ0GeA$h=+~<*YUefWfJKUds#k3vPC5Oo!ixCIf&r7%vGWwj(2IAAcA)wd=T-?gSdO61#6*Ax2DTU)f^Jr5ql5%iU zB!cN2RLBgiW_=ul^u)nsxc0<7PgDpyzc1vi)y8wUkJ+omy$Os#6ul@r2n3q(!8*FF z^wCgJ`V~4NxrX3@Gx-CyRzMAKfn+QJYz@La2UG&`vQmp9!P%h1$5T=bO8*A^1bhO> z!^?$?W#pW(Y<_dS{>bVXXX##TCyz$aa1xq-qkRt`RoWNK$fqWupBoRFId)P;3=TVj z@ z61_FHuO6B_!Yi*GiKIQlYBa9b_wTLPdwujqOYFHppvmRSQ3i!uzZ_CfwshDjv%fJj z=4u_*(NkpsB+`ZmrZb-W40ZhMk;2PFp;b4GCe-cdE$u|ScvEn`f z724bg*fLe8H|^S5#vC25p6c5GQ5UkE3&We6Se0Ej?!_80bqWaq0Jul8R@)OfTBYX; zE@~8V@rbVQRQEt}O%F?Y0`!?tm-%@z09+(tCa(1PTbmj7{w63}aj^A44+fZJEdbZk zuwKL^ddfXdV!Rq!$ynAqmu}W_Fwox^pM1<`!7~6?f1iSSk?@scwIH|A<1hf{&>$|x zjXe$acGT7H>6`Ur)^7!iG_H!BN^SNGX(>SJr4D@+Hbz6X@RUNh7fWlcYh`^A54KLE z>o6JsRbuD=Z}N*p6i#7%D2F{c^1BQ(va~2opTw$K&cf17L!E6K-mh*N07ZuIjeQLO zC8YLB5BT(&1C_N105_=&*^Ex!W}qZoWC2Ykh4c`J8%!$e`oB3l0uRBjrI18>_;2t= z=t&?Z01g6=<@*_b0H$No{00(-WSRhs+C>pixp9N;0>-6hH~W|N6p(WE-)+1JC*9m6 zyB{B4@fw?XrU{@WFu;5$hJb?600r@5N*;`A;ZXJFkB(ho#1!ibN#*5JtPn(CJ3LA( z2oKAhzd@i+fq_^)M~woWZM4^Y4`4%hP3-~FbMzArh!4m!0qKUxcD)GKwiYZFUnn!x&VMgA(PTB77;A03tiC*C`fL|MG8-XJL9>oe^{EEFvRUlpf zBS)3UG!9HUMus6iib}o4MXV<+4#NX_RxQg~ zQv;0%AR?Df(mk7yL;|sgu!98FG8K~o(zZGeJlK}tF7df!Is(7^cFoG5^TuQckzzkH z_1}F}&(C|HsX6tC|3cbVhgG?K-EO2yK)Op5lt#J)1XM~=Iwcg?bf+L8ZO}+ccXyYP zg46~!DIm4!uDkZ}`1|hjefQpf?)l?9JKp`qT5HZZ#+YNt2ZPd;!ECh)1HRglOoOTt zSalGY1LH`EVYAj}^IK7Mc8m;t2-blzJYFoER>_`&y%ZBIig&wL-eT@z&O<4~XDNJX zmCeH!2g1azCW8c(11%XBr<1i)0;2mC!~!bfrmh>s`8D=31`&Q&=l5z_oTYXImTMO| zenu~~uC;PE&gC>H__#P{8#nGoFZXN=#$IUH(->kK4YhO*_r2cS*^^y$47~8M_9G~X zEKV)M4QyhXYDqhPgW@UTMJcY8)H!BnTYyh3dO!I&uAu7>E#ii~WRfH!=0v0Xabo16 zud01Te3ICFa);#V?^M(QwwWnmkICYw z)GzKCU)Bm7dC?5bMB+|HnGSE6y3Tn$5E|ODu9`4ROPsdoDfs|NXqw=59pZNpx7kQA zEy7RMb=9lN#y|P&ZoOH;$#Y6;wkGSe!`L^@;yII8e`@eDWh?vl`j)NMOC#{jweVv% zNgiJgL}YSpf$C(sfVPo(ugPeAl|oroULF=zB!;->q1E`MAoZIV&4l3lfo4a_T%{b{ znk%w_I`qXWueiGVev=$JA4{uPa)GD$2tTwSz4VvF_Y8tN-#!YL=6WB!u;651z+0jDuvYOsl^W(q`a>M(TmhMWUh~1$ntRgPdzfsUP z&eQf#q-Ln0RbDTJRk0J_g@+oq=euE8eU@Y!xbM%CaTQj4H`s!1nG4D^IrgoX5HU)c za4^7`O*JH#Lw;`!@6ZbjDS`*O+LaV0y?_QAk=j{uZ0Kty^hFmD!9v8=4=@!A(IZ zz;Ach=3e6$c{}AU)@VZKM}dCJ0*>A2&hr||R(xH@Cf=YK%+p?7g$=mw>NQ=?@x{b7 zT~C6DR+6bra^lb6$SE7%a%?vaDvbW&{S#sSe%Chn$)5 zm9?5Zm^>3h5$iK%5a?K3`iofP64$M2b;A2XUccpsph@r77Ii`(aB>lxkas$C=zTU) z0?+lLI)7bPOefIN1WCW$oGi_9+nL+l-L=xB%)y}Jk3AZp!}$zj-;Ux!Alg?KC75@I zD$~r?TfRf8L~qXDV@@d#yC^L1tzq-Vk9NoQFSP|WxaPYO_Eqt} zzf9EjLN38_mNpmg6!uyUZa@?N(i}Ntrl|6TIILQkd!k47XXIk4_pNDxo1^fxfd-+a zQI#`;C!PvEGg>C8D;K%gY9z(=epTH&lTjv%i1Ip*!XzJy-)t!?8&qR;8Ju$Sbf~%p za(b&i7l|D1Uc>G+JEf^*3Nha;6s@NN^22uvNy!HdTNqb1?mQ9{q@Kl`Zp3#R+c9}= z9qr}6XKN8DU=u35HVcCIgQFw!JxKxjR-;c@lkofR{nrnCtY=@4XO&3VYQcJjzH>$D z2j4Om(5rpf5ubeZsD)$gmHL{OIu0UL<><@Bv~CUOH9lQ>Gxj-)ASsA|)2pP}%s+XI z+lBV0-V*cgD0m!C68j<-u8GP5?KaD|2a3cg^GdHLH!B77nX4y-$+_o(XS`s=ww)l1 zw|$=4Vng#3e!LX$M`t>8VP3})9AgQkJH)|x;4A-O;|^3{EaA$yoCEJF&eY4&b;q@Q zivkRCbAo}8h2f)i{r%8#wTzSexZTYcR9P||8_q9R^? zr)~c?EqgJYKWwG?I0aAJH*0u}3zx@p%US`}fLv%`)uD4v^e7N3!PhfVgAF4oo93QkGok#p2cBjT)w(#QM~?rL3>NAzJ04@@iJTk!O(pKt452*>7@@$=Qlre zJceq9CGdc!1}VQB=5vRmnQ_sQ3KUPcseQ)8QflUIuk8;d<~0fW)f+rq@2Yz^L$QPC zJ0P=%KO`mB7M+;%`I_5xfqYf+a5#tt@qI0aC| z9zMXJq+)3&HGg#^IV9laujb^ieSKoxTXygZqwq5Y79E zQtP^#${2F*QaAmOnz-W4wll7UF}Q3DE%C{exA$Sc^sG(Z>z~3(^Dh47S1rYpJi*6< zH4DdP*A#eh5shdGhFl1_kGQuIyow&VM!tduCzd-w^-4k_t4*BZ;AFP8od6H~*o2a) zYPCn#sp^^Xeu{71I<5-=atJATjOH%0=kum&o$>k!onVB^A&4lP={(`dB@ojT3zQgs zu+CE!!ExiB_ZiFFf)vh{*!B|NisE3Zs;X~uax65ow3epI*&+UskysKE5@arx-yfW! z_?V+cv_L05YKU4dW=>YtM!!niQ-9nl(x7H9)26h%Q4d18so7FY?&`qM`}=IJ=&ai* zTm7s$p;Pm97iK~wa{$MDiutC3)V1(^bQSbo6OY5&$a;MLCoi|9{5xZKy;UnTDNEgr z{I2r(Tv7O|5*7a1W>AzFigucFj~dK}=OjMH-q@!Rarj2R*YieejfXa$U0s7Gb^YwP$ti z%82OHx0%QN0<&c5bji^{jlC7ef-b+4*~fosi1L|VroSw^k-k%Sl1Aq-zF@4?K!@PF z#64YpGhX0|9lYA~-Iv;+$yz4%aSmCjVMBW?NQz21L! z&1odqjkhb9^LO2fFY0(CAo zWBU|7mlna045!C>eG_g)zi#MqrW1wNUdh-_jh)Sr_^e4FL~@GFQKx+p8xu$3S@!MI zxI>>X;nj({eyUeAm_Z4yP0Zhb7;_!za_*a}5Hspd5RDsHZ8szh!DxrLSrD z3I)Zfq*d36z$6NUa}h2h`Qa}*LnMm+Z7A=Ay5y*65Ps1wjSOM11n7J#2q%tdwps2) zcYZw}vV}KP3yX+Qm6XuV_g)1^C;PUXCJrA8yy8SZ4t$3BdQ49mYu&UC0L3AckONod zm0xm&*^R`ewzEO@vt|dy0#KaSqUybInD1Kz`g{atxx%2+B5ZFu4P@-rqDtBWS%f{3 zk1$zn!&8S0PtUuZFmjzxneIqqF}@=-jf(d3*=!-Onb%pTjxKzW7zu(*dhDe$xNXane}joEtrk zek}LxD(7ajk=OX=_tGM$8$Hs~=(3#H|9<35(znI%_uHrO((SkZ90-2m%trFRf3@F+ zF8V<8xuO@8hHNl7&@(b8t5D`YXMR`-e5im=^hTMNx8jm>YU|52%LU3FthULRc3$5h z*3u~qvyDrO4{U7_qm6x#J>Kv0z&q5qIage8XrrI!u0pC*JN@5F8w8Kf^(<{};sUV^ z;xCsarL4^9=yX6xLSp5hb1@oa?5>RlZl&qCPjO2b7W~YCuSiWr(2dg7+wI2#a~*YK zdn~n+8#F;T9r>3*e@Em@#yTF#Zdy(OZ-D7$(8!;jp5sa^H)PmT5;m&WVCU>8!|r{H zS+ES*&0X)O7~x3ncU_Q(#=>v+Q*&eLD!nguSHS&&H`e}vBV@Kes?HvP*FU-t_km^D z>O+3U4xdk*x#f30Jl~vTqE4gQ=dpLfR|loy!~(~|^|&~*UP+I!dVi`yziv*^eHHsV z&PS3@`R~}pOjyMm%e%PnQ&CYd#y+3cP=5W4NSQ9avv-)@|G39%Ff2RtiwH4}3vmT* z|Az*?MEK#_+KTaHRPi^VSp1*{?C`jfHr&0+y=iJY6v(~qL4RrZyJ*Sz0yhsM-EG({L zgIhrtgi5Pw-NU*?N=|Al)A8mj;szTQw8F~ypsl_#_Xig@g`{O_PfHcEJEL!ntDy@q zn6jAh&9)ZtA{+SY|ExpHSL4R=P$*p#ZGT6$f^b=FZD2@bp`gL!_)mkpa;GqI2qB*X zjw6?OWkeWXt}?@$E%&Ake<%3TM4Nw#h=e4Rh&kA-D|E4}b|;F@a!C4TSX(<73f4LY;%I!_&P4V5Q)|!7 z(FOeKQeA3yW2P34bcQR}C48@iJoKYRKQcj9EmiF6@CZx1eJ6>W#01zQ&~<6LOp7jd ziOKRj9yzn(YX4d>lzwqTD5doj#6UmAqGc?^Kfadhs~S1-8xWDFR11Dv}9qdtu6G>sCI_%Z?+hPRm~JyW~*T*B_;g;{}r6o;{}a<`5sVo z%hwGTVYj&Ch63T$A%Hx7Vuc05Lx^+u6(zwcrxRFhk29dsJ^40GmG&jwC>kUkx%iL5TKVwdg2D&r zW_AhTxN~<)41#oBIOr&8-i%yE2j7-0ZXios58)B;lnyV7=8~MTarhzx9)g6_(EKfl z%ppF7!rysw7SO_VwO@9z_k(cTFSH57en-a=@H<5TDPUohvvZZ}BZx+w-5OHP3nq&t z5}WH?)b>Y+ZN|&muqKI3k0QOR)P+Ho20K&iz0LPi`FuKpB#%Yqz6EqEz!I1)!H#Wa z5MWQ3h%oRxzsgPoArfdC?8Mi}Dex@c^Ig~OhzfAC)kbQSD80)pQY@Q`du4Qpi`Vn( z^>Aebh0n}@jA_>P-17SC>PZOk-^95sRpqidvHJVBRb4}k1Zt;l$z+Y~b=N!1-2(!` z*$Ah0yplo%`2r2Ly`f~k&Y7DX@pgAw165>!Liu;rV=z@6_iK(fdmLNGtslMk9E&Yc zsKMr-pNcJcj36bE31r^{V#U*2LrEZ4TdAo%?6uBbw`u zVB&T)P6_YcE86&7;4GrEkH?-Qh+M%V*v=mPZ!4uIfT= zFNC*HXg37UPTdJr7K-4Fz>4llB300%ef)Q{ONKV=%-A?NQ6N*(qv3|^L=-duV^@;x zg9Z~LnkK;^vdBOJacizXX8OeaF39dyd(FOY+fRiL4tCT)h$G%OhOer!AZ_ zG)GkUH8#_s-+!i(k44YqT<&n_RS^1Kqgcd?vq3R%a7z|Ivi0;M_;&_8e(3O5%4EDq z&&k0+AfOZM6YMqhy$gpu%!F(T=xJ{Kv-rI%Sq!6jC=h|ZJ3@o|A$NN)lq)aM=gHX= zV2_?f;BTpG)v(SBaE1Hyf}sxGcr)b&KC19=>4z4B(fpZ8eV?NB$w{SWBnBvnBgrgn zE?(b0T9$1QafS!>vm#Ua{9W6(eq8s%`2@kbDPKV-!+Io2C#}jH*G+A%_SLoSBN{JV zU|%YVH7S{IoAUI?sep|0w6Mpu9!$z1b*X7<>BHlTh9&TF={A>o=CR{#UpnDXrTLxB zu)~Dh5&K$Sm~~v`upgZ;R&~4++De+J7Y>9Q)QqenRt`34B_;lzCz0l9dzF$*(lRd$ zG-0MK3GdZoj;~Pq%Koli@glOVA6AcEu$IU?i0$a^?$+&2Dt@+#|CoA!yT|v!ag6J^ z)OOT^M<=^);VMRuA5rU!hLWU_s(UYXY^810c(z7AqM3Pz_JuPV9v8V@e>Dw#5N6_a z58q!P&on;n-Sk(}yc2;8o(FVGN9yS9F%zIXnShKuN|Q-DB@{4QwR0_4(Rs$nxSnZ|mb@gZew-{mT^NFx1`2q0E* z9>^hgrOXfLE;}+m|X|u~2+lMlEq5Qx=BV#x0gC6!iiIfFv@wq}6OY5-9UoXG_XDh&H0MNbzwU-P( zX4>*HZSgXu#_N5tb_5+!ma5kZFXXYh?z?34mkY;J+z|h}d6Eq$8MiC1v^Ty3df3TaP2rN=xZxM=9=Oe_tr#%IM(u_I8sCKS(bO$_Yj4_Ye5= zBO+n#eqlG?7GCI!`Q7F-jKEAE+(&{Q!q(IP55v$j+v5t+TjYcZg#6EU&-|qV^$b?u zHhTeV7N%q7K4v)7UcP3Q!Ny^cc9fij?+j}^fjnW-NEN%i780OCDB~#jsb_AG7VdS( ztz9Fh9yyh=`f;cEoEg` zq@<)2LiXwWWM-qZ^Mq5Y-%Qk11A0QWk+1YVM}k)es|4@;Enq0N3tveeg}W`fo_^ID zw2lbWjv!k6fL!OiiO2V5`e)*m1j$%OtTu`a>8+>ZUC}x_nRLbdd<}13?=NXI3G8rG zVs6^JU~^akam|{?8t@3 ze|LGmo_d(0iNP|y2GC@l<|Gr}6*tJs#%5CXI`n{c)Q_9@zY>3;;Xa;;V7Bc>w->lu z1U+I%)=xK6TFTLCj_n#L<$~D8$s>Bujy=ZV?XvYe!kOU(42{$=Fl|M+Y5=uohp%qZrjN~*@cvt{_ZccS zX0%0gKMg~su1+a|b#JCPI|1MDjbh~ht_wD0nSz3;oyLc*DJ%?D{v1XqB~{kaBF#?c z>bQ?yI8TF_>+hDtuOQ}9ScXpLTXv?}z5*WRxibBPwXbigsliT;CmVcwPsNLlD1(u# znKa1jVMIt5#->(l$fTvX-AKj#?m;9K!RUR!lVh0GUQ_yMcYP9A!|}kQwcDL52#J`B zAq&<(a%rbskAjT|d6f{wto*J3*$TY2XYj)31v7RvU;oX!%-QFGd^3UTV1?#zq`mx*7l;0FQ$1_9Pfq~{n#R+T(xw>81^xU zf`|@QP(-Yb1arfZk6*ajSr&5r#bnp^A3xQ)6c5~%F3N}!yvA7T;d*Vqzlp0?o~2_B zKu?0Wn}qB3R2axDg%fseeF9+Yw8{Ph+!%qRk=f}K;2NXjD;RffogJV^;Dp4t9V|Ph z{W*~qE`vPsU~bJ4*WK5e$8BcG{z69SFE!M-j9t8Ak$K>@UXkH=b96R|C0<}o3y_(e%;fdBU@?=IT`vJ9zyzwu_F z?iERcIRXJ7V<>nUF;WS%_t=FZ4G;X>BV!+=r0!X=wp@_8yyRrwgxPDP#ke_FD=uwZ z%`iy55~q%8co<)-<*MF{5l`0owvc)Pr-tC)n{`GjL>DE&L64%Bj56!3n3@m5B`?yv zL}dgw1K3n?pVc!(?I1YY%yfoU@U}7xgW$bVcq@=p(halfOI_9#Po>Zi!yk>G!ejgE zcBd7riZsfH>x=_hARXiQ)`K|gQ}y*`-)e4*f7#_OPH}zPI{z0#f1{5CJ8?&wz1+|+ zFr?YZ^eU$?rL&&{EJ4{aeMSoqN5^g%R$<)yAG%)iCK1UF)n@TD3O>7U$0ll*x#y2> z!YN^4-Gp8j(p$^8qJnNh$G8Dsya*uE=})ewSAG+V(#q6a^}gw^av<#FXTPJl?|evg za(_z5>ZH8qIVp72Kzb)ZyO5)>`e+leh+XdIZ+!9Z?LC$M%?sDIaf)tVkCbOni^GxF ziL0lMQjnASs)`D+`OIRUv_b%YXNtucZVQ)MT*d2;6x36>MK-D}wuWREQOh4y3CG9F zcECrk4mRR!pBo}rAZ-is^nsa0ctCnG_5|zd^>C#12l00Emw=_w8KxbHB@gYCbeKoD zKeaiu@Y~Im1hahRAq?>cu=Qa)ryNjnIJ~BvmUYLJ(*7V>B6gLNN-#TRqUOoQXO~4} zaF>?(#D~FCLZKs)i_CR+_<>)NMKPe)I8i7BD3Fc*=NW9A@0@{o{mg|=vaSdZaX`$Y zBIWXnoW{pHG`;`5vpwsh?w~xb#>tY6eWwv6rl7#w__>NwsJ8X7CtJ&f)~*j6kC?Nu z>jlh*oc(RDlRDZ=$iHJIA{~$I`sjNTid7(G&y<}})VVBM9$YnOl}@7UVjUMU%_H8m znVSiq&PKCRp3;M01Kp3t5d^9pJYD^%<3nj0c&f5IHp5>57SRMi^+mD<-qGB>M{?aV zO}+&T6sC$u0f>kWwA3m6z1j&N>`qJo7_yEjy~s;0Lv*SD8N>`M5b%L^l{31;wfDp1 z7W=(Mo9m$PdGq;^YEg4)fHsgy2SA^O$tPrSoJqsCsH!)pfI`5jRXP(IKrOhqycsR? zdOleni9Y}+bYSQE;_{je0Cd$wO))Bw&ptaq5$PP3gn*MAXVbO^zZ=ifU_)jrppn^p zsr*MCtN%%$yScEAULH-)Ip86+lR$Af5ZyaWZVJM{fx|_#K;@f`;HL~Pzu=3!`#k%# zKix0A8G~~D&_kc^1eaV+IRa8>m2OqF`&;)&0l_r(X$o%(4ivn#En2j z%(sQ`Loe52TxLYi%D?KV^K;OjoNaKyT^srWHVx_sIV{~RC@d`2X>u^dPVzj35L$Rl zkr+Lx9H1UF#fGF`+odfl|G;`A`rN_mDTz&Z1t3@~Fe}&3nR_Y+D3C#3E-?C?oXnbK z6auXSxJvEJChFcq5aaj{VS0NvPb#+%#K-@^rS}RA^VOID6s5zb?F&F#4r^T(%IVvl9KDDm*Fa z&F4506v$AD$lFC`X5_a%mLsF22_%B35JHMEdd?E)3$}+Zbk)!--+wNyOm4(0SGUBe z3Fo=AA%Yi?!Xt>Rqxd__`A@H1B$T_vSia3dsuJnpch!*b51Dp&bl#;Lvhl6dB6iTl z{B^-(87KQC`<>EtuJ)n9FR|MqkMNR~G6jl>(+4T)vsnXA6#PtF*7-a{3jZc~=X+Yz zm7SfPsC0C6TQ~Lf9^d*KBih(^yw z*d1q455l3J`siu%Q4x)`5vdY&#NJ%|{}Yi;hyu|QXlCvn*1baRKv)}Xk@N>#7BF}c zGX1xJec?XU{uEwF{i=dai;MgR25Z21$ihHA@$UX{clW^>_j0#;)`7-LP3in12*l>v zUL0t8hTH~5u3-|m#Aj(OL9+y;hLY{+;PVQ#M+Fbi474HX=kI7NjiQJLh^ri%p*&>PMH(5a1K7w+ zvT$H{L;iEM;$JY^HC-g~m@Q4?ft0PStruzOXd9Mn+p@t?aA-&8oRQATmvK;iJKh)l4?y`y zM8gY#Xg}^H^%V&DTpwezmA2-DEZ{GRXGI%fM} z4f`-5h`)u4$+G~wQ1AeO>7>|2o9|gp4Rju%zXXrGQKBz5G*5228_#Cbgs0H6#a+*N z6~O&!%{NZ?Z_)mu*%$%K7_mx!p&!!R4EOoIu>cgH^mQmk@b)@Aqgq^geMs&1GXz?Q zl!hu^;|;XRJyAbC0rAXE_Yo^wI&GCYkac}t%TKve&z@50$4AP`geqY!kdWuQuy8xcNYk*#ysZN*qCcXE<9 zb0GzFKu>YGp+bMA8eg+Fx`qO4TzTSCGi45#{_baK+8XnEVZ0Nv_txOGKeP?dA5*_t zzxN^YSD^~WgXq7NAz(a!76gfqD?2V|&MeN>AJ{uPceTAmE!J$(N%F>ML-Y<$B~VR6 zIl66j)yx3n%~Sa1Z=id}D=X}7j~w^od>(v<{vQ;i1Z(c}0;Px<-9uzb20ZmvAn2eV z=e>6&5#(W@KvAUmHWTl#r&!y2V?%9lZw!?KYRh+fa~E36gS;xgcXaP`bpHG_7~jB0 zxzkiT{YLO=R*0T|T$5vh2r^OZ8(sV6Hi%&5_GF5eMmq(|i zLKV02m?^0(=L6pfI&i)tSj;4y(3X(~G3w+y9{_hkQz5mZkEXJ?> z89-2txh+d+@XlHJvx_W%y)lx!|Bo);7x3pb05j0pkBBP4_KGG_%_v}f_I7R4%_mwm{QtAu`FK+}_Z>t`;cF%KycUg!&^UBpl zyUvNS34uyEg8>)tv+x;=*Np%)C&2{e$^Xb4rkm-_o7Tm$oVT7dHH>Ho&{NPEdxKE4eExJ}ka=XLn&;9Iv|3Km^;&i^=ydM~@(?Ief# zFl?vAygf_uxhT(}-pjO@O@ojqJQD4HmM6|ubi?H=+0VM|_Nyo`io|Fu;HGAn+Insj z1%=FPjF^y=W&Qad6;jA)l^tRXm^%fJsSw6(8mr=^#wPM5%dCYSB>=+QZRhl~8>}Qi zle94QUl`v5qEEM2(Yg;P-6gbodw`IFh^@;i{0Rj^n)fj`3+(>`c?cEqN<}OZta~tL z#>)(HAlgE&P>mmw$!u-omPePm8fv0%y%HaJ;Sd<>qM(W)O8&B)mj;!t0}RE8Tl>e0 zMn~H*?fif*;SXsp&~+ZAMFvs~q0+SY2#J3W)eoBjNb8uJ9crmIUZ$?1%G3t+N#wlc}B+1VWh@pDdXCaf-v(@-J12PdPDmU`4b@qjH|D|f226s zHUwShKNJHe4dMF#BXrlii%#O-mgJkBMSCFUz$Gm~+8yd?bn!+;Aaq0lEF zmyKo^MP`x^kHsY){-WE9TR*!&&=$N+zGl2L&}esms>;N0)$P6N^*OPAClk7$g)0>C z8?pEux&%h-R`gm_xfR7l$*)DJI(5Bpz{Eg_Vf5P2ff%b)1E$fRdcDy| zIqLI#z)x++rTvAGSV)m&r=FP9>L~okrFC(2P10w=K%y0T-hcw22q-$^nL}Wi%bu5A z*X^}73tc#-%o=cA!yNT5K%7-wE?EO!`m{|af!yAd)7sUya#PcA zv^bI2>J5cm4nUwY>({A04a^QJ`?aDkYs%-RhX!d&WIEGD_6rwki$3Od`iv2SW(Qo6 z&}=hX&kjDHbfdS?&&^Zg2Uho#z;fRYxZhn=OjQ5&1=0{)Wo>CH5j;Run_*m+%MpL* zTi?c88f5m5i88J>mRC~3x3RIYU+Q``5t*Hr_f5AudF<{1MmoL)g;}eQ@CJEyx~n{C zlGkY)B9{wd)q6--nikfR=Z@6&1@b9eUq1`rk$AGwO~~b?CF-ZfgOt?7KVdwk)+kp{ zK(-0SypoZ%cJDktz&NxXaPa^D;=4@cA=6M!0O3CvXx|2Xb^y6e0q4n^wBq{QdTGN4 zFp12cjw>F;BMR#~g5_=PAl{`jpdFdn4|UleN^)Voo~Ji9e>kRu?3zOWoDUp4*;~^C z?xC$1&;(vsqlbVKFPq&n-AT1u1bhy(o1)BfDm~-kNHX$v9{_6cAmIie8o&d;$KhH9 zl3Q!B%L0`PP{0@i?I<8lgSL*gMhy>r@f{Obumw&1ES{a;LM{D{(#4`=Td-Y{LsJ#y z>$PMDUSjri2Yvz}=g04=4yM<86_SZWMi2LsHu&?J-EWV!X9Q5^f}Fe2%r@CO@txB2 z1~Rs?mML&@C*{@!Zq5m){UG(eQ@NyR?jQEC<7x16U)nne`iIBaTtqYMIxhQpIh@h= zBheuq{DQ9_ie46oB%mHK_-#8LzW)*h_#hL=^$=sY9Y}tx%IAW?h^xfd?Y&tNt&*ii zI|l{To(2Sx!Z^)Bb9@APbmR zvDtf)Ily`l1<$B2ZM@b1DEGv6@fUHRwWfXZwf2S0HeFUIT}>deQXh|F z3qLGuDI%#I=V#xPIXOYfG-uZFxEr=s&5G3~oEMhA=hF0EsV7cLf{udPyNA>hrr(CH zD9&bHTRjg$dy7wv$%D);?KD0>&ro$*Me9H14e^OKw8sx0n^F2l8~j>W@%*1|>G8H` zUg1v$?p?+R3LYAtbN7YwqsHep=1AX~g@4iB%> ztm0nVaZ;uEqGvX|nfm-HS@Q~zmbTV-VzIl^X|Mhx-SrR+@-@$py}AP)&u=s#dKqgSiY% zkKG)+?Q9iRz4?HaCTxG_1QoKS4<9gWIq%Q`v$JqDYJ}(8+x|1$9978OQ)+8DL{1Yu z`Q>rfPe_%ZMN8#;+hCKzR!?Pl!*jc`jB>Rguo_1!_njwPawqE~rM9-i8!q+T#RP-U zaqdRrnFtodxw5U(5{HBJhz%|1mT0NVX6-DtHV2hf(1ST&rSvBJ?R<&{q^cbqU;vO$ ze`u7pR~yU_l^MUE<0R=b@(Y-ni5D-g1ze^rfCV57nY(w|+tsPlS1dKH!oq*RJ3rax zf@@|8<{^s}(UBiU<8BqYUvqY#jDwy*plFhp6l&V3Z~#LWhb$#BI|zH>_}m*dhM@qU z1+y!*GxRa1&YX#rt;G!oibBA=40u?M0I8md{uk5&-6>a{L*234dirrVwJJ_{=By~j ziJauCP5y7wyniz7n&Y_5a$Ac2W1etE*P>0YdRdxk@8Ey}IoyH~ySg4*Sy`2>GU2^( z{d~)m?FlJM+2Dt)@0O7M{kmmpQ%7G_S?q={VpwahONt&oKiTdN>i@kSDB6C)$<1%K z^H^q<7xcn`eEB$qJ8^K6W(QT(qa1d$*0VJQdOm{a!%m&-Z;Vl^iWbgJ{{6L8S&8v1`8G2DVvaodK z1Z+#P+&duG10&XZ)Qe**iI)!^mYsEizrpp3vAlh=GS%|uAX_7cGA*gA`q}xi*Uxi| zH>fO?X4O9dgb%3ang?LvJ%%QF!?Uk3cr$B|!hZ55`HI3B^&Gg}4 z>k$8QYxBC|l6o#Pv0YShZ-Lvl%Um4gvI>BWdaVthyBS0M-F}`0Mr784I^s94$chMQ z*sI%e04!dF01~Rn!fGknOvJoP7eFxQ_r1|TE&|d(OyidA#FxO$I8*$~67~iI?K;G> zO9U67ccYo&6uMmMwo@eP7jgBQmaHS?yCA&s{PS0d*A}NTkQP z9$q1^{z>*ZmV{bYc@_j(WSJE$a2w&!8~M>ZzcAcA0~W6$>i7TUwgX-ncXv-y_{PZs zW4RQtPJu?!Tqa(~q6txvK7on~yI#eQCI1jc(5hL`wh-Z*r4H++NMZBZo^dhbGjF1ruXCF@`%9Z0JMW^RJ^GmhI~8X$s=Ph>%n6RkIS@(y%4c`e zT|Vn=PFDkb_At`KWNi)=hH3DkZK3Rmk(qvs#_i>_s3+^DVILH z2WIRWYR8*ITD5!w^fz+6rLFIJoaOxN;#uR^;~Tw(gAs*R%1MXU!w5L`gDC=ZE=mB zfr7sCPBh+abjamH9u%{z`(-7<-XI!_3~PzrTfZ!q(nJkB2M&yM*`APW^V&Esm9}l@ z*5a5d7O$xD8OEbz%^UzLZN8+yZZ`X$r(a)*QE8IqHKxoU5;3B#0@B&oIwAvaY{#1* zQ~3OoL0KwW&J;bLC;oZ?nvYiJ{T)=6&!n*6oOC(%cKJNx__Fg9WE=CtSsPX&fFm&; z?*;9z(GTe6WV;jqrY-De^esmLs3AZf6yOYOL5R6+Ks#D$F#$Wv5ZTN--WI_KFzjg% zt&jG+1+Z_84+|=$%=zyZB(`Tyxu06BAD2#v=`#dV>wV=HTn*k(JKTx%Y&1;(dngC1 zyO+2mh@4Fpdz$JhOo}xt^x3g*>o)jNn6b-X*G+PS>cxSckX0D2PV(9`rQ|`dB*4UB zxO$4r|B%@?fXwb59R+DT=msuNBx@IherD$0&A6c20&xauq?a@^dt=pDO;Xve5cwK- zH8>ej0fa7k_!WR z7Adp=k*uxec5nI1i5BiH%-K3h{rEfJPYJFr1n>hz3JY(;ZrAJTRv?eZ^g$>VKCtql zf@!w7W}-y4VO!XGK2~sy3ldUL-B$FFo>5w9v}NjQvA08>wMBt!aWHo9$4|YCAi$%A z+%Kd7mg>LJ#(;fN1q?|)T(Ii5*#>FBWvvv+eV>koJN9;;%bc8g+mxQw#WlbeW**>; zd=d1~_5-o=YMJwQOE=Tn4lcUgt@TD@Y=Cx|z*k7I1(0T3!&d9tJMq^659S;Xn{DO5 zQi$wxMEByUn!sUGUr4h4e&rrpnf#7d*h*TXlED zQwa0O@-4U0Gol#_;8*0S8FZfiWdg|mk1#Zd@yun%totFAAd0{1010$@J%41^cW<05 z5Ly%0|AQL|O+X_{XLd-a$JcrymgQ=aOz;rs+EQs#>ozfZW^g~}#5bL@I}Si<%Zs`U z$ciQ~*))H1Q}(XBc564+355kHzl3GGv^C8xGl_^MAQrqmzoZP`L`qkL`|`~HU2?PD zxe^6EQYQImqNa?%Dx{Kjbff*2|K^gMy6q8QI(~j$baO^G8M1Jl>3+m#Tco>ViG%Y? zvyJugT=1x6#WgjNDJ>FyU-~fKn$tah+$>!QB-Ke*TY2!r;Q>#-9;~zXhRqG-wEkmp zAEiV(=@F3ZU)Smn9s+|H+vygN`w8Dav5&9b@sC;k_D57H7IFW5#o8!tukz~b^)YA( zXI=K9(&|^1bb}g+D(H9g7+nOi$dK_XTFFhH?jKFjv>w^89u)vC5N>vM8l<<#Qbpp5 zUBK_d0I#@+^uN9kV2mLHb}nuH&adMAP&-bUPVFS|^zAgs-A{HRby~=90)sVL?L7U* zPPs1hZ-3lR z3bkC@CQ??6kZLJTs<{@sw(~x`)_fI|DS`9XUCLjO27J&NO-cD8Iw))61q_q;K#LEL zP=|rb*e|RpzRICT@T!=LJO{}PAW-+S@kz8a$-M2Y_qnOBoWYB!vqX*cH&ebZ? z69Mugb7L6|I4M|;5dc?12*{9NmqD+CM~-ITHb|XYrwE1#pHplak#>GNq?6Igp-9AO0}Zs!+JM`YXxuc_ z`&`Er0X8*64$}MncunUE1|rpUvqw!`9W`GAhnzhASofVFkfLSom~~zQlj$wUA9?!u z57{mWa~9CyF834l7NZ9K)Wt{r^v5?>guogQI;j$vSAww=yF7B$UkkHbI{K;WEWFr| z@zm62L2M8o_+6(S?VZ0aQ_*2Ny)9V!R0k(l=h}1aCrA9n^2VT%pwCZ57;uY4L??!V zttL~JX1%@XV4e8KfjX?B=$32K8K*?eylKdty zu+RW1ifp9;t>tjYZY!Vm#QCJ7o)7FP2~9Ty{1c2dutwdhNd*qqRKGK>Eol}>u8_gp zi@V>nn>YEXiu4;2#C1k|Hf)DH6EiR?(*8Egj9LB~SX^;eMX!1a>zqzb ztY5HwI2t7xGn|0dE`5Fl{FlsN@e4?vJgF99p}g=h_;B-GF2%>IWNsgv`zzvU53r@{ z=_|Tui2jVPZoj#juKa@HUkdi$AUAFtUdJ`4)Yo}x6@1oyWOo}Fj3ET?@oRj~*noJ+ ztlfejR`5}INZV!FrJVeJjP|=$2fWuck7=*%OulbtS&IQJ>REW`6H37z!FZMBwPnR>uh2@)6w*9<9@~W5in2qF(FeXP=>J z%o18BIDg%+%S;`#hrrEyDar|0y-rm&l;52mja_(A_a`m&E%}A`dGompEDrY?LBWIr zpNPf9@(JegQvNO@$FZO~%mV-jqA^J{(2JjJ^fudf^2cU=Lb1xy(dZc%4h|#cOY20n*TJnZxUU+FFTdNZvr0{GPQ?*5f|b1G|$Zm;xg&6xm(7%F67& z(o1yBSWp3fsXUM)0(NTe9ekg1&^ChgM7;#pEWhVK4Av8F#p>xygx|Ksn`BDS+r-jz ziraU#fC2-E?US9k=IJc=z$blb&hz!RTsEVnK}G@Q5UWrF+*n$)kei9TC|0+j^9TZC@^3jPP)BweeJ9y*W;6~wG0J? zCM$09Ei^TV3X|-bp;R+nLKt)Ce9uzqzl{B)WC0+?2c>=>pgeV|Y(XH`G zh}}J#NBvFJKixE>zOtK0(V2lZ22H#rjn+I^`#tgQ?#@ZrZXC21o%3 z*>hciUTU(Qc@{vt0T$uzwbu@V%Z&;$4;5umg34~9B3hSAe_qo+DtiD%R=qG4ZM?vG zcc`OYyBW%i1Dzd%CO4A%=1laHWQ(C%l3kLj(1-;8&U^rT(Czo3_aNJm-+LV?!QJ;G~`O$Z@GXU|cG*ir|MC^C@Q(O}@l>uHQua zVNKaAvU&OW&~gL%G1s0%A#*C_v~O?9w}2_3KHk@|e->y8)OWNhE5gHZ><=tBknWfn zyGzpYpBARx15Z+fT>@#Ta_3H%-HJnbvNj#Zn= z{~;v9sup5Ues3>kxanPc{+9n|lSuH{kpSR!)s>*2lzDEJd}0H7WS)r6ovh=VfC`_+ zMVehgjMDjc)U8NA($hv^(Mlf?U@QOSbBKZ)=18US{8cjzX6rf^qvMWBnOl4Y@cUQX zlt<7;)4_M`Qalb^$guL8Qv$6qPZksT&WgM#OADU?pQ+H{o-}ZuBTeX6)oQLyI3AY5 z;7#CU+I=%%SJ$Q4fpqq!)X*(kkMj%ptv>SY6AD80IstwM2)$p6rv1U`dC{7V=m^{m ze~}l$t8BhJT&@n2*mqieP4;;N?gx}Uq65?;o^4I}|`!`QzxFs-*+wa%WfSqDC$rLjubpsh& z9geOgNGq18e8L7|5110rDI@idLxgQnxG(i2sYFO*gI>bQLvby@mXvqEqKv$(e(LuL z88;)IakA--6oG;JpN<|oIq_-q;XtOB;b6BD`h`WDSZ5LVN9ctVu{?H>|AI_r=B=Tj zp%d{!RLF~$s53t$tKLkAW|%qLw?c!Yn{;>sdlUN4`r#z6^Yp#-m+uZRA|H3At->#E zVk{X83NapSc%=nBNxwegz{pMRWL)R46@O(2sY0RqQ1K33GKn_ZDuJ6GuAGZ~i=)^9 zvBd^F6-d!`yQ2G_?MC*Wge5GP=o-8}zW*XnDO;NjI-twdf^)YZ?j9E%lcijr-Bhe> z9e_DsG4)tXv|XH6h(x00I-qJ0Yyqsy9gbtacrkslyLZ&f94Lcg#r1-m-SEvwH}%Pr z5h?bb(A}rN?Zaa&0l&X=nJet}h>FDa21n|Eyz?w$f$YFgMHK6PYm0reo}HH)rSzQ6 z+pvgE4yZofx}c>*W1_v64F#2TfrGrd%)<|4fP~T#BWU}^8;m20lvm7bXcugK1HOKAFf#w!Z!Qq7;Gei z4W0snrWAMQ6sV>3+ppKJ%_8bSqGu)s0yYS6AYKXjeEYE&0Kp1L%l}&Xzlyr*u&A21 zy?~UIfS|O}N`tg?iJ+7SNUX4QHv&>3NS8KoQ1`V!LH^PKBJ(p8q*9dh*Y<{w+8{v&m=*DS3lVon88M#3 zDRbQ0!3aTpbmN4@z@Drt1lN)WG2xPO>u9kOM1p~6Dfl(@Kic6nks^f#>mk6`vH~-L z_eV|w)yZt}%g>Lwtr&fQD zMl30aLu^jBuinbjez~~nBCfXbJ8t?l2u*HT@VFJZwDim7)2=D+USVO4zK>gWEPzyI z(4)uP@+j8HC8TuMJaN$p@pTWG#GmNKYT%8Z@hl=O2t)&y>|NR4=FL?)OQ{4-pP1H` zrr3z(<}=8(@e_i`end_gr~C`nxpk#OTIv;cX z8J_W$^Y;%}KaY2O%yxW(R{4;e`nZ``=+b58HpTG%_tr45Pqz?gDO;n;u=C}xyxbcJ9zg}`cdSRR*SB8Ib2j$x98BSvrbNo(LsD8B z3*J1OH4eD86gAk~c0-pjTGg6yEQIvus*Jie7^rjc@KXF5b8U3AH)_7L=)uH3n})8#6~ z(A75YQY*MkrF0QUf1vqsW~o1wrvVc9K_eiffyCkbdgBknhfhZBj&Q&Ud2ns5M zw`+KKwKkQpc0>xJm?igf3n`9aEtchFDmGp>x>^3;Lm5RlwSEjga9m=@2uXtXx}U-8 z?A5l?KZz79?WD6L&Xd=_mb~*UDs=pMa6ux^oGbD1y8ES z9$S^P#?owD2r4lti=Y)CWv#wiV*=->>{e!JA67GE5*$eUe2!-ZUG4SDo&BF&$*7V} z>juTcf!QDD%hft53H-(aP+kjhkE+@1xd8;Mok1gJiSj4rPgaC_UTiBn4cPDgwTQFw zev@L`47eB><=E)TkJlg4f0C0gr4hmFd~)C${6po3M371Da7m>1Q2uuHW_LTqZQ^HM z_RwyDr9&#HES#{EtSuN-2N%g~zL|S@6T4+qc}m+;g!w`g*Rjh>0nhznQW0PNcpg{y3F%N-3*lX!TZ9e5;J@CB``)RHheuq(yc;@2$I_BQ&>A8_rr>+D? z)?e=RO)(?roSc-62&a@@Pgu8fKC=ocq9 zT8cUlKGOMxvGYiHrgq0-wP0-7M^{&?>=MPYz3-h87RsK9E6J+*uHD&2wpwCG#faCq#JO4lDFMd7cphXowQFaxlqsY6?~# zGp-O!?(3WJ+^_R{CpE@B)@?%W(s~D;$sXK6JpU z)4X{`UEM9Zg}J4J>okw_na>IQ4A9vtm!u?Vx@Z!QocYdB61|KW@`9hszeSH;Tid!y z$Oo3r3SqS8!e)3`1jMPJZ#~CzPkg=SWu0tKtDxo)`(3#jSGQ@11iQS{_Db{|7K>Vj zSWms4%0HgmaG+dhNmYHY>`NzPdw1Ml3}Kr2EGoJaMwCf05GTW@ahfU#ps~rq;?i)D za4rRgKnz~3SK79sajpLQ$cVw}^w&E2!oQy4_q6<@PoE+L6Gsbw&)(X(g3mP~JKYD4&4 zepOqSiY>dti``;GH{J+~td@{xhG!QNmbb=pNPKyFpUaS*=(ooP{TFpaYq!XvH3ofX zsYr-&8@^Iu>6IEOV$D9&+n13&CtFoVQ}cDIq!+Ke0)Cc|mSl3HPr&ei@rMZm8^-*|AB$SL zS~1|Rknr)yMgdc?86NT4AX;%?+ZZCZZUnM|tk$7?xI4Y_3Oj%PTHCJECNQCfSc zau$1gfD=0qG$#%v8dRHDJlwZCm@DUIBoW=_LAerI<$2)9@d_P!sM3*-X+E+Z&=32! zGqq@Gd1drZ3RG8%cU{~UBTHN2AZh4JtHI|( z!44}PN#==#@i}>cC&(<%rF}JVOkhl~v%J6U@0m~@Hp`qk4Byz7< zm)O>o9|maouDIc z)js@8evIZfgEPG|@rQigBNgD=T*G%pjA;`?@2>MNWXQme1A1pFaDlp@U(b**i0%%R z0HzlYq7LXN{UY{{LdJri7SJq~$jo=)l`fEbCVIZ>(4xA9>6_f2i`%0rX~B!wJik;%L^ldIB&mW{ta#!R=sfwBwZ$lAB1uHRg)Mgj=yPpLP`9o;=An;P_Lm zfhgdpg82K39ctU3C~v+sBf zUAuLG2{lM~;dJLOo*LGxtreY}`PJDe15SUKLm>DtRYkcMAYIfwRSM!zH3EWqhWq#L z!(WA{QP1le&FFsEi_Xm9xO8;ibyVEAW(50yC9oZ^{#WEdp!s}offf?Tt$M#g{m`#@ z@(K z9C|RhUCmLrsrs!VhVk)7g9-VXP%lz|S^EXuK)|7(H(K5&1QZ{2lw^BMY+T4e4-4$z z`PqTpRZd+%Y}V`l7eDaS&!m`8+RPfcJyg!o zCOPP{vWki%Yg*cV^PEQ*jW98gu+#8j2ry?a_)s-G)N?d;Xz>d=QjF4quR%aTl<%kdTS7GYqCN^@r)YX z2|*So@b3ksXbNz+q@vNBxi#vIynnF)a}H#eAQqWx(*glo5pKD5lTyRsRWJeXfV|SB zS|cDOB}ZABT;lv01Tbrm$u<@D!T0{9T-?|MgxhE-Fce6x@x>3vJm))NaUwnMMxDz= zR7O>lPgAkRn06i5ztz^>GrBXjZ;`@A2rSB=T7awo+V^ZO|9oD=7iMNp@44fxq6=lc zpKUtoJtqBkb{iYsCd}MdrHE3dl$V#!p4uj-pm;Yut$Mzm=Hz^FWC1Pd;CRFn9XMfg zjKXbumPt=NFIJAj0Csh64)A3$Lp=H|dIYov9E z_?d6ys9VUV3#YAI(PXXvgLkH`Q%9e{i#?P~%qv6*#Tk6lRfeOs z!-L$~Nl5$#46rUMdw$UtrZe>-_HoQg&qL>|9b4!(ti3?^IQFZ88dd)YkMopal4Wfa}xg zX~9=@L`ngaw%kJ%pvg8?yDS(Id+o~iD^~YFo1f4NJ_<+$cwaI2G*Muc>5pb&%W&mpt-Z1BM;xySmb8)&z3?WBZx^dD9T=|DNgTDOE&C23TKe z$>q29d1eg5qMh~*UdJ{edH}Q%_$u;*~r6HV$AwKKv^xO9p)`veJ%9`F+l1>jM8}1?vMYZtf!o z8X}VCmW0zSx+_0oRKx%B1s)fkWGH|2jpnMkSF?f=6r_1P|7k3Ru`C|geP*`*>9vL) zLF)flnAX*iZWC{MJhr0SBuaS&Qup5aKp+*b5%)hOLOQr}?{C$d`xcrOp1mC%^7xH} z|22HV(=|x?zm~Kg;o{;Z1v%dM3n=pV@++D7=IyR%k{23(&Jk8sdahU||N7nk0lh&_ A@Bjb+ From aee53922e55ffb6f767a3a81744308ceacfeafe4 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Thu, 14 Jun 2018 13:16:03 +0000 Subject: [PATCH 202/319] Merged PR 9058: fixing formatting --- windows/privacy/manage-windows-endpoints.md | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/windows/privacy/manage-windows-endpoints.md b/windows/privacy/manage-windows-endpoints.md index e43a9ddff4..ba3adcb3c4 100644 --- a/windows/privacy/manage-windows-endpoints.md +++ b/windows/privacy/manage-windows-endpoints.md @@ -34,7 +34,7 @@ We used the following methodology to derive these network endpoints: 2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device). 3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. 4. Compile reports on traffic going to public IP addresses. -5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory. +5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory. > [!NOTE] > Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time. @@ -529,8 +529,7 @@ In addition to the endpoints listed for Windows 10 Enterprise, the following end | dual-a-0001.a-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. | | fe2.update.microsoft.com | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. | | fe2.update.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. | -| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2/ -HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. | +| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2\/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. | | fg.download.windowsupdate.com.c.footprint.net | HTTP | Used to download operating system patches and updates. | | fp.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. | | g.live.com/1rewlive5skydrive/ | HTTPS | Used by a redirection service to automatically update URLs. | @@ -552,11 +551,9 @@ HTTPS | Enables connections to Windows Update, Microsoft Update, and the online | pti.store.microsoft.com | HTTPS | Used to communicate with Microsoft Store. | | pti.store.microsoft.com.unistore.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. | | purchase.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. | -| ris.api.iris.microsoft.com.akadns.net | TLSv1.2/ -HTTPS | Used to retrieve Windows Spotlight metadata. | +| ris.api.iris.microsoft.com.akadns.net | TLSv1.2\/HTTPS | Used to retrieve Windows Spotlight metadata. | | settings-win.data.microsoft.com | HTTPS | Used for Windows apps to dynamically update their configuration. | -| sls.update.microsoft.com.nsatc.net | TLSv1.2/ -HTTPS | Enables connections to Windows Update. | +| sls.update.microsoft.com.nsatc.net | TLSv1.2\/HTTPS | Enables connections to Windows Update. | | star-mini.c10r.facebook.com | TLSv1.2 | Used for the Facebook Live Tile. | | storecatalogrevocation.storequality.microsoft.com | HTTPS | Used to revoke licenses for malicious apps on the Microsoft Store. | | storeedgefd.dsx.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. | @@ -578,8 +575,7 @@ HTTPS | Enables connections to Windows Update. | | **Destination** | **Protocol** | **Description** | | --- | --- | --- | | *.*.akamai.net | HTTP | Used to download content. | -| *.*.akamaiedge.net | HTTP/ -TLSv1.2 | Used to check for updates to maps that have been downloaded for offline use. | +| *.*.akamaiedge.net | TLSv1.2\/HTTP | Used to check for updates to maps that have been downloaded for offline use. | | *.a-msedge.net | TLSv1.2 | Used by OfficeHub to get the metadata of Office apps. | | *.blob.core.windows.net | HTTPS | Used by Windows Update to update words used for language input methods. | | *.c-msedge.net | HTTP | Used by OfficeHub to get the metadata of Office apps. | @@ -618,8 +614,7 @@ TLSv1.2 | Used to check for updates to maps that have been downloaded for offlin | evoke-windowsservices-tas.msedge.net | HTTPS | Used by the Photos app to download configuration files, and to connect to the Office 365 portal’s shared infrastructure, including Office Online. | | fe2.update.microsoft.com | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. | | fe2.update.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. | -| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2/ -HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. | +| fe3.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2\/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. | | fe3.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. | | fg.download.windowsupdate.com.c.footprint.net | HTTP | Used to download operating system patches and updates. | | fp.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. | @@ -704,8 +699,7 @@ HTTPS | Enables connections to Windows Update, Microsoft Update, and the online | fe3.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update. | | fg.download.windowsupdate.com.c.footprint.net | HTTP | Used to download operating system patches and updates. | | fp.msedge.net | HTTPS | Used by OfficeHub to get the metadata of Office apps. | -| g.msn.com.nsatc.net | HTTP/ -TLSv1.2 | Used to retrieve Windows Spotlight metadata. | +| g.msn.com.nsatc.net | TLSv1.2\/HTTP | Used to retrieve Windows Spotlight metadata. | | geo-prod.do.dsp.mp.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update. | | geover-prod.do.dsp.mp.microsoft.com | HTTPS | Enables connections to Windows Update. | | go.microsoft.com | HTTPS | Used by a redirection service to automatically update URLs. | From c7b5756f6843a2fece5d8b4a69c5b33cbe369f75 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 14 Jun 2018 14:42:13 +0000 Subject: [PATCH 203/319] Merged PR 9060: Fixed heading --- devices/hololens/hololens-kiosk.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/devices/hololens/hololens-kiosk.md b/devices/hololens/hololens-kiosk.md index 0abcc7ac79..745543c41c 100644 --- a/devices/hololens/hololens-kiosk.md +++ b/devices/hololens/hololens-kiosk.md @@ -42,7 +42,8 @@ If you use [MDM, Microsoft Intune](#intune-kiosk), or a [provisioning package](# >[!NOTE] >Because a single-app kiosk launches the kiosk app when a user signs in, there is no Start screen displayed. -### Start layout file for Intune + +### Start layout file for MDM (Intune and others) Save the following sample as an XML file. You will select this file when you configure the kiosk in Microsoft Intune (or in another MDM service that provides a kiosk profile). From 719eeb5302d3965fcfb66f4146c873480c4b48ad Mon Sep 17 00:00:00 2001 From: JohnRajunas Date: Thu, 14 Jun 2018 12:38:36 -0400 Subject: [PATCH 204/319] Update windows-10-start-layout-options-and-policies.md I think adding the reference to CopyProfile not being supported will help insure IT Pros do not consider using it as a alternative to the options detailed here --- .../windows-10-start-layout-options-and-policies.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/configuration/windows-10-start-layout-options-and-policies.md b/windows/configuration/windows-10-start-layout-options-and-policies.md index 58bb51fd67..82f903e308 100644 --- a/windows/configuration/windows-10-start-layout-options-and-policies.md +++ b/windows/configuration/windows-10-start-layout-options-and-policies.md @@ -30,6 +30,8 @@ Organizations might want to deploy a customized Start and taskbar configuration >Start and taskbar configuration can be applied to devices running Windows 10 Pro, version 1703. > >Using the layout modification XML to configure Start is not supported with roaming user profiles. For more information, see [Deploy Roaming User Profiles](https://technet.microsoft.com/library/jj649079.aspx). +> +>Using CopyProfile for Start menu customization in Windows 10 isn't supported. For more information [Customize the Default User Profile by Using CopyProfile](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/customize-the-default-user-profile-by-using-copyprofile) From 74700422bc9d02a594ddcacb94f21e06ff34a6c1 Mon Sep 17 00:00:00 2001 From: Paul Fitzgerald Date: Thu, 14 Jun 2018 11:38:46 -0500 Subject: [PATCH 205/319] Update upgrade-readiness-deployment-script.md Updated URL to point to new location for referenced information. --- .../deployment/upgrade/upgrade-readiness-deployment-script.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md index c28763cabf..774f54ce73 100644 --- a/windows/deployment/upgrade/upgrade-readiness-deployment-script.md +++ b/windows/deployment/upgrade/upgrade-readiness-deployment-script.md @@ -229,7 +229,7 @@ The deployment script displays the following exit codes to let you know if it wa 32 - Appraiser version on the machine is outdated. - The configuration script detected a version of the compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Readiness solution. Use the latest version of the [compatibility update](https://technet.microsoft.com/en-us/itpro/windows/deploy/upgrade-readiness-get-started#deploy-the-compatibility-update-and-related-kbs) for Windows 7 SP1/Windows 8.1. + The configuration script detected a version of the compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Readiness solution. Use the latest version of the [compatibility update](https://docs.microsoft.com/en-us/windows/deployment/update/windows-analytics-get-started#deploy-the-compatibility-update-and-related-updates) for Windows 7 SP1/Windows 8.1. 33 - **CompatTelRunner.exe** exited with an exit code From 4e484666e0081fa699d83a97ed82149fc7d2bd30 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 14 Jun 2018 20:21:21 +0000 Subject: [PATCH 206/319] Merged PR 9074: update Intune kiosk instructions for HoloLens --- devices/hololens/hololens-kiosk.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/devices/hololens/hololens-kiosk.md b/devices/hololens/hololens-kiosk.md index 745543c41c..9b54f8a335 100644 --- a/devices/hololens/hololens-kiosk.md +++ b/devices/hololens/hololens-kiosk.md @@ -93,7 +93,7 @@ You will [create an XML file](#ppkg-kiosk) to define the kiosk configuration to ## Set up kiosk mode using Microsoft Intune or MDM (Windows 10, version 1803) -For HoloLens devices that are managed by Microsoft Intune, you [create a device restriction profile](https://docs.microsoft.com/intune/device-profile-create) and configure the [Kiosk (Preview) settings](https://docs.microsoft.com/intune/device-restrictions-windows-holographic#kiosk-preview). +For HoloLens devices that are managed by Microsoft Intune, you [create a device profile](https://docs.microsoft.com/intune/device-profile-create) and configure the [Kiosk settings](https://docs.microsoft.com/intune/kiosk-settings). For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, [create an XML file that defines the kiosk configuration](#create-xml-file), and make sure to include the [Start layout](#start-layout-for-a-provisioning-package) in the XML file. @@ -213,8 +213,7 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest* ## More information -Watch how to configure a kiosk in Microsoft Intune. ->[!VIDEO https://www.microsoft.com/videoplayer/embed/ce9992ab-9fea-465d-b773-ee960b990c4a?autoplay=false] + Watch how to configure a kiosk in a provisioning package. >[!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false] \ No newline at end of file From b16e9511dadc13693353b005cc91c44179f0c52d Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Thu, 14 Jun 2018 20:56:50 +0000 Subject: [PATCH 207/319] Updated inclusive-classroom-it-admin.md, fixing text issue --- education/get-started/inclusive-classroom-it-admin.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/get-started/inclusive-classroom-it-admin.md b/education/get-started/inclusive-classroom-it-admin.md index 63c0d3cb23..856e1c3a19 100644 --- a/education/get-started/inclusive-classroom-it-admin.md +++ b/education/get-started/inclusive-classroom-it-admin.md @@ -29,7 +29,7 @@ You will also learn how to deploy apps using Microsoft Intune, turn on or off Ea | Read aloud with simultaneous highlighting |

    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)

    |

    X

    |

    X

    (N/A for Outlook PC)

    |

    X

    (N/A for any OneNote apps or Outlook PC)

    | | Adjustable text spacing and font size |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iPad
    • Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)

    |

    X

    |

    X

    |

    X

    (N/A for any OneNote apps)

    | | Syllabification |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word Online
    • Outlook Web Access
    | |

    X

    (N/A for Word for iOS, Word Online, Outlook Web Access)

    |

    X

    (N/A for Word iOS)

    |

    X

    (N/A for Word iOS)

    |

    X

    (N/A for any OneNote apps or Word iOS)

    | -| Parts of speech identification |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (N/A for Word Online, Outlook Web Access)

    |

    X

    (ot includingN any OneNote apps)

    |

    X

    (N/A for any OneNote apps)

    |

    X

    (N/A for any OneNote apps)

    | +| Parts of speech identification |
    • OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (N/A for Word Online, Outlook Web Access)

    |

    X

    (N/A for any OneNote apps)

    |

    X

    (N/A for any OneNote apps)

    |

    X

    (N/A for any OneNote apps)

    | | Line focus mode |
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (N/A for Word Online, Outlook Web Access)

    |

    X

    (N/A for any OneNote apps)

    |

    X

    (N/A for any OneNote apps)

    |

    X

    (N/A for any OneNote apps)

    | | Picture Dictionary |
    • Word 2016, Word Online, Word Mac, Word for iOS
    • Outlook 2016, Outlook Web Access
    • Office Lens on iOS, Android
    | |

    X

    (N/A for Word Online, Outlook Web Access)

    |

    X

    (N/A for any OneNote apps)

    |

    X

    (N/A for any OneNote apps)

    |

    X

    (N/A for any OneNote apps)

    |
    From eda252e46e8678735d766bd9d59dff4366b42805 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 14 Jun 2018 14:28:17 -0700 Subject: [PATCH 208/319] added new block list --- .../microsoft-recommended-block-rules.md | 549 +++++++++++++++++- ...control-with-intelligent-security-graph.md | 4 +- 2 files changed, 547 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index ae37d52989..0dbc282f16 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.localizationpriority: high author: jsuther1974 -ms.date: 06/08/2018 +ms.date: 06/14/2018 --- # Microsoft recommended block rules @@ -384,7 +384,278 @@ Microsoft recommends that you block the following Microsoft-signed applications - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    **Watch what Educators say about Microsoft Education delivering better learning outcomes** Bring out the best in students by providing a platform for collaborating, exploring, personalized learning, and getting things done across all devices. From 3248089344b013e61f7639bccdfac4605081213e Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Mon, 18 Jun 2018 17:39:38 +0000 Subject: [PATCH 238/319] Added Inking.png --- education/trial-in-a-box/images/Inking.png | Bin 0 -> 2977 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 education/trial-in-a-box/images/Inking.png diff --git a/education/trial-in-a-box/images/Inking.png b/education/trial-in-a-box/images/Inking.png new file mode 100644 index 0000000000000000000000000000000000000000..bd9d09407d8e64a89052a246cefcfdee2ea97c8c GIT binary patch literal 2977 zcmZvecQhO99>*hAP@^cSHL7N-wcd!m)u>gJlqx|GD@u$MwO^FhXjLgnRf!d9#A;*J zs#Q&{8M9XH5vhIC_n!OLy?=b4-#MS(=lPxIoaa2}Jc$-&2CU5d%m4s@)yPoKl3Mkt zxdQ@H*Gr*;!_>m$XZRoh0AS(z6BB~HFn>6}!SDQ!&hpQ2M1YGojH>zraILi|R1ErqZDIbt z2w!(V>y@Q=Dr5Z5{y={hIDmW}v-V$27wO{z_eB8?`d{OzjNy-FjX-(B0VSIw64Y~g z8|i6Vdqizyqf;I3=XT@qHB+H8BiPIjs-KGrI4#5xZ#>f3R@s~pn8N5cv;EM;WN9u? zv=OWBfRYtF!^-nHJcC6WB?~sel!(0rGDxxT3g^Ud<2)l54)R5Chx5#V3Tk7A2 zG&#Kpk5{|DDLB|foQIr~0tT0JW)6Lp?_KTwt&pxX$)ePey^uxve^F6Yy8z{M5)bMW zTxW9fJH7r+K+sv}h%Y+Yg0YW2S|H)tn$V$iZir73Da_9r2po(VDYJz{z*^|}Swbm-GE&f&AEqBa z(GF&-A4!)xv>>kjla)Z1lhAI!ZW6KQ9zSVMI9fcEQGbwFoGR0xwItEicjZf9 z@_P>X;KjHs2x{f8K(fh%q@ak1h#MPtL-WzutiyG#LN;R`beA}S843AZv{wpm9MTYc zN*UjAW|kFDS^a4F?ow5tQe)S|6&j9T{}L!lG$N@9C56Hp)pEPO)Ld_Xp$}O1$ho#b z8vdmAgB(T|6-bu70xjnU@(td2XFUk;ww(^=k+&V#S*3)N~@~CB_DtZ zH|0K-(xpw+HYxK;*~bUy#)N?SBU70>ahl3<>NcAQc3(SUJvq)_-ZYn`olNWFcRSMD zVY|26nE2^Yog_3EHl6*X*cX(-coBN{Skqu2_~4b6=R)>j#@PAtpa^J`y*3CO-(@T? zdn|Jw_xa%+Cq=efJ#>A?O*u6DogJcdS2$}AdyUakfhc{*qp97-?mNZLrao(ts^q%| z0UFiLd)su~N9kX8`^3_!0i$oz6}zU#)?{&8hW?aFkp$n%ecWZMuN|1QMzPYUI@jbn z6>fXSQtwGeolXdAy*_Lu7cRmer-g-F0LK~t^Y>ZIGm6D;kQ~~`WlP~fA67>+%BGYi+RyWW`Q|6F!xt@z ziIjdiaoM4F52v%y&1iW=WPm@dF`-%})k(+{_Cj;huxn#NnVE(ZxbqY)b)t?g83)uq!ej`)hPdzCP& zbyP3#k|;t6D)q9dZ@sL4TWbCsT zj(51duX+=sj9Gzkj*I#0b3$R2yRAt)H^TRn=_ALbw847g{2_mpyKcpDRB20=Nu7Jl z{7hl*lu7BjBr&TtmUNZ0lb09p_LdWbJ;hd{ESz-oD=In=q2($)^W~Io#K{lghmKHq z=>Pt`Z`d{z<5?tp%>sN>V`+$cmeacF+hbiB!eSJeM&2@NHM@2&tc0*9LVkPT(Lj;oElGGqSNs_LR)A>PrJimdp=J>A33SQw7Af` z{^dPrH(`RYPE)U5#L4$woX_R)?c5z*1M6YE^N`gRE#?LDaZCw*>oG$}`A*VO9E82D zwV0xzUXSoXPxx^^D9GSR)oJZIRX;rRc_VFh)~(x}_cT#>U;@71bF_JLh<&6pFO9cB zvz-5zG6SLwLlJ6PUZLcbYQdZyA9Ns@GbwdTmj;nLF!8-%mLmM&l1Dqi){t>f>LFx! ze{j#AL&Q`%)Lf^(g=<@476y!acB5-%cRLZg`KGm2XSQJKN;6Bd#>i#*wr2cMU!e^3 zl^>*)sW2Y`B8_t0Wmf`m`JR@n2SLAhy8o`Ro2ssNS<}o3{aU(Ie;{6EJVHoyb$20h z!>90%Myz`b#2*{^A60Ca)5h2xGxkfzZs*aqiEwPs&-V6Jr!yuN3CI@~UbpIn!k;`a zsBv-A0?mbgHg5rA6!WaiRr;lA3@oGTKBe;aV|Lc1Uhx=zyhF${%DYUQnJJh_7A54j y%Igx}{X9EwS@!naJXfu;4^aExMEI)V>3F`7H(AY;1*tz#fRVnLUZsvx^uGagwYF&h literal 0 HcmV?d00001 From bbb36ee7d0688327e645a464e5432561d938acf0 Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Mon, 18 Jun 2018 18:09:46 +0000 Subject: [PATCH 239/319] Updated educator-tib-get-started.md, adding math section --- .../educator-tib-get-started.md | 54 ++++++++++--------- 1 file changed, 30 insertions(+), 24 deletions(-) diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md index 5b3c302235..588d7d6d1d 100644 --- a/education/trial-in-a-box/educator-tib-get-started.md +++ b/education/trial-in-a-box/educator-tib-get-started.md @@ -29,7 +29,7 @@ ms.date: 03/18/2018 | [![Open OneNote](images/edu-TIB-setp-4-v3.png)](#edu-task4) | **Trying to expand classroom creativity and interaction between students?**
    Open [OneNote](#edu-task4) and create an example group project for your class. | | [![Try Photos app](images/edu-tib-setp-5-v4.png)](#edu-task5) | **Curious about telling stories through video?**
    Try the [Photos app](#edu-task5) to make your own example video. | | [![Play with Minecraft: Education Edition](images/edu-tib-setp-6-v4.png)](#edu-task6) | **Want to teach kids to further collaborate and problem solve?**
    Play with [Minecraft: Education Edition](#edu-task6) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. | -| [![Do Math with Windows Ink](images/edu-tib-setp-7-v1.png)(#edu-task7)] | **Want to provide a personal math tutor for your students?**
    Use [Windows Ink and the Math Assistant feature](#edu-task7) in OneNote to give students step-by-step instructions and interactive 2D graphs for math problems. | +| [![Do Math with Windows Ink](images/edu-tib-setp-7-v1.png)](#edu-task7) | **Want to provide a personal math tutor for your students?**
    Use [Windows Ink and the Math Assistant feature](#edu-task7) in OneNote to give students step-by-step instructions and interactive 2D graphs for math problems. | | | |
    @@ -265,39 +265,45 @@ Today, we'll explore a Minecraft world through the eyes of a student.

    -![Help students understand new math concepts with the Math Assistant in OneNote](images/edu-TIB-setp-7-jump.png) -## 7. Go digital in your Math classroom +![Help students understand new math concepts with the Math Assistant in OneNote](images/Inking.png) +## 7. Use Windows Ink to provide a personal math tutor for your students -Whether you are an Ink user or prefer to type your math as text, Math Assistant can: -* give your students step-by-step instructions on how to solve their math problems. -* help them visualize math functions on an interactive 2D graph. -This digital tutor is available in the OneNote app for Windows 10 and OneNote Online. +The **Math Assistant** and **Ink Replay** features available in the OneNote app for Windows 10 and OneNote Online give your students step-by-step instructions on how to solve their math problems and help them visualize math functions on an interactive 2D graph. -**Try this in OneNote!** -To solve x^2-3x+2=0: -1. Write your equation in ink or type it as text. Use the **Lasso** tool to select the inked equation (or select the text if you typed it) and then, on the **Draw** tab, click the **Math** button. +**Solve 3x+4=7 in OneNote!** +1. Open the OneNote app for Windows 10 (not OneNote 2016). -2. From the drop-down menu in the Math pane, select the option to **Solve for x**. You can now see the final solution of the equation. +2. Click **Add Page** to launch a blank work space. -3. From the second drop down below, choose **Steps Using the Quadratic Formula**, which shows you the step-by-step solution of this equation. - - ![Select the Math button and use the dropdown menus](images/Math1.png) + ![Select add page button](images/plus-page.png) -4. Finally, **drag and drop** the steps to your page. +3. Write the equation 3x+4=7 in ink or type it as text. -5. On the **View** tab, click the **Replay** button and select the written equation to watch it replay your text. +4. If you wrote the equation using digital ink, use the **Lasso** tool to circle the equation. If you typed the equation, highlight it using your cursor. -To graph y=sin(x): -1. Write your equation in ink or type it as text (make sure the "y" isn't capitalized). Use the **Lasso** tool to select the inked equation (or select the text if you typed it) and then, on the **Draw** tab, click the **Math** button. + ![Lasso tool button](images/lasso.png) -2. From the drop-down menu in the Math pane, select the option to **Graph in 2D**. - >You can play with the interactive graph of your equation - use a **single finger** to move the graph position or **two fingers** to change the zoom level, or use a mouse to **click and drag** to move the position or use the **magnification** buttons to change the zoom level. - - > ![Select the Math button and use the dropdown menu](images/Math2.png) +5. On the Draw tab, click the **Math** button. -3. Expand **Key Graph Features** to understand the properties of your function, such as minima, maxima, zeros, etc. + ![Math button](images/math-button.png) -4. Finally, click the **Insert on Page** button below the graph to add a screenshot of the graph to your page. +To solve 3x+4=7: +1. From the drop-down menu in the **Math** pane, select the option to **Solve for x**. You can now see the final solution of the equation. + + ![Solve for x menu](images/solve-for-x.png) + +2. From the second drop-down below, choose **Steps for Solving Linear Formula**, which shows you the step-by-step solution of this equation. + +3. On the **View** tab, click the **Replay** button and select the written equation to watch it replay your text. Replay is great for students to review how the teacher solved the equation, for example. + + ![Replay button](images/replay.png) + +To graph 3x+4=7: +1. From the drop-down menu in the **Math** pane, select the option to **Graph Both Sides in 2D**. You can play with the interactive graph of your equation - use a single finger to move the graph position or two fingers to change the **zoom** level. + + ![Graph both sides in 2D](images/graph-for-x.png) + +2. Click the **Insert on Page** button below the graph to add a screenshot of the graph to your page.

    From 89fcd06b7521d79bba4dcb39d905703bed359789 Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Mon, 18 Jun 2018 18:10:45 +0000 Subject: [PATCH 240/319] Updated 3 files in images --- education/trial-in-a-box/images/Inking.png | Bin 2977 -> 3928 bytes .../trial-in-a-box/images/graph-for-x.png | Bin 13004 -> 18023 bytes .../trial-in-a-box/images/solve-for-x.png | Bin 11430 -> 15412 bytes 3 files changed, 0 insertions(+), 0 deletions(-) diff --git a/education/trial-in-a-box/images/Inking.png b/education/trial-in-a-box/images/Inking.png index bd9d09407d8e64a89052a246cefcfdee2ea97c8c..b6dcb58920950ce3476f8de12bfb583eac43aa23 100644 GIT binary patch delta 3751 zcma)DHJ+A_xsY|c~OLHS`jtd+N3=G^b zV<`MoGf(3l8_Q{a{bRrKRM;OGBLf&1_yYeEjI*BN*wZ3wAk6Fz>mmyu9}~FcF+?R5 zHUXTw0)y(=U~@LVAyb^j!y|XLfZ=;j-;{Y7$X;gO{Fr2T1w>}|eJ^~*+XDkHzq%{| zTamITH-QUYH@|_o@#H;ukIx>SU@gdsVr6ITx~7ioC9v~(gN@l-@dtj5gC7S1=T>qc z`)qD0es>D9vq^iE@bcnk<*L;dhqD2+Rv@Is7n(&FQPdquYxost$3 zOXTyU5(_b6Mhe!)Ehg#iPE=kd#x>mCMz8A!WLJ3iIFY;W=F#Xf{?L-4FLnV7@I--k zI!l+dlU%&v-GXH-kq;=hhOcA`cPU+k$#-_&e$Ge3owUW?pWU8g*YubmI=VI-K8bg%)i|m|wiuHEQK3nX`a(uFn||H$eo_?2 zPyzL2wur+!rdQXXhG(s}I#EKCceKQx{mGtFlZjZz_)hH#DUw!q#O^#cOQZ}u!|vnk z9_D7=k(E#m?q6A{X;r{c?sKzr=9BFhIrO%>Et4yMQ)>c#9}m0sla*{@{X4AY$Ef(d z>Rbb9ZW0lA;M3ZoFg(=;hP*moLC|%CUS?Bk8xg(~z6b`6x-O4H5zQ3|9n+(oA2mhJ ziN$RFv=fml!&+}&Tv&X=2I{;lo%=GeAaVXk8FQ;YB$#_|Ihk)oGNst2FgDCCYrK@V z{9{I(F1mEF7{hS_yunU5=$==0*Ejo{Lgm+DnGOL;yJm*v95_cdrBHGbU%{ zx1R#pVD>C^?SXI4Rl#0h47i;qD2Y{Qas+cS4xez)x8Rjx|4T1Y4O{97=w^q!yV>ji zF-JtWWTT%8co)IqCg(C2ks&TF$J>+f(k@3v6e?#DmF-r^mnk@T#M6<=9y#HwWx3k% zR2JwiL}*x8#dDoKs~o>b^DwJ&nTd^GJwU63`5pVT|LS7HR2cJdW|3<@PvwnM?@g#> zPW<|Gff|dd?h!VaH)thpySv2koU?5Wx9Zb@fM311H)NTJ)cmrxK=UMcGZ{=+lpAu~ zV87Q8OBr|-H3RRq2|!|`U?^uJHc(ysM<5^kl)!S0#%(R|^RNlgtRK zcuKxp?Zx<07XmwKE^o-`CONy`{)%)y7z+PpR+YWsnl?k36n$0!c~=>mw>Q-y=|27= zQlp7dtHyk~Ji1j9Tw#WliDjWi8rb5lwM?%TRMd#-vEla(JR-;p_cQki0UqC!qfqAi zU2JvmAHGTXzB<=CveEj+V-7$#9gfP@7y7AC!)Xb!#0l{bp7{7PvU7DjMTy2u?dEBX zMESRLTpt;-_aY}SkNsZ1pY8RO6N~KmBij%-^dK7Cb>priXvCh$p`c1{nkmkQ-t65L zRD&n$3QOY#cwfzlEN){y+|zzCG01uJ&_DI?*ML)p+{mxtYXlR)u$n-Q9}4Phk;z)cXit{Nn|M3=zYS#~^08qJ z;jzy`!%miGTjg3M4SJaLl zVpP#>M6@b&Mb$EKsy;NUp^Wb#l7O=II@fs?g;bVZzBy@Hgq9HCr#Ih3o%~zE&t-Rm zDXQy6oZny#L&)-*d}-xCcQ6pK1tvsS>&TEj)|3_~5F=PJ|`ZHD38J=kL8}TAu6w_I4M_(Fhx45jFWH0Mb$z0~P2m<$em!xoT9i z=f8hkCH>0H`fl%`adlluZCBJ4+lNj9^$|!GsYsAH2-UQot{F1(_}DGaEY~dZ8kwcI zsbAc!^^F=ZKQ=y8MchzT`q8k4Ws+`G%lyr=jRdY`x-H`C&JiN{^vdxxI(sDLYH3rv zgQJS2?;lup<{=?fcSqNPgs$b1Na);~n$YPF2xpFd>xQx*NvRT*d`#9~_@Pg>Ib{X% z{kYgD#ct5|`41+aaGxG|+ls51`xVA0W_g+XI-sd3sP_{`i69x40PjT99{e&AO?xS6 zw;+>Os%uqs&3F3Va^C`9b5&n`@Do|d3ymuX3D>vYRC+#{0_!y{vg(L= zZjku&9N+&+*94jIz&>RSg%|zaaE$S0wBRh9r`Hu6TE^No zGUgX7sT3-C3xE_y_eqKLGI7#!=sOPr_)^{IWiiwd04Ek*32- zowgD{u)VB(Y~lkq@=LcW@DJv211d8pu7@YgSqrg@C*AHGJ~WbGLxg$saoc+VS=p6; zmXdpA&>(fpCtHd9C+z^ieoj%s^*xTHZa3WTYOU9}n$Cm6l50&%)$Ut|Wc1k65&UUa zapTV$s@kqy!x8b?)#!US6;mZWuD_@gHBQvLih;-R_y(Qd%? zX>tg`=TpP)leHQ8rtQ$+!#!YBQmM&~mR1-vcwcj&yq(uP=k;U95Rwa$XatRFx+rfm zUEij=6PT_z`*k?{?kmREhNEf?3AJC-jJhMRJY;ow2AA;@OBhxC+>K7empWIy7-|Vc z61I>xr_qC-s~!EAy5c_>v@JT>eEz}Zs2R^J@)spLU5N7!#ri+r_-+6;zHikn4o$`3 zXD>L^YcavU7!M5@KE zc_*wL-pPXQgf>&Q`}#rp)#Xs-{yrnw<%#nwi48?vtL+@u&85Chr!BQhi9q3&kFdf` z`x(-?FA$;D$&|bGk${vk+|jP?e(CxFku!TfZThY~x_5gbH7m`_`c^4gJ$S|YA2yi4 z6# zwC{stUt)!JzhYwMLFUxKtaNK~%Co1$?77nTN*TLQ@Omk3U}7F4GWES?d91ABV+?uQuW_TRr@&g-%tzbg3t>*HyT z#%WZ@r}P`$yhi=5mD_S5xXGLGBf)X?SK#mf=J%!wFc((T7i51_m6I;j2vSy-mM~`w zJ0o@;2O?|_hVp(nw%GaFCS}f5j5TSXy^(W45YApEgQQS5%kCkBPK_~klU<+AE```N zleZqF-<%U$vb@@Fi zMcT_#)A37dd`c3VemFtZ@Js81d!vbR0bdLttYDXqbcHJ}DXI3r%jx#rVj)T+ONuYU*$PM@A}SsB&MexN3$!hnOuF(L7a)m+Fn zh(*ABs-cY4ud!PhulSuIA{Q?^=p#sCLm{GibY$h^4uDAu(vyFfCEm^B$T;h>UjiV|;S zAiya~RZ`|?d@?h~YIEq|*0!Di%q^aOU@*z!;H_LQw)>x{8XUX8xcjGVOfKHQ{l_=8 z2{-ujVvf|Awgx$h+GzKKt2KaM3cYZ+F=%vj}&EE5QVNex5II8$YnQ)-Q6 zl?y?1Ff~l6s3n^M1}O^{Ae{t|goFV?AY&3}v-OhK@Ad0)=UKN4%yap}j)GhJ4H z|9Jo1bI#|Sf8Y6S=TRKT_%o6?+Y30un&X+>n&X+>n&X+>n&X+>n&X+>n&X+>Iy*cJ zSQ20+cEld+31D#jBcB}}Vjub#f`U*7$_0WQh#~7A`7E7}P#y?{eg63L&XKr?C=-eZ z3E=A-S)Gyf{V@^#&z2Y<38$mnH=Y^a_`R`G!b9gyf84OT<*zSnkp%0R>Y1tG^(iwG zc}M{ULy#x$bjYt1-Mj8Md~j3(0?vcdt5-LFWo?%h!ui*Kks5DrM8sah2zY|G5IWMI ze7thWZLc0I%8q&BzdqFd{^c2{=xe*}i^q+s&te+R;~_k=RyGJ#7*RH?>^(aDnIDfH zFDY1)f27`VdO>#%w$hR@`B2sA|mrB4!RX?LS`r;9VmVqYg@KdB!Gb3U4>P zrSqy~xz9cxe)rk&VhS)FI_aiTpB1omIJw5!e;WZ1>ed~liAmi&AB%fsxjdc5zOy5^ zVR`lq^Yxuqc0O|5!uFg8V>)5M?$k%GTaDsjX77Cv&~r!PZ|pVj$v?lX{lEXVE0l!P z-ngo;ur;Wp0*EUyrm6&y+_btm7b#nZb3=o82+V+x3dFZRIWav}?r9HhTGh7og>o`Y zf1L}$^#g5iE`U#6@X5zY)v{i-C|Gx4-kN%+ZU~PD5m-z6KS#}X_LM+soB+PNOJeCB8YAo$`q^V zmR$)z*RL#ewPcL7Iuu)9s%+a|Lc})>wnbs+on;~hF+i_33^jyD0-*E@PnD-8D&1Yd z^{eK6c6egCSnchS*ABFK>xpDy@x|dWRB81h@ve*7*u-IoFhmrRmV&&OYy})qe{Jrr zA@N6R+VfiF-e)JF^Ea=KCSu(6^f-jNZlHN#Gpe!8MB=;8mv+27g-rM$Za1yZ?LbanpnjKAfE9lHN@VW z!+YKsT|SVx#_uR>A?yF3VpZwIi`5%A#f{GE+Tbl8{H{^U2J8KC{ z&mQ&PezpREkF3o17DQ@T1>)iTQ`-($WW>J=Mwu|M-UDDDNxV1i0~ZzEzf{2Ib{&cV zCE3@s#52G{1VN{N#i?49e~92f`nDaD)gt$Hs%uuZz!^m@G4#dZ2~_=>#lidf+pIA} zQk?#l9TA`ur(pJ^fK-t8RKp@`@CS}bll4$w23Sa;wE#R=0RqlI81Ff;1PU{u-+Q!r z_wFfhx?xpUPjeK<)hJT;Jy#muUq%#c9BkErN(};qU*(|e;U9difAYYK7Ak%7IR${( zDM2+v*&28>tYq(m5U@cgt116z-{g-E#4nG=6(`_4*oz$9@t&S@n=N2B506(Tt9{-2 z>VblFX+UHw-@g3>(qM3DaCv_-TymnKZhY`qscNMlAy75^vqL7Wy1w3~zk72V8}Ect zJ_gOS^-}|nC+VOCf7>9`j~}jn`r*Sr`Z*&3j0H19h&XxgrLBFfsU*2)gzni>f%NMy zZs~3E(4#T_lPHeb)q*@ZlsyCeeLlw^BRd*&S%_H<@^)i{vMIB!YK zywz9>4?~CQiNlo*_l#6aV$s6fr~j&T-37TY1WvaC1#A`I-M@(M-!ln8*RE>mZ4Q#e zg(2Vf{M7cBe=7*XkFIWu0;(n?rTn+IE&%XrZ8rkEw}=e@DTu77t#4WbkC390^1p9= zwK^%!?ae;;_w)L@b1)`NB*Ot9I3leBvw3H^I-d6QHLYLKWXj6Vf4sZ3zdK(xNZqgP9y_h*nIpJ= zZv|4_xH8+_EUhs@(*yhB?XOf2(LW6}=M=01*W!g|u382q_t*i0D);y4wM+7BOz6yS zWQruMz?XN7O;03!UBOi==Xt|IsH*X|4v(Q~2hY>*Tr$sDOLcY$e!phQLjb`0#w{$b z=!`-we~cGQ62IDJ0<;!;UM=6ddjgU-3>JC{Dz#7nJ+!a9^T0GR!AIA$M1e5QlJ|92 zZuRk;(iA(uXAuDOTkBzfgg7voRwjeC_RQ7GvfeqZC^i1}?I#h7q4P8A{vwAsbwbrz z)y!Nq@yMQx0{MeeDZG=vV@-~TKr$DgDGG#uf7JSc7pubuQe@T5tD{gW>!pPAB+wY7 znes3I&_HhhO*;>t+&7vi?LFX0cvAj!;^t44UIgSrsu;KBsnL%;{0qcbvxqM5Z?ncb zLFDOl^gN3^0NA<9E(qtf=T1)OPyD0^m_QSG7jmq~d1fHgNAXM+<4@VCsK4)V26(LTi{^zl54FIj_dY$gX={1fa1>dgl@^dfz{dSO z`T1>_EKdH%L&u(ei6G6|W%S7U?kmp^(!`#T7q~yH8tOR)X~C)YAG+u0_nxXiVPJ9g z!*2?g_qFB~&TsKyCiBn>rN8;+Xu{N2e@F+;DO@+u^v?5g5F$-1drv~lyc6&z;9&xV ziYmt6^6-hT?wG)|Lg1m?8@mg;KGGQl!Mnfu%A+q}aB23Dt2zq#0DwuIXE5k>x1efL z4fb~G7RQFOTHLX=W9vVhd&R2ew)Q5lO48JjWM^a56lL7MUeZ*^M<#Jea{8_9e@_F0 zTKfmgEQIi$1HmE?@Z#Xf%CV9MiKQJfqoX5J$yjB2Sx2*DW?xEMN~T8Co=Kh=)!*Nt-;5;GpujRi)t}`4|GejHYVQ9#vs-gK vvs-gKvs-gKvs-gKvs-gKvs-^|7d*cN7QXfF4Nf^800000NkvXXu0mjf_IZ8` diff --git a/education/trial-in-a-box/images/graph-for-x.png b/education/trial-in-a-box/images/graph-for-x.png index a250a986c10647f6cb53b0adebdd642332afd41c..66d1d4962157d686d4ad14c09db5b70f1102cfde 100644 GIT binary patch literal 18023 zcmc({1yEeU`z1OF1W9lS5Zr=$a0?p21B1H-clQt^z@Wi3fnb9>!3i)p1b4UK!5y~q z+uEx4wqEW2w`!~2B*^si+}pSB_nq&Y)6Ik_E55;e`r;`B0>OOuR{8@3@+by;k)u5Z zEhQ&;8Q=%H!&@z92n4J1-`ArA7A#WGi0blAK?Zdd1rHC2uu;3A=s!&|nl2KqE*ADq zkiyb|x1b5b1vE*UIh#0HI=EQc+d=TrscAv`(|_$!_70v-mLDx#AjQ}NLZB7vKdnw? zM*q4}xmenoL3l5)(ZMU||6WnGH+OM2ax#PHIXwL9{_H;ow{$kKF#=tkAa!lk(V!Xa zU$cghlbxmAM@Sp#W+-Sw{qOI0buux7oIQNr{U6<=>}_q$>|7w{1BtDm4dq`qHA@#8 zGf2U~C<6pS1$ieeq2`gkzu@izJ-ZYCJG|vQnelVxD_sx<8cr?FIUb>MNWnO~L_1#F z*0$Bwe|FVkU%9BJq-OOS^SDZp+Os}xymNgLSP-4*>+|~Fg^To)tJ`}4>L6CUw`iz~ z!{R=MP6t1;oShGM{m$F5LXjRp0w`kc*}-63h>)K{Uh`9xLm&;0K0Sf_#zbR<1lYYc zd<1bpdi)IXjTA={0$B)Xdkp!5@}I7!1e!rOFh~ES$B^Il;0dhap8YZ8n+_Uv&?&1v zCxWb7Z?#(QHi`@3nBHYvp~*_t?aIJGY?95W&HDUn?|4KF^}D$Da&lRI*V}bVemc;J z%oZF-Kv5V@Hk>&(e(TCk4B12;?dZx!&%dEjD1!=ZYbax`);4YF(4gMI$ibmJn^8}^ zsNGP&bw^EBR#sB-7mS2QTIEN)TUDoC8?kruVsTMK=phBCNn6REI)vGceygu7~ zB2jND0fpYJMsQ3PYgM`Ks>`Ub=P>^uZ1#N;i385U7%nPG4OzAtg%doFFuS`xvu{32 zoZQ)2_1LHNKm9YJVc=Wy{X6xmSJe@p8{tNl3X(+=%>BphpHYc8^lhqUgyh76Vi?2U zM3D*l-FjG9{Mq0|N2j){^S(G(z{JF?`Z&y&BH#Q$0tuqa3*$mei(bsrqWywHi*O{P zMb9-qo)srndu`_?1%CdV<$FHU)AP1$YHp^t5sJi}A`dR5(f#lsTPB<|17xM2qN4^nH%H zVq#)GX8H073C*q@xj1ghxrZ@@;}H>QK%q5Yn3iLCDe^C&&^bzTPU5FepPui{d`(Z^ zySQmA_@akrQtW=S_Xwhql87gl$SQ$mc~(q$_vel6juxA15g5h412Z%C?Yp_(wI8Y* z%E-ucArN+RwfoEMpZS-3oNwBG5%VCh$OM+%8n*`1>KxY)=iL?^=_13NOBQz+hh6m3k|MIExsTIMpp~ZxX8LECMW&Q zCN$pt=i%1atT0T1AU3h7n{#$@ilPwRacjgx>G&q`IZq+&IUe5X$rT1lNAFh#5JyFD z`0!RyX{p~vf(EigjF~3_M63CLg|5{L#_|+E2u**% zr4@)e@el!1PuAUA$r^6#>RK~dO~z#`-9JP3j+vQRyT%HtrKM$P_^p2fUQ)8qtL*=V-f za>?&zf3exSJBoa+Aucyq4&<-2bZ5Qenva-4TBtMGmV*F@A0EHk%M_lEAwfalmgbM8 zBqY>WO~A3mE|;8Nx)5p9NSe?0QWyWcjQfc_?Oyk&}>I6&c*Y-&h7W zkZ7V&*UgC<{R#qcw!hHmzS!i6j*iZzCnqwzwYixov4&P8ym zs+kZ>(#?yT1v~y+wKSymliPGbXH%`A;o&K`jW%V|b0s*OIXwG`x*Q1_H5gMIUGMH0 zbNK4TjjxyiK%}-$Nd5i&!|8%ZJaUifQE(-tRYZKiHFt!DVv&dAT<;W>iBLoXAk?Ov z|J-H_Q%L5d=Hug|rCr;bsnUM+B|AAQD=Q;I^y5%^P*Bj2wkeG3eIaAGY)%DufK!W$ zKlH@XYIl3`Z@s>}yN{2L2i+#SRo^STRQ2%iP*wf9U>91b1JSjv=4$T<#eO)7_J5T& z$kFuomwW5Yg6r<2E1!7Lvjtl`njljx3Qoh*#(Oxa{=P$=Ug0e=h0k*Bk{$hsFiFy0o==kQfJQ&zN!_J$gi5sx;1QkfghV z390YX9(})?c7ImpPfkwm+fD9X0EeHoTRW43pe>8Uv#KUha^4!c+f1|PvtLZl%%s4< ziAhST`#79=dV2cf2VHdc*b14uE$-QFS*zd9cwuK}r%^}96I9gh&Q8se$=TW21Qrdq zR@}MKtS6BA^O|=>|4@;J=GV5%u}G`Ok+JQ34A=SPTC`l;xF5pITNI5oD2BCvWMt$k zgOYx$pRc0g(0HM0o!tV!p?vui;~H(@z5OYn{6+tVJA4L3k-u$7V1N^O7KQLW$NBG4 zp@zo|?)WqPcJ9qjG?u4)_A z)~{P|(=j*SoGj57kcIL=XV%BgIi)$AQi#$=M>_8KEHy{0m|dbjBLAD5t(oj z52Xu^-7{5BESA4Qh1^+XsIRQ7uvtzx1te-k5OK(&S*GMpR5jRfHjlok zvRR&u%5liZ%34`Y__2HM4tU+{*O8bgi5vwnhU<-2d5PrZ!QnGDE&H`|029s4&5ey$ zPq)V!Eqs{6xeeO_zJ2?qnyRZY6tS5u2a$bubD@+jz(q&*V{or*5dAUNGur@uKAo8ag)iVX@sr>T@N~ixiY8kj+H+JQW=) ze@@;1@wC*`7da!uczC1N8nbRkXJ=<1Jc42p!?6+5hZhpkZ<;ugAH{}1N;e?YSTOI>BL?M|Lt%sz&khWEGBK;4ldxF%;xFdsp_ zy%C6NY(jNoDX-S~*`Ui_VEPDBibLIL!)LH);yp=+frWLjT6+P3{N|1BcBZd;zNd9< z!SB$r$AAQxUoPc*?Zx*V&HWQ9L^q6O04I48bo}4Sg8$Np|GR?tzu0y8rV-Mx;`Fnx zudlMQGBq_7)WIfw4#c!6H$5F42BnzK-{p4VwR`rQq4CK{s|OJCadc<)MqWv*{R#>S zu!>Bvm^Fd4L0PnMIw6!#uIO+$g{W6`dAS3iZXo^HljNY_L1OYR1{7Z6Q=49&{!=YC zfS%qoHZ_1mjB35z;2`T(dH*km0e8G`5A#yh*I(@CXx(%A>Cu8p$kG#CiyNjg@50OAB3j@fVUiRYF$yJkn*>laLVgP^6p&eXCzmU@g z-FW-*mHwS*2)ymDp{6F_$WozLzIzqjAs8g1$8(@KU7c*T9`~_yb#=Y`+G|%=rr#{Y z#>OTfP*2(Kv#&~E1~Aaf%uKxqdP8U6Ut$^Eodbs_s)uL0_;OMQZF#;g>@rRfaLi^5 z*T{u6Ab*-5l)!<>(&mm^)rejH$pO&#H74e7Ro2~}M(cIL(jk9}Jebpe91!rt1&-W( z-25@ix;b3QY{rm~5dA^LuX>Gcz5u#qbB^GmYZHJC`iM~?lGo~SX=O3U1Y*|ev39k{ zy1^aUpQ(BSod7Zl!0FLWlKLB}@&=mz%I>vTGf%)EJ3=sb|0b`mudC$9?$6frTfA~2 z1GT=&uszVa^_d{xCSU|mC@($zMlg{+8U{v_(6Ek{)=%@n7cwd~d}+g5jW9b)y=4I` z6W0D?+GvqV@Xk_f{YE!ibMw4*!(>3xY95BR4LFHM5_)=i#>dBFY2N@P&=Ao9W;Yvp zBN*lUQ`fKc!HV$jF&E;Gr^bn=`0d}0z`(#CKYoC);YO5BwZ)muY@GxL1<9xJmF&`z zzIZWNW)O`N9vPV-ZCDw@ zczJm(DZQc4L35sN$2+|OYZY7D{hf)TX8l7z?(-BguDA2E&fUYVf3wxib33i~BqtL~ z;4}ynmzJ{A(n^sAw3zneQlS;Ifap8lpJR9zH`((-+^?zE6lhB-3+y@_4CiqMIPA`K!UqB)z|;Acd~BK~@cW)?7aat&HGH6_rw8F9G7KsQD1BfK-5kpo?ELp@rlQD&Hys2x5!sB2 zsjs#R^E0i+CU#D)7JW_zK@k%q!;0?a@jka{Mx6vbxw*LkJe~{*zkv~d!U^o1*DrJ5 zoh%8@P9EG8blyC5cRYRccsJZbgu?dmk6QVy@1YdoQBenb%V1)O41A6NALdINw5l>1s=S$sSW~l1Kyyi6RF!-~6T~U2BY}7rZ;AjR&KC9-b^3 z4Zn%>E`3ws!tMtm&YLj4G-@ucio?u5UXMSyUID%JZ`j4ftTHN~@FsB>EDE{L0)|TI ze|t2PA#C5cUkenC2f!yF2x8SagdLXK)_cF!3}MNrsF&*g1k|#vtqp|!>gp=sE%o*F zMeb1F<+W&Wb`}<%v_T-F4CTCMwq4HcT8crwfmF$6Jnws@2IdHm6odQYBn>|}mLOS_ zLK@$dk66x#2gpc+rK(XcTx9iVE`$ihaD(e^t=)pQnwn{iHV^?`OTHJFh1|iNkjw$U=q~S)Bx~j3Oa{;NCjaB2I`vs*%GLiXp!Td zWG<8H7EKibRaMn!3ei4CU0>hkjukX)Y;nic&er=gP)91w`pt(kBXNLX1s=O6*1J6a z45G>6qno?f*jT_~55|th0JGDvZ%){{(nn{_8lK7@tbVw^XpR4Xm>JxGa$z@{x!On^ZmV&|l3!>z zl5n`Wsi{DQq6$I2QWga%>D&_iC_Y;8K`O|qffSw^|EZ~|M%_{%;XVQ#v9S@Bt*Nel zz9s(P2~N(|t&2B&0;DyV-Z(m-z3UnpKrylfhLlF8I^dY3d^Ud?DC>%gVOyS2YgSfP zAW&OfDx?Bf`@xL>vSZuJPm2_YE@0h74sShs_RJetT#Z+ZAT3I?3GwipwlduH%P?~R z1S6qh5o4g_j0k`mxoe*vF81V;t01t@z{AAEBwr!z{Cc3T;KB9^Dk`u0{< zJGWOS-UONkepk7C-1VltaaeBzb=({3Ovk{yii0uO-NhBS7?D z$|wJ3$$g53_EuiLTDwG#Z0+KvS)ap19w%sedYZjutHzeoTWzVgr)RpswTLmCnwlCg z7+Wx#{;=Ac@N@g5{)zGNYX66Oko@oBT*wa%lai9$|1L{Jt$Ac-ahtvOCwk*gRbHy* z;P4lmPv7?pYKv40O5gg{mbm3_Hy_J8r>h5SoZJ-r20CDDl$BRJe@i!SIE*g8HSA*yZl z0Ii>~ncB#T#Sqb!{MH>lQ%26PS{HnVd3Fk zR~tzjf)RH>Fam9z#~2gwrb%WeVTBumRU#=DRyNJ z%l6n1whajl1s>q}>S+4q#I9$Ewih6n4qVW#HuygXcEyZuoA#k zYu2B5eC!mpwz{@vw07Q)@@awzSaU#L0(eG6M!r4G7so_H`?L4f);7{Dq8W&Axgotp zP}sXE{mCdP{Vx{Wu_;8R&8vRuvcnwR+|B_mdff=w5d_6pyY;7rgrL}Z0|R($Y|K8r zELYz>^8QoV6JR4SFl>P$4eIjH;Nbph&p+>DV#2cK4zNfU(bdGSUr#1=?5})U!1yr1 z@wZN%prCws&xHVqToOGnIOr-s*6hqRl}T##YyDuM5m>lrAW{B#WB>4!7+F1^6Cs;3 zVpVf2^3X+OP_J8xh3zbqu{%{ZHA!d{!8Uuk+*7Hmtv&nucK}Y`(2yUv%l&S8j;lfE1ptxqGrg=f`VxG767FOhy=%`8cb)L0p4H7Y``vj- zei_~(6>?#;@pYvy-Qw>fw3@+DB(MAGWKvK2Jjfb`XlYr;rkcIoFe?NHV>?WR|6)QTDfg)ACNdL9B z+HRo%TnAV<@C1?zjXJa=7Rd92gj}}9{CIZVdItdH`@^6RkVJQ@YHMGED4-6)!^h78 z786(pNJIibf{H<`tfj>iz6yK?u#y0Bc{oG(0vKNg{-2lh%j)XuFFUZsML@ygv&A&I z1yk?Qyf{wt%*s_(5~;F5o(6 zEL-9ke{l~P}!oBT8UU3bQ@rW%LR_>~ejfRyX4Bm;irZb=;$DPOVD9F|yCSw)2k zbV7d#UT+;17FO1Lo~mA9b$7C;m+rFvB_hHb5IJ1QAe`xUn|&(>FexJ#p^RhWf{~HY zUqVM;0pDvEH#a^LRz^mPzIY~wP!|W+`h^1!Sfv`9?vF;dP!iJ9F(T|g9kc~J`9E7T z{J*I9{~s%n|MOA*-swRg*Xq8$zW*+xxb>M65(yB}($dlf=_HSz>23i_UZYqOFe3@H zYKChvlfC($z)ioH2MZe4tG76s%hyCNUNksu^aTV2+_U$bDXGK*h&a>peGcCJz=?Ps z(Pi=K++D&Bjd-m^SWqpl9aBOj{+|68=Jzs#kN>-c)BpEy*}qmz-b`i>I16Il>BTI% zxY%x|hPpNG_=0CqXC0&IUzgMf_6o9}P9&0Y_2D44mq-bCUzIbLZU6NT?_T8LGi82G#5QnOTkJLZX=+h37W_B%TleCNkc=udg4WOa;BPd z7`|(6Xatj{UAjB$38}Ih=}h^|!SLqQ)f`;xYEA4jwEl{yLrCOX#r(;}*c$>$a&HYE z_s4SQ@SzuFBQIY(M&4&2Q$nVlO6q@9_EsGEIY-Q&6^W%ALvDs@+nBsXyt_3vXXDX8 zFBi!ih5Cn#uyCb`(Wlg>gDgMKoi2RsmFUQ(go9D|QB-3XQ?J*h+KF}U?)3P5`HhaT z<2Y{ULLk(A=EB!9+dnAj>YCOOYuyd4lKu!>6c(s|JI}ke~F1K;HskZP?mL0-9H9(0STP&G|N};E-Y8l5M8n5OG zckE~B?swh~SGu#f(wF>ud4oc)h<>S<91wd1ckKKUqQvUupf^mm+gzf z&iekkYY(Yk7I~^+%JJLxX)Rwm9+(6xHpo<`zx!t~i7B%X*U$M2k6Pg4N?y$|JM*WX zOy32@Mo{8Ajro2?Te8%=TnMLEd%?}J^Jg{=eTj5D&o!mF6voVI_u*~(5PVXcW4MCy zrn0)FQ^tcV(}vvN-}rUVBkJmv;NooGnsE8n>p?E5032Z<)9ba*TOlKDX-GLfr2@2 z_!w=B^$dX}$tPaL?d_{|(u@8amcE(~l=to~4 zxSw@DT+BQY;H0v7?!S(iiOZClCN8XPX0^M^fbFk++vA_tRkM?7!R2JM*AraP`tHtY z-W^5JtNtf8%gG^wbBoZ;LfvTS;_Q6)VewJ3_wYGKrdZ|P(wIZ&nhbHTKCij-@0b~t z#wEcFA%;|8 zw%aY)%xSfj^DR`OCQczCHf7;V{J%3Mn6->+zK1__eqo?}57dL&bIc~5Ow1fzU^e_p zI_*1?+W(wXpDNj{^Q`XPY;v=8VD{GOIwab!et2uo(8lB5IVXK0bN`{If4Ep6Y0P0O ztNY!i9X%_Q1pKqGPa>axO>7(<{Zjtv7yuMH;-6^;3Jz-C8C&^GMu9RstrwpI2mJ^1 zPFJU~#^6^r@zfy%1}EN?*Dhm230JB~40S&UC42B*4&L_0Wc%`NMa>CwJeNXK@T2=_ zVK6vT{7kitTVI&V#;#gWQ*AwB@f>~o`&!~lw5=QG(BVk*s5*iJJG=TG{RFOccZ17Q zt`HpauYNHJx{g0uE!%WcvN`W{r5^1;GCgKXXNT5dP%FWy!QUtZj~ zlp$B2G=7#416-IE7hG8N9c8{+LhgdtGIKm;z$B+^;8Avkxh%=A!MQ{e7-5#S+mB5A zcP`jlt5h(LiqC>tYDVGmcTsZkvh*UEe_yYD6c_biZ!~HvSRR;CLPVm65!+b%o8H&L z%QD6Lz_N^u6tUJX43whZ6T~!9O+Ajrb44w(2+SK>ZK+V(w)5IsCVtkL7sR&n$5wV1 z!)0eoj~zB^n(A%114q^kF|KAz>KEB=IT(iZrICAwE7O}8*5d6 zg81+3RzLP`?R^!^)()#ehADA)Xc+Bm-X6ogxDJ!;J2Vu!4NV#lyi=vMdP)|>9G$On zF0`)CCR(3a5wY}^yhUZE3-xk=nIrCI@tua*bs6Q}woL)53E9`@YChj4x8n8A#GDIW zZ6$R?-PO6Q9Xh8ni~7~A79Sn>u=vlBdOG`OOy-f#?p(2Zosa9}$lzz4$;@2d;9aVZ zxobzo76-(h`P1byy7@Ao!#yO=?>W{LH3!Qw`1>Oq}szx-!@kJ`CjPv!bH zZldz`nGVlA7suK-KcTM^$+8!ncYLA>A0lQIIuU{N7Fw{UQvDp?dAO*Pp|#=8E*wTCSSC-Rnv3EbFlAZ|wQW@0u=^@cEiNyC+)*ugovR zm4+YodsHIUgjn=XK5jJypmh{o)vs}p8rg>98pXSL-0UUBXj>G(W549F#$s5WIRo?-dZC&EQYsL8+ZIA9o= z{gyGJR=4#r=Xd_R!B|~NIUhJ&goNPDW^Z-{KXpc;^P#wv?>wES0^aupSavVbZ=N;Z z{if6q87JkMsQiwUR`s@;X38#t3q@MD9?4oYH@{_^P?S~q)k%0(rl>llVCQ6|Q+;Wt zR>smR3*%(dZNqU=YBkTwigVZ)9&=YD`pDu#)1*y5Uch_@W}^xvA;~J8+Si9yvNMj~IG2p|lCZ^5gHH*?lUX zx@&m9*!XK|?cwxVH8{Uw^gsPGdKg*6?Y3k}g>~>4!<`=PF2un$iIc72!@rQaxrOOz ziyHmSFaCgfLNrvP0ssHrg2lSvQu_!3`LFJn&cNgu7Jm>iDOPH|`h)@` z=D!tmgAB^&;z*Fv7n-*ikb0H>#Wqc^=bAyU+a5vKmk1S?_S=6jBa+9qgLt(d0sWg7 z?mpPnb~_S=K)yTuEM4z~K==h&=*I5MrzbU*w=j51NG-T%09Q}_W z^@~O@99cD^q>H}?Po9HcT3*Uj9tU+KUC2WMNXccxH4>WDDs?vpvl`Dh+uNWN_SZ`s zRR!U?6Ji!`9z(psxuiX8p5g(FKD^zv(5F$`cN8ts`4o(PF1XI)z4P*(Q@?t)z$axw z5YmPjK~1MsU->ywrqPPTfz!U1H%uL8ncUE#j6*^1%z?4D}4t)ujAQN>4C&I}$xCSagT)Pw+KKM7sAW^mR}Hk<+t13B9?Nk$R_c_9?hD=7mYlO= zC~|fwJ;jqJ>%Nd6L^FY@OgN&N3G5HOmH$h>D``NSytYCp3(yE+{4N zNsx;BXIWvwXdN-j^dRfw45;AHyXbC{&Iacf^5up!m|dBHC9b6}C|?SA#4s6Im78vG zB3$zqK4Q<|e+<@^?84%HMjP~Zrb7XV0TutdyS^q27pgfl`&2HOKzK1k`GP&?iIj9( zP)EYgC?4V6J9c`;#ds&V*;g0x^OH|^RG~-2?q3q5H zB=xwbeunSVTTGQYN~a>MPxSJX+ld)3^{j@r5?~dUt#8R%ICb~^CUO`AVq@%D$2>nx z_ltNhu~taG4S_u3+AKah^eu83cQ?rs6I4DhhXzyA7?ud55y-a(E)^bl=6L+dIjXzmn>kch@_{B?Ij#6+!D|YIm$4c9hGNEf2R-CE}FE`@3Q)qrSUmp$4Fee#h9}0Y>ope9)&02 zQBdA5+xQkT7#9S?zx0jI75LoT1eUAyuV;akcBU_DM`o<6sQh2_u~>Wih-^ykj=LE? z*kPp{^-JX8NN}EnYn<^G=A!O>4|^FhJ7F+8WieC-6A~@%Kw|d{;bUBt<~|B_?Bx&b z)rX#qHM7WFw5X5?^BFG3FW06_sMN?+9{)5@BfI&rTIxQAHZ`J8lEjR{5&P9Z!`}O+ zL#L?9nm-OpvcOEvtegl++OjJn+IQ-@U{u75H3pO#+YDERl*R&PH+{~D{8<#@&D)oP ztX+}<#h1cfi|l0uE?Lc`ZOwlVJ7_|*1wMI@ZbY&i^WE-@-(|u0ragjUmU6ICNZoc1 zQM~uKRa2I7`3Stv%b4%>+KYRYUdrFJA`d7VxR3|zzP3k6G^8^_-8Z%?nZ;8C(Jz|v; zxWWZ0Je6Tw(q@w{U!p~ay^T4Sf)P-fSTQJI6x;rmf=P%t8Z!k@a*N;o>E3{LXM|Nr z*0lXXc7BXN=0R}E!l>b|+-nR2=~$LD4~hm{(PV#xrO#X8KN~RmL^~MC1cUm&$xtT7 z#iG=A=Cd+wOW%qkF@X=zvDim&DF^rJhvPn_v*b47) zh6;Yag4k}!)J(X&P7gp=A~qT1Xl%9RNT{_ONxm^AmRWpBf?s?WnGC=qUR) zaVcHwa(I;5xq~KD$LLdY3l4?zW6KAzsYQEjtkXXHGi^i5J6z!hZL(C;mi_3@Q1JxO zzAFQ6LcPmhTXY{%b_@DkF$~DGQg#JuDqeC9ac;H{!^^K}+$GHQ*0iu?1sv5aZadpH zqeGQMuRXg096zl{u`x_SC)OKHlTrnE=jK5C}2jBm~z(P+B=}FnUHq|LhGRB24qBVn=nTDU#PO36Gze(MY>!ktO6yKw;lb zM3ZM4JdN3BMT+(FR>(W`%t8z&vW2N@G8ifsgg!1fa&tEmUn@raz29V!%vhR+z zC1BYATIJ1poqrAO6?4q$N8`Lt!GF#>`W|_{B~5o1vy<2}E%o8LQirgliRrCj3C$Ok zyuK~(8M8c(Lc`^}JCW}$S-#!Y9}m3vOY%j-zER>*%*i!_L;xsFg5=pHS7XoJ-Z??o z(2q6y)jasc<4gVCV*O{Vi#-YC6bYkid262;X_ksob9u9qN+e$Gb}gIOjYkjf7ai^=>A>UViRW~eK5=tU4@vyGLfe|MZeKt4ury~;e>ysx9#RUKn%B_$)X zUq`m#I1z&1!YWh8>{{i*h|TGdO(=@E=gyrZMxwmrg4Uf2P#4)UE;~N)WGS8sCPZYW zQOjzr!eR!Jp4L4SIvhvit0fecv_uHt@*gf9%N_&!OCpXWp_YP9ruhCvK`pU~ zNlGI?wdFFYC;09v-%L8u1-xy|I+f*CVK`88vzz@InS<5l^PR7Xy?x%KccEee!Ux|U zfkFQIp*M#~o2P$je1hkwenmhTNntht*C3B;hVzc%@E{WFavP4)r=FWw7~CLD(ZJB6 zPxz*6{9f9xnjBSSy<5eUKKjruPe$0Hz;ZmaS76ZKWqQ1aGvm$n+Kq*JWS>{7uI%j(iS0A?l z`}~dhJ0CA))6}j*HBTgWkHMKV3JQk{@i%YPDY#tBHSY2VJwf2}i;@*xLKj~Vmlh~P5pxvQk?j-p{UA7939 zlaQF<{J)O{GqhN=u7sE5c|s#FzVG`pi<}=if8Gj~!Kh(ej0pdJ`6u}%J0qb*uZ&1z zUErk%9=~C_LIOwiIHyDq0~)P7PL9Qt!BD!WX{+@oP=0yX5s0r4)Nz1vt!G}m7LKvP zB`AIet#;~ad=Y29Dy%QZ8yXIm$1Y}`yHMXQ55`sLKw4*acV4Gob!8N^W-+mUiXq2U z#7&!ljjtM<+JW2|(>O#)@G*$*yBMc5VWN1=L6#=P_|(MvA@x2&B0PGgzX{9^^@LIfN?N{1 zieUubUm9Em)9Ju3L51z1>RGnT7fz4AKjjHV8}myvL?=QIMWV^&T8ey0#=bb#=8D%J zBqbKAZLnv_cw`tvY{tMpUT<~RB<+J`HnrQe*1}Ka>zU5`0S^|m=D2s+)*Fq@I#68H ziqvzn8Lci#wdTlDw(2h6w^qF2sgAalqFR2-F)XO(#JdI zcTbnSt=H==gci7r{v{6W9` zU&J3o#>rk92bv{~uCV&RIcEwnnrTIh-v4gL9y;*PuQn~aixSV5jecs8p{16)74-^5 z`n}^C(w!Z2_wJ~1qD{cWFg+HI;aq=QFLgAQZR`3Gd#3Ogr({rf0tV_u-6Sd-S3Y^3Su8kT6`WZR8C;>3rCN8ETHsxK)Kr_Ho2qe z%P_g!fKQ<^XRPpjsueo^9ed4gjVdv1s~qpNhfejQm$5q$d*2f|9q(BR(Z2iICuLqY z%<6BZTvr99DAD6l6g6L9j$41~A~3}wlHr+h86tK6s&GUdRNY`Kz<~$N1Aq_y?8yg_ zY_X1f5?cdE6tNm^#ENvHLxGIxD3~W_8Tk0__8Oz>$@Ix;#iNN#x5#O#5r)*&WB0 zefwnBV<|+;Qf|1pAA$olcj(!}`X`gddoS}5@etC-+IOzR$3o+60!S+yaD0_Mfx;`^ zI8g$Xb@+LI<}(h~myDi@1&KsChY{3|15>(}sjoel&?1PEET{GtMd-<;vZ`=`NO z$R~KcS~@?kW|~x%!ZNSaXmHDya`lhd^>rs~_s*o+X%c62p7!;vRb}zOMeWJ(F$|gd+)~ zfpfyS-;*GE@YsLunzqVuAwLa|hU8(lk^Wn}wJJ|o4p@{6ri;oVPOR#$z^!^x6Y&6A-rW>#S_vaDePb860~ zYfdA-&}F0kCgXE*;I+SY*y1H0ScA{MWD3Z-dcdO{dpz(xkoSWX{BL1P#CcJf(7|gA zOI{9r8no|#tRh}ZymHQndaVC+g%g)^g^L4Mkq%H&)q$1uH>rTqBU91 zWQTBi_zArE?u0m~W;s_63fP&;mtQb6TE4D+b-ie@*mGvL@O~@}|BYFl(82fVkPpL& zTS{|sO_uI5FFqr~IlGGZGSAdE1#FOhY)Z|@OyJ1IvLXJ!&$5OJYGhv!OXatg40^0o z4;NPdfN;cCBAxG-JzqHetZDLX+4ck0eO2+xrJ6sHMsdL!X0t}7t{_L5PXwU`Usv4= z;R8byRs+}7KI`t;gWqX3e=A^j+xh4AJZHmf<#}J};8&+z-|RQXB4g4jPUTb&J^%0v z|8u0q?KpIoKQz4Z4Zxc55gs>n3`IKNM4-RpmieKL!T0I!<-kEmvwb2~IvD{Dn@TW^ z%lG>PCppde&Tr&pgjzYd0T$?7>2eAi{op z?^JCV9%3YQbXQaTS+^6!V^iMsoYpgSJynE=0axzFxRL#c%#(w2LZd*n;0#R-LV-47 zVX^X~;w1Q1PAD}Ej=t5sHM7{nT)`z7bIyS3VcC$ot$!}Co7_vu*tM?u^<6MapQstB zZ5MGZE@H64x%KJl?)=Kx5XonjS3nq`Akx%Qy!I=X3a5=D*C=3S7}TA_Cfb-X-rrWC z_#Z=l3`I{LZSg$O+4VqjjQ2)Wz$|5PsPjoDHj&y4o+9)VyOD5PhDb@JOieKk`#S#p zwoM(bBZJJ9pyH;Y8ptJ`pqM{x97ssHaAMvIPN$OKNt%%7bog7CChy*b%J}WsNCkFh zkDcq(QiM`*8P*p*j~BNS`RO@_ktw%ppWsUW-X9e`K}d6~)&EPe@Up>6`-fk~ z#n%N@vl`B`XIHc{CEY@RQBD8)@=iQl!$*zN$&=K2FIV4oCLrfm1kU?(T<(?7qfZqf z2kh&}{6F;dQzJn2_?36DVylV7xB}v1)=M5QfxrBR_nz)x<$vP}HPw-&=Ez{MgK8V#8%( z3%>g$1>#B)V5d;Bd#gc>$iPN3s8ODw5wOT&E!A@u$Z%xLYl%D7DX~ul<2OC`ABUyk z2pAS)8vU@{mn2MV5n(s7au}%ni}BmQ-sje63S9mA@XG>vdEHw? z`7!I8qXVy*oR{(ua>-<-VKKMt&`JkTkv2N7tu!K)IGxrg!y-tmrC^ps-jAf<1EY!3 zR=nhJn*DGb>nPnkAj2cQ9Rk=Uf4e;+M}QS{A{nb^X*yHcgdCVK9;>RkZa(e=(s3tz~Fd!cpGR%b4%!h_7?Q88MK8m*_@ zVaV3xCne$Sa?%NNzAs0*ZjAK)FdM@Mw3Tk`7N^1t_c>)#m<`m-f0QKRp^bVC-oc0} z)ZMLpVTSA4we?nOx3g{P9BTcKdryMZnuuOTTSrvkSY@h~UNbS^!r7eLOY~*ub*(|@_rrl1g*t}Mx3$m~CMwV4G56?1&d4w$| zJ~Dven8jPUu3+^&E@eQxHahH!^JS5HIBc_N@6ki7Cy32}eLg=v!22?8U(mv9^{QdY zsN&;s6=(Anwj&0i3sCanwcNMouau6h3{Yfe=)WeZxb)r=K+WOvJ`}K6X7}HXW4F>7 z106f3!;>o1I^r35KNZ~X*U4LIGem2vwrpFh=5GsXH9D0;F?%;Z9;w<2nxZlw(7wyH z{(!j1^6StQIc4psKZX3pT|iD0R9i-VT!I3zGxe>>_vXlEUXvDCE0mV!9QgfcSvK!; znrrx1s=-%^IuLErM9L%!vRu|gpK^G>;uDn)mFn!v(+G4LrQzsUn* z*Me9Yw(YSWM=%$c_9!r^HZ&cAPXwv%#^Ig~%6qz$U^6_u&_?r^YdUCfc%u>STb@Y) z`K=10R-}tdsgosPzoA>0EqUZTJ@rFvoiF@3g=^C(F$BW?2w$EsoH3k)@Jr9eJWCx| zY#Cb8f|!i2kXt|?--LrQ-#H7H literal 13004 zcmdtJ2UJt*+AbOpMa4!DRC*KXB2AF4^b$kpRgvC%Z|XvX7zn)+r6i$?h;&e?(jpK* zkX{9(h5&((oVeAs*V%Xd|G)Pgcib_~$rzaZO>chB<8-J`uVfh&H?~{^O_p> z^Z@|M2LJ%Yo70r!W5cCs6!`*$kG{GJpuC@Dg?vKgpscG5093})5FVZ+pP%v6F!ccd zF0}smQgnKtYyp5<4>j*88w6UdPb!x4)Qs)TdN7Z7W;s&CCHLyHoKuTr+6wnvXiK-9 z!8`^~KYMuP5*2m6Mda+|8??zG6yYAYW0qLmH$=axdeh++ny3?r?KTPR!K*Tlv@=Qj zaHjWMXf8(l_Pjci^X60&WYDWIf~26u)FLvtM%er6fdkVBS_HFdHuvx86=yQ~w_P?f zTOQ`Z;tJS0EeirKSM1KpNHYd8wutN?hhm}@A%xA9wvQ$Yv+chR0*8H4TFh?s_j80- z*V;a^z3#fmu5fR~9c^k`zlH?D5sX8w9(u;mI>)BFLaw7ZyB0}~IZd`5=Z)Jx%8Kly z`Mq5l*!G(gVD!gwDMk>pE4oh}8#I_F7O7g5TQ$h6g)G@T+}~X2vUw=9v-RiUjJx(_ zu+77Y<}Sr>+@y8H{#^q$yG5=R;#}75P$n1}CA?v)@c9G-gfJ_rsI~%S3riNE0aI5y zCQ@73%H!T@v^ZMLHbFvfD#&HEe^fKKwXS@fX1)+p*;Vx*!C`xi>$s%VDQ-Ffzi(pF z+;!060OVop;Hn^Cfh2EbkB{((qoy9|Ar8*6YY%n5#*u8byenCbX_s@7~^V zm?g%Wn%8R!mDVK{C7rcO?8b9Va{6iOYfpVp#Hy|$TeVi+GPm+wY0@ZKFQIH)5y+;RI_WLlY>A@|>BZoq7C~!#L%oGO%}SY zG9j-?vk9`Uv#HXQ(0Ry|a{(FH*zUj6)35nDf$xJ_E){bSo$G?8gw!qKhf6O6_ExSj z2gy|eN56E<$Ar~)sIdXR4@pYx1lqvMD-$~Dk9^n9Fylq&b>pi$!Hve$(7R>t$C z-8tW zOkpn@suKZubUZ2*3sklH)QwEtH&r}1&+xnE}@^QbCU>PHsR)0mCDFT3`HA*nK$TX=J#QPt<|-REKTYH@P8=C!u zJu+7QH{g&@yf)PkE$INXUv^So@uo{% zg6d{y>rRzOO9W|()dI)=z4Kxn9>okFVTc;%*#!58={KCkP4_)L){$T6P+L;OLJc5A z*&YQnbKo!Wa8IlZkoac4C76F5OzZEuFuxdI6OLJj>O{Q-x`V2(Jb{M3I2>aXHfD~Q zx8Vjpfy$kc+Tr=qmGt1RCpV;T5wDt@6MDBwmS|p)@(Cx|`2Tc;e--c7m3-F%lE0M; zQFkl^Tb4hl*^IKt-f(^n6-q_!9JVktq}g1sJlG5p`M#SO_a*^Uzx5>FyF{1!AdU{F z_cj3(Jao+X=@PT)w;i3)_?NlFBh09^H}kqnQ+3n1nuL{26p-+ox1wI|kuJLrx(DSV zTGv-TfAMVsarnV%4i0QW5;EG;nKVeRvt1ocG$Th}@J7dOhaKsYF zNu1^hqW7pg`)>Ku9usD#K8N}PwWH#z1ENXN_3_gMj;jvHhd$9`UH0=YbaU*&33n9B zAgmh!FQB{BoEzRo>pF=USSjFolnae6UTFgaVp0nQe{UZ)YqPeK4 zW^3?x!!#~tGV;HZeMkD1 zpHa|DXfJZ{N$vIoa|Q_$oE5Ti+!avxrLob%S6k7i!Na!Fq2hHy_=eS^<2Gb1vRvz= z^lBHou|iRk97Z1XL{#m3n9dHxZ0b07{_-`hnd0L4+@pL@)MS|F8^@(e2J1VU8tZadeZaL z3yDlVEL!onXPCR*i(C5Sx85OAs|S&`P&!MkS-sh91%V5Vo9loIeS1~VDvtvnEicb~ z?Da4934hfc#L1uQ9e!uvpgF1@pZrz0MOD~CRD>mUIoqh%naqPBa|WAkv!)1=h-X}y z)R~N>HlA=qWNwy>OV(b18hx+1JkPLG)gG#ba6*n1vzYt2J>(urt(|OL4AUP&OQ%?B z#6B!^EV@$=<~$|B|E_8S=3ycm^3qbs@l2)RXezh9ux#VbuDBo8)HsVdqo2_(gMZl& zBni#vADJu|OAKCGd^))BsHEJjC!zYTVlwx*3-?;Z4gcyabK!aDoT_mI5{3az65)(bXwy9M-m0O2<;5moKm&RJS<(2db9|Q+-_=l z-u>32<=B5U$NF>^{{BD{(-Fh!7B`32tzbCvqxW?NH%<=4`lM$GvVOCQhT)zUnNgbvZ{EBN0|iw{ zZd0Dns;CTKa&qbzCxO%#4f?)9+;bma%MTYDvOcYm4aA-_>aj5?Kd%Au6U#OjG05|N zmD+fMBF4u&)X&fVx{x$g0Y=zQ+K_(Qrd@wZ7ulV8XTi?P&|+A7^Hm!*&oJ}u`L3n=?#U>2D4!yhf|Z4$j^kL3&m~W=-s;|vn%8!jO|q#I2!yV+ zwD24B2@1`{d*y>pcNsPgy}6RKGWre`FwA>*Y71g#AtMDejK8tkc~7Z)t}hi|;o)2V zWxnql(V;7|GY#e8br-d4lbqFdi5l~q45Hq=#E>t{wlDMU&+mv)@WhE(ESl|W9 zH!+cIK9^v+R6M!)+DgRjlFdAcf)?UNG&^zUk-^ASS&nKpR!|+V^VR2e8>R5$c4<)N zyDKo4Q~ci&mkiGePr7dlcUKrLr=8aDc*+hl-|_B;9v0mNYAMzzaD2B7Q#!2P+gouU zc7#NzLUH{FU35cT`$=iW39D=z)ee*X$?Cu@%$S{YJsQ)Ce8C2@GBa1q~fqWJ&0oG3TpnzbQ9FnDY|&0t-wwrPG|PP;&~!Cn?FnR$;7!P{E$m zXc4O~eq;T#u@bi75+vDDt-f_XsKH_G!*F16WLu2zsRb7!GEB#_h99Gpb)I*03qjnhd= zx-U$>{M9=#lCTUXUM|d8_sUl!?H%2iU6hyQ7@ob@f{(UxVGX7YIr;jT8NERLWKPY< zLcWA<*dSCtA_cioYu|fSoLf3*JvW!e9SD`3SniLRJr(?&R$Fl5GE5xF)5I8j+2T?P zwzzgx`nn}ok(qU3&+Pd!ya<9Mp1>09Y)uP)djz|)~d zNUO?CFT`26R=2WD|LwQO>Oy6o#W{|H3-{HcGF*lP&38c!>NiA;Lz=unaNh!R?eMa1 z2D0Ya-6i#^tl9{FoY2zE>R1C|M9w&bSlyn0Twu-2k@P0M^i-60P;_3eKHILHm-@W$ z@}WZ)24#tMSgMn~Y2hCt|9rZA&fEG*ijG%ZN&V{$Ils=`Rdac`3Q^@~{LtS?2a2e| z&-#N*9Uu*S_|qa^FuQVQ22&DufY8W0D<77QvQYA5!-SB|6;-u2q#u^Z!>twKx{Hcc zi28b#<<4H*J<)yET9*+UR&7e4z7VNJZt2$Ra5bycP%T92QoYnk+bU43|D z_-nx4Aw-7mZ%o!qhcjQEsn$JJFn2HS);iI%K7#7OB^MPn`zd?_<<9ZZzWCh=U()IK z9J|*=)u6IBJoEHTPj_VqwuebYfhQx@PQUM3dZdqBdgLs^p%_lME&g^W{}N2eUEuog zZFcA_CK#LX!>hWZq1pjHJ=gq5W!!-Il1KW(?T*P&k)@s0$#Ro@&^cnAuheP=hS=j) zE~;ZpLA_`^Zg+X)UcL~OtyNdiKt|Q=l7^+>P(7pgrB^#E#TFJPSrVorOs_)Uu)uI| z9_&r+Nd)RHQQKqET9__H+K#H%x=&EEQT2tcJXMT_(%k1A>1pNJokl|ney3W3lzu>o`Du;D%(-f& zrUmC0-EYrRtS~b?U7F0S(P1*1nqFlDaZ|)R6_~;oT;+(WrdX-;&9Z50%u+!$!z*I7 zBug>Ed1{n&>IRKlCp$p~W+SHxP=#zI-;9h4Pj}hWJ9Bb)UBInbX2pLxPcg=V`i2-o z@ow|t876JqL9c2PPzjN3v!$Ui<^F z%=d+AI)Cc13?x`ln8v3vhEGI(zm1uvg%!#%B;h<9EIfla^>+EG?6wGPyd?Z{hFwJrMJ}Ag%H*$AjlT>wBbqUtf*vY6nv~#5y zpA)y{@n**|d)0#4w(4v8U~Bv#1ud*3Fw3s5WF{k^h&0Y~GTZ&Sd}lpjlMpuev^3zkwKWj-Lp7=%1=8kuPAc6u>2xiF7LK_J zx?tw`@vQb6(%Yw__2N~O$`_AQQ8l;ShwiYJSq9lszM0{RK%f3$C(R?_0Zd*MQKey- z?P1k)mp@rJ$g&VfQHb(Z;2q@D$KA|+0-AXPmd2VL_Tx^^HW_JJ*oQj;pcckugyQ>l zQ)AxMwA34uovm~*8K6mCxGk0Kb78l_>e~as>hol4Nug2B#;=Uu?Y=%zg>es{V267xE?(|ZFNDoDmj?DucM(YAnsXEHZSs&BWX4l>tq=sn$KC+xrVo8v zo;KOCAyx7nZMXmP$osD?!+#mKzoe1wzCpF0s8>_6u?BlgLAd|ER5;yr{qM`Jr;)Bd zstZfXoi)+sm_gLLe$U-VOz@9Zc0~iKNLW-)TQ1v-p*BC)C0VgEG8$G`^bjZF)-*pt zq(0qsW6}-T*XqW`2$TLELd2n+Q0)UmawqJ2&+cgQjD}q2427w6;qDh#(MB63LRfYAG*j)5UMX5pUu`Q4(*$>)RJG z3VxjnUno|VOH{T^wRU>4?#`ONJ7r50K!W{V8NHw{gcOxbOnsM&h{0TaBZK89^R@eU zAmN(jCDB0V998sPJF9qAEBdma4Fe->f%n;g#V;W$O4^oR*k^jnbZTH?yrSWy^QhtrOcMvI6e~!%>i)*CZPS^A zL;J3bbe){be16ZeFKX}^l6_t!7DkZke?w0uv$lKpQonoJl{zo!CO>?%E&?I+V(O$B90Wy7zt%irqx~} zH_CDU1%om`B_h6NTHOhFXL3<2sq-M09u`arz1KuNDXTR^#3LgngVrPiDt#+ZXtl}1 zhgt3>aY!T_)Ux$Q*gbl-wE+q|`MJd1FoM80WOw@=uPVvSx7L!AplAm=KKn&+iy+O) z4$LdG6Kp(?CYo-7`1c;)kvnH z&?EbSi#mHRSvAoGxgGR;dzriMxl>2#1UZ%iMk}He(e7R{7hmn>El>779bK=pc^j-C zo8`{QraL(pwUU_U;O?Bk#+i1CUqrK}r%y<@8p$uI?${kNB0d@k?)l)hI(pq>U?|SS zYL8qU4T*#)^yHit#t3Llf_L_po8SE&Sp%yHtYX`SY-%58(P zHPp7@#sh0}+`4+KJ26Xx)i~|cV(_|*^#*rDmElMc%3>jnX|d5Ey!ifvivIGP{}fLe zgu>D=+9o*4H-+ijo7=bY2lJ}%Jdg(SDq3l*e~7ig4YrD6vUSNF0KVtdoA_N7261f+ zU(O&++C{Dv1Fs+-3CrA;vDNv3)&8I!1JhL+p9}F4vzWT(ZsG82xdrirM4Q<=R3E6539XIZ(*O>uOEiJBe=?3;+!FleEhYmTCC_;li+fV_hSSvf!M&W5 zO&i%QMffqv0R936KTa>may}eCdm#_Jnp(r-^nMP{u+}FTUCehKpRXhue9(t1>v&%1 zCrgT#%`_U{B)D#0F9hS5Q}r%C9o8E$B8b&x|OnB*>%eVt} z*+{g`iqAfaI|yP2ezNE{*GF48V^(+i+kyn zm~y={&P^JWY zR(e7Oc=?#>3_$6`89G4ZDLNkV^JN|l0N|Pi?4JvX%k!P_nw_|OeBYT{h4ghkd-(f69X;}WSD*@A#9QRCy+WqDANGC#uST6r(e5>e+-EqbeFvX1 z<@@wq)4hHCJBgs>#Tq`1NpuwRj+TNGlfRapOCmd&2enk>3r92WR^IBb^abt_KEYVS zYXW5t*G>y2a8S&!=r^aMg9IDOyo{e14BKswNlr|It>M`iPCqH=%hcOp!ofN{>=yFT zy8C2CUo@jvs#tVA?DZy>rl|PKV@t3S9ypz<3U$HSmZB;Y5(R?`hy<`}hUMkPl#lvo zEE3d;2Ig)7-Y0#V|9J%B$~b z!fwI2v&KLOwX8gM1P$+ba_3!TPmm1LVVwY{-J=K0R1P9Y z7m_=AosR22>r<1hl>L=JZOwScbx>ScD@>|dBB`6;sKDD-6>~&3?o8?6a)9pAS4@!F zG8KPNv_wzQi(BI3b5NnlCuCbMi<1)IUf3v25*2?@d|yFQ#=u~aWSTaXwp7ze+~-E= z)$@SQs)q|xSn3ZUr^a}dV-a)iSf5OG;qzPqB~|sB^;!mg4_DRjI&x3KmvWYuVcPqH zyaQB#FOL-`!R&iwgQFqaci>+Im17Tu%H8@LWedI924WBRDr003LR%ndqy4>C&MgJh^xRaT*7`nLs^ zUutMHk+B6(Uu0o8QzT7R?hGpXDHkVBjqDsODL(gk3Z}^35Sj0NfxH@JmKHf#r`Hk<2S9iHlB{3W}@{zLUms z-Q^Ol6M*B}Kh+c@N9#7a^vFXXrNfEE$aO)IZXst+0~Y(?3ajNWO_G;*dW=w8S$GQf z&pIZbd_*J2({*RK<$kfMsZUbv&Xe!8?7uV}&u6n?1D=soEQ(#YeViBzoCWD?E3Dg` zQF+n`CTiq6<;y9%pVfE$WsU`x7+4>SV_w;Ug{!*FLexN*_?nBnce_ucq--o}jM4Yj zpC;%UrQ^)vRPK0Mdqu9=F<5NiJDQiL>lKWZz4zAwCVie0b?Xs?fqiMxSw|So)M#{R zsMd{=^)lLa0dosCp#ht}vG)WT2>8XSwQ9ndg=Y%}7ZbBcED{x#aMJ+&Ugs~OX1$wv z={#q=F9m5!ho9>vn|P?A*JP^(Dg3NW2&(4 zN8yRhQapO?6UO5vtGt)rvUqeM4DNn5BloU#m~@*$Et^! ze}5_ZOOA_(E>H8M`xdD&^d&3v%*ICS&t;D~VqS=_uU6@Y?r6Z$_2rgdSKVOURqCBtp^hany+!`?&&Ko-+oN-+lw{C zGdwyF@rd9KyQ|PkNTj4_vY6snyEu#IGhLT(+R9o$z;ku{bu+P3za-ioypYL3k^X;2 z1pI#&t6x_HyjR;^EuHz58zRHpju&QA+``O%r-;`TWpKI1H)S4>-+J1s#wA4?zr(qC z{Yn_`o8N`+Y<0hD7XF<#zKo6l*{sG!YTAFN5Asm^Q>)@M!xnfYDo%uB5 zFKbYIcUj}RSmC<%b?&dstS^%%3HW*AY1NZok8uHt->wq3(%AExpZ@0PLMlg-JXoE$ z>OuoaJz5vL?iozpS&}-?V8ip}0WJ~O4mp&qv8-l0b9yRs87z!x?Yk9|T);zgFb( zUwNBftmn3VSaXvdEN359n$5X&maI1C3ni$=Pl_XlD>wFDf%`N@i{!%Hi1V-m|32>E zMi4smmcaCuvIchuO40|+&XifB?J)Ez0rC)Ag-MF($H3H50IE}GZH@J1J4Y>+bmaQhLZEU{b zTk#f-pj^o~Fvz3zWeC`ReRvfo4SuR2o3fFv1ARCA+nUJ3Xy4fL;GVfD>7!l~@#~Qj zWKHO97jg@Dumpg&*Q&&)sV>`#z+aX4-dpS=*!D6pf;06e3Q^bFJCP_6=RNq-2*!wlB4c{?3m(l{A+wL&w7mbl}k&WGnMOUPv8 z>3C+w|ii`waP3EABe@1%6bBC6ZN-K{z!3$!|qEhbl5uXMHz$Dc#bF zW~TIq+T%u0jb0OOhbASe+a=m^Gb3Bl*32o={nDU}*DH4i8X;zb`<*2>)Lf>x%8b|B z6SI!9pi5vd+HL70?oYn!s50Vb_7NN6kGymMQDt!Q%wAjFVCwdUR9NY-K2LfEE#jaU z)o6;P{am(2gOu1zR4@fkmlqk1-Zia?s2T`$9ul8+{ss6NV^Xv)A$R5ZVPddOmNWGa zOuC#}InTZ(t9Pu6qK1q4P49{o0r82t@Y5GBr@V;HR5ULgcM;miwKv~St8WP+=%PbQ ze!GPguQH4*5v(5 zD=Xrjoogo2p7}B$Fp8?kcHYApdtc?60JEPCjIB86+haNV;bvol4TQ{cNmu+guLQ~-K4{|Dx45`BSU5SIPhz+7X<6AT*VFd~;&V$wXExO0+D!51e=PT*D>y-1+I%Bw+=~>N z zeG_5DmZ4he@`&q*y`l`vAXQ_YW6q2_C}_TCEu$d8@7@q|HD>;~=qKcCs{L}xYR^#k za4SMa{n!Yn;(9!jY3@VyfGWthgr$s097zX<{*<5m46xk+n~yiF=bVu@GZ0~n_Kpsv z#HI;dNY~D(-e0*tY%Rgse&y+6Y*r(1^V=sHV5)Buxjbfk!yW5d;46Mm7l>Bs?hx{fw4M+##pQ2 z5>C23Y_zo8BvaH>E>>(P)W9S({iOBf6q-#?S{kS3TIRKp2|j_Uk$tM%lGCgBOE>pl z{6kpV;Ikn3Qtn!dmeazLDLl5joj|Q8_kak^BGbeY#h30Ns~3jb6R_He_W4CkfsJ(; zG^5yCkOl@}7bEf;V75jIu&cT0aYd6tsO3XrP^ka$xu*AXj9?5{-2f5P8UfrYhfpo@nHK#}0;B$P-WZB;ADDyz zO0ObmHZlsdL#?Y1n%#{*OtwLTq*=m)u zFWfPES1D8~_ypggvHTB4^++yNHOELq|-Dd=!X;MXZBMd#OF++yzh_qGZP_59hXpGT6~(+-&$#_Q_av@uPIk zH3y<=zdTd?w=ht)mU{LntJV^pF63uwULbi~ae`BM<2iZ4(W&}mf|fkAh=Y(%{@XDh zIXd6;eL^@+iy%#t@LA!(sVx8a#LMVYk|!Tun|_Q4!Ce35+z>@rRwPjuTC|{Q&sO?xypkl{|iColn4L- diff --git a/education/trial-in-a-box/images/solve-for-x.png b/education/trial-in-a-box/images/solve-for-x.png index 4b8d95b8a6cc3e1416d0af4e4b686ac79343a6fc..f0abd1379fbb9755e20eade0ba9645244bef5655 100644 GIT binary patch literal 15412 zcmch;bx@Vjzc;!CB&0SW0wN89bV!FZNQZQHgM>5)Qf?ZNEvgFj9UI zPXm6SIZA6eLm*hc{(V3B&Vcn245GNm$V;HCBje&CQX=k<{ru06gr6LYY$GqZPrTnxpxfidKNm#JB~*qTA| zk0xG2Amk7kaS=85)WanYZ?)+q;lIvDd^Q*T>CuAzP;y%%H2zBICpuwjQ+ta0+7&{I zAFXO;Zt9JEybEhG3C8EGOP*QIiAU2gO4dR}jmZP4O=$*AX{(kS2CwfwT7_%9hT<}N zuavdk#3nf(r^>Kr@Lt-!;3vUCfuJCx9 zu!qoOacpdCYKmG0x99hx_Jzm1-9l~4=>WsdNSaBakP`vK@olEn&H3)+YlYOYeYkJ# z6ZuKhA74l*64KvoNwb66sOPjL|u10u=M+fU9^n*`pj0!(``}($yTOM${vrIN8G~b^o zVQKy=Dk9=P&v)Cw>m{tOj4uL368T+e7B;zi&=Mn|95=eN(BxLuwf6Vg+gD%o6AjE* zRyJ(mkTf5e7-IOh0Il41u5xp8bGk@_jL#+ia!6%z?+n~%-{6tYVkGsYLvw{qoeG(M z5L>QQve{f?W8=5iicTc6vPNkN8ft1T2fx{ZjVzN}1M52oRq??j4eqzO+ju{&iyyO~ zK?J7MAB&6^4z!#_$$NZ8piah5^qk=dBt zgEd_WhZWqb3XD3F%+_SXHh9u^Jkl*5#qN*oN3#jkM-g|C+dmBM!zIPV z1ulM@(9_cwX_OtsX>rO=a<*7a($?73IBmTTHbN5lbD`#g63;m3+2T7>tW{D{;^E=3 z_gQb&7^CapcSV;&SrwF)3i&;Fi-~>7qI+c!XGAEWOiWB%SXgLnZC$L+(8ao^3lmzw0zs^?P$9OnS}q7t)yg643*SKhA`QS7qeFCPX{Z9 zhljxwWn^T=$H$qNn9`CJtQEe;$CC>CHs|L{GeL22W50c?a@m~-4MmlSrIztLYS<|( zDuR0oj-DO2TrM{qw=%$tMMXP7!jM6sndz{Nda$;a%U;KQF;rL~UvjO&x+@*mI<>0I zlZLlTU$j6z7x{bIU4e9Hx!EfM3n_`ZwY?3?s{gpr zRNeL2PTSRb7{A+5^W(!U|5Ji4*6ZtQI2_(~)y>k`)x|GZG$M5WCp+rX(PC0!A`i&C zugu)D(}myxwBj8acWFbqVlpxeK76RL9M6i5hAQJ@B7d3xDT?}$ zL_e%)hY>4WB#PIsUkeJ}gGZN*XGFuqv^&l*Cd{p=fe*5@g~MP2{r$VOO?t7^ zE&6RvTLZk#+tqHo^sv(z9S6JLvii>T3h2l)+%B$u{ z<+JuwGCC|ZzGY&v+Zy;@QBe^~JB+4(2+UjJz8^oqe*edAGK$Z?>?CyRQPQ>wsfdQLLXt9DSHFp;e z^dmtpE^cma3W^{5B;KN-S#%8Q#hT6TY!b?`)L*mcU|9-zDSWQhhK8$aT_Fqe^Oni# z87ePTL0&)FD!vP^nA{adUGlkHIypHZjgpF`7J-7w%auzqu9^e6cf7Ok1cLEgCYF+l zYI1V2M7@X{HCr-bVjrGGcf;W_6V*Lh$r$yLo0*P|j)kSHqC)uM16kMk9ZWEzIRvU<*W&V z)B5l5yRWXUGBYzfJ4F))w?=U(A??vhy-1JnGCv=%L?B#5!oGL=Wo@l~kG|jfHx&)x zCP`t8gH~2nc(ig?r-LkEFxd7;+P({4gyhC}wp82w#ezf_0qAL$mA{nrR7`5L2L}d< z)r-2;EbZ(BLD`y^n8?Y63tzuS9p8s1B_-*3%?z7!$WM-WJ#C+sdxf_MQr_V4W)`G( znQlWR$dauD1NGb0Jo%Jurv}eQ{7b5Ge2Fz4d(cX}E)IB|Hv2%V2!nAX*jQMipzNOx zG;6+29afO^eo#{b?PX)CK=t|a=Zu4r5)uWfr96@QvwZ3HFO^_fP*FoJ0*D4vjU9Z> zBBSN@s0p2b@oJ03PX-kY3(KC2n>tV~L#X9)Xm3T-II5T9)4^|0jayq=Oq%6};GIEx z1rz8W86o8`51-vXkVxTfLAt3}h-{#jw zEmLJaJhAJtR2w^GK08yQQ&dz$=5szSMe1RCy4ern5fc+b5GD~z?H7y;fy_@Y*J{_< zFLef?`&|zjd`f*)82PePyXFlQl?i-r8Z@_-;+P}1$7*UBkYvO{-d7-Ju}OFw&;N`A zNcf8P`ocv%Pr(zUS`-XM%xzE7^LyjOy+uD`R7zRR%q(Zg{AA8VrMENIdnK1>5BSJu}jB_NpjxQ;Mbsimb=$(SMFQCU#X zzi~1(Gjqc$g$QwkD{<$k^de0&h`_QuuNnU#@k;=ccR?@of4BJwkDjGHyByywrGxcu z?8brapv@S+xVQ+A74$Qtr%ydvmM<*OC<4gABEkn0FzXwfcL)dwj^=BMKru2iE96an z|Nfl~!}<2G&hKV74=W^Fu!>p+78Ru^E4xr*qXDL6XqcHrrzmu7>gZTLx^w0(ur%^h zV}Gv9C;JIRBYA$`XHuSf$$3<8Z{(<@PGIVx7-Yxh{pE^VgRY+N!MOv7LOND1-N50e z*{P{ty}cF|7H-XYm_0nKtmQd5TfM>$75%2x8H72d=>>&_>`8K<>v5(G!?N-tiVqHK zv&Z`?i2Dhbe9VNvC{WV5~HpJ|Ql zQ!SDU=tZLwoF%0PyEiav!Rh9Gc-|8Tq1s-s+Wiu1TJCPCRnQFvBOI=TU6tXPOg}$K z@#?I`#AJB1vt{b%sKpb=?B~|kkr%j61O=zddhb~ly$D6ro;VJFX;Aoo(rof_2qgK5 z|5L~q1}Y=uv-vy2ClF3V1awFy(f`iK{|A@eEKjz)S{%TKu$JF=F$DV}#e1fx)XyS9 zR!<8s$>H&zAIP>G3~@vSNUX8DzI5YRusu|M*Vs26>R zr4|kCH+?TBH#9VafsX!i@0oQhIVzz^Aat;D&resDT1Ewb3m5CBRdVj`ld`B85kt6q z{8nXU<;29qe+iBG!%tDY8)w&0QO3bNxM%jbC0EJ|CT&iO5t6WO_9^&u?5NPKZC5a+ zz-WqG?mzGW`6s5A?N5!`39!%ibW_4N!IY=;5udtIP80+ohCLLxWm0>~=h z5ZuPULN6E+y2D=V?Ci8%Z>Nw(g_zB8Sd26S6dM)1Ow}(Vo3}Q&U$noxf$yg&kDyQpVSc_ekI2QHZ71ibtbpi37Agi>_=oB{`W75C)N=yx@0+aQ_XS>~ZOT zK=< zg9p%F9fpKMFJ74jkpH&jO3sx~=1h_UochU=CxWh4pwoe6ZCWa&8%X7KUga;-fol3F z;Y;94h(H0a8dt?0jH6fOa#;4>9wJKLG1C$P@H>>mLBD5B=5J?f>%A8AA~_|69_G2~ zkK*L)jB=Qx2*CQ|hGgUhD1?hrqy?jJKqB1*sH7tA${ue3GSdYcHQJdPg@a&jL<#$@ zbq4+V^$QJ;7Q@%>?V9zY5+-krm>?Gym!M!v9=m6Y5EYf!VXy^Zk9n2Vx)|M{ldP<) z^S@Ws?Eb6jS-58lkeOB5C4iCk_xHzAW6sNBv)6FHkKY2AgY}Xte1iv;_2)U?tK00|+Xi~)dQU|{0?Ldk1|Jm>oxI8c3TY;1r~8fjfj z(0;HE(l5KrYXIn4>%5~7)oa3)lBba7SyIc5f^=tz{0>yXhY!ztKkAopv$H!5C9<_p zhh@?2&z1?h|24F;E6Jjx{bqG>Fo!L4MLt-W_TCo|s0{DZe!v<9NfouV=XD%frfb4$ zy-&JdJbn6YwrK?(S~FjpE{BAr{gyXQ*ZZs5xxmJCK4k zmo9UaW-W5pct~r9bt}u&R^PJdkiT?Ta^85i0>T|d#9YP$nfy=joZZc z+{4lK=&FUofBysuCW{VC)OA)5EYog5c^2J5ox|hiH$`?14hKN2L5pW;yNliN$eT>c z$jC@ZSy*2DU18EYUt{xBBs4r6q=CG=Jm7)J4~9ilU%-lk2fkc%j=E8hP_AA$L|o{b zZ*aEo^?i8fb3h}*o-%y7;^)_vTX;EGx8kd#sTm4=FE9UUD2aynslV$k)+@ehK$Jkx zgN<-;aqYnjz^`zX*38URuq+C)vN|=^9{`vqvY7y>1Y{*oBm)D3jisfMmkv5QI%uP9 zjY~(MN3A#wGMSl~{c|{`9wt&FUUCEGv**&7Bb(6k>sLN@;ba{0MbP{A?`!Rs3NK#k z3n}Awb#?+xo&JPZrw&AU1MX?2mHyTyK7&eNmIJle*Reqt6B8479^ip%YHEP)tz>*n zP0grPX$oY4c~!$@*T#Ru6}!z$@zj)BVDy|VVCixnKLWY-scFf)N37=)g+ixud7ZL%F^diuF?BSZ>nUS1C%4K>bdIy*ao;zwaE2QetsmD2h6@dR*W zs3_pwfR{IlmN_x`x9^3#wV64XuR*7v9%L7lE}Na?d__WXaN@45t$l-03_O{Y`y;nk zWI!>1yr?2aRWF)eb0iNGx?24Lc;dmq!Pa1cP0Qr_Ek~Z2G6RRY1+WVCO^3A%OQD*r z-q*w2D*{Rhqk+)ylXu+)udOcu3%4MorJ|zZ;kkO>Jn(i~`$`&vxJ91~7dLBmf4ZA* z@9_nA;p5u^Q8n>X1~d_=wol!F?$^)Rs=rW3h>xE?ya3)pUS1w(4Bx)667`z0*Z7r} zEe_PMv|gH>H z9&C!AM?^r-Vv!1HDk*(t`_!QO_;A_wl9-s(_sZyz8@Yq9_t!5@PEJP>x6MABl;NJU zJK&diT{Cd#GSB`H3z^TFF6W-S! zYP3s0^;KrkwVbyp;hS+1PjlA*X9l$B=DgTIs7x%W_umfRr}1>KJdb4fIBq<&n$a9 zAIty6^XERGd9^rrO^yGQ`KB5F-Aqe44j{|2=Y9#IO2vh1K#L8_D68Bt4U5rZ5{M!Q z=LDx9Q1_s5yD+t%dG`*fu*immg}EIqS^=84C>KB>g*w;j<0UJLE=ngTD9F$6m2dNt zXsnYM^3UJ^R#GtLOTu6_;s^uZ>#e)%v+S&_J6G()GSVTkw;s>(y9jOT7X)hvRaFlLm)4idg$r(MpSJBr$a^#_d zQ3k4MXk-X_)!GojvJemurkJu!wS+v+^NAffuykNx zV0(L8r0F)Ycf+d9A0I&pWeN(4$vnl7t(AKO|F^934#Ih#Ue?s%dwvA00(3?|VQj~y)0b))U?1~i%Nl5xxf3*_Io1tL=?4)74i4ILyflE;k?9Tbt9&- zsp;msv}?X6{?jR7*8m{c%sw2b;^o<1PA)D_0a94j)GHH!ZC=98cK>kH#!TyBSJAH# z_@Zh2Zh*9l_7$k+Wxlv@5|@S~wk)2%9tQQAPD$$`oM zG!)=Vq?i|=BgCXjZOgzszqnqsF59 z)(g-;)$?BPq>X?&q6(yzx%u0L4Y=si#Dr6cZ!C}np5NG}e&GGp-g0WFwVeZEnpy_P zpqIe&Q<|0jwi;W`4a9#~D%f$E-S+{$mVM)H?&6}ZEBWY_6R<0`c6J;VYUNwXbb%}p z!xo%^Kk((`V_BBAR}4P3Ur%ZRCQQc+RK^l3uk^C?Gwab32OAz~EqHnb>pBd-8*j>BYsno|g{QwY4hvt_yZ`@~J#0 z@7pLLhe#rpR#t3Da`$^D|F$DB{AJOLZOXY{KpaZ~{_pL{|ASV-|En8gp3eYjH_R_C z)@}1`Ax902{!uyz56H>~tW+UgzymUh=Kr)59k6H+>@*IGNT6o-8g*HK;uo@>q64wx>EQO9fa5iycGW2V&qY0RBFT+GB~82F2p&@=%A`rHuhnLiNK;^Ka#ju=JN=aHU)~ zBpes`p)DJd|Ca5k`ip9XW+pby@t;DJw{c@gc%rEE;*O#AMT)p_zE25;mB9mfwMgCP z%~GTb&l_XSN|+&Iy1+YX%36OjU&pl$-lOD}KZb25kMa_~UtoXHqkGEEFRBDbvl-;w zx!U?#z(Lu_d3rLjRV8B@ zFGIucYfv+CJ7R$&>NolZuZHqVInCj;%baC!k}W zJO5Sjcj~hdp6J;!-=vc5HyX36=0vN@9OPc2Cc#Yu2J8jvrNIYI3hD=xr`C$K_MWHi zle{5+;vd{@5=c`VF0!d|7t;cug?$e5b=xkoLEoTR*qgMa(gP1x-ik&d%Jqi<76+9^ z`XTP;8PEGw8S}-QmCgr39(|eZKK&e}|9W(s^0bs-?Qh7Af-N75rx~p0qlxH_ATK-5 z%&INU%u2FF*=4g) zC`IXf6gIDP@OTi@SlMjneF`>w7Rq~dDbmR}Qg-AtkzZ*@jSx7mb=fD#EB-uddAeIQ~R*S3oVeAs8 z?ABsZs+WWIK=ofcmeji)v6W{E6}QifsL`G|n1VIDSt`}G7{oSLi#y1-5t!t<9x;v2 zj>CHO5oPxKD_uV>Gi~uBA1gcuMdsgXHCvZJhc^57Uwb%BP@`KIRyssxeDc%Y88(kc5ekkl9%|5aI=N#tuEf;R}Rz zO@>EGqE_(T1oyH(R$5+yDv-aI*gH`y0x@5PUs^5EzUm3(V6|=&yD82u|M}U3Oe34ay^xVv*93b>u~;5a*s>E zxA@Lb^;AuES@Pm#uxg{`*BaNj(7~P#VM>N93@Z@h-c&q+gW^eQ$-JanF zh>0UzFD|)#dosonoBt~U%Sw?UP-&eyj3UnAjaxoAD6$@Y?#92*CFtw@;2>qr6nVI1 zo27B|n{(mp#*N~nXBRuijqw{R8>3Zaj*G_qPyTOS#B%s8?A@y$>!?ZY>y0l4)@Z}9 zDAb%gwQI}PT1U+(1NkDbX}2}`9ylnOqK)!BK3Pxhe$9O=FNG_xOFc zLh_PLDg!{JczU?~d$xE+dQMp;AESfrFrxt0AjIs(W0PbjH|y@T?I_YdGBy_L1H~T= zNWqX888vgmUMW*$3U-`%X8p>K$QOTw-=s2i2INVOxYK1DymqiTHy?^LZF14b8HO=l zSI+FjyPG(WO;}y#Z9N{^o?OhQX1t~fJOyQLEv_W0pviq4ka>#uV&If`VQ;aPFREsq zrd~Y$xI$I>qTfiyT#R*P4JQb?X}7;7>Z*jHOhzDL9>z>J55>1bg|VH-siRWNyz7m^ zv@3KJx453JMOb~G*_g65CIt8IL*l@+5~I%Vy4pBa{kO2_kq++7(!HejC2x-+ zqFxPZlklG<5EV>P3SCbd^|yVOZ-hj0R3y|=KKcAWiS(6}*G_#iqU~i396M;?VaJpu z2-Ba@;;QvW^hdF&-6goi1(yq>s(~$dE>>$R5}Q9wGC1*;q--oVVR`7!xKcA5b+Sel zhkx2c>0v~^4R1cV-Gxi&SkE)NTVAZU$s6&BQ%JgfKtUjmZKn*RQ;E7hai>@tZBc+i3V7HN#IXG4rdna7a^*4<34Y*rg`txTe;={oZ}eQGLseF-%8M zlwClY6>Cl(oCg(^(6Nd1(XLr9k?DbwQs8sEabKI%TF4Mi5_-*^+w@Qzx$}!~*pqtW zn-o?Xd_&MkX8XB={JQ6115zeca5mq?YgU2jf|RdWQ1GUYx@BwvIm|_wmUr0}y>z(O zcXhpT1VSFx?z7)|BhZI+p=bSNSR5oZtK3?=!ixGAd1&BH4IrF}osAH6N7#nFOkWFk zO;?-7|ME64BFoDmnzwJSa5%Z5D zNf*agtD0S#O)9PKg`X$KH|&XOR|}Le6gl)7H=7>lkcmF=kUYex;&<=51P2G7-fc0z z#TBe9`oJ3ex41NAC1l|ZG$8y(bM`oc=g(-P+>1O^3a01Gs)Q@9IX|+XQeS%ib~*DU zHv=L_*4N4D=D7arYhH%0C)f;FTU!d0em!E&LeXd2z%$x2x0$0k06o7yH<`=hNoi?( zr|_!NnbVUfeZnmi!(8uO1)Lh7l-#ZWN@->(>qU?j@~iB8v8@@6Vt(HSgXYpT@t> zJ5WW)hBtqO|MrQ^Ol0)FZL|mT{+3`wFBWP*;kc9L#;jSs3Y6mEg_Z~uxVUn(c+;vI zIs9T{M}}~h=+@qapt?uK#)nF_9wV7tW+`$2xohozMs_%LT(+0}P9QG5_!nPPr2J;!T}dc6teeXk3{MpKUB?9A7@k&P*KfJM3Ymn1I{ThLvu3?Rv(BrR0J) zn{d-23!o=~vi(}Q*YF|(2WzXp{C^Zvt9+fT<)Su!ul)8o9y^Y)b*1L#=XtQWuE?k> z1^&841h*s1qBku)6dByZa?46@)%Ci70KKVE7$bvft~N#|CSFa*ve3U5KH9-x#-pHq z`_|R)zZ8+bzkfqRgP0z=V?*ZTtN(V#JN)74%=bhaY)Czpo_6B718IEk22Qu{N;r5D zzL=k~4LbR4|2aSj%pQYI8wli`MnbtZ| z)FU-)2qBcvsBp!9B1&i4B%B9POe`A%;y7peGn6#x{EV&*ARENx+Kg*ECFh;FV!!U zv-Xo}=SW;N5bJAYM#znqOemWu((sk5Q%{y-nOO5wGB|TRk@Wkx*5GP(6#aJLbXSp# zAc#f;M>lqK%Yg&|EFPhWj8ds>-mL`EkB3ij;3$ApLNW#GCdz-if|8GUZ*_T*lreI7 z89l!zO$jWK=FfQF_p9J>o zVr)XAd}3l-2A?9R#t{w8D9MqXpDa@3l&wj>9Kd~_ z{@nW64oy_Cw66vl#BrLiygiGzFlW){&+x#BTla|OckwFC7&M8H@HU2-oj4kY5LwZ1 z!t_pjT6SgXESIIOFmhN2zPxOJsOjmwKN1_?Gm0r+E;*y%JXXnAMdhDIxY8}}-;Rq@ zRA!E0pK(8tFj1xc?6 zkL+1#so}@GBO|KEG76`QR}s%q{Q^-9HE#51ZbL2&k}$~-bK<%QW~p?PoVR=au~)G; znS~I{LAm}xJY_ZRyhGQpSb?nlO2DbtNCegsiTtBv=4Gs@A)Heg6>JiVpQ#P<*8PcP zBBB*XwaN5hZrDzgKc|bKl0!y6c9uyCe!&*;G-S$Y#`VW<3bglnKfXYJVjF)6*<}mT zM6@fr;7a>=YTjeHhG^n?>KA}*Vp`%j$@o0p+EM?n9*;G8=)}{Wy?K)u;|h3cuNgeZ zB2g1j-ZTK3rBztlUW#qZACI)k=g+2Mx?aD^CUr`<5tgAFNJq@TUNP$)PLQ58wq-i= z`6)pR8d*Cb)8hE0b?2l!9|sjr4q04#sB!*rEhmAUr6s+a2{8xX0AWu=8v~b_dOo%H zO15}aeN9i(T8Ao!22Di6TWv>aREp%@NaW+0-uD~M2qrzqbnJX5AN9s9FiBJXI1dCv zxpp3|*0_UZ*RgZO$4EYLJu|p}2(RgsN9DZ`i5R7cy4E_!Y*VzO`$XbV*SMX(v_N}e zo@`#Qne=1hIC4Y2ni4NL=b3Q93qhyFz|0M@soGTMoyC_4x0YG++#%2`%>(=A+``(i z&VF~BC?Oujlw^Hz$5wNv`^Ve&6il4mtInOY0;`?@IK#>-cFpC-ext+Q0`&Xa(&JQk zM4(bV_I|C{v|Y1c_W-xJDVID^BKpBGm?iikc zE68@!aD)ySi+s{6zQb{GRq8V7_x&#-9(}7fx9cQnhf(dYiM6Q5vxnBKdMfpXsp7>A ziSd$H1(uvfO!$wr?)aM$Iy`CZQuW{oQ7G_6pT#?%f4FqH*RU4W^`eD6)wujX)sg@^h2+2z|8zx& zOpx{+S!Y3>3Vvr&A{#@Nn}BO$$;e9qITi-#n7GM>6iUg&fc5haE7jX=uD;7vRwfDE z?oVTk9k*j0ZGvvEgsrKhPz?8OYxCcH(#>p{VL*Rx*vxEZPDk-)|B-h;|7^L^*X5x8 zU51V*YTgjqM#Rv_&VVE%mSQTYsA=b)Ke-&Gyox!Si)61oo=Z?Vg|z%Y6M05~cl4FN zs*3mVa8GA>aKJBbWPDZcycYu|$$rrPtdtw6Ux>y`;dj(*_?@xYN&F*o2mZi~%+yKS zti4w=CwX$)?(k4OnuyS)nNI@t<}YOlTA28R14bJ>`=Fw(+xvFr8rx6Zal6R8rl{#A zbjbuSPay6yD(*aWe-SEH(ztSxEY;q#c@j*7X$k?e4BYR}4N*7VT=@rY#_>GzEuN0S9c1(JTWju1yoN@8u>HtH{0#cDaPR78W#24Qo*cqn4FYo%eFbNs{dA{i(&juLB1TvwEsh%(x|Z9}CX16=Nvs*Dn~K_V8n@mX6=Y1OuIM^U;mWn! z4W$lUqg&jcpcI8VWbsmEW1CtL0H7OBY$u&q<O#O8D;I*28QOkYFL)lAe|A(Qo; zi4x)q&Am-}0)td)iRe-Km!fm!oY_VFA*_*ooIX{#14{=SL1%|mL-fcCHqC@4Bk$aj z2k1S%*MAiObv{B?n?%(Bia<+|8r-T1zq4=!{STOQ zz&acwY+sSDX9;KDSua&tq~iBZY}yNNwhe@Z6t$mamAs<1r7D$u=0KO@bJ&%ckp zKq;AwMiKAwjUt@?uVhZ0{H8o-QJx2fNg2*Xn|e&^m~rIhce0TMHLnxZouCf~cJvQ- zqQ>^p;_+HIUm4#NICpt7^FEfm>1R;o>>(V-nAYB{O?Ot6BRhMGMv)q$kV>ju*>G}j zM39zb1n0EK)IxN&l>a`;ls8&;HHX%{XLakLxNNh-{z6L5*YNjme&dT)6@9m?i0Q6e z!BtNwRM4u3EOVl0#UC*?<=ot=jyL$xH+oPcEl>zWc{ReyR>^9Dq4vLGQMHu93G5#p zf8O6}&}1z8u$vgUE2Wk`#ARQdp^JQMoKwtEVx(oKe70Ln&THiKw_}z8G{m;M`|;+O zli%W5(MGBPRSsdiSCTn3o!{V-(&HtZ3B02Rw&`$jCrg-eTHQ37aws)jD7k3#fwI$4 zgiVQ)-=~%S6Stn=9AY$zJT5NI_(p=}MAEcZ`v()*ufKrpD(w5g}_}f8-AW;rQ(rGoO_Xv})6*2EP5nBKQc)>A?<^h@x*B~h5>62)fhwbajiND+w2MF_XQXxDd#g%` zXF@2&rb+M|z83`*cUDtM)sJZ;x3o6 zD0N3vFovW!t%_SsY&R(i!t;VzHqpgl{`*#;XmyD06V~+q*@5qH-yxURNFOD&9gJ@m zJHh8QJv;VW4W<`Z9*_wrLg_a9yr#Q#nERGTnow&{9kLUj#2;s literal 11430 zcmdsd2UL?ww|20BiUFib7o24@1R)fW5~@^@fKsJ~ z-iw5eAdt`kf!uKPoO|wf|MT5@zjgn${`F@;)|z)__U!%4v-j*hdBZf+l&)N2yaWIM zt|&izpalS&F$Mrg3dzn8zgvR2D6O!BF>apO!$3m|MsYvb6qiQx<=)wD>c1>x?q}S9f zd1F?NkM{SlaS|Esma#V5D0YJ1U0IO}ccj@E0+}-?BJTrHqTF{nbS{vFgQYJy7R|F9C5tJb&Fq(n;%&@TK|CHR#TefWGf{${#v4)Fm8IW`} zSMcC7gVou~q`0Mo&5dPAIN_=q43Ej_6lELhW|yZ|dUV0AG^0K^n1?atxE>a3fg+3H z^Q0?02WwNz6-`DR%Y9`x)m0r6XV$aLcR21s345 zFSgT?GmZ~8Hcc5{QV6iUJMKih(i{(FY)c}SB3w%EyL|LHTnx8s14cXz90Da=th^xq zxPT%ug^17k+yx&Ca*RMP_-n|uIqe;ua$OOK&jViqy?YAY?4k~oaB>_fe`OPoBGY{a z-X$H7kGd$H6PkA;s#&CWYmi*BX{>quHcuN_`#y^7cs2tb6cbJb>{e1{!OokWCAkVrL}ebf7+ z>OuaRzFm#KPNeHoS$;*32%D}8XJu4PMjb{|G=!*#YLo~;d$biC@*+jDpN-P&tCF~Q z(^klA3|@Pyd;xOUECP*Bf8-VsV~=BI6{ru8-EL<)DT8b0Xr(>plqO-LwPWWvfv_p7qPP13lOiIxyWk018v`}gAl+KH`p`s-Z@9BP_ z8+}bA!sfF;21$kYg&@Nn0*(!d@d+1+nBV^UZ)TYYb$vbW{U0X0Y<6p4W?f}V<%6nX zoU{UCyT!4FStAr#PhB-Nf5iRb$9CxFWxfGNI&3MMEQD7eEN!uZA+@Kb1|e48Uli2y zV+l)RcP&DD_F18&epYY0A%>+^7D83U~fC9o(=Zy>O z#mNnq+vdt?zOw3Z@-~`{{VlLnMFw|FSM;ShkG2WJp+LNq_Q-~s43B>XN0cR%7g5ST zH%KHRAsW{nEOj8QkkYD5#Dp0fahWi11D^M_&hRm7P9vTduc~8_r`(enUSVtYO?6M- z)MwRbWGq3VJO+%aiT~yobXAsrWdbwEL<(7Ek)jwrOAUg{iyO>FZzCSU7T9;o`wUXsq6=Mb zr=AU!;k|?nd;7N4s=A4sYxh)E)a^H4F)ot08$m)Tt=yO=4C+=sblBBOMoX_?mAlXA z{I)FUM0x+jDd4Z55gUOXbObzBogfA1%T<7}CK|3Y|J9UJ(*J4Kzc>1zbiyzO3=Rw} z{IC{N+3wy9J9B$3S#r2lz<1R?A**EVzWQxwL)@r7)U67~`D(8sWo#kvkEiv`J#17v zpoqCfO@U+z<|wd`y5WH05C#)4EnB`m0W+(xmDhbme*0kSVo|K4w!&qwq4!%_Yv(te zt}koSs>;S+_`Xqi0i0hJE`YAtJDYd)bzi#d@-gOlMp3WRE^S10@ef@J9vCZ zZJK)mmEA8a&W%$L!kz0_ja(E&Wknc1;QCwW|0M6|NBrcB^MRCT#JmL^>dzfwd4a_V zn@)Ts2Fl%j`jOOnRNjoW zZR$m))Hd5^Jr)c_!7k@NF;0XgHW$$Da1D1~nro}Yjc*9blO1TQL|v%j~V zVfeU3EVbL2*~hcvP*XKuxa0!*d9k1M_IDI?WVGg$z1&$^v|Z?CPboLG^_6gJ`0EC% zgKE94f^dOwg|q+-w)ff|_Sh`>MD9%<3Mp$y)`8^=IAWW;wIb!Q6KnEefgjdj=juq= z=8`t8VKROHfAEqo1BMGLc%rO#6`@q3f1Vbd-UNg&i6? zucyf4xtx}$!a>x=-KC~TOhWwr<}5uuenX@3mHxB!HJwIn%x6v-h-~#cY`|NJB&ICe z^GAk}iinz$Jh_`o^d&VdJ0;tJuW&EUGsqcqsN5Ra(73Hv)}TX&(DYx*N_oh*u%Vl< z<8n4-laArlD_3QELz-}IzL1iLto+UtvlO5L*r(cxp2Rn)$owXXbYVc__T8!mv!5jgcRN+5u ze9h5!UXE(zOct5POO11N_ju2ku+zL0ngS{iZq5Uyx-9KRvNd)Hwcvo=Q%L@1IORV| zTbV)n?dxFXnn_(Cp0eNac)**(Lyu{3GMwx*%SoAL-o77J_X`s+5K|xB($j=g*tg4I zk~eDw(Wic^&K_SMS9XH;m#Q``p7efk6lA)pd;IP}4ukXl4VvYa#>+msoKivAhdO&2 z<0}K1J6Y>_@R&f2x9>be!KL<;Hw2M;oroV*O1#`GYeNUPfW3o9A=hcl%5F2fcjrFC zbwbN)cn;!2Jt_2|tm^=mXdekLr6L@h&2GVe&V zE;3;~kMN&9orNB05!z6rWM5p_HW!7Ke-5ydfSP85%3m2V4!h)IH5_vfD3F1^I~wGE z_Svrh-)=du4EoXW*glA14Zp|pKiRKPB>A>YXN=^oA(_H@kcI#U4dk|5d8kH9KUph> z9F-C$O~lgP!HamJt3^PiO2lp1Ioo=~}qTlA4Nz@!nK{k}*<{A8h!U5r&_m z02{ua)p#O~xyIxfq{>Vku5wp-Opp%jg9>j>L-0bg#bteXgHbfWGP|wvU0iHbN=B^V z5|C}Y(VZffp3>vDsZ$4v4s@i7qBD`s<-mDF)-7q?AN)V=K+)Z4>es|+qQrTj8W)q_ z*U8;P$cdVM+14>i^DbVFf4DVJfktKx(8aJ?iTl1h=-0E{y(_0e?JTKxXLm`v7f!no zF@?Vb8sN^#$5p{4=>y6ol)>A>>_0jg$EbdEvI%;s?5ujMS7sl1qwdiic;SP_KbdvQnP~rOz zb-?}yGK@j00`Hk44x%fb3W>h_djyR(YdoGtNJv~Pn zgdT+-uk%n18>2rocU}(+Dv6h!_nm%LW4xyQOu!>ww)lyE?7(}W0&WeU{vB!h+O*m$%pczj-*d3#_~ zZd8=o(KB^H$bs4UZFp{NLIG*dYYYER)3*|&U#gD9V+~TP4E4@wJopuT{=h9Q2+c;o zb*TVGj2Z6N$WwhL`H!5gRAN4}K^1b(ujP6lD}=0aR2B%&$e3w_ZSs7UPmPqnOfkB9-c{LxrGJssLyOIh(~v16f7 zMnE>oOaU`9q>E3|Q~Pm7@!hV=QefXybTb})b$;bi&wGQw1IfvH%vk z0T(3nK9_?m?}bo-DEa5+NFJ8f9sxH@`-%{_qfXo>s{9d}lJgOrzZ_(NCoUIaTg1J| zVV49?y#Y+9sboY`F2@RQJ`ttSZ!zCKdG`kSdiY!&7gTIG)V?TI`s=CmIe{mYxL5E< zc|Zse-MvuxOc^w#Z4Bt#1n2*>>D)302dsGu^whD05YD>_|EqHT8#?qMp~r^>Ey7?x z)P8da1$5>na{21!3=->Cx4!~m2!SW++Bx(iN)F9Zcm4C1!{r;z&&9BY$Xe#^(ud^h zr|U>-q026!`*1iFXmQ~1$L|jL?$@}0#N+MCg~Qw-$`E(=_lWnncWdH%WLI|`&+3?m zg2)NyG~c~E=wN4+0WRAq_887p5{RZD75)bs?PlKn}b=`1wU8+VZ@JIwdyNZcMC9g(5`(}wxP|+M#*g`F-S_7 zS#5af1poeoUjh6|;0?nMb50@A@>jm72g@-h*(pZBZ5)vky2TT*kLBtM6cJOG3X32c z&@Oh(5U3VQNZr2kj7qx5IWXHL$N`1%D|4Zq9@+vC>glWYXbkrdK@XC$Pj^Aqnb~=4 zcsrDM>+`hCU-R(F=yS?TOj_`?mMq0oN9sh#*b{FUnC%KAebT zS`ri5Yl!-WygYMnc~Jfx2~+Xw3)J(vX zLBn^jE&@aBLN~cHhIN#xy3};&rZa*YN4yK7>$rfHzUK4GoSZ3s? zS#M#P$)WP=7WQ9cKxoPk4q!y6JaafmfCC8OMVEzwTCzf$IsRG4#0}tS(vj?2wRc4- zN}j3h^dd1@1GgOl*2$=;=K^|)0h5cqRU!Pd3Y?t;i(jB8_Kw@Kk_$I(+ti}WA>Qrv z?P<{Ny1Ma6Vo6rntUdxxC$4%orWr4!65M*&a<E`(u84a;z1 z$Z0p9YjfSrBgekUZc4pL$WUN4>E7}8JcIG*T0~#Pu})NH7IZD_ODrTGWglckeF;4o zVUm?t1z{-t=E^6$5D%^Q5PzP$77?}VBI+Y6(1805IxphL1}z zlH7b*45_Cjv)KJ9g3cF%5KsG%ONIV@prQ73M$;#-(~*-)&2KcwqXeZf{vfuHM_Gpj zsR#WKmu+oUA>eLQ5hbj^!2hU6J%H1RA%vfXKEQB5o#SKfnEVsF7+{_rv=(%V%56Ht zT|Bd@6H^Gc9kl`SeDIP9NzSvUL0nl5g7emMS}Xi`9b~!N*Ki0@SSp-FnuLQ@1*CaDved>D=a8+m8=n0>%){K?Y1G~w%oyQRJbW9%5;FOmwn&Z?Qgp{qfhn)Uy`5%HLWA z^KL*uyP0oFnsOIBpHftJ6BBFQ)-01NA)}_M!|FjL`HD(Yx9HllE^cgW6(SaHm-)?S zD($b{!!aHMeO$RS{9prW)hTaI@v5o)CCk0 zE4-92)nu)pd#zthSE8=&^~86RWE)NgO2&xYr{Yi?my4+2i55<($d?ZAO{5we;xvxP z=y_t4FTu%}&Y0d?L0^?L_Z&NO)n0gH%s|C5=s?Tu(?m*N8;WygXHn|48$MHm56T3{ zq?&wNb^T`AjXbYOc236ODSz67WF~n==#v1VX{*uRlfrr>RfdYU=Yrx@#A>Fx6|+z& zSH_%w>kA;Fy)4l|N1DpY)krsAu=OPy7?{@JSQoM%2825opL7a9+Psv(NE zA%R;)+I&{;YtksTuexod`}L>D^g@x{%mdY-z~e|JRHM9rbeHos zKj1U4^0~Uxx3s`nlpc zz_;JNh5`UjVu|fqcFr>Z*ZZdr|AvhJlYv9lEnpIWZ6~!>mD4RWj06CB>lVxN&YsAn z&-uRvN?+IIBrd0z%e-*0fRRXh5&lJX^@qbmZ2~m;NPXlA6^V*OKDzUjT1%V=+Ebm* z`x&u?M4ke2w1Ak`I#I-3U`YIbU!*tdW{Ihp4AM&6bCp;h%+LVT?*B9jo&OtNdcN37 zGM+`9)9k`yXRgaagx}IWI3JUYMgKIcW!u{ud7I5q`{SUnrGadma2(amjW{a73rH`= zU(levrJFJYV{SLjaWw|_8%$vNx?`zsE;imbipuTK#rNJEn1lX;JGwn^-Cp+{?Y_ok zlSX`OJksU2Cs!LiZ=I7@ETVyFl^XH&h9X|kIQ)X&Uw}1->Q*)^6mi`xtnqtdIyV7i z@ijCNFEzu&(h=z`xR>>F^R~;qBNe}fo?I`vi{jezJ<09|`@~XxlDjLN^2-d;`1O;e z1{mCu$(ea?qytlFzu#60nZ4}Di{qAAjxX3$R9siOMgO>k?l;a1-zy{vNT6UO}U z^qVFbkG$gRb!&`M8fSGe@m4KrV>bI2Ywa7V*Gchum9(Um91?~bNFq9Pe!_rwT# zRxQ=|9J4rJOx`a@7aZN+9_kx+G|tse>JUgbfhR+B)rax%R-n@K>KmMe(8>MR{UKNC z=}3Qh!vSwRY@H16#4C@USs6PkAd+4)qjpqJzb@0vQFMqP2)u~1{C1Lu@LC}xgic;0%uH`FE zvUO)?e1aPvT<-WV$JW5~hYkke*UGswB3M#2_d==h@8N{IZezTxVw~~7PuYKPg@$@; znkj!4Hcf-cKx)o@4K?7xO?a-+_l5q_?8}YDM86FSobc{`kjIqz7%ZX3B6K!A!Hb*I zLJ?E28NuSH^2>vs#{X6=@%_Mwsc&AG5TBK%-|uVgRIDu$EO;t?kOlTlmD z<3Gk@iY)OHMWBT9P$#)s1s}=PtlEvkDw~cHs=eQ;!u-J<5|S1|+xjt)pzvO!DZHT|7PH9nQey)D_S!16|B?7G(wj5XT)ofXS&UK zhVuW(31t0g3*r0+~M%r~2G5@&n>+<)9z&lNb*GM@FC8=i-V@1phb-)*Uuj zLzJpLtA62kuB^1mkC}CRV)z%`{uhND`CvQtXZ=qi;7^gni*MW6t$7OA0S-7)LihWA zUFZr;jVa(X{VrjntcsL5Jg4Te!J4ccaHJgc60I*^&4NNDf7~ot{2D5`;)EaG%flIf zW~+B3&91e|I=wJhTtc1cH7Cv(RNUmDElN0yw2gz_Ga8QFFlZ>Bf~fR&2U{nOfUiN~ zXWGo1V5u>kxS1z#m-8MLf0<)dJ>1njh?p=B;__3m{aAJ!`9{qnEE1&bGGAKVsEc(H zY+kG3s~jx&_@rSSEgN;%9TVh2CjF|)?}?iEA`c2ZJr3m$e?FFL@oq8~1bqf|C)=q- z&k1H2b{#w`@^25O^wrZ>ndzCx*YJN*%Lx2_XH}wsku9rvi~Z&#$~(oAZ*@cVj}427 zr^>CZP7hay_AnHf~QX(rNOTCM|Ip(RnCZid!b_~ z;q8o$BX}@OsQ7Tn;SW;DjDR`ARa1lnH~D$@KCTr9C{=jIbQ$`O&+(vWytI#8MEQ%` z(E8mTD{(bksA9b4x94geuevF~3ym5%VVL6jd<84t}(Y|&4D=Ry7U6mQj37?piM zgSdDUqZqfN=l_7AbeKn8s9IPrTuAjr%^Rj<<4;DvA25EkkqrBpLGd+jAQkF>FrwIA zbQcip^S;)&O3GL@Uenq)CHoV8VLV>-Gi&-RDEHvEvS+FrCfYf@pW-c!EOJ){3SAmT ze!0#>4xxilP(TWgPpVgcQ%G7yM1eMNCwlr$jP}MwpJlQ48B7uh_;_c-Duw);;IMoI z4$+Y>-nOth=Y-wkb`f5K4NICiY}jj_CTkm-w=7bi>D(T6_NkT-_(j1_izXx#r_9wh zz;#qe5e?^SD}Cj~U+HcR?%4dG;_ET>bS{Z@5DCS^AMPh4hv(2mX@-dRc^Qw%`dd|* z?e>fs{j!@$fb$GP?}Q96#_`u`#MJPqnZrIv`ok}t5EICN7sb=_TVMZhR$`jDSLGSg z%=rg;#AI}A^#6{KiTQxVzl62_olJL#n733ZXh%|w^V9xI;*o_?Y&qho!EDLqlElig7>7_p8J_-hsWw}k_Q$`4Tr zJ{ng~J=~p~-A(lH-*0t+k^nT6jtYsk35r?7^P`)Mb;{IyzlJ6e)>Xg00+f;Fk`pV1 z39AQ-a$N>`TZP31FtAQBEhV}X(H3ndgUAyEaSC50m_%|=< zL&yP2m;7`fg9$i^I%2tER6$@7B_EJjOtVuIjDU0Q%rB#cD&W$RX}%f*paoWNj6nt7 zP;5wcvy(rMRa87Xwi&H&!T}o@GA8-_r71eu<&jwO8IxV2mW%KrDyBRMTd8orW1Sb7 zrAd_?4(~B)y?9!pWPje1T3K?=J z>~Y_=s-kf9V`|_JbPOUE8%}m*dn%B#RcL3xo(xx^dRp853$D1eKMNxq6Fww; X!RIvI^(MYs3{X~3dr%_x^wqxsb8(^m From ed5a4444a7be5a778a785925d376e3cf67602f0f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 18 Jun 2018 11:16:23 -0700 Subject: [PATCH 241/319] update top level onboard topic --- ...ows-defender-advanced-threat-protection.md | 139 +++++++++--------- 1 file changed, 70 insertions(+), 69 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md index e5ee209594..d46258d563 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md @@ -1,70 +1,71 @@ ---- -title: Onboard machines to the Windows Defender ATP service -description: Onboard Windows 10 machines, servers, non-Windows machines and learn how to run a detection test. -keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy, mdm, local script, detection test -search.product: eADQiWindows 10XVcnh -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.author: macapara -author: mjcaparas -ms.localizationpriority: high -ms.date: 04/24/2018 ---- - -# Onboard machines to the Windows Defender ATP service - -**Applies to:** - -- Windows 10 Enterprise -- Windows 10 Education -- Windows 10 Pro -- Windows 10 Pro Education -- macOS -- Linux -- Windows Server 2012 R2 -- Windows Server 2016 -- Windows Defender Advanced Threat Protection (Windows Defender ATP) - -[!include[Prerelease information](prerelease.md)] - ->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) - -You need to onboard to Windows Defender ATP before you can use the service. - -For more information, see [Onboard your Windows 10 machines to Windows Defender ATP](https://www.youtube.com/watch?v=JT7VGYfeRlA&feature=youtu.be). - -## Licensing requirements -Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers: - - - Windows 10 Enterprise E5 - - Windows 10 Education E5 - - Microsoft 365 Enterprise E5 which includes Windows 10 Enterprise E5 - -For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2). - -## Windows Defender Antivirus configuration requirement -The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. - -You must configure the signature updates on the Windows Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md). - -When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy. - -If you are onboarding servers and Windows Defender Antivirus is not the active antimalware on your servers, you shouldn't uninstall Windows Defender Antivirus. You'll need to configure it to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md). - - -For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). - - -## In this section -Topic | Description -:---|:--- -[Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to onboard machines for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure machines in your enterprise. -[Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) | Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP -[Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data. -[Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) | Run a script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service. -[Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings. -[Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) | Learn about resolving issues that might arise during onboarding. - +--- +title: Onboard machines to the Windows Defender ATP service +description: Onboard Windows 10 machines, servers, non-Windows machines and learn how to run a detection test. +keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy, mdm, local script, detection test +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +ms.author: macapara +author: mjcaparas +ms.localizationpriority: high +ms.date: 06/18/2018 +--- + +# Onboard machines to the Windows Defender ATP service + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Education +- Windows 10 Pro +- Windows 10 Pro Education +- macOS +- Linux +- Windows Server 2012 R2 +- Windows Server 2016 +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[!include[Prerelease information](prerelease.md)] + +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) + +You need to onboard to Windows Defender ATP before you can use the service. + +For more information, see [Onboard your Windows 10 machines to Windows Defender ATP](https://www.youtube.com/watch?v=JT7VGYfeRlA&feature=youtu.be). + +## Licensing requirements +Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers: + + - Windows 10 Enterprise E5 + - Windows 10 Education E5 + - Microsoft 365 Enterprise E5 which includes Windows 10 Enterprise E5 + +For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2). + +## Windows Defender Antivirus configuration requirement +The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. + +You must configure the signature updates on the Windows Defender ATP machines whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md). + +When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy. + +If you are onboarding servers and Windows Defender Antivirus is not the active antimalware on your servers, you shouldn't uninstall Windows Defender Antivirus. You'll need to configure it to run on passive mode. For more information, see [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md). + + +For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md). + + +## In this section +Topic | Description +:---|:--- +[Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to onboard machines for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure machines in your enterprise. +[Onboard previous versions of Windows](onboard-configure-windows-defender-advanced-threat-protection .md)| +[Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) | Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP +[Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data. +[Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) | Run a script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service. +[Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings. +[Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) | Learn about resolving issues that might arise during onboarding. + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink) \ No newline at end of file From 3eff6b0f71ec0c7efcd1d36a015d08a1ba72174b Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 18 Jun 2018 11:34:26 -0700 Subject: [PATCH 242/319] add downlevel support --- ...ard-configure-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md index d46258d563..2c409b2bbb 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md @@ -61,7 +61,7 @@ For more information, see [Windows Defender Antivirus compatibility](../windows- Topic | Description :---|:--- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to onboard machines for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure machines in your enterprise. -[Onboard previous versions of Windows](onboard-configure-windows-defender-advanced-threat-protection .md)| +[Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md)| Onboard Windows 7 and Windows 8.1 machines to Windows Defender ATP [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) | Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data. [Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) | Run a script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service. From 76e170355cc65fa23b5d297d37c57e92821b782f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 18 Jun 2018 11:39:56 -0700 Subject: [PATCH 243/319] remove dns --- ...blocked-list-windows-defender-advanced-threat-protection.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md index 824dbb804b..27426578b6 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -42,8 +42,7 @@ You can define the conditions for when entities are identified as malicious or s - File hash - Certificate - IP address - - DNS - + 3. Click **Add system exclusion**. 4. For each attribute specify the exclusion type, details, and their corresponding required values. From 7bd3cda6d1aacfe47ed1d40e4dc8b65d0a10e754 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 18 Jun 2018 12:11:47 -0700 Subject: [PATCH 244/319] copyedit --- .../protect-enterprise-data-using-wip.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index b6041c8b1f..1ad43ba3f3 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -8,7 +8,7 @@ ms.mktglfcycl: explore ms.sitesec: library ms.pagetype: security ms.author: justinha -ms.date: 05/30/2018 +ms.date: 06/18/2018 ms.localizationpriority: medium --- @@ -39,7 +39,7 @@ As an admin, you can address the question of who gets access to your data by usi In the end, all of these security measures have one thing in common: employees will tolerate only so much inconvenience before looking for ways around the security restrictions. For example, if you don’t allow employees to share files through a protected system, employees will turn to an outside app that more than likely lacks security controls. ### Using data loss prevention systems -To help address this security insufficiency, company’s developed data loss prevention (also known as DLP) systems. Data loss prevention systems require: +To help address this security insufficiency, companies developed data loss prevention (also known as DLP) systems. Data loss prevention systems require: - **A set of rules about how the system can identify and categorize the data that needs to be protected.** For example, a rule set might contain a rule that identifies credit card numbers and another rule that identifies Social Security numbers. - **A way to scan company data to see whether it matches any of your defined rules.** Currently, Microsoft Exchange Server and Exchange Online provide this service for email in transit, while Microsoft SharePoint and SharePoint Online provide this service for content stored in document libraries. From 5e3a6fadad5e0864310bdea0dbefe5f3b611e0ba Mon Sep 17 00:00:00 2001 From: Ryan Ries Date: Mon, 18 Jun 2018 14:13:38 -0500 Subject: [PATCH 245/319] Adding more detail about Kerberos service tickets Adding more detail about Kerberos service tickets --- .../credential-guard/credential-guard-protection-limits.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md index 1f51382ce3..aad838b212 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md @@ -31,6 +31,7 @@ Some ways to store credentials are not protected by Windows Defender Credential - Digest and CredSSP credentials - When Windows Defender Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols. - Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well.- +- Kerberos service tickets are not encrypted, only the Kerberos Ticket Granting Ticket (TGT) is encrypted. - When Windows Defender Credential Guard is deployed on a VM, Windows Defender Credential Guard protects secrets from attacks inside the VM. However, it does not provide additional protection from privileged system attacks originating from the host. - Windows logon cached password verifiers (commonly called "cached credentials") do not qualify as credentials because they cannot be presented to another computer for authentication, and can only be used locally to verify credentials. They are stored in the registry on the local computer and provide validation for credentials when a domain-joined computer cannot connect to AD DS during user logon. These “cached logons”, or more specifically, cached domain account information, can be managed using the security policy setting **Interactive logon: Number of previous logons to cache** if a domain controller is not available. From 9b1ea04133287f77cc41625faa2d70618290dc25 Mon Sep 17 00:00:00 2001 From: Ryan Ries Date: Mon, 18 Jun 2018 14:28:53 -0500 Subject: [PATCH 246/319] Update credential-guard-protection-limits.md --- .../credential-guard/credential-guard-protection-limits.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md index aad838b212..a619cc000a 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md @@ -31,7 +31,7 @@ Some ways to store credentials are not protected by Windows Defender Credential - Digest and CredSSP credentials - When Windows Defender Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols. - Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well.- -- Kerberos service tickets are not encrypted, only the Kerberos Ticket Granting Ticket (TGT) is encrypted. +- Kerberos service tickets are not protected by CredGuard, but the Kerberos Ticket Granting Ticket (TGT) is. - When Windows Defender Credential Guard is deployed on a VM, Windows Defender Credential Guard protects secrets from attacks inside the VM. However, it does not provide additional protection from privileged system attacks originating from the host. - Windows logon cached password verifiers (commonly called "cached credentials") do not qualify as credentials because they cannot be presented to another computer for authentication, and can only be used locally to verify credentials. They are stored in the registry on the local computer and provide validation for credentials when a domain-joined computer cannot connect to AD DS during user logon. These “cached logons”, or more specifically, cached domain account information, can be managed using the security policy setting **Interactive logon: Number of previous logons to cache** if a domain controller is not available. From 44b76b0fa190384f9f8b78f661b36e6c71e737dd Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 18 Jun 2018 12:30:43 -0700 Subject: [PATCH 247/319] Update credential-guard-protection-limits.md --- .../credential-guard/credential-guard-protection-limits.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md index a619cc000a..1428ee92e3 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md @@ -31,7 +31,7 @@ Some ways to store credentials are not protected by Windows Defender Credential - Digest and CredSSP credentials - When Windows Defender Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols. - Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well.- -- Kerberos service tickets are not protected by CredGuard, but the Kerberos Ticket Granting Ticket (TGT) is. +- Kerberos service tickets are not protected by Credential Guard, but the Kerberos Ticket Granting Ticket (TGT) is. - When Windows Defender Credential Guard is deployed on a VM, Windows Defender Credential Guard protects secrets from attacks inside the VM. However, it does not provide additional protection from privileged system attacks originating from the host. - Windows logon cached password verifiers (commonly called "cached credentials") do not qualify as credentials because they cannot be presented to another computer for authentication, and can only be used locally to verify credentials. They are stored in the registry on the local computer and provide validation for credentials when a domain-joined computer cannot connect to AD DS during user logon. These “cached logons”, or more specifically, cached domain account information, can be managed using the security policy setting **Interactive logon: Number of previous logons to cache** if a domain controller is not available. From 2737b13352abe9770279a134d2ed1bf03bbfafab Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 18 Jun 2018 13:31:19 -0700 Subject: [PATCH 248/319] update min onboarding topic to include other windows versions --- ...ows-defender-advanced-threat-protection.md | 6 ++- ...ows-defender-advanced-threat-protection.md | 43 +++++++++++++++++-- 2 files changed, 44 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md index db4d4d1e03..38e33a95da 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 06/06/2018 +ms.date: 06/18/2018 --- # Configure alert notifications in Windows Defender ATP @@ -50,7 +50,9 @@ You can create rules that determine the machines and alert severities to send em 2. Click **Add notification rule**. 3. Specify the General information: - - **Rule name** + - **Rule name** - Specify a name for the notification rule. + - **Show customer display name** - Specify the customer name that appears on the email notification. + - **Include a deeplink** - Adds a link with the tenant ID to allow access to a specific tenant. - **Machines** - Choose whether to notify recipients for alerts on all machines (Global administrator role only) or on selected machine groups. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md). - **Alert severity** - Choose the alert severity level diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md index e5ee209594..56ecea1dca 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md @@ -17,14 +17,18 @@ ms.date: 04/24/2018 **Applies to:** +- Windows 7 SP1 Enterprise +- Windows 7 SP1 Pro +- Windows 8.1 Enterprise +- Windows 8.1 Pro - Windows 10 Enterprise - Windows 10 Education - Windows 10 Pro - Windows 10 Pro Education -- macOS -- Linux - Windows Server 2012 R2 - Windows Server 2016 +- macOS +- Linux - Windows Defender Advanced Threat Protection (Windows Defender ATP) [!include[Prerelease information](prerelease.md)] @@ -44,6 +48,38 @@ Windows Defender Advanced Threat Protection requires one of the following Micros For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2). +## Hardware and software requirements +### Supported Windows versions +- Windows 7 SP1 Enterprise +- Windows 7 SP1 Pro +- Windows 8.1 Enterprise +- Windows 8.1 Pro +- Windows 10 + - Windows 10 Enterprise + - Windows 10 Education + - Windows 10 Pro + - Windows 10 Pro Education +- Windows server + - Windows Server 2012 R2 + - Windows Server 2016 + - Windows Server, version 1803 + +Machines on your network must be running one of these editions. + +The hardware requirements for Windows Defender ATP on machines is the same as those for the supported editions. + +> [!NOTE] +> Machines that are running mobile versions of Windows are not supported. + + +### Other supported operating systems +>[!NOTE] +>You'll need to know the exact Linux distros and macOS X versions that are compatible with Windows Defender ATP for the integration to work. + +- macOSX +- Linux + + ## Windows Defender Antivirus configuration requirement The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. @@ -61,7 +97,8 @@ For more information, see [Windows Defender Antivirus compatibility](../windows- Topic | Description :---|:--- [Onboard Windows 10 machines](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to onboard machines for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure machines in your enterprise. -[Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) | Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP +[Onboard previous versions of Windows](onboard-downlevel-windows-defender-advanced-threat-protection.md)| Onboard Windows 7 and Windows 8.1 machines to Windows Defender ATP. +[Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md) | Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP. [Onboard non-Windows machines](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data. [Run a detection test on a newly onboarded machine](run-detection-test-windows-defender-advanced-threat-protection.md) | Run a script on a newly onboarded machine to verify that it is properly reporting to the Windows Defender ATP service. [Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings. From 91faf29dafb0028c1ae30cda88e85c81fa14f217 Mon Sep 17 00:00:00 2001 From: Richard Zhang Date: Mon, 18 Jun 2018 15:18:33 -0700 Subject: [PATCH 249/319] Update release-notes-for-mbam-25-sp1.md --- mdop/mbam-v25/release-notes-for-mbam-25-sp1.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md index 6fb8a41a78..a39802e24b 100644 --- a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md +++ b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md @@ -136,10 +136,12 @@ Digging this further with Fiddler – it does look like once we click on Reports **Workaround:** Looking at the site.master code and noticed the X-UA mode was dictated as IE8. As IE8 is WAY past the end of life, and customer is using IE11. Update the setting to the below code. This allows the site to utilize IE11 rendering technologies - + Original setting is: - + + + This is the reason why the issue was not seen with other browsers like Chrome, Firefox etc. From 8d5ee098522a1d0d73e25e5c61afbbd3f111bb2f Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Mon, 18 Jun 2018 16:57:32 -0700 Subject: [PATCH 250/319] Started next round --- ...eive-updates-from-the-publishing-server.md | 37 +++++++++---------- 1 file changed, 17 insertions(+), 20 deletions(-) diff --git a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md index dca7131dbf..5bcb8ed847 100644 --- a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md +++ b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md @@ -8,31 +8,26 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- - - # How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server -**Applies to** -- Windows 10, version 1607 +>Applies to: Windows 10, version 1607 -Deploying packages and connection groups using the App-V publishing server is helpful because it offers single-point management and high scalability. +The App-V publishing server's single-point management and high scalability lets you deploy packages and connection groups and keep them up to date. -Use the following steps to configure the App-V client to receive updates from the publishing server. +This article will tell you how to configure the App-V client to receive updates from the publishing server. -**Note**
    -For the following procedures the management server was installed on a computer named **MyMgmtSrv**, and the publishing server was installed on a computer named **MyPubSrv**. +>[!NOTE] +>The following example has the management server installed on a computer named **MyMgmtSrv**, and the publishing server installed on a computer named **MyPubSrv**. If the computers you'll be configuring the App-V client on have different names, please replace the example's names with your computer's names. -  +## Configure the App-V client to receive updates from the publishing server -**To configure the App-V client to receive updates from the publishing server** +1. Deploy the App-V management and publishing servers, and add the required packages and connection groups. For more information about adding packages and connection groups, see [How to add or upgrade packages by using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md) and [How to create a connection group](appv-create-a-connection-group.md). +2. To open the management console click the following link, open a browser and type the following: http://MyMgmtSrv/AppvManagement/Console.html in a web browser, and import, publish, and entitle all the packages and connection groups which will be necessary for a particular set of users. +3. On the computer running the App-V client, open an elevated Windows PowerShell command prompt, and run the following command: -1. Deploy the App-V management and publishing servers, and add the required packages and connection groups. For more information about adding packages and connection groups, see [How to Add or Upgrade Packages by Using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md) and [How to Create a Connection Group](appv-create-a-connection-group.md). - -2. To open the management console click the following link, open a browser and type the following: http://MyMgmtSrv/AppvManagement/Console.html in a web browser, and import, publish, and entitle all the packages and connection groups which will be necessary for a particular set of users. - -3. On the computer running the App-V client, open an elevated Windows PowerShell command prompt, and run the following command: - - `Add-AppvPublishingServer -Name ABC -URL http://MyPubSrv/AppvPublishing` + ```PowerShell + Add-AppvPublishingServer -Name ABC -URL http://MyPubSrv/AppvPublishing + ``` This command will configure the specified publishing server. You should see output similar to the following: @@ -53,14 +48,16 @@ For the following procedures the management server was installed on a computer n 4. On the computer running the App-V client, open a Windows PowerShell command prompt, and type the following command: - `Sync-AppvPublishingServer -ServerId 1` + ```PowerShell + Sync-AppvPublishingServer -ServerId 1 + ``` The command will query the publishing server for the packages and connection groups that need to be added or removed for this particular client based on the entitlements for the packages and connection groups as configured on the management server. ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics -[Operations for App-V](appv-operations.md) +* [Operations for App-V](appv-operations.md) From 161159d7c388b6c3d44eea336ada215c89f44b0e Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Mon, 18 Jun 2018 17:11:33 -0700 Subject: [PATCH 251/319] added steps for path rule --- .../create-wip-policy-using-intune.md | 41 +++++++++++++++++- .../images/create-new-path-rule.png | Bin 0 -> 54464 bytes .../images/path-condition.png | Bin 0 -> 29098 bytes .../images/select-path.png | Bin 0 -> 20472 bytes 4 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 windows/security/information-protection/windows-information-protection/images/create-new-path-rule.png create mode 100644 windows/security/information-protection/windows-information-protection/images/path-condition.png create mode 100644 windows/security/information-protection/windows-information-protection/images/select-path.png diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md index 12a7d8e8a4..9a4ff4b1c4 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md @@ -193,9 +193,9 @@ In this example, you'd get the following info: Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the publisher name to enter in the **Publisher Name** box. ### Add an AppLocker policy file -For this example, we’re going to add an AppLocker XML file to the **App Rules** list. You’ll use this option if you want to add multiple apps at the same time. For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) content. +Now we’re going to add an AppLocker XML file to the **App Rules** list. You’ll use this option if you want to add multiple apps at the same time. The first example shows how to create a Publisher rule for packaged apps. The second example shows how to create a Path rule for unsigned apps. For more info, see [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview). -**To create an app rule and xml file using the AppLocker tool** +**To create a Publisher rule and xml file for packaged apps using the AppLocker tool** 1. Open the Local Security Policy snap-in (SecPol.msc). 2. In the left pane, expand **Application Control Policies**, expand **AppLocker**, and then click **Packaged App Rules**. @@ -262,6 +262,43 @@ For this example, we’re going to add an AppLocker XML file to the **App Rules* ``` 12. After you’ve created your XML file, you need to import it by using Microsoft Intune. +**To create a Path rule and xml file for unsigned apps using the AppLocker tool** +1. Open the Local Security Policy snap-in (SecPol.msc). + +2. In the left pane, expand **Application Control Policies**, expand **AppLocker**, and then click **Executable Rules**. + + ![Local security snap-in, showing the Executable Rules](images/create-new-path-rule.png) + +3. Right-click in the right-hand pane, and then click **Create New Rule**. + +4. On the **Before You Begin** page, click **Next**. + +5. On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then click **Next**. + +6. On the **Conditions** page, click **Path** and then click **Next**. + + ![Create Packaged app Rules wizard, showing the Publisher](images/path-condition.png) + +7. Click **Browse Folders...** and select the path for the unsigned apps. For this example, we’re using "C:\Program Files". + + ![Create Packaged app Rules wizard, showing the Select applications page](images/select-path.png) + +8. On the **Exceptions** page, add any exceptions and then click **Next**. + +9. On the **Name** page, type a name and description for the rule and then click **Create**. + +10. In the left pane, right-click on **AppLocker**, and then click **Export policy**. + + The **Export policy** box opens, letting you export and save your new policy as XML. + + ![Local security snap-in, showing the Export Policy option](images/intune-local-security-export.png) + +11. In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then click **Save**. + + The policy is saved and you’ll see a message that says 1 rule was exported from the policy. + +12. After you’ve created your XML file, you need to import it by using Microsoft Intune. + **To import your Applocker policy file app rule using Microsoft Intune** 1. From the **App Rules** area, click **Add**. diff --git a/windows/security/information-protection/windows-information-protection/images/create-new-path-rule.png b/windows/security/information-protection/windows-information-protection/images/create-new-path-rule.png new file mode 100644 index 0000000000000000000000000000000000000000..b33322202cc638afaea5f3fcd77fb7c6cd85a9a6 GIT binary patch literal 54464 zcmb@t2Q=IN|2CWmu@bbjVl=9Q>L7|BsHmcAYFvw(gFmH$MGg_QQW|Vm0VfUD4z1 zUqhdYii+M_Xv^P zKu8#ZgH`yINB?g8rn-=j@Uc7jr5qg?~`P*{8 zBKRn1_)q<_tv;QA-Bm3Nfdr~#-;kdQu~G~X+T0p2u=?yiopX9ip;vViA|q$+#?B*3 z(&8W_)848DU}t`ZiD6nUnOl*mWW8i04&Ig}u}=Gd&jqNiFH3L;X|kltrwn%iDB+pa z3isFsC^SnjfxQUlfdvm_y)?YKWPy<_=Rf$bNJA?YpWm^T zrfY%+3MDG=-BQ@BNOlDrvL)SLsNmT1{M2UAoVx)F*P$X7D?_+~A=nI!hQshu3LOYS z4g&z=Xt%7$w|GGPZ99JUue0fTrNPhykX#Dbbr1#qy4`C@x;a?h_r>y5q}fZ^xH$Om z79itAb!rF_3Xp8?r%-Yk^6OVqyK8GvHu!GU^kX{ErW1K+eg%-y3-}-;5|a`oTfnL6 ze|hQxfcL z{mhAIYW?G}PVq`yfde=7VyQt{uq)r8h7(_*v$k38iLYg9wfV>DVOTJK>74-V={ECf zo~dzQhJS={{2E%x5g!78#lA~GYWI<+{Wn!k;5yfrQ`Kq8(ojZr~jO5FOq(zv6WN^1*kilk5*bgVUWS@ zOO{GNSHAU=ZKeQn3hQZzf*c4;rYJxo7a{V109jFB<>Ck@kl+tAM@G>ku!sbJ&*DKr zYV*>)27lBbO49Yj^e>j^aA?KO)r4cs8@^jMUsSTV9PY_ z-D5MxMWxaBv@C86n1=XeFQ_(uYgCKZwZ-xjXPAD4;yVqmAXmVi>CAQxG;9+bp3S-U zG0j;H^k9HI*T*SBDh!xrtpt`yhr$B)Wn*>mLCT{x2#Cc1Hl+s*Di(S!fuefU}ljgXb9t^6ASp36*dmEx$s3&@SNbG(^zk12l!h zJ3^3vgJSWw4&*6+mKF*tO)Ei0I-LZ;mdpy6CmIRwr1nXu`jP;`^Fkj`Cmept8O$c~ zabF69PJj18ep`pOnu}v8LX3MuJokl{&j0!RgUeajXbRxD|B0(Fbv7d6^FZ zCIM6*(7jWJWho(l7g1w!C3A^CL#TtRIDt>%5-lu<1oK?JIj`P(;D6RJM6i$0`vzDjV@4d&<#Hpm$y3kSy2k4kHr^6YE;g*a$N8Z?8qKA z$@Rk=-{cihV1bpnK8m+8eb_0+HZSiZ+Pm%)e2BjQ^psnuIFP+1ZLFB@PZr04 zR|{YrfmRWUOY$w9-kpZ_>e^2HRa z67do)v06|*-gr1$nA_`>^Db$HU7q^b<#ar}CB0z#BaVM7r{nCS@}%1@wPeB;7sfw1 z0@^451dLa*j`B|Dk0Jji-<`Ag4XT83^mUbA)xpS7Rdo)~Ryo+50EV|xbP2LR(Dnsk z)Fi7W3s1O0g{kl2)1G)O(+fkP+>{8=j>HCv$PZ7zjQD#UfK=7Ockb>FT#iFdgN06nopqxpjMoe z{xi4>1fu01N0g^^|&xC}%I z$2!6aOu5kzw-Ac0ENwR6CzhBCri2hDt%0v`>hkK3qS)>IeA@v*>r~&I9^g_i^;jw{-lJp zJ$GRWHt2s<-tVRhOGb$9+aS6lGtpe;@D(_<{$iw@Q(ao?@Og{zNWtzc9>?7IJiXEl zx+Dh{5|G-yv~lGvg7B6@;mAA{8u{GkeaB_2Cl{<>S_6~v5<#>CJKe}}v_nJ{3{KYE zA!`c;c*C3&+LTcK4+cP97pZn&syzP0PmzLb$} zv&S)VVahl1c6uU&k+q{mUfrhF9fxf9-5}Jm`cinqg{4P}@Va2zRZf1}5OAJI!FD_Jbl>(lSDb2K@c0FF#$S2Y*fIY);X>Mdm z4|-~0MbuW9IVAxqC(BPEYwdoD413*{ijsEraBfNzrcF+gQQ$2HnCApr6v(o=-<_Yn zj0bL2aE6iW_=5(c``|o4YCLT7cwX}d4lEdj0|^%>i&nw)XX)&A2>~pxVKL%>!m-u|gH*A( z3L_Ptzz222Rp(u`ErZ=d`i{!#-Y1pS2X)R?b0Tgr>Bn1ud2xC?>;Gs%A2uygIsmZG z*T(JzPJV*8K1hE5W4kN^r5z@*(BE+S`?gp=DAXh;yZyyB_x!{7RH!$}Nr)4)9Fpm# zh)SUt_q}PB%O?Q2HD5wdoFmvacOXQwq&LixvyO%v5ba5`1|6VE;9pCzAO*p;eE8Qd z6sB_+dY+lc3)p6M=6U4(%v}LTkOEr9IWEtr-GMS|UMqN7 zUGLUA#`u( zW4&XEyA`0%{y8(0{+y$Ky0Rt?`agf;_Xi{D0e>OH>YOeG3Bn6wRVz#5BXsY0av^aK zGknUBQ|;(Dg&CkLUJ9l;8ZNeBe%$3e5dp4hZ0w5?c5+;sY&f=Rh~t1lZfHZ>Sl(TS z%jbSy2}?))7=BV+#qizyLN~JCfveOMZS2JgT8eOZywA$Q(zg~FHUI2yF7OIno&EVG z#;2|R=5{WFKnBGX9Ixr2fCtwt|yih?#RVr{wCb?7!p}RFgC4R5S)$(bq)pGZq1`gbIX?` zy;q=F4%WkI_Lwbq=U0Jvk~!eOA7@N-Y%_Ble86fg;98L%BF*ZcerLG?!Kmd7gCl{2r#}LB|2ePs>SY=P zXKX*g+^*oQTru&sR!F%8_?G^LdVx^8>3(xq+NXS9!mS_0p&vXK^kI;h2cAlV)6_a6 zm8VU=>7kAldO=4-$>815fp}GgUmJ^g21$)x-e=}B4;M3s%dCEwuv}1AKdM=H%iXh+ zClknN0^U2^ZQ^x&6!3?IMyRmw?Qi=qCEp(hIa32i_^ga_=%rn?y=7?$XX$!Q7cuA)A`qA!d+4FI2AeD~6D%l$K)1xwJg6?FPF;lDx44Q<$V1v zV7iZ}7uB#m{P1Wq_|PC)5@l#T*q^62ZC;KAy7+rx!mM$8bjGZ}bm2lswl=?5Z?zYM z1>{H*J9X|WX+P&6C)`!VN9-tPe{XD4EK_-8Yk%ylWUuJK$`*e`W)n(xE2-?6?L@7& zY?2Y>?j_@5CC_=t?AMCkYvU%KY+=^T&#Od^X}q)SH))~|IS%AUJWP6Hm*)sy_X+jVE)1&J)RH4 zx(vvYOVQ;c!FI034_QBTOu-n0rv)!`fyp;ihHOrjE3-ic*Rv$Lv{Q^^KniF2ViR7vPv#3k9hXwiZ35R=fyAop6-{xeAlGHlTwPem;D1hs#euYP#o!R_kSY1jrl) zQo1FRgdv@CaRTW}*d&nVO(R_6t`h73yh2Eb{Njxg5H>~dN)%v1Pdy9zD)ZlD;+D@s z)fUX+hwm-EV_(1N=qcb7DBO3WoQGMSq_P5IaWb0^)Ed9=+YRt%&+A$vVG`8;KghTk znKO2MGNMy0Fp{Bvp$m%y&Pc@lsyKla*?ZB&GjU8Fs9?}+N4wXt)mTYd_ zRL*moJeW~G%r!p#VD^=`CT#&)aH8V)2hG*xbrKbZ);pzWS=|Rog%uvSC zMb3_DSO>x8JF~9}D?6UP9RL6UqMYN$*a*2WO#^gF;|sjV>!yNk$0jhBdDKnOsT=T*h~_gu%F`f{}DWwz%DZY^cj*sS4HN33PWi^zYB z4&vwTWr4;DU-|l~24y6+hauhy407NrbNCwyfCR(GJFb4ge_}s2sUEHrKaW?HosKs+ zTz$SEp{D5iEfan*aQ5&Yoz=j_u_OA{4B5v)fVER9nzuOo>Eo<(LF-{+cbw3u^*Ejz z;)5X7-fMp@lil?TO+x1cR#evN2NG>r(`ICX_qij>%&NFjWi0Dqs$c5;HV+v;jx2a% zlLiQJ~@ zWRryrm4`5`Z!Yoe1>cObI&tYJ?~4^oeiCoCuz{=>`*47_ z?m;LZ!yHCoXB&-?-tpjYLRP86?69hkxEy|DpEZsUgqLQ0xOif#oI6NZ_!R!!Me2j& z2SD%$Y1S*pPG9Y8FMd_a6`U&(8wHdEJy_l~^{2gKC$*tr&yFpA@PB4e08E1w5xR0S zDivx?&i~F#L#7umin}aPTbE4SeW+A}_{Mw1d~E6d(xVq&D=PaNE-PR!JIkATUUnko zBbDA{NsTl;=RqGo;d+_#5D?~!^*|ZQ5#PSH$2a&|FYw&G=_|(ix~mP9Kcb$;7KWj8 z?%IRT0+4tOg3xFl&S*r!xQS(XQ0E$EteO;c}LQ%vmh=0fknKYS!<;n?s@cxktJ z%0EWs7l=x544U)HSsiGV%}xuNA6Nh+V@bU*x<;ah)65&*_lj$1)9NSV{nXvb(lIk- zhGI6cTl^OB<0odtSuMMVz0`@+6;>(Qe#UL9MD17iL(@yUnR z5%<`f0*g39K_5YHUl9Vo?sUoZqKj#S2O^4(!`psdx#Wu-86E~3WS@xr_EUyv>E97# z+!Y&=38Y=uzgVw0=?n7EkrbadoH3xyC0p60T+2~#9$tTQzdW7GQt~c?tbPC@;(5qy z*tuxV&%Ud*%hER|dDRanK3c#Y^)gvY?@CUY`KjGw<_p!f__1TX;`RQVo0O@%(g5X* z#zP=^5Oq)%JWzJ@ZtVXv)M(!CYgk9bkFkofjk0-B@lqTaTV(B$AN;Ae{v0D?GrkKi z=#?_cy$8(Y(km5WS*dog0VZ-Oq}?+TE*hegWgxa<3mhF%UIkGlx_FhiFs(H4VO1{q z>38BIO*;eFa{)Mt_RD;p>hC)jNPw2bI|RQ+UW}PwV_@dp>)pZGy%LbNta;%sKOBgf zZZcl$cVZ;C+zfjWwi4QW6U_9Ugqe;H>GAMA!vFl6ub6C0W#?L0kcoQS| z=*Q7+$*0LjkaYR2e<-Y?HzjdQ^Pp*#SU|pnhzl#ES56OR6@K*Bz#j%M3uOG;3v+{X z%tMpMV>OQk;%r5(J*Yoy_%!@jnogb&u@v&(Xc4?3*ejEAaFlpB{m0}A5$Q4t5WjAV zKK-a1Nqfi473Z;ja&}!)c2?J~vxvRmk|F|H+fA37rCK%9HE384@bPs1VsYOW93D=; zs8z8LDI%$;tPy3`1>4J>&U(r6Cj4eJsOPYSTL$ZAMATQvTn?=dD{fuKDo0cTm&5rv zpS!1}|~C_NTPRwf3*U4c>Xq*;6j>0KIL3d9V zY`cdl@(iN-Z|h64_}=hJD|!ULmq1yu9JRD}8cL%24L6lQvF;XKg>s%k%pRTiimj?D z+JK#g6HKF>S&3*ib*SLPlE@z_O+jG51Oy=ugv-BfRn;;-u76dveA)&Ab$+FG%8COm znbm#&$?J7Qw!W4od#*P8R51g^=`;aBFF*kQGCHrj$ff`g&7L0|(k*dNa4c6%l%-Nk z_G>R-9w-_Eu*>2{W`(4Y4VS0GM`GjT69%3G;KwrN-~X*_K*0GJy)bvBbpO}xVAynR zijn>NRcvmI=4hv{Fa9kLg)A-Kr!~qQRzb1jC*h;49V@^PK&=qgp)$&Y1#?c;;8;2> zlp4m54D-7TV3NnAB9Ozf3msDK_=U<%X)dUNfS2ui_igAoS}}Z}6gfbK9FsJAC7^Jo z{8od%DC`zd*gM; z#;b|PmxSj8jIRqdOW>nJsQ8;d8It49fs!q>zFdRMYtRgNr@;&F3*0?koaS{C9vU2s zg~^6mbJ{`PK4Q?fr)Lu_J(ZN%FkylbQDhZeiRi&U{`b^3=ex;2x6NM}B_=g{T=dNV zlucAR4rEnY2JO$eM+Lu}LiP3P0iy}D6GHMyyw8t3bSMdSgHot6%1`TgW#MgcG& z#E&5tTP|46?LeGBeguxv>Fobo!hI`KJgwFadFjTN2Mn(N$+;{1F!GAk4!FZlh2)p0 zy&qR$8Z)27uWel zX*ubkP$gEdKhB{k2w^UQ?kzIL+S;k6uU!AzV1QCO?Ryt`GY!;FoJbdC;l-&^^y_|g z=g$iCXWNaxFkC;H+TREhhQkqp@8c#}g5-~pPJm#QecWf6glx`y#+T(!ja5FIq4!0s ztSl=^X=~0e4r_y^)nzjGcimJscFWZ0KNi&JBQbA9pDo_Kw|kRiRsa$WX2?urrNWt6 z&4I(5{hp-z|Vggr`*CWekYM<_MzHmr%41koDZG=fU< zXd%ZMa(+%ok+@|5dwy!07xS7cpoCmsHGbs%bT&0s&Gp@|w2gwljiBeCKI;;j#$~HN z+g4foyB#oL0CSzknfSZ?!bB*0OI70(x$BpV91?!LuG z@?=}79*UV>mjf*U!pb?7(!q=ZWoCTvsx*|lJzks|!lZst-X0kt%qF!SlRHc<9V-f3 z?VhS@UcbueY)4&pw?|$3I;AcX z#w`Kwe;({_9)d=PWr8WR}RPFp4o|>hPOu>JW*R8X*%@&TxV3CE%#ZH!_s$} zZ4w#^$YWpE*q)M_YF5_O)eT|ycuC~3CU;2D3|W`kCyym0CJHb&9IMRMbslFqIlwHs znwM|D(tqstJUu<7d7FZPyMD7br#;0oT<0K$FTZGR}0UA_(lNM=z2mYO{g|prwn;*Bk_q^C}3(&(>siPTx!ujcwyYuoD z+1i4th3j&qPU|IBCM#o`Ol?!!k(vLZLp9#YB?Ji{qT6Xi8L&tRLKRatVB zcRwIgd`>JVAj_RxPNq-azu&OBJ-2LS@o_%ylW}7?c0WY%$ZyTrO0DYJGGpP$X;Gl= z@-weHi5^@|&&OTQksJ@hlsMQ>z+ujnwy}!t?rs4wDnjG9N>5z{xNG{J%V{i^@2i&> zVXrfmMJJcksj+=ymcfkeV`sH#LYOXyu%|Bl0(LzzLD_H}1r(q!4HbD;xHVtBZWn1J zqrmdY=vh1a{G851t2{hr&+q(zHgvC@EUeE;?g(L)W?h^tEK03Qh9odYmXS#73QHwW zkSw(&OzXo8AAqz|76%KvrV+5VG#VBq1ldAUSD?&x@muLpgwks`&nT;Ti6sQ_SDJDD z|CVNi1oZ(QDRE?dTSBWqjEe%Ze0t@3CU~vHI)^a!=(*TerXnOG@Qgi`zOd72V z>;2wR?UYkSLiLMvAK;A^@H|&{*H*c%x)Zekm>-#-kj@dA05Sw2l~1y=xmSKPHFq!;nHuU>Suftz>4?QRWvzp<(=s(|8PNXz2^! zuNubuct$xey;e{kE%KcJgD(xYPS z%YKYiP{4M~{Y!_c!H#pwG2=dy6SWL=RY~p40Q=Tvt)rIXjEO=*%F%Yyp~=cy8!qhO z!M@f0HG0UY@{yDX!(TSC^$pHpw=LDf{C{7Os?^E$tNPp2(k{&nbHK0rz4Al6)novmXEg zB4E0buCX~$b8FExZl;pSmCsWff73#)U$}(g99iNl+#CaBa=lzt?BGXTw#xuU zT7PxRuLFNZx;zODfN1yYisaI!-PKr0$mDO*gVbI&lAR#FnLWEwLy5IYff$N(stXyKj-Z=*!qGS2 z7S3nC)fpw&zhNxawER$4TUJc4zozOp|Ipx^wEvl)z64G;wPU-(Gd|A`R|hei!B%dw zUti1m|09JDrW1p2-MZCs$@vpI{BvcOI*eMs&V=c(u+9@W1T4}lKC~G&Sl<0tGXek~ z89RdF&R16Hh;Zb;ymvDu4MPW|IpJTwXt<%XBtg1>g??lJf{;RF%dCK^Y}bs|a0_8y zzOp(8cc9CXFwU!=%qrnr_HW;O`?F3U58SOil@rMZK+B&0%l$T7sb*`PxVb_MG8d zEF#i~sdX963t``=jR6ai@=K3tOR9-}k)R+U;UAu-VJ7l2%+ERhT0plP_&TzHuSUiI zyGSN{ZRongzK9UY-2!j$o@uVhNNo(9m5fH7(v*a@z+g;8j1v=1THhgX4|D(_m*X)* z3z+NJKeGbkqWO{l>S+fSwN#%p3w#jY+=#kmxx>zz7{Q*%%RXCII<%H|x9K{1z}1&K zy{_d&VIJQadtwz?0+0O;WnE{7)wgVmfx?*Tw}D(@u8s(6H9R!mkslc{QBA?Xx(u*# z>e!1)V>V?cY@?bfoo8cNnUDz#&UeAz*qs0Oj=GIFk;= zYx?cdFqmFE4`@AnbAXe!(1O2qfn@3RAzAZIMIoaZ0h+(`{##yK4oosnlOpfhB2hkmlG)JN=X9B8zs)8|SgFccLBRa|!e8T&{E*V~P=*UWj#6~q6dbLQ*Kk#v+L|9k$Ut(5$_v1M4e$YOC>4TaeUY$g8w*Y~c z)3*kO!G=r;7gH4TS0lrhZPN9)>I}F1Vm7}5p{p|@ z7nu^alxkBs5DswQwKR(YK_j!1nQdrkiwYC=0e-BUvNeY)38Gzgt!Rs42U|D;`EOvX zr^hfKsC3I9JLB}}x3YHUpbU@l7{{4%8NQB1R%lyLA(A^9Q`i{AXj#$ z32}g?h(?klLJkN>gZv$k*J4@&D&;MJ&>^Hb#SAC@Zez=06y8@aBA;7o1O9#%FYAv& z38B>q2zeBs8lD#gNNTBr%Ntg7)cjqI#Pm=tWi84L*T}0eLyo)sVVhbY1r0&=9J}(b zQsUYvPl=TwdOQ?sW?_~FXEu6AOB)uZF#)Vh?P#Ys({T^6DIpsOr5F06H{v5)>A+e(mpl_@IlSk{T=jnn9ISPjhHVaF zR?}(9+p(&kTEQx&$_oJpr$ewWO`?EX6kT5Y%MirgnSSf-z1lkyZXRoqb zv+4@2N~Qyv#ScWr=PZtg)j$SOc(5A%t_FsZx9|v&6=FH)4~2CK|2Ho4+qPQ{=+zA^ z5xr1#(v)yYy8d8Sq5Z57rJ$-YkbhA0w=@dE)UK|c~`k7$lU*rFnS{w$o%VxJ$7Oh^5V2}K}m}vcJ zmVvb|Xc4^Nxl&D5S`0r4M99(&OTOgVR<1YF41SbTbJ)jPd5o99jRi~*1VI2ucr%Eg zplZyc!l||rnxJed2e2p~;~pK<{U6W=Rr6m^qBP2gra;Lh6#KRD*)a)UPbEm?2MJV) zJ{Y9-3K;-$x=tW+BO&_lqCiNXNs%C^3oyLpuIttEAN?%e27tcL~Gb`CFy{EvdR z=Fqzv;MHs=gEf-mFj21 zP=m`EP@R`6QaJ(%;QtM994O;wk$0q>WsAinmxe)G*Of138M{GuJER7Oxft;4m7znv zJvx%my($f29J?wQ->dpxvMrxmRza0j{IdD{m_S)_uVHZ?8-0f!1ym1tDNWZcXU7$! z0x3vY&>-N53HkmC!d^-@fT{lx!o|+8iN^5fB=9ktsNwK9TaSqt$X2<@7t_>kgliVq z9|}OC5s@j*S#sa`=s2tZ)Q+jGmUra$lr5-guDsX+`&W=A?5r6CV*(gEii3K&#bJ5O zLKKFo$}0b_3;-yo+4PnwswbJIDgp?Kd-PKJ^oTl(dp+KIj?N5mTUqlrivKLpbyV?8 z6}RJNY_=|O_5O1RA6SxM&I`30)|an>gl6VGcvw_!bptIKu+1j{Tz3xBAH1d~iMuZhJ3;|UdS}Rq^;f$T}JH7%T}*t|I`es=5~J5%eIp9wxY#vO)qlJ_p3tJVR6`Shcx zUDlR*|0}=y(o`wEkV&vXhC520G|p0aA1Zb$kaZuDZ)Ukh0_D*0w)$#Pc#I@yH1Eya zcIS54**W@1b)-HWm)mw(v_~lQ6^^O$pSEM zWtm-7mtRc%Xev+v>eI~R4K)%Jnwg;&CR~6!3!+%#2FlJdv3yJlka=tX9iYTT0yRAj zeIG93N`lM?hb$+LoIiG23Dw1s5BD|791t_c^@L(_?Y~g%EZJULBzC z)Ch*}Y9uQY2wq_rC$g|>siOrck=nbzA?TZZZY=81e-Ak@YXVp~H>p>G*NC^TTA9u1 zJn{Qu#pMT6?n>DM^FMc- z94U+VcZ`PoFVmNZ@$31@%Bf$V&@ZXVuea_UEk)+qE_Te+f9iBm7&0)5QtCepxbp8j zqu&<2GNK>8>dV`i_$;Y(ZK#8a5aZ#M}_m>trZ8-CLo6g>=l}C>`jN?xsi5pJWT3i+847u8f#4O>v z6)`If+EJZzw1S?Q`CPK?SMJNFmEBB>xQZ@)(-$)I3-8ps`K`=&a;d)6rtI6&sapoN z$wfo3-TW5#XY2cqfBWhg44t$g+S`~qX`eDJe6f0dnBHJNc}5C%$4r;T-#F}Rc>JG_ zx0WcTCW)!4-%%%+XMsXbx4v?iOZIbT^+7`5vgadVkRf@L*dh6NV*+iOYM)N=ZR#@3mE3J5ZPoIsS>+dl5_;X$x znKknL+7Ny@m%35YSrVYhrRTZ*50z7jbHj<(;PpQ+#S6IN+SGSf*$d=6)#h2A;nw2} zU*36bj9$xn`@ZmN4<+Yo`p6NqIAblvQ$nLE1kqux4~K9=cYA|80|`2{x5UpQY^ zY=nFHug!}iw<6Mi7k9@Sd@KDNX^}?_o%Pz(zHM#kY$Nv&f%-}{Zo6>>3r5S4&~y@S}FnkKpV*Nc@~>QON5>&7)h zwiDya?e+_7e;w##p3LmMPo0KViK*$|B%8N$r}}aS6Mvi%#|9nt3GD(@jYYATn;=A^LUs0H;8dCgq>+ zV}4~2A<%E1e77(4pOm_l7gb|Ye-CXZ5@B({EV)$EFnby_#LE4Ihvgc*Yl;-oaK^X$*!+;iEsvz(r|a68fn0y*pb>pu z?VHqe+nK$$Z~pbY4_dQ>7$)@jdyVFHLw~}?e7rjU-%AZT|C<=Xr+ohJs6yQ_7nG|W zPoReXwLgyQZiXI99sz>RQg`3oe0@gig@9DU6{eU&;>4Qq#P@o$5yrO==PU62r=I`5 zANJkMV<`_bpMEz5RLK9PIkpA-qf zzrLUCCY0sz{`2S0CjMu>OpA>hJ!s#j?sO zzIJyr1~Lz~m{Zukkd%{bRB|dg)AUcP!KYyR{rU51Jd0w=+pBeJ*VX;f1@Ap6?Eh8k zkkmO|?dt66I>FQ+Fb}A$(C*y0c2IWYbTkt5fp@M@ut(o-E(WSXJ*6K%FgNzJU~@Yu z*}lo=3H8#IAN6h(|JiD>GaZFz?ai9@M_)vJvJ^!IYG!^de0^4@)U;y0Pe<&Rp`n%( zQTmgWzxQ@blf&MmCVSIvr?;tF(_TXEvLtfoeg6Zw=7D;-sW(Yd#EXXqxAr$>bgXw2EuIv1#_#?pm(sJy0ID)*)k532y2;VNX-X$lMAAFp`wooTNI&WRq3w_6d`8qY9+Nh8(-6QgN1Ubp-yJV4 z-F!^k1t*mhoG$OFslC?p{h(tp;pLtCCV_iD{M|PdSAT?G{Wauy;=Z7z>4EMf**4hM zr#rGl%$gGW;(mN$`r)wJrL$iPC*c9%U;cF+J~REmXQdd&!tMn*lTS9KYxwlqPtWw+ zmHm-ha%jHW`}_O3VSC$U!3?GlrjfBTPC&Z8C@wg&{JgECw-VXoFuL3F&QJZQd+Cpk zB4Z&pF4N%qQLYYhLSg@lSkS@YfYnOIEzWw3!+)TWyDx*TMI-=e=DLGj&`0!w?!ag}E zN$u!hv#gPR@!q}r_fIU1SO&NH))6CWd99ftly+c@~)a#b`^)b zSrYy*=C@GSGffbETI_m6{3LVOUEh23@QdX00TGE()eTbmuI9JDj@P*NGiD$kbLry6 zi!w5qa`ru$4QPw|#>Us}vYn?}BBlkH=DpDoCp3|4?2~!XGuXJ+meKmd@^HgV|GQPA zOXB9i`0D)m_vUwOXX*`K&kbJMOuk|2@BQ?zsGvvxJh8Mg!$+k@xh&nMGSj0nkUHek z)i*p_#ytn4c>gIXyxthc9Yw_3o%_uf>%eXc!G(WKRzi% zx%o_54r~w2xgPZr1P|kruNhoXIjPQ=%F+#xlvX*Zq2I7Wb!JK=QmzHkyHe%2xw-ua zFFfAoau4%sEOdz2CZmoFGMpjbk75SePm})6`@iRk zOv*|N3&)uGN1K}_`L$R`&Q5i+OV0hSUX8hQK#B%4S(Go1aWgeoKC8RI^-JUGZ+AxXE@ai`fuF5q`>Od@yx$*QLxI9xAc#;^TSJS zy?D!xLfg(aOxN&8xnW)fzQ0)DnAY@npXB0mhDzD zj=?tef5K#3g4cV;;Rl=Syw}!DcrthxGJj4JBrs`PHW!Rb%(ho5das*_V>f<&5w8-6 zE|%OW3#OCe3d_0~9o#Y#!8N#B0c3d&sgc*F7E#2f@HAY~;;$(GH%28TCG!)7oh5gU zxl-=NBjbYHClqBqS!yRRq16?O+QGh!n&od&4pR2*lBIFlCV!?UBo_|-J3qnw-DsL? zyr=dx%xpLLgCD1={$^xHNrQuwPcre9(2??$Ur|PeZ9PgE>I|FJN~0vbo?ffKgZ5x5 zgEVWsd+=dHJvdl?^G|T}Wup6vYGvl&Gw$|3o!hCZmfxh(x!wxF&Jh1XM)9lSvjQaI zLi++Wn4Wy9X}s_7&#sKx`T@I%XsI+&B`f^Tt1s*|X9ZpvbtcOY-%xA4iv|`e*;$X7 z8mv6r9ZX6HzSgvxT3uUsYI~qm{`Q)xQtsx|)((B~m-hg5Ilp?uz|}crI5)la**-H? zCa1|*=0tw>68f24wHQOsENx;md;j?CwSPSAor#CjWW8TpTyOd>NoM{Dv?$SWGA@08 zA=S!!BbjIw`0TfHyo-t@GH^He!10JTyJ$&fW!-C+K5srBd@cEqY;X8G|E=i$_d+Z6 zO~>Sc84o`Rla<$Ap$P4eIel&0>pD;#kgTEGH2uMS{h&mZ9W`I?5mUx;`?4pKXoBMqz#dqJ; zd*F`MWPFb5d(o8RFVnBC=^N^6+<)e=x^Cdq=so1|zP`S`=-205#>@^kw6t2&BALg$ zrhMUBgoTOpGxt2dm|WY<@u;9(D?;O>dl0eRQ$cZ|GM&C%v7}p=sp?m}Qc|(`9vQqV zIS`D%bv_M#N~_~loP8F2yVAqSf~wMP^2z)$&ZtxBzilawISYH*^ZA|3L)!qcZ&H-p zH!QEWTUYNVpbQc%sk@>vZ|=BMuLKNV>@5jg6f}AAlnZUBV1+UuFs-sXMK-sns$mG^!3IeY)l{&22yU4GGV z&8+pS=YH<{ex8N>4%mp^G36t9*3G-Tr`*x(CIHN@8vcE!DTwoIOazJTP3(IHOTH?H zeN3S|*9F4b7#&QNc3THz)h82HbksgOC*q!WK(eP7;`F%PHBgx=XX6KxF9hH*bYcyxG5JQcp07zWH2Mt^!v7oZh!;Za#)k83r>LrqRto5f!F{ zZ%{Yd*7>3fFVt^uz|1Wz4xto_R!7)&VZSoP_!UL4D!%3c7CPu~uP7M53PzhkA&BFB z^Wnss7ofx4X0n3nRnXYLL*W~gc)wPtHO&j3DgQ6t>IZ~@fg$r(h6)TF#b1=w-|6PJ zsGDKE&tLi+AWMJYES1N<4w#_Bu`2k`)};!NbN)^~#SVm9(;B_-3)BjZ_g~vdivLbX zfe*h|pR}e~kVUH<_Y(e{srKUYfr=cjM-R_y{C}mcH(!J8up0=0=*o))z#t(@sQ64O zpZLS&IH=>qfB#Nd(;PKCCQ^C{FcLbOn!VK4IR$?5)Q{;yyD%g0+y~?*ACZF~q<+m; zpFi@KDkAwq*r$cBPM2fHL!RmimiCsOW{)WEd`tKNsW`STT(7UpOc;) z^~9H8kd#{vSGTcG;en_oUVMuxPrkWE;ae2Z$w7FOfpHD&OlDmdUzteKq560PUO^-o zRH;M-6DyU*1X+la1NW7O33|P=$_lcm&YJ&Zc)q*jbqMd;;IV|s&+ig4RpJfm%4{|; zJ$gryNl??ZxD|{a8M4hf3 zmWDRY9%_m}30n&h=yEsJB8M5w^s~bZ#=9{5oO@MD?6NZM#!M#FA)f3mk-osC(5Lfe@k!l81dpa1pApMVahj-q2{Z)%GblERZwV3SJ(5!>l60J5 zLpW&f-Vx)3hB<32F4lYC3|N=!cHEC!)_xife(h*)kU!jHFcgWJN>A3!4_cf$nBoR4 zu4sMyMv0TnRP_U5o$P@lblLWr$7$Igt7*{E0cjuZD@gdVxup2Zl7#q4!AqekrxWnc zESP}nU2ub+!69BfMo?{i_G0bh?LpE#hK!u)W{S&4N*?z#4^Igqj~A)~Aj(tIyono3 zlHBa;vwXauUCBVl>xH0JNQ%U1e@h=9uhd@ixmx&H#!^A-Sp3&gViJqS(KHUHsmJnM zpWn*$IvP%A*?t0RQ>u-FC}j#zR@Y2Zl|{)-aBAPS(5D+3iXuh(X8W#Hp2Qct9GErF zZWAXpSx*DFxQR7z=r)I~N>f1B5$+Te-GhliZocG8(uF~huEHamruQv@Q6=wBiQ4i5 z=lVRc${YpS^z00KIf-Y_`cXlH2N$^;6Vld25@O%l)#nW|TfhhSd~4nwK@dSNA_5)Gs(|c4H6B@I ze_87uEK?jFhWaYDfuxiyJm!k2Hm|ZdR&l>KC?UGZoyNKLq)6o_2iQWS3=-mCLOfH} z_odlFOz?=Mg^zgbuW)pig!&+*1P_Lq0i8DxNjK5DaU+x1L2ykDL|%7?x&wFo-~#FJ zdMO%Q;o}!>Xsz@7#K3R%kZh7mh75bZW)Yb8b#^1wGVNtg39b;MlMlOR$5TobWh()8 zY?Tp9=4!xskH>vDElzg&wV4DAR_E;wq}$wx3f zyahZQUq^3$pERqZm6lU4os|qL1dFpq-vg$(ODHBs6Kko|mKFc$#Q%#A;_Mk#QB?lG z0DtJY>GztLy-5?Y8sq4^c5i&^s_kn}d+8K2}M1+$3t?!LIQB26Ktv(eHv@7-f@&d-H+$9bD`& z^^N-PMsb&_q7sw!ziSOCc|eu@i9@q3dj{Gu73Wgl6OPU|Yo|O+Pt*G|Shhn;b|sgl zi_~TXl8C7l8i#KBirV&RuIm8YX_JGHs=RlPsZ&=nD6V2h+uY1AcF9s6D#kpnerIFl z$hGE~4-ruy8(n!cMY&~XOAWtwoS3(_p-HNKIHF-jG#OK5U{V!kx6V!)(CywY9c_Y2 zJAGQ~Wgs0L8Z~b>n=fXH62wIHx|!vY{R{yd!Q=DvAf!kBla@`&RmU#nSqahn=b*i) zBo4#thU$&e!uOd|&2`t0Y>(Z7j6Z`ocbgTY=F`KOtvmLP7_DX^8QfhRt@5wg);(DQ zcT4O$n`OrLDLHS(bD*-o`f>;;lTgbwm|t%<9Kv-dOIa~l!*?`l>|m;Sx!Rt?b0oh{ zdLAhp2;td^lPw+cEkINk)7)aQ$ll48RSye@5-ZYMeNzI7mKxV02_IvxKMytVBjMR& zb3nW=PP|TTw#{5L9TFQAR8nWMj44!v1`lW}JbeCP1(74OM5#dszniqt3%6|~;!z+X zgK#M?Kui`!$jntf>!0E&z9M_6$2WFGa5O4`JGwh{9SjXMol`ihxxXSocd&`28=O|N zTn)E^t?4P+!rDwPubB-NYwf1>8;_>Wd_*O65uA#L>`FP`Z=cp)=cn_HC%N+LPq9Z8 z)^Q%{XjGZ%9|b-*6Gr>oXWUajrQ%fAMzigM$d}-h!T-@VewRbc{kXt8w2JM^@K)k+ z-j0*Y*(l8#-o;B_67FX<2l;fgb~}+qVOG@VCjBOE!>06iO}@vkJOLG1AG!mD0XAB~ zo0ZAyYBqL*_>tB97h6_5&7!f{Bx*G?hV-(2&2Ih>4#--jqF$@+rrYQUSY07bkcXg4 zw{4~mBlPqWS5GAIGR;7hwE7hi5CRE{W5l0a6_bqh+LY4MIUX3m$L9|T0+ENqR~B%t zFsR7YCYj`to;5uZBgio4oEi|=5Pf*L3P|BxBCiF6mF_x-hw)idzWaDKbutj?W$_)x zSFSQiFMr)0Cr4U&Op=j&guv5Eb1_Oj(gc*>FKtU>+QoeN~NSLw4cHRcW6ewuraz zwG^H1P90aLEPGHvMm#*BmSm5YBqzswNOi9HLd%6jW!JCArOtbWS4S5`%Z@i|W=ZRT zXO^xEwu^d%38nd7iC<)_qN$X2HZOZ^M!e&+a~Gki_z-p;d-K?JmzSJbK19po!?j1H7ac%2QUd6^dK3$$F+n-6uDR3?0 z8Z=Q*KYYcZ#b$Enh^#s%OiYZR)j>$(4v^f*7_?2TQl4Euayd>^y&A8*a4`q1?IL&j zOm);X)VA;!husX=*Z zPlkHUo*ElX#GR?By7&!eo%EYUg#ynQ&Ri$kKm|le?J5^~GO*7z#5nt!R2;`|<-jM( z)>daUu^ablHe9jB!C=WGCgOA`@SRu8dxcjtyIIt87G+ab@KTHBz`r$(2^48P(- z3BThLE)rj`ZC#bAJBfAQ{aM=Y2hv7rI%g~gAiHugjj_+*oc>`$tEL$T`ito}KQJ7X z^<`*8f7hB<-gWxD>z<$ov{~CTyv|qc1s{_#@? zvFp#_L?yiaQ?L3b^ZO?AJ#W}&e7*?V)t_iV`(&Lbn%f5<4v=+2GK}l-R+K}G@`nw6 z?l#xjWfasM!!npc=<y=nG&mO9V2mkWz)u9k+NA&2C*9GT$>01!o^r*BA zUap6p28*bC(;OxX#f^_GR{6ncIg1@6!2yFcZS@%*8_yNl*&J6stv?}MM`1lUrf|O( zFtpuGaJ|LqkEAN_>0jZ#7HF`iCs(^2FO+WLnC0Z;W3%^`I9-Kguth9A(E%eGT*K^&3Bi%f$d@&QKc}7)?C5& zNp_ut2y%Mnh}k?V3a-^NDWNxf^FSGm#Kpm}Dy@U%LH9_Dv3;buV`?2tKa0Mw99@Kwm?agnl#tCjJps(s9<> zP+muWE}tN{MoxhI?sSm0khA+tpHdW`erx^I0hDfH-5(XT5bri*5+D@w_DL<>fNG1s zY(vai9w^vn>kyG9aZ}w6?R+s)U>oa~mfYYw)k=ezoM13=kO@DP=x#3HmMEBf;Zp#e zgsyON8Y(vCghK6gJ1gzvYR+7MLfqrMAa&PD{^UVuNizILb4IKvbgE&(V4vDTz`Ctq z?o`}^Al-7QDZ5cBmUJ%^BB(oT=d?r3+kdXC$|-{YzZ4f-V|P9ox954k@Y-2^WnJLG zHU#nX$~NK zq3R*s?dlIB2_Lkuwr!<6{$%|+tIAQ#u)Yvc@^U)a@8ah?dI)5#d3$~^B$9&arLk0< zLecS{LI@T{uf{i@7;Y&>EvR4y@!18gqyqc__*~k2+9;9q`5sX%-NAZWk%`F5yh8-R zN80rsXfGXwRZ4aKzN@xPOB0|S2A~ZA`XG!mx|sc&!+H!X$}uldV=UNxmEo2NO zxaPdKNxpAvEu~P{A5w(as;_pKkV^M{Uh@I}X4iI(r?No>F*N1_t4{Mck1 zlxO`qZ4wOlE9y*~q;9FCyhLD^T)im58L2XmS^nN9ejcOsH9-?pvdRTiP7RycAFPhe z9->w^$sAg%e2GH2dPiD>tYeZN-``ZRj<=9k+(GaCiW4QHJKuQo=UAy-p(EHYs4I;Pl*^1*%$~)Y-$Nq*{TENS*;e*Lmd^5m-x0F zHp#$Q-Hz9%HENuVjHqN43~#{50@J@~v2P?*fe_;ou88fO`^KS^aiuD%jJopY*>=h$ z*YIVbt1_!C?$VWY`dTYEV3+uNkEIzdZ??AnBPas8oj~U8=T{*RMp4lgO)J!!6Y|F6 z(claGo3p9vpTD68KI(BQ6ofbL9;hQ^mZCs^Bl<5J2a4E90rKysdrGu(#Sb_0q38zBYU__N9p zyFYZf5x#rOnw3KfoZh^N^gHJZ#`g#CGk4nM&Y;yNrE7%_wqgz*goI{A@pzax-Oujcfc?lj^?>WvA!OL)S)V+lf!IYSU(V*{{sn zC_Cp!#$V|+_|F=c{XBXiw1WKr4WQh;zH}>Pl%>ELFb~~77+otG7xmVcAYHLJm!C>A zJ6anUd^LD*bhcAfFv25^4%INDMHwM9AmnHL+|nE2O#bVX&xvHA7-(D0EWp6bZUR}> zScUi-)}@;2cQRx9$2UU^bbk^*&YUhfCiT*$_yoAvOzur;6V}4tV&#qjLlw90%B{9Y zpNpTUH7v<2uZ^ZeHrVE-?5ozE_JYp?yb&?#U?Y2+h9cVqwTz8M5H8wti#3U2hmFsD zFLw=voJ68sNrz@oa^P|wZ4(aT>O8~PKL_zRRccXAoCMp|vEKt85_P?PN)k-{9T)GsEEC5mcrw?$vgVvj}UCl1Ppg_9&Ha7m#1)*km` z2Pu=KGgV3#SKOkU$&`SjnwCg-@Z_p+D@1!THe_V+qyDijvs7q0(O)_`0AP}f2d$e2 zw|TRUY_IuV%sASa()MeOkngRleH`Qh9Kb}XUk#Bzp$-H1(;4w9;c(gbO}`;~h;GyJ zm=*IzB!P&+H#H`S?rD&<_n@qNP|WHvjqel^LOo+WyljSK9zJp4-vV)M`!u$;WGgCI zW*fWb+4B#)}^G6azUbgU4$Vz|B{yF>&d8wmyjj|u10atRbDX?P!3l;% zrHNG2<*~bun3Ldk%@IXe%0N_wH3(1_39^^-k%zLo?xplzRv;2_j9X%X}7MaGbYY*bZf zC3*tW>N5CMC`!kbV(L-*VV3H~17IL+VC3Sg27OH?SBEG@pIT`qk3tjSYe^e@zL?nN$Cnk+i)`;_qLEjlc?Zms5QYa z4xaoTj5A)j%g8ZH(3%%ZAjBqdtUT|NnCpz13Cl2f1tm3~m7Yl2Sq1yP2N{7Q;V8|} zP84Yl`UZ?(4^C?N}pI!NAAB141;vUe@g#SRi)-^zmw5|9dLJi_q zW_=eq>@e~H`llZsEWSc;{&CLY`feSOQFuh~h{%!{iCfL?J8wxqbBXo7Ygkn+D@qA* zRS19=?AC{}Q1KZj3iSg4b-RimkhX*754=bo{nE5k(L38NpvONJ$x&L;iXs(%d0 zu_tHA!`ikjccX}>7>|eXn z{KaU(u8(d10aylPfb^$F2Hm6n$X&BLqE(feP8s7pe_5rInDXR6ak+jfd(f4UMDO$f z)5Vx4;q|-^^;NT>-{oLs^Oa8T0@ROd#tAo0y7Gzck(FQ>@u8dI(dL}@=+UO8Uhvul z&N*AAh4Pt{hP#C_8yDZP@4=5;EBHO`rym_j(tP3w9jtPp55UI9gYS{-v=mp=|AEB* zTioX#wKo}vc+?58kR0sRz%o4^dV;g%SV7ToIf8j=kpz17K_sy~v~~>@2`8HjnA#hw z{LQh0PRxPn6LK#S&wIS`gE!-o>6VOeF4&-WO{U#`>~ZxG27E}j=K4aNDOxks&2JL# z8GzcDZc!PK8I_EabXr;8D{04)QpsivEy!>fuF4v}?l+^jp5U?~RXMN-k-9;8|G4J= z4br=@1e04HWJK-R=auQ#*Gm*Vw$RTEpV6QCPRb>Ksp;~|NlI?nAobs3FwB}!0E2!1 z`?}Z04k=aoDHYnu723G%O*V;)j;{{;z7oDz=8M>EoLXf#PZ=8KCB1muQuMgyRlLY` z3yD%a-JwZgZcZKyfLgfHm!@9VJG?*7BV+MESA626NLqGCD556vq=mUnAnDlTmEMfC z&b}Tm{YpE!8mkSz&hPU_@z(6biR}2&c$sV+6ov*S@PvfTJB`@f>V&E?96GN|< zT*?89JYSG(Q$c;3>cl^KRvVsMW1_=&8z)W>k`Q{4qyOpJ%4Xa7#aqDy-Lmr44rw0UT(xa?cK|l@*wT)@{;jWTiZU(W zT=d**R%zPwznpdrjMU;4d@f(hp@T1|J(c~s#+Z-eF=1_Hr6X5&WMkn}59ODsc8z5_ zOB;GKfDTU*=<4<||`M)u?AksL+nKXo;*OFxfP!#y7o= zYAzS9v3!#acox|cbm~H7upc&3rC7`3hHbCOZ9P$Db_~0Y&ih~#kI}|A#W#NTmbw-J zU$9D-zZ;u_gra`A_Swz=4q9IK_h6%}w%ioWQisYZ)|q;_Zes_~$krE#c_FY=?rl%L z=K-ZGw0$n~{ADEg^`NGl(UI&XzB1AzQ!I^UyPI3{!jsLOP>0H}#(x;*+(RIMu5$Wa zYj_SJUq?k`mps%=R!vTkl9wFyhnc)(nxDkJAP+fBP5F(24Zz><*wdoN9?zB;Al2^q z8%d>wnz*ZGmIJst$$(5gC!%I2pI7{pj)ABDOsE8BLc>aezinkv&ip46!NZnsP5Is@ z7q45sUMLDr7-o=0LTr)>9E4+v&UH2q5fA1*Jbj*^Zu2cKT-d^BbEz*AayMC1BYB@o zeCp)qCtukz4M}IwYhN=9H5gl0SbW00E|)yvClr3kQRrOd{vKRE3}%O%S-tY;=g|m8 z4BE6>3^DCJReXc1CufyZC-oT}3TaXC!RFOo7NEUV(VKlihm{Rmk3Eg| z_Bu4YdxHpa1yAT>A9~X8sy>qG{xGW4v8M#ewtBQ&aBFl(68s@o=6AMRw%pd z2;u(%yiX(_Pn&06J0m>Fl_NPfl{~Yhr>ZxHyI~~3{fmU;I#h~!6uW1eess5X)HleL z2l-oxi6j*j8qj5!ixqA|YOh=vzvoJvEcd!1TfFMx4DCgYj~s-9um@870ma7iB1vVI zA2154055?6=(3l||2x;?mXLi!I6PYBOUWu#j-D8UOuop;lCi#X&?U&4$x?MGr2uN| zUb09IFUuf4@rRPZwdmRk`ZoQBbIH0x9=Qd^^F=(O-lnjr((1`A2{35V#wCLh*AW}~ zh3Jl22>})dl1JJG)NR+r-$99o;oX;_!F*FYAEGL)*4*L+{3Y`K*!Zt zgp%?og$Fhw`vhxg-v%W^(4u8UiScB)>1-Wf`vOIS$DerqXX@ymE;l?mu;MYL%nx_G zUCJSVEdqgP7_EYBO;Lm{tmTy5j)tTG^6#T@crD?!T?Q*1Qa$;SlFl^X*Z9~>#F$%E+Db6JP+TD;<9oSStK($|C5CqN_Xr1j$u9qdT@;wx<*E-~gWElh5HcgQ`QWO>Mn2zq~`g zNRoeI4vl|{IheLZrAcMc-y_q(2bQ&zE_wvEeM80`c|MWt>@1JrjZpH9hmgEl+5zI&&s@Thn&)-qVE?NE)psg1n$HfY?CS1bQQUiD&o zc7`}~D=n54FE~*86pAqh$fCT zi>7d2SN^nAi3{4q%<;|=zi0F2y{lP!U{|^7C99?wd1@kc1>}-|wJDtp#O=m^D zs+&h=0KiPnZHWE@fY`xUw*aVLJ}TXulO+1+&M)@pH_qY$7%TP{e|{A(5SLQ@D{J)| z%K#zH82NV80RPK>R7Y+OgFH$(So-1n%OmZY$>Ia{a$>vV-jI4G8x>X3(D~JWsUh(= z?W5se5&ZMbH`je$XWf)won)Y!WXMop>w03bo0t}g-th)>-RsSC1U4CEFRDJ;WuBhZ zcc3aebek*|v~ib@s5$IA77C+C&Cu`qMqW>spengD`vU4qUf-r=Cxw+Or|t0i3~0K9 z6*|jvfh0Ov@wjjLHfm=s418B*tzgPo_L4h_-l-_waqhU7U+^^0Y#5=4_KH?b zRYPPi7iC}f;$oN7aU{{#RN%q=KLd?L2Ri(#B4M3ZF=eelOu8%rze1XkzV}85nq7q2 z_IfIYk1B=VMKOn9qTz6BP zV_nW-Nd03x|FdXPcYT$2c;L+iNTpYELxM4CstI3G7ff5RR6d4_&)VvLEc9<2`1sOseK& zD*I_yk);m?4{f*ypH3AH1ueB@UM$Xsb2ewxJJ;FkQo@OQo5;_>SlqOc$IKwKu!p#N z2W#)lb9fDEIOsZ7P@;HpC$Il8MY9YLZv5#jUbO*-%(sKhUW(k!p4_oGNG?hSN^wsMJ}EnppBh&%iRGz=G) zlTFi=`4VKtQ2+o#Ah`W94BX-?Oof3Y-LK=TH790^fq8{)4vD zZeyN;u-MXZRL^P)SS42;BGFn%K6L)M_bOPIUpFaLnZzX!dv0&|q?~z6PhUxn@YTSX zbLQNdz`B022ra(hhpje7x{k34q6$0|#K(^q45T=n19fyTy67j!4lw=I{F>Hly#d)j z?*~rLaA>ly%${#S3(Brf)fISK=G(Ex$z8SIgO>5$gb&9j$~o-IgRgN)(PX+dM1aZ4 zY}1b9XcL`s#H^HqvSLoJvov!~&{wdLP-~c!p*w#7T0)c>gouHm)s*V~QtlMH&%=?6 zSDgllPE5-kD@T;ad9qiE&Hh^z4*@Zh!qf#EUY{pVQ)RGi_?iGzz}tGAreE`cO2J)QJ2jeaL~*`(8IDgPV?pS;n_XQoux4j5U+U!?804IT?m{?!W=ulI{QO=Va z3n$X$TDG5sM=O)l2{Un!6{Qr(WA<}f4&ex?F4C?a!#~p`#OEv%@h5S)E9y9ei{X5? zNwh+1+P^y5jVvJJYbo*7m1M#;P!KZ}Cn%ZM^9f4-+{Qzf8-2-p0lMC*!#lpA5*-@$ zX?*BWT*HBYp_ce+TGD&o$4N0<=^pe2q~F17?8Gb^yG1~$SkMRJBmQQg0FBs{R40E0Nb#<#2UA> zt^Twby^=uQX#Tch26xF(vbt*kgwf+VltA%ZSj}%RH;*lC<6&W$MzU?^TS`BZILnB~ z`r{^SsN0k?cyfO1Bg0zTp`+;ATj6e9X#Oh4`ZZSCK#Zs6S@K8Hu&ws(s@GQBO_b+i zuvy@e$!_RKL0)~;{DA2v@m%!CF@<%-Jsk|BO45HEa{sNfy;QJ`CVn{81d&83sra7T z)4z}VwoTZ5oY0K+#RFV8Z8TUE&hw^J%wBypD2Tc5YS=~q^Y8dWb%6i1!dBqzpNj<- zf=tD4hlm31s(kOymIUCy1orJs*0j-d<3~oaaZf5aQgU`;Y79hjhmx zb;_0HfIoSkqS)8wL?KKhVP9caiG+U_X2w^y_FpBddlB!ix4OJpFg?tuvkbJ3UNgM! zE-yrc-hnoBjDF$}Z}aNFu?PzfZ!p4b>UUif0Bl1by-xoZPXsb0d}vjDIg762Eh*l~ zW7`MhPBe|{P<2YoHLse>9bi{-Jj>8?QkFNVF^xOU@X5_h9il$~Bt8K6{E~1D^z=sZ zwSh*A!DIikC4w2&7Q#WgoL<>5qdqWrLh(p|vtHvNdl%tLz$BP)M$uuYl7(sZXL@dQ zR!6-wKyrA2D?5MQU#=Wt;iRM)8VFSF)xJ?pHwb#%m?f&~c8dEEVyQPi5!_!qSOH}8 zhm$j)Bd~G{c{LN}@pNZ_b9)n92X~b3MEs)e37se!P3o>MO98Dw_E1NhuD6bci2Tft zdJ^ZJ8|M9%hxVqZ*UEu;~ad(c2pgUl5-QL3k|h__6^EF`-W%Ba*?&RcxFW{{!t~F z!OCA0Y3dWz!nRNp1QYEXekJ=Nrw72~xBX9ae8~RF`-g1-;hP@1fF6hZj%JPR zy_jb9F?_{7y)jnqX6QMeGKFVkH)R(~ksG zy@}%#NDXPqM>|T*y^|Rxs46eF08hdjvD2gF9j?au$W&{Q%1j5}Tj_0!%A{C73dHz` zq?C2-{f*%9W?cv4^=k#bo?)pJHa6{o9QnU*DrkIjs@!57c!vW!P-yS_Y8iq$|y`TmS|mrMWnI>2a480JKdsqqzMX(-`zgY|twQmA~TkF7H=i%SnQ zl|!F>3{hnNl*z?2^eF!6;2cOLDkO;HEOx?1OU2i=ie_0ck}MWy=Pd~K@uMGEXgFzV z3b4@Hn0*sOjqZxnFi+xYKDzVA2w`n0zJmPsF8Zet0`1=#AslS@Joi#zAH+-+g2q_I z!Fe$aq`$ok#f*dzp|ODx5eA!us(F^P&QLFG^1)LYB$<=xvE5GXhmYv^)+_~-wV#de z9^L7P1&pxE$KJuhErT-AiWt5?hFTm8^V88N7uViV7VNz5Sc8lH${I`H{y+BO|Clxg zMZrJp&&M_r-yPvR&5+uOL&cH!!*4k^z_iG!X-lLG%IMJ_|Osk>5~Q_J!1FIY}? zw3&zBj1wm;JsaW{k^f0_@19%gZ5UQ-p)m#eQry@q3O`INA!?bAo`|S*P6TAAoh{}s zI~AvHd_8ru>W;pu$B#WXUQEIwwaSem^1o4YBPM5#G0RQ0Zjbig4v4mYI3VCT9I~tC zoSd6?5s21NV;|^_T)Rq@_WqqmrYRF_mAj4gJ~qA`f&c%(Vz&wi7NNK67zi@|ZLnx6 zsHm`{sJY9%!_|TCK>=*D;RI_ed5Za2LOQP6TEkk{&&!vE{?(E*W$aTS^cIx0)rh~G z0jQTQZg^9%McAV>@!5KDrPZsO2Re|If zR{%WdE&iSk)Zpjj*H3tqAsDQ=(`57d>mU|__XWVd?}jJOE`G0-%}mchZwM8=9MRC+ z@uM-+bXd#gyM+RRp#MR_j(568XiN1HL_M>wzR4bb?gYpQK|eTNFuv3_1>2mSkQe(@ zTObNPAJ~}+_zZtoPn~I{Tz_GOCHwv+MNE?$XBYqJ9up5TK>gA0iN44F4Pm~M4R204 zxV>sBELF#OJ6je*(0=`x%f2)-u|8gTE9&PZH{=BtA|}^;7M_D)H}bVHuhawuO{x-*_eI;Ias}kgLT% zwmvy(3*5^HE+IN&ebcd$7e;v_c_&}jEoyu$l?@-IAY*}({uMHSRb8K=%hPFM%Nw(( zAF(N-AChsvkGP2BY2cQmU$H@Hi808YA;viV*%7;XOJ3ppC9)d}DURIX!exT3V( zEJ}X1#AsOJXq4;Gp9)8d3q~c0!#NlD8aV{&=f5+sD1@s*B15kMJgpHX9^s= z4fIIf#0~>`X;(`&hY~Ae#tG2I=yTIZk!X8CYD&a`;FiBIVaOHp1GW%tpv=Zf>7Gfk zb^XAPd|2r=F0sk?pYHjyg6^i<%pE92Su7`M#d>u!KISKEI|^srYT?2dHkBf-vWNC9 zM_=x`{jH__m$_OGEZwpz>Up-{BsHOueaog=AlY^mP0~@ewU_YvoeyInF+?H3@oc3Z zbbZKTW7W*xPJZgeD9dPA9omY0*;9a5;A*2Yj=%IdyG=6hDp@7W8p-=iVCt#z6CF3T zCmG`6b18|T{u%}esTi^M?KTk5VnrqK9c6jQ@;3>k{yz8yVqOPUfaQuw!<=C@*FivS z^}o~@FG(L1&2M-_9`XjaOXsj%1+h|T9XVblIzV13_~j%HmkTBwKs9aSiwaT>pfbhRpB-Wk0E~K z)97)gY>e`GA5$H-=a%qxsbZuU-WjSt=F&OKGdr|-+1!%$LW>ZvM`9qj=2;Vc(*Q~h zvwGVX>*>19+NSglw7bQRnq5ifB44Or8wGyw6Hem3i)@rBOQ_02viHve;{WspmTjEI zGSJ$6aGaeqgJ177E>|mq^j(`tu0{d+5%o5Ia)&$fE*XFCsdCv1=(>iU>IU&{gG=e*~OC4w!mdm%N+xI_exo&|F zpstKi_|YR_!cqA|xHGQEE0xLA4-rdfl7v;2Mg96E@o%H5&Jjb@vYv5_Ebns2FH*Um zD(VWWlk9yF`7@OX!4TlRN3pN;f7H+Bj!#a4;bwaatvep)9}VoCl&sqGw2tBLW=7@zv8LM}Q9skh8!jq(5~(m71w|hF`OxVmLA#5$ zqg4-t$kx%DSjk)}no|BK`sFi_NqCWwynI+N%LKc=W6|D?k?7p;JD|4~Vxtf^CA`P2 z{NdU`K}<$8%VLcf=yU7s;tb^R9u(R6-uJIQ_BF<+#Tgosu-lo2!cYoJN(4dD(zPie zwhIBGK-a5{Z%>KXc-HkD`}cS0CHp_Ii_O!^vg304b-_rZSKokG3NClNO<`ggX~yD` zRDL;m3n;w99$ne%G6C~AA1(Zn_IlB2PA$gD{%?s+tueH-UL{R;$O?hbX9bh zIek0cta5tWK6edTZ^_KA@8`nk%xyb35}aLtZn_4!S{Dr`zkTQZB#3#a{8DS}!QrSc zhPl&Atc?RAe~t}l4Lk`m5j0Y*Nu@Np_w7hjngVF9R_|w$QjG2*hK0OhwBFCaPpezl z1|fWHcEp*q8c+4eQ=>c)I<;6FV^0iI;7Ok91@b{9?E=Z0UI4FG-JhcvVnAC-JEXrf99CKgck z5i4O^K6nxLFuT+5*nqOg49|c18(m$_|gJqv! zuSzSpqqW%s{pE$a!tj6e>^ASRf}y+_>xg8}5oJI;$_$^d$j?9gi4)X*4lf*(Fv^H@ zKihM}S(IM<8RQQWOQW%a`>j;)7&bRybhdZDlaMH4%ga{a`goFyu?pPlnqUnlA0j^r zm3fp03hNJ9uHPym751+}^-bfB#;=T`4jOWvhm{s$O&gaNZFi#Cejd%i6uPN*X^h@W z+e>>sqRJ-skP`dt5{DfzsmXKM1Iwi=Jx% z^ZzL@0&mVsdi!&jIE{y@NH>{xSbUAkdc3XTJ8oZ^Sy*eOU(C415EysGoP%?dfJ?yQ z2}0FZq}MWTg^%nLy+2FCos*FikXL}aIZ_ZJGDQDsq!s-lv7P(H0pfjh=$}!XH&}oM zeNtjJ-gkak{>h#)M`x==mgy2Uy3eN!J^Fc3SFsGfp7rW>D1r4M`Ei|$rkSpcKYLCd z?K}gdeL!CdOfCR}|DR1S5`ey`rhj>104)27nLX*%KQA-p0JKK=Tk{jJ`~Q*@wSKmy zftV^~PM1Ry>G$Ga2;DO2XdEC}xzkXGhml8QXB;0-Hv^Mbw0+*5O5r5jCIk->qRuXp z_DmONo5jslm3E!&U!X|eqEG~&Zz~C}n$v>Nn^C8g5z$9vkyLw=G>837h->GSo0d#J zduD^>_swYJd8EF9{v5F{F@N^}gHTLH8$<*K26NF;X3QBhbjmt;1>0W^{uKT*4rhX3 zL~3tl#099bvT{Xjy9xc3318%{)0O7Z^`X@4v^ULFg-3h!+1o}wUN-o%$|!^Mj;NQF#Dx$&53$1~(7$B?#sHkYOFVDHvR@!*M z_DnFH{8Kn%p-Q!N+TonGx_;RNkz+x(4CJBeR(+#;OupsZkSrQmf@3Z_JZj6oODa7T za8=T|^PR76?%P~CQ7de|N?~Dq+7OWkL>g#?@(T4W_$h|9Ey8$q8y*8Mvsn(5uhPTvS|KG{-k&MB75s{)x*X;q$6^cgWRl?GL`G<36(*dImzK%zjX#;DT5H>JmR8KQ$Ik& zdG=Z;{Y5QZ`TQYSn2-nlkex47Ogsfib9RPHlLcpkWKfCIiaycpN2lYhN)i^zwzM|( zJ{C`qlyp}%${An(oL31B<*;Pfrgk$wYfnqr%RHF~Rt*vL(1>UN8Za1=K6%Z|YGv&FWGVs$i3CF_3z*I&+<%%fu3CsXUqd;OS7`G$11e80On@dSg0`G996!HERmwabo zV6i>aYGbNqzrGyfn8ei+c(>C-kyf(p@f`!D_C~W%r3n1reFXSl0OLbWMa~<5tpivg zCgNQ4hKeI-egt($k2Ohx+{~3;g=ptC8^qh85nX{%51u7qTw2;!V{5m?Yr;a6t%`8g z+@Vsic=g*jbmb5E;%RWQGaFEZ6Bkwf5jXt>1KiWm=@=+x>OtVjj7n#C3yw6}{z(G;le zxS3ZIaXd0j9}%_o`JBfkX&|VoUzC0@G0A^SyZzTuO%nC1k*i?ii@P{&tCR5sv65Dx zHPix`OzJiWi_W;R4XLiKg(HdxZHH)YwC~y6#sGOeGd93q=aXn5Y5=t{zr5qW7;GmP zN~sDDpW~xn&46@hin!H3oq_i&rVok99Lg=NFP(Gppgg4bPvI)Q=;virOj10yp;<}Q zE+tu&-CsS-DLgQ^BHQMcb9aQ5vANsm z?xQTqYc14O9Akk$OXcRgGcDXMFR?gxvIQ^1+AVjvcvW{{+gs5B-KLE7Z;xvC0Emes zSnc3rUBbKX!0SqK#7(xqZWG#pStZJde;BG#jRhQ6$zSD1LjSl9Ys9MfoRY>t)tII1 zHvF)=M2*>{*!cxjGyXd2?vslNf!`sk{=Q5g=v&ke?DF4J>H4C~W&zq5t4`x|wYbvm z0q04v9WhHeq84;dNOrt36#3e`E4i_svVZ3tKf!G5*suHHluq-+2g&}Uci)n`-N#l3DGJIjtTp5SxC z`Kl6Us6yL^s!5%xZwadV^8-Py{GX9qT>?e3$1lrt!Be3Rly^Uk?K7sHu+#0cgA&Wa zFaz@mUV5Qm*C-Y);N&AR-LZ82ba#EY^-rh6LNvYGLJLYdS_ZgUc+Imm?4>QJ0ELhr z!)p~TzN~7dr`~qD4x1u-JQlci`9dGpF)t^2xo*fSK;F+WT;!ORhXhvPW#%V(1 zy#eD>&EgW2AC6@g4(~|{YkoVzFcUt;wF7;^68d22K+C$x*wAT(i)lx;`Rj|uj_dXK zx*9^rg%w7q!(o7@ll>>~J3UZxY&2{`j&!(dxcNE!`83yY8{@YylErJH&^Tij{_1B` z4VSRatxeqNw=E2uv-yQyU~K+Qg_mB>(ZLcD;CG&6uMVs%w|hLM-Bi}6%*GV=yc!-3 zs8VeE&%7Ia#K03;G-HKY6T*>QSN&PLD|vHgl=sD{l4e^;3h_&5#9!-q;?Dn8fJ&$b z8tm=O)9Sv8wp+7wf|lq`*V4&nzX7Z2mD%sgtT(n-_rc0u|F8DmJFLm|X%|INS)z!F zh>C!UNCy!WLbo8*1PHw8$$ZE)3w zl25bqTcuGKj?*abu5!L8+*ss$SIC`5C&qdDp_Rs>2{y*|lhriW`4vvit z1>J~qMo>Eh{h+Frd^$>+_MWN_0)q#0tn0$#F_NynRRl+OoY%S>=DsZ!E^%0G%jV^n z<7PR(uv#DMD#`LxTQ%ZZJieBU?K~X%`oT61;JkRP=FR$qaL<#d#U1D{7w2hu{%p#C zhNrotSmjb(%@$Ca|Nm6NzK@Y5EoN04=IA5OIzaT_ala!_}0Z{Fxm79A{oi9BD#d>6K= z(yfuXflkensT8lCn`g_?6sTt=W{h*dbWQ4I6=x!%{kB#LF2GNXaZixG5dNblv-lDiKh-#=mX>2R1nD$3(S?R43g2mGYpyHRJgTNV0r6 z+{I>CV5ct0HipPSn7?5A)@Xhmtib5TBB}9AOg47~!Xzqb!vDYtf0!4YQPcgNo4w^@ z;zN!fy2b&gvs-B;Cyc!6bW=)8GfE24a6OGLve%Vnqnyiw|1@j?hB(S`&{8-71y75| z*k(|a$f1$6E?yr>ya?VFxk>;+##uAxOU%MsIXO{Ey$(x*8U}vpA`aNU z5|6A+z$L)^P`^3=XfUjURc$&Ch(tcb4dz|cZ8^^ObkS7o-WhK;c1Gk1)JEU?-xV)P zA3&XVEm<{~(4PxlR4cx0II7;pW63>!>EdVfBk*0ekJ4!5#>NJlLfpfL4}o)5WDAu5 zz=Bs0mLv~;3E#alC2rv3B`4hscn0~XxF?#5pVrdHy)2PA-my>xg?bTJyB{l#emZ77lS!q_fsFsk? zDdsER9YX2k0$=w!w9QE4Ny9m#770mH#S!1B^+vu~ z;yqp4MH$fG+BZ~GziBG>)ZF&U8{WwRj|_h0AbNTi!V1!W^dgYJJW`J4TwTMV`)2y^ z=eQREu8D~wkLCjjn-v8lBr#en2J_!kh{x-f7;CgT;Ng@4V6&gq767~4%WQkMRn4?V zH5=KzPYsM_kD?*V1TT}mA5f47_2`N0h`2aUw&}DQT3_jpRpT++QtB!}&h;{r4L1y} zvu8JVx<^=i+NN%*io&={sSr)HLBSBiQdZ$99iEq^3w;Y7P|`fhQXZq~$M$s=Kh6?d zlID+m{-#6MO#3T8*4hQml0AOVjrW*LarL{51cuDYRZ9G}yTmq{TL|}ZX4%YChEVci zp1r9#W|v&M(M9&3ok=tM5tcw#(?74B94|JNt9f*;LH7V1wxF)v_8K)lI@-G!V!^xo z;|C(18UGCA_rYlBIXB{Ia3v`ksz6O9rJ9LfpLxw05dNXwXZL#}Z#??5tV-W%h0wr8 z-G;xrEWCs^FS#K!Fi&XT=a;(ZX~*?g3_n0QnR_ah=NA2{SXQQ>=~QAsuzkN~HjDgiD_K{DVr; z-RKTSyS;a!QxCCq2l#pd>EL8Lg!%B2yhXdU#^ZZ>V!Ot&ph2&)hrGEVcfKGWcx)X~OuLPpuwvRT7(HR) zYQ4Ugn+K7SEV6}{9?J1N%X=MVw~t{9+hGnUzLtu6bcYwxzRh{Gk{2Ln%HWOipEH4& zlXPWO0>;NjOKUWDQ(sF@$Lr_F0S<=?m0?8X=kmGDt&jSZ-h-rgj$2=vjhVNze^F5$ zkJy5?H4M7R)#w2ADD1Z^*w1?nw*WjGwAZ6VT-ScW9acj>1N?_P8elg$Z@5N}Yx1i@ zk=U*gl%Ngk?W1h$afZ%UfcEo)kKHUUcqRKMAXW7AnIg-00(*oJAHrp&em<2>(2Mrt zvLVN1*@CbBFKRues+gS97AP%O`9Z@QE0qVS{`-Nk5$m`6Z7?vxFtnsSKC_=rjN0-b zKIDKw!_3=jj*exedfs5;2Ol4)z1~igpJO^~i2Yuc51T7xubD@vEIQi3E9hv~eLwo0 zH>`cp$!4ksbVK?yXj^3zPD^WpnfFFD)anHmhoSMTtD?(~#UzPHfO$K}VX3c~8&Co) zOR3v#Lv!q5K(${LLB5RL2y`VEe{LQS5^4|uuP#w&Uapn^;$=2+b;id;a{!ve+6U%< zr~F{nk^>D6Qs7pPlrWRgd#&ES7Q||UEr-!to-66=6XcaM=KT5{pXeLYi_TxT;EyS` z0MT14jh+3$5l_jq{>*IE))J-i*;+ZYn|^sSlZ9D&m4lZ#Ap*X15cDoHbEtkr@Jd@4 z{i1!K0ZBYINR8`73)$8(7;t}_WqwW~f4Uk7_<>~>b^7b!a4QUkS|I0F8|FN*U8tYz zJtLDT`U+ttet&6|c}im`eki`kYFuUYjNxQ086MHVnsYPy;(UGMMY_fLTwfX{RzO`J z*%UwxtgWcV1W`LI{qz{G7k2t;jX^l45X2`_@aXxfq^V_+@qFFON8Mrv9oF`!M@*o- zQL{;-A0J|%Q!NOKAM84?jIg+zYBd>j9u-3MD<|S8{*;5|N0V6`v%SZ_|3jXPc=6(6zz|9m27KCoX+`Heu2-rP*bJn-Xtb2F z6Xn-Wmf&o@;QC5>vBC>RRw$ttvsjQ6$P*{yn@;WE-<%7fEgm&{G{~E2i*Xr8@mA73 zJg0uJ(@_uk`b%agg>{9WJ*#)e^qlMn3EPx*7Q>TLQ=5E4dA8CP%Y+h;k~ssxPTFlX z?-oMkLw=Vc+K*A6(>H-Q?JXM|+?{ztS0<^tX+&xCfDM7s!nxP$HTGO?`*E#I1 zjLw;*dOYUi!|$#a{A&5$&M6^LUhq&57E4LAAlO<-yQx~BVRv0cnXYAdw}`x{F&u0H9g6xk8Q=_Qak5mlX6A1?vO5JCpQQvWwxz_6^v=`9BkGrNE#9rz(Ef*DgK4;DNno^jAXQX$^P zao&E^Ip(=qVemW8W~bqL>cg-`SvNOCySu!lruvK9SFWt&t^eBW55BNyHklT-bZ*;d z{ZuIsIi~(Wz#_lfK#)%$AA7MQt6iK0Um;dbkIAVtap5f>?2M2IrHWPe;mze z?7(8b0SCIj)(j^8afSS5H4!3CC0SiUR&6OWhu%iuQ&XxP=SPbishcCH+ayFx&15nKG$X2Z+FS{WI(@f27-#_Uy-M)R$z(x3rqp;e{yq;+< z8!;e%TpBT?L2=aJWy%+?M+4j5JevRknM`*P>4Ks@!+b{oF73}S8%v=%^X|&?p1y_1 z$sKlfb_1$6RFmEwj3flpIkdZ85wPoh?6psc(L{7Oxz^5OZl*rawi{GBFOU0>;R?U z=ABlc6t6e2Q-V{a0QSe?I#62eNbgd>skZV zPj;UJl+VGY!Qo-O_nyHW#L1?f^7yxq2S5uvj$5$ViY!R^>M%=9_UpJvNw<($6yd+V6^z4IPo z2R~VD+IeF>_9`l45NG8m%3qxvKM{7Wpun+UCt7C5HbKOBiIHED*CEIDwds>)a}@8>G$`N8N&QH`*JIf^=5|Zs;ZS9iaeGJU7WNRg)J1q$)&cqPNWC;^bxaix|(1^9ocv? zKwCp#g1Up#-;&tGpZUAU+u4ym!RIOfccXUX_V<=KFCJ^g$P)^GS;)vqqLE&H*PkJ9 z6Cmq1FKAI#hU;nGgP`qiZyv00cgcIdX-L?d%CI%J37ai2i=i_4P+mh+@*L|ZLXdO1 z`$9h)kMw`RC3op^7u?v;W@y(=c=cGAQ#tcWRZV@a3B(Ky1_KS;cmqk0^jsnAJ_Q`I3x=j59M~d&Pk5 zp8DN~SFh8vwOglHZYDuT7xWDx9*j*zZ=omYh};OCN96~G=#<5e zDGyc)d-M|}@3Nh!5*)4OH(5z`6UxbJW%C=2W9bSHTDe$@`uLYoM@g~41IKhE`?iUh z1Nq%wXCt5<0%|0cRUDJ!9)wPjSI^Z2bMu~F&LP0Bc?2RuGb>J~XwnID`PEzb#a zY(5`VAQ%RGncb5^{gQrb&Zjs2!uVB1(WtHP?;RD%35ss;w!Ct_R%sUQ@V41OgOL8L z7gD;gR>g1TYf+n)7K_Iic zXVh75Y1-u|9c*T#T*;_vxGCtv;~Z{9g&Xs=<;E`(LA)7AF$M0T-;rMhtZe2$lF!N2 z^le2Tv|s0?UX^Ft0CWy_ag3oWHQzlT3A)tPwNZ?0tM}e?EQgjGS-4ZDx;-_1sxr34 zw3aiOJK%)=ko?KYX9)FBC&@ZTG{eqT3aDp!*Voo8j1YN9<-m8Q|Le%%&@;IVYw^?e z8_PM4`^y#lJ`XJyP-dQQoZSYgVlRi?@k*?nj7!qmQbuR8EnR$}j-=e=6?GcvF&7po zuL_`|7mKqzIkf1zbh1({HPyPpeak+f;<0ZDFB;pixq=?3{j2>@wH6MPVrl>sE&2fHDd*1KH{GJ*>uX+@MW-$+hpowh-BX#b` zv&^b)wA?Tfd8Cg>yu;lxH68q^w3vq#h`GMre4reMwd8>61XH?{LUNJlxD@#cdO0ku z^ZBG?=J{HT<6>jF|7FKmywo=w)J0Rr!h+CVhnYb|m&0KWQ8QGN65_WI75PbWSvOTa zFfBZ~ADoYfn@2zS1$}i-bn2S4$x8`bhICNv-TlX zX(r-I^zr&u^JRC$EjIz0XJ5SZ6X+mAmPzbrxUTdw$#&$dk;>(n!Md0`Ab`@ZCNubs zPxg1JcZRZ*P9Z9x5gF$_4D7+}9LxIDSDJdh!N+zW1pyD07-cg9OR4PBZ&-zs*l1y$?Kh$l zxstqq6ph~dJ+oKJk1Ax9sqVIGrNbCibQ@KUV&oU=YtJ?}991r5f7CB#4lGHrB3yt@ zQ#*cLzL;9-P@SB+5e3bY`w_Cmp&WQBz6W+w~E;0oCuX~Me%cNQ#RIB$O8zhJB${W1E^`7M*83T~PC%*jiiv+VA`AWVty^zDx+vP{xdnEd33<-luK&8>F= zH&}Al{q(Ae-WbbgIX7ME_WWekqv|@_7yD|UJ9TlspiH3Wj|sp3dG?C><=VK$@!5T~ z!h8emb?`R4(^4Kaq^gB0_Vl9hN5;YlksuK5&zvT^5v z2fjn(8RjIm(Br#E%*M{MK%hkH+@4{nyK#G8Slcs%jVMf+M#%WNY*Nk{qdpnZ62{k& zZ~ekMvFsZO4?Z;xB=Wj`?y^<ab@eT=$x+OX5~-#iDy=MqrOy2uN-6gF1#k4O-<;# z_ER({!g6gavhfa!>Y8R~LQ{|-nmOc^*WCBQ=TzfJXXB#3=gIC53f|rEo$qEcAdHfN zpxgY{XJ>zTm}#iStnU6y-q?7+As7j*IJpGx%S!wtE=uGefY5L3&3YHkF zCUpCxK-IN%wUn~P;6ntCFdKOT z{$Pb98L;(8(ex{)fq?Sh_Nhn+$Dc=0{j`E4WmS`kKFT0gZjcSfv_JX0p|Ws zsLCr6(lvENhm zs~v~&geebx4qR37(MF4gln^e!T;ohDLl0Gjex>J z+(>@WrzJt3HfrV2h47S~!A}onBKI`r=$+;=LtGuShKz!R;PzQW5=|=-2qh4TftSn% zw*Xs40=qE(qlv@D+?V>7n4Ua3ilGlp_g&j}@t%dyvJ-dLK8v#GU`fKrgXkxt^-0TJ z3QNq7IOcm%edMB7IIV6JdtHg+a6zj>dzqKc+d39On?%7zQn@i1BVA$0s}Z0)1r*qr z{pIfpTR-_=&o36+a=IP)xoqg;&#Iv5os0Kq7OwzlfkDRyEWkO&e^JCmK+Wm&_ouMZ zWKxswDg;Tyr_NpQ_SWZXSKcaor2f`j5u+0?_Rdc>4>K znOF9GmM7){&QDcL?U~N(x^O%bIhuz%#|!eU86sU(bqPPPuo33=OLQ~JpZuDXD#=Lh zV8*Pd@oBH6<@bqz5vQ+=gDF+pTTi*lu@UP;bCfC<5N@TSwi|}|Ypnh%g zj-GrPRzg}1McKSZs#dChIz4y(y6K}U4dz6{7?D!-t9_&O4)SuyhK#G;-uoR|%>`P1 z=rt`<*o&7jmyOMB4sp;5`<$Fe&iByoONp~aRP3as&Tfd$C1UrFTYF4`gj;&8&DWqB zfZG$rqOY_l_O$+wf|&jv_I@(Srua#yCEnd-kdS3_L&8n@2P;1Z>tYLeXu;eT;h~Pwdz&(nx&4PFs2H`zT_xtp>0YP(G0LhzNZ#aSY zE{|s?K(TxNegx9q&v33CvP_#lCTY8&9x^VrGP2->K9h#+rM|Ee)TQ`D6fD3c3-a zC+4AgvpE8-Y)j?t2zut{cDDFhCUyfrEz@eEF&cSZjS*emG0+2Q!OPx6b;lwnB_Y=h z8MDkRZJ51h(z~6>yO^#72Oh?Q%%c#8z_uyUXIFlb{A^#!qBdlYMoZ*JQiO*Wso&n) zi!3*;SohE;fNW?Lf{dSMpOmmBG`G6(nEibBLHz#o*uPZPWq{Yjawu;UMgCStx$QC< zu7W_ztq(1G;=kzNw436!adO=l*W@g6Gr4N`;Q7~D&TJ~}hW7K1+C{TB z?X=Vn7Y4x!>~56w6R!qdgUx!}efzoCG*mDRxTmWZOk~XfycupvLv(5Nkczl+7I0^U zy|OA#i?BWd{Ee4K{>G(7oy0+xB?}NQZk~2Rl#Lt?_|?LWhw_#Np-pmh4~dp66BZaPfNUWz-?5A!|l%M}AOF z!SabuShQJEP7wQt5_4tY4BE~)9+eI6aRxoCkfG! z`|tYuG`&SbE^VGFwCE18WzRBh-g-^cxpu5EzL^@ttiFxV1v~*^=cR$Rl-K_)h+z1IupozE?5?1*2ViW}8{M?YxakV-ng9ewNeFRxD< zembGFwO(nnDgn1&7-JVbU5Z}MIO|sxSz5Sf)qZCXfUM>4=?Np4hq`Y>-5_0epSC!j zcOY)3@LPLE3v)l@)augq+1o;Zem>Y#-cn$=3Md1^fcIX_%}WM5*F}EyMMbU$F3#~L zn79RcD(Wt#iJE@8e5$r#T|#lM#M8=RqYzW(vibD9z@2A`DA*jT7B(0+&)z&a?SpQI zOaF45`6QENtey1n(&h)y#W!57Ra;uOX_daZAN$&>4)Os~lI@(!m0y^k{k60!wBXcY zowGNgk=Z`JLNSm@N{+&F)i{^^Rs$mAckL-}4gruKwk{547|0tKz>G>nvx-ek*n865)d)XQyuT=iLi|%VqrqQmfr^8I))s#|~r+#(6 zgJ_9I@W&50;`=uCy#&;<>gL;8!s~bav&&2k&aty|-jnjm#MrrzVb@enjca>PeqMAu zaXV|%#KLCh#s0@#-XA{{-2s4V_=&<%QRXCH*PT%_C=@z7nU4Wt1t)y}81aC7fPCCt2q@)fZ*RYWAF>7h zws~^=usZmOp!HOZmbfWnQ$IwK35co%ANGB?v2Dq{Q%KUr#<0*F638zkeUdZzl?*KJ z*W7U}DB3EMWdZgE1K<7y-E!Z_{@1q_%Hd0~BkAy58QT>hc@m6zTIst|&1+Jommw?$K7;$n7z^b5@6 z#e^q3D7{cPb(-{_8fPb)f>#+^w|5NQqHE^ASesl4VTnr&iby=$t_8h+m(5;D*O2;S zY&< z4c{4(=Bk!VSjSIw3=nfgEz!^K-(^g%G4*$z#F3_HoIPx`P@J)YPPtl3tZiP)GKw*I zqxRcVA2gqL!rkr2cBNH8LXX6~zJNADCZRGyFA^_6++CVr?9D096A$vaBQ>fm(;?dN z6tziEI*<$huX4{KfiXjaaYdrlw$(V-Srl`eBdw6ZS3CXMhLO`{Uj|yG>TV+_P8szQ zz`RA-kFB{V-Ol;w;Q;Da?xN2zPx@lpr4zw zpEeofSX-TC)7_cmv1H-$C51IQ*kr|c$))-7&~n=~Pz$~dp<)mm8}`0Bm4`n*{%-WL zn6ZvS$`Jg<$&C<^F(AmdLDLD`+0~UI=H>ucvzBm{)RdHp`F(R+e$qk)VQf5jZccro zocKa zmQYghWT#%SQj(aDksgXWXKWG2Sou~oxx`sO#Th3EDMZQ_a$=I<9vUlwe~E!K^iQgq zg+F+)Gb&Et1U;Rz#-$?*oLekhJn)n5tre$gL2OgmZ)?)STz-#gJTxcM-QE4U!poO0 zM;%K?$`%pqV7RdNAtfq1y|<^>s3nh9I{vvr?ONlx@EEAzs)RMh2d8hGlu$LK$7Jul zS0LsuC@Svub#TwQW=M|7O&p*#Eo0Qa!JO;fJ1*p)3mdB%p457&FJl?{A&JaA+Xu&1 zM>{|)(ueTUxz!Ttsa`+%7Qq1`^5eDGp?(AOL3d6!>T=;@XLbi$1+Zf=?U_4AYZXvI zbNn@#r?%6eEZ)0msOh)$Cjcgh(3LVF<<@43O2;v=Tp}L;3qGJ zG$$tmyMFB_b>!_F<=1$*ilu~al6J;zar7G)T&?pXz4x3#Y5a`XE9aksPyF>Goqvb- za5ZCbaq&SUI85n{wE1FC!u9IxJW$$fzsgXHNUSe>LC9c`l9Q$IZr_aOUl-b*VUvfZo3dI(_S!yCYY>LvD8C6L5nR_R8B=r;?$& z1%F?}#&EWB{%Nk1qXmAM4&}2=K!uZfye8bqqm{j-GuJ)NzM<0uGmWje;=&Zp9vEH8 zFC5?hamHmJcG$(kl=1|yFMR5m5!lOPer%D%lDu?4MOYuFB?|~_ZB`~wISN9_W0Kp5 zdNG!IQv1*1`T6;{#rilM@JTeXDQP<`Yf69}exdy1aJ@jHY?I7KnVF_5%$?u9eH$yc ztlynEcd+b#q+);%Op5F^HsQKPn{-M8S(ofr%6}BU%m1ZO5!f>M&f36WNmh5t9k(Fa zZPJa*ko2ta%-EmhOlXRR;MWgx=!qpZ0`uPc4j-dZzpY`>S_XbMM@Xt$eO2)ewIlxL zuT3=9DJ17U>-2Jgj6RZM29Y}>_b~N5EU=vp z+Ese#?V)-yu6XzcnCUR>pfwh{VI-JzBiFKI;3FYE`xGnsDoaUf9Xt)oem}e0V9okb z@h2iWw$MdGCPj8{(i{1JO7W5|IMiUp&Vx$}nqv7j9yT;ue*JS>58d;b3bP9T%;cDp3Ny&?y41J z4(>s)*nHN0Vi30of4duFd(Ifd%h}A;^((@>Gwj{&yY1<#xrhtp>iIbVTHN~hf`SQ` z2JK6->_It|m3u9cq+*V{9_m+*78=hTM3ZN)inzG=Ii4IH@}xxSLMnMh`e41eV6VIR z!>(ieAyiCaau3&ut9LJ#PylPiZnSl*^mN65izQNP6!rJri_2wCHFb((xG}qRj>(;% z=FN8=kpKar;dYZkcXt0B=QgxymmS{sy5NI~g*=PRNysYlUUyly($XkFC{E@XchJ*b ztSRr5?1myctWR&kYp8k=>oDJy47I)Qa)OuhQHjEqs)_S(W|Nf0papvn99}h{rlxv1 zu3o*W?4hpifSujS%wu{3V!j$qT!%Xc8kIZ0Xed*8MEZ@a{PGaIFvb-Q7aE#-~3|lhW zT##1%5HQA(yI4_>Ia;r#8DdcStW&rq&8D08y6K{hs>jS427)=?KH(++6&Kx>T8XPF zh~F3wjs7(;rNe++iDTRdaU@&7UT(?FpUz>M42;oWpVIi-R>Hry=h%9v`7ug^!8BHd zJld#Lh2@o)`-yflxrLQE#HWW(WlW%$%mOY8YOR2{eG;MGXMbzaKPB<Y7`I&L%Bw1(%F7NC zThqpjhW%i0I-}{7i~G{Tk3>9VppZi%2MqC3P*)WhR2g;dbO-Yo)R@N0UMvoc$l>?D zW}vE}nk>r6Y2jryH)NB_o8!kzI#_J`j4fO3Ixvoi|75-jc{ng2xi006z=9vwZhzD6 zt2*^{TCcb>#9qZf?=8c@sRY?bS=T{zAz%^QSheQ3&?czVhI*Qd7*bVh_iJ`iQ&2FH zJ~(Ybop9#N8Sl0CEIdV-r~W%Uf$kp6;O{tJFXC*J7 zqZ#)KxX8X$*%wXyeHAw4vUKD3VyRA+Fz52~w=J&=-7+nJ4G-Wd-5eo$pe&6v_>4UqXLwg_JF;nN%274>0m1% zqH5eQ@bRAX4`F2R=_KfbNOcA`3of@+Rl}{0p>|nSJ!F~9i+CC}EtRyZapLqrZtAC^ zo?oW9aDnfij+K^{vO`iP>V3%TzgiFo1g_GXub$A4EcABqDI${3h~f>ReZbx&)*I1b zftE~k8sqE*HpyQrwx?cI`+%7yuLXkWZwGQwOY(}C>`V?}{i>=092YyQx^_DHEfZ-a zi@-l>$W9zPKsmgglrg0-xmyhhS96;im$W}y<0pq^?AnP_hGCei)}uR)__+ej?3XDI zOX4_lqAd4lVyvFk)Fm~hPm6g zZ`fI?@^NUU2?{!Q>JKKwngqwK9Dsl-Qu?`0&lJ8JS>#`@Pn$?iaH|I0we3}JFxkXc zDBz7>4pcRZX-{q!?`xid$&ob}u=xv8DMyy}Z~XFMQzj+#&}n#gwsUFvUd;Xjd$;KA zkwbiUYI_GV0l5_pj!Mn?!sh}KN`QbN9&u6K)f(Sd_-CI&q0tuCS0l{(AA4Avsc{Zp zWm}b!pYxt#!0^C0Q`4f1Mj-bL{30q(D>$%EnoY9R=8in0p7E0Y-ypxe8KOY9vgBLb z<*-$c{ieFd1pAfv&ei%cJM6sW0U2j|VTFVyuaGu1L`hh)B(iJwCMGGVvj#@3z_SqS zCB^)^GrbH4S4o84l@8T0Bh$Ht4yO$PUY6*7X!H(sPaxbENCX1_@mBtVX4WxEIq%SZ zdqZI~x=+q~u|6?(IeRT`VMJ9z27G(DO z5p@7RrSR%bX=&(>v33tB1mn^yT%V!5PU>`Gk*+iXVmBCRX>eBPl-5u+@ zt!uIq>{*@~GVfS{=?8i$T?C3v6jt~S8}YMM=-0npc>JE3YBXo}tkA)EWuK&7h%L;z zvgY2`EHudEE<;)2Ws&&5W~uXeADNgKx_ot&R_2Iu*}E?oHBqY6Hm&XMp@Ys~lgQ2Z z_IH~`;9O^e?UdOBA3ql9>%VA?V_df6ww{2^+dSpHxGcOmm^>}0!_8`$HzZP)##2Jt z=AV7kD5#U0&h-r&6^nCdn4V5?ccu}T-FR&Z208AJr*9wRO@EZ33sfc#D*rs1S73V9 znI=UuXV?VB`c<`=kv>Gr<$`;b?*!9xvH4)CrDrc|jRMhnYSPP?Yvqlt$soRXD@jSy zK^0Tb*#yC4P`rqSfBGXllK(&6h!JI*qZd~vXH|90=}DQYes3sl`nDs#TyMc!{5%85 z!v2COk^r9GNZFcp9Jg#ox92T;)cw=-8PQJUGe&tvf>&i>aalg(Otj|byF=#5LRAxb zdWOj{ziq>#+=E2ERb4t2vz(e|dpk;V9WkJEWS5nmUb&uC?yw-Hww}xJe{0IFF_E8g)W3n8aJMk- zU~aemd<2kXA8x8UtyYMQ4%qta$Bs0TB8%5!1}DoLS|EY`)YM0Q z0w4h=JCOb}suxc_1wiJ1ikGy+>=linix-bShlPSqoH)Ye|D)vn_hRucx1(%s;9`W? zKri_CTlxRtP68rickHqKfB(dPt22Tq9G7}NwphY+oCV$6o9nh|22D&%G9!DchU>%VpsvRMjM(Lj@2p4x zY=R&&i?YW4DYxQoFZp}J6{X*oL_T|-`S+cq`w8=9Z)J|0nE!2kP0g#$u|55%e5`<; zT7pmPyYM z*6%j+>wE9bPWs`yNi&5N*5gCwm-=UThrCbv;bS%Q-41Z5=3Y{#5GH^XL&8u}@Nhb` zD-l*PWME$(k}TqkZN0Sa=u_H5+{Qer*%`AWzrNH@b>U`Fs#F@C%va&A=3WT_fhXV- zJs;o?fD`wD-Q8WYRIkSmA3EX2%5(kjqb$T|SBSXvrGAY9-Qs_q;tO*lIZ%E+3o_wY z_vvr0M%Q`}n#Mzj{OEIIj{HvE`-_MfYqg90Mn*EA_M{%hkWiqzSm`1+v%mHPyi^NFEzcxr$k=vzlo)I z%k~`H@E7(9g%pbe^$WlrQ|trsc@lJ*qQ@V&5m+#9C9qdQq`)UAwr(R{0pN+^GcD*e zD=^v=UVv=9gP){Wc=mr^@qfqS|KIC^1bS5GO3Cqj2LelgQi&YNPm?5Kpt>tv_xbG- zpDHw5qzBm91*G(fL-GIoGZ>AmsHnKAAjXU`1FfJ8u3SApBw-wG#swWe4rD~EXQ|l& z_M^hgZN#>ogJ%aKR391=^6>HFAXY&gWh7-XAd+uNdf@Go0EzrgaHApFX;UAcuJWf< z#!o=oJ#m+h-(7tZ%faRR834i*FR#WxX=^{-IesY&)Ov}yB*hMBghU<=#0USYvH!e` zF8l8*4-p?Gq)qCH=|v-wlZQJ!!M%T90pdcGRfCA-{(nD~xQ1WK%rkoT*boJJjM#>ZTP)AQ%JzO=c;AvCsp7!J9FEp8rJ$fFdc_H1 zt5auqPC?NMdG_qt&XtX~(~=hmv%vVgoyG2NFaPI1AK>lW*qFp4t%*Jhiq&Z4d<1BH zia0t4uEGeYg)cA>JnUFi{o9Cv54PZKRBU|gW0sqth=D;Vn6=huVplNIG5+m{?#uX_ zL&xrNxE24&v!bj(2&yUw-`7UMWqXNdW|Q7!6u6Yj6uFk{Vg>af<=lV|he zG(Ml&6hHCSdab`P( z!DU-x42Nf`a*dL@wgwnRZE-`h-?EJj=*qx*P8Bg)j=8uCn<-TCV6(iWI4DE41$u%8 z5%RjUKt!8Wld_dfJ8?KBuA;TDFGUffYoOy+W(+tKGh(U5HQYv$dP5SK^&?xv%Q_b2 z27dF80!*|IX4-mdL^0z_o45_E>W<#&Ba`js2Unrfa?JVFI4Lybm!x*_ypx)m6-d;* zsKL!LJba>f#ek)tq~L6jntbE-fe(3B!%&|ieQH&l^Jl`2j)r*Vy%#d>L!yio;2<0e zbNR=jfGmzsYZ6N_)9br@bFD8mtU$zBjhS3hMajt3Z7k`>Qh|bD$Ux^LQCsm!;l$mz zNbUok)%Foc{Dk3;;Fm01d$?uWz4E*iE3(!AIFQvVRm3-WG|myZQKK; zp_b!nhZzH$jqO5ov>-yLFh|yHm{5Qh6&$X@KiBn}Xf9aNwD7viXPqkxIoqv{Ew#*V z;AORUd%)dNV9K|;q18Kky&<{lro0z{Z|8Ay1-#nB#!}j7wHa4jmbk&hWg>F0OY!RN z@o<=d*?!>blvzSQYS^gL{Onk@rp_4Cj z{c@i#aa*SEM0qW&yfpb3LLV3SEEW3~EMI^AQCGOk#-QCq+rOy1)K%a(Hrd_vp_P|i^aefy*HcuU3z2s6ghnYvgIO=UR zy4LeAQGDb1FM)5C!Jiiu;tBM$=jW;1Y*t*3>R)SZElT{Q*DQ#e=<+f%Ha@ZJP8G>i zTwvBzczxo@AX{Nf`NTBap3~eMe0vZrZ*VjK->ap&o#vDr!U&^f_8$h4Q3S<2pu(d= z7%j!z?Z4Fp7i~7gv^ATS;_Y-RvgRom87S6)Jh8Vf-y774sGmE3p5hkG9}N}h56Ubs zH_>OHq<9N&=Lhsx>vup=-Qqr;$ppX_Q0zX-(_AO3bUKJeGJkmo{6Qfn4Srtm^p)@b E0$_xkJLpn&_kB=!_r;qLL{a+G0f<5o{@Lweb0CPXMO8@=d5oXYhjpq?sDB%{awF1=!upx%|(`rAP|T~Rprq$ z5a^Es;2UxN58yvGjUgkzuTyT%lplcdd#)`5f1I|uuX!H?Dhj7QG&uwOeZg5p-wgz! zZK8aiYIFK(4g$F-sy@2^0&cWE=?%TM5Rdcb%m#ndKS(09DI9nZr?6}2aWYc=K5Q(0 z%+5lv_(2cXz2d0Xg45>l5vSX^5+gd_T_1}vKOZsQmDFKw>Dq9`=Py->8}HuP{Vh6L zY(>=|aivM)eEFA+7>BNwktC9DN>nY9q?i~O<&oX1_Zhexx0Ek?-U61CB%{~RU8C*4ek5JS$YYb}yOFUHs~wkDy-0a#W+6G>{ZfT6$}_r{@37<5#`oQt z!v{FOJq_rYGD1kNQO>HU!qLxVX+xb0B~yxf9?&NGkiUlLDiWrEAqSD3i}8r9`eUca zpJte_+X_e919+~>{lIWc#Wq=$xVE-wKP+T5qq_dc`F;M6>@7H%Ail$fQY^@o@qC9c*7diM6@3*fxIdX3_WZ zgD9s;F|k?cgm)I4++=8&2KjLRJvY@YHl)qc@Ii^wQP3(+g)^2WGvO2&vu}@O6Hby;zE~T*&IST~VhBL0lRL=IG$%wUM-`;Ev9VDjw%q(q+D{TXjmMyINpfbiE7Z)> zsd^s6hj^5+Xm@WCbR=Uf8c9Ofk+T^rALJj8^6Ok!rz%H(>)`gQ{%E~JKWzvnr(!;J_A z7KGGhp3>}7MX)hy->SS4snjtnytHfCfv?l>wx||V73N7gG}k0Fwod&O%Y*5x+sdOz zd;T43(AKa{5;0_>OC1VlL)Fg=!-?DErS5M<=xYMcx?daDq>H&t_PPhu=Q~&VI33{D zx+IS9lNJSmr$DbOHm8!;(WuUayxR}MDJt&bL6(#)nT?#7V;j`u%Q4Qt-s1W?Iw0hm zZ~FH2#Q3u!-^dikKQeV;syKhgOLz;13@(3-zoazswl)oOR!Zd0w%DHaA#SU~1oq8p zKP`}$v|@4VYs(D8FlTSo&|CvR7ESd!(tez7(i8*wBtIAFuoc#Pu8zQV;8a%QzdshZ zzakcL^!zfNaqM!1TY;y&6V-~VUJGBj@K(v&-4-hc8PCrJdtwr>mRR?A4I#}lMs>Mj zQldK{t0nG`z9@~3CcBqhFg9i<$VH}X$M2TfJK`M+g~3#}1`>nhc@TmL1Be4U&^^9p zvW0GRsxqLt21{KXFyk7tr%@C7=)uz6MDO(lZsB`zO!c+t)kXTOan4ZN0tKTQFCFiZ zWa5k;UgEyfIY-ERqu=pU?|MP>CM$Ls<&d3m&&W98k(r&iM$ zN8&T@9>6tm!RlNCa4MB6NPQ<|+zLrD(bmi|+VDQVqnSOG`dPyXx^m-0&mJzC&pu9y z2v%bcTs9CAnQ_X=^mgDF0S;E?xEXIPV zXvcT`HLl#-n`&&$fKY*6KU$2i*$P$Ij7y8pp!;Y&{Feb0;2N3#zq`hJRsUBEV(@BY z3F-b2_KmH^x6TiF+)X4+dE?f`N@T7Bj{PddNi$t}S#Q$oM0a?kUeMFmn^k|9x9V64 z){T^MIP1K-Im^JSwe%Wr`j(F~wqq$_~rRWjAdh(DYk!`mv*628pnN)w=ST};4J{TtmvmK@^ zVo?RhM{9mvYN~P|&}ZF~5gVJIOL^2d&*vG=E{!(NCz|a|v;8<~Vx22EnwzC6u-h2( zo`DJ1ZiUzT?r|Whr@y2i;4Uc_?v?D{zyktdISDh@DKDXv=)iQIp%+{40qf}1+u?P^ zYSJJSV4afxF&`J+hjcD++Lu&InvxZrOku6}!73UT&8FmCJ7(sWJPgrcJ+{EDlXGxH zgzqF9d2s-Ch}K3B$cJ6Yf-`d+%ZhjcXgUPhB|IyuG`_L-&`kePj}M=odbaeKLXCM z>|PvP3n^#wpcfk7>~<7e7k}s$a_p1YMWK2(#BFTinhB1DGtl_xk8oh3Jc{{H$9=~y5$nktbP|C<*h$#5*p0`2KO$pV z1sHnGdJnbf=|G^b7f!T|LCSB3H4#4LPJU@u<#@Q2j5|%e(vg}RtwpPOl^^B*P{Pb?b)M1a*0IWV(j7(a7UkR}Q~ zMay)TVe9#u(#vjf@V9dGIiCISg^i8zsVX*>ri#{F2!lx-`MM9JeC>Y`gqKXri zZYRG4R`kTqYmnK1x|yN3bT_wD0sEsRh@xz6i)J&x`iewLGwPoH~ zJ9Zhd*dQ#Om3B%YKad73p3Q;=-{~=6oUFKBYnZ{!dF!wFOUZd+%!7Hy@yh~L_9Buu@JZ6XH+lCR^|6vGPk4B1l|5M7co^q^Z>T`Cs zAoMgJ$uw}T=qua}TnW$A*xO=4OOZyH_->V+q*9n^bz8s%h2uP+6fx|YC=&f#c25qk z5t0JWba!q4>WjJ18xVJWCizHeGnu>}AK07JC-)+@Qp@TLIW1>Btaj0*B`Ni4M*e|N zZLYFYB&`8p+sQCBf{Opxhh`7U=i2bw0@oNoAZF=U=pQGF`QBTn^AU1@_bq|LYpl(- zYjCX4d2yQ@;n^VY9OeB8=awHQ*0Wao@S$2d_-;-5ORzG%wzF@yIE>dsZNpGOmJoTG z9F|-01RW4d?=)~0G-GNO9&#h^3?>NsM_rD^7=dHfx8+nVXXbWrgoP7G;RfnhS3^!h z-Lp3TisvzrmULYjA1BT@G8Y_)$Q7T9JUzg-)w_8LR1vq__taYOPi?sYS3k(m#if)3 z{;gyAD8s)l!o}XcfBS5^Xgaq;JHxF^5698M3_OoNE5;fmdA<`z2YMZnbm9f&@P_Ra zkN3Sr{luRk;X<2~Om60822dvbYjC3>AlxzEpg5p6EIjP_wm^32`GxZSlP2KQxYz+Z zet6L3JpcxuODJgfxZM#()aI_(EW^3 zjsiR~#)mS`e!eSgm#RuBbObVz7@SWkUT!E|= z(YE!mLilW2>X?1g`|#iE>nP9v>a;xVx3oDrIvVyStaa+nDf2G{w@c=cl60X9R#A)> zWzUV5@cZkmjs2YLBilRfv*}7Naz*Xoi}3mm|J_g;Ue@6HPVRsX!Om55XHrwq4YSFf z9DgP0sJ#QPVu)*)#TS&zSgn{Ehfdhlj^E;p=~AcT%q>>;KW|!a+#a2-1KtAb8IO+^ ze$KzaYB~YF$L}L3Gv|@NYhEnDbJxOa<7$+h2B&X#GL`F?^+52( zEMzVax9-CHaY9K@OcL$Zo9Izq`;`mTGU_*e7AXyt()(Meu9{0jV-W|Qs<5^8RZcYQ z;~N1-*r;VHiJM9APcjh?*Iwym=DX*ubFFo|7u!cA*JkrZL9VJ=-hTX#7L=JUe&?8C zD5(Q)tW1gxK4pF!ykBLJNO&*UGHQZd8M_LL<|}CoID_u}?zUmB-iYDWPb;kCP3#t! zT+-_Pw4UdR$u{k(J|}CiBXI-mBD(aBK~M&L>1&Ii;I)C&$cOc&cp%Jvx{Idu}WhJBT=zveCtlZG}Q2Ugpf|YmtGZg>#ZEseHuypHX zWnGKa@rg6pPu$HUqGwE_*QI82bbqRLK=&j6QF_66>Ctn{{>AG@Xu3`d= z=Gq1oG2gbbk}b5`BOhWeS8(*{?k$MiNA9#xv)W3;05_Weu9En1xL@koLL8w|b6gc$ zbkQ=%iQQ@)f3X| zAI)*?Y6+ODJ}bN8wb2`|!H_@B;jftN_uI6q{|?=jkSM*>b=-R)gX*_1gk)Okd!w@J ziO7cxcsEUE-ro)Y0?n)__2|3#&no^;TKRwNJOsy7rZcuQFFhWau@<1mu6BB1wegnH8ChHIc{!6$OW+NlP5obm5b06cI2g?0okD?R1rbnWdzjfQN zC$(87!n+RK=ZZs}#y`oGn;rcu@921^r-66Zd4HSk%D_su)VXsXBkMA|K6+2d-IYlG z>31XJ@Kp+P+uHh&zC-&Z7pDaG@^ZU{n_^Ox^54YQdcQ=U<$yI!$EXNL22KgHWn=uc-q%-m8SR1C{Bpuw(m>B zGJQySn~$M{o5v;S-5+~Ks2Gbxd+{~taVksG@}R83F*%OD5a~Vv10M)?%ZvKb448>o z)7z?mZyaWtQ#&Dx3nS%zB>`)goG7Zo`n8!?q{gW{qXG#tCj#fei(2Ux{W}E}!Tm=w zx__>ZF{vvEj=HL<4_K|4`8&)O^si=B=jKY6KW(|sWv>c7%nSt!><6Wd7TY-=6<5uS z4CKGETOKIQs~BF9MRk44PSGD|U+w$WY5Ya%=ey)5jv_5#>K-wkH3qVH%XlqaC;qq& zTW@uEnYXOSeC?bP^WEt8-Nj)TwGi;?uuc^Ned}V#w&}=~n)7BU@(`SnaSR{gjv}y4meZ1S`6zJU6>i z+J~(Ep}hg@361eQuwVJ)-DdA9Uh8nD;3oK1>!?a!t(t!X+v!z!FW!Q%xbq2e_1b{0 zMeLL;5+$7X8HMS#TksOY1j$MM^(}2XP1m%ye96}!V)9wBk}3!5nx&Mbhn|h%+}s6L zZYq(R)gv!3b986_+V=ePK3V1=xsphS@NWjAu;5Xx zTas6<=FDn?7xR>4uj&u=^$*WZfr*!3W#|DII%h*LNoC?qD%?B%3R}!-Gf{qMTVx^E zAfcs=DY*V@S8yY6P~+y?kui!lvF}oU2S+ zVQg-<({bAS?u`NU)a_LH%?e8ocL|*iTx7NoiteLV81xqPs|3qr_$89YD9V8Jh)da= z^r^*aoqfgjmi*(`n&1bK%&$3$A%~hTZARaq>^nsB$kME-wNs7nAgQS0AUT(=A|%9v zq#)S-%t*aj2_H^Fyf>!+vsz&;Jq>_?Op{+@x_#Quaso>;JY=|c@YLHcm9c!bAi@e)%z zKdA56-`BKzGfs`%_VlA#Faj-j3vHp9J!qj&y6`Ys7;Fh#r#MoVjP84}Z2Gzh|&U^k&ViC&-;|x;0`Vt@}hmrZ7bB(WCT)mUijISD=+GXph zOIj-IT}%7J0SnKr=||_;@z?gx?=NlGm%v04mcyd?V^K6~rIVWJs8{d~S&_?*?-l#* zYhgwZvK{9_PO z_C#XvpgS{(mIsJ32Zn!oE(wDTAuY&s`ByxE2rhzkC8}riYj$!UJPPaOn{Sg8bh7^# zTrHztNO~ao*fC@~BxlH=0KqvgiK$HFPD;B zzM5S}`1zvOzOkIQ?g2*jhKmR>CtRVZ(>uTROBqx|XzOmp_qj~jJL`Aklc)G_-=B;M z$VB#5vd*mu23r;<=#@Dzv4U?Mvz#BX9$n|tSIXa_4X5is48PvXIw?aaVOutHQA^lU z_wV*T{l|B!R_6Mztuoe5WiII}$=t<}rm|igY}9XzHMz#rRT%C~)#$4>-BMeVcG(P4 zLdd*afD1{o8#nV!-b%5_hF*I9VLFkPiLDpwZ|aiYQ=04*@?zTadSwa*>VrN~QhNk@ z(D(}IxM3=HUrpS+-nXQJ>JBTsGj0V4Tu_ibxX+aqq z=3Hgv#_LKYU)50nKB^>rUL^g)T> z0h3?%Bo@Cu5uoY4>KG)RyMiUrAw6;V)!mo_mij7TGuaDwBI3aUTVg4SzjEBcr$uH+ z5-@jn37x~_$aeH+*Uq}G*rv*XqYL!f85b1^hrcSP$83zUi;Reku3G5gXjXj!^lE4F zLD5L1R`OAYuj_DIa-rw;l5GAlCjH#bizh#~T9n=BlB0b%vpoFBb5T~>cCK;DqPQWabf4-_%a`Yb?308zH5JRy{+!GaqgUBc=MBNZ%W#7YZ`gSFG5!lLJ zQ#LaKk$u}y!DD5+Z%R1vOo$+};{H^232t&7IK^?B{gp(zWKSG=dJOdw`S4;d>BZz; zt+IB_Zf2g3yRpZj6>|6X-hVeE4*;8$kDrb0-%qZrweojUM6FeCv?$71YZr~SZ>>93 zN8L3(t_`{aOZZ}H5QZi1@|Rmo#yZqRYA^(_;&OCFAih`_mY9Oq;=w-;`Hv$l*mdh{ zsBYzU{xqyfFXR19Smi;j@Zqc#$?jHAEAxP>z(}4|P~%yAP`^^n+Qj5q&2ArTTA@QH zFX8AHGVoNnCCu|!d-2$e_o&)@Bk9UiDQcs$o;((R{lcU)K5c3>>WZ2lxn#f!v0_ku zv^CkTlQ-XN#*|&`CfQgejPoYX;nuykU&#k$G5yDJ8+G)?E?BbEhVM>3tRz*dzW^YC z@u|O~ibA6vs(O@kYh*5{hhy1kHwUVquxkdPN+dztBNlc8O_J=YF2FzZ8y z8suM9b4ZzqKS>#?5&~zTrC$8cn61k{KmOj#f#Sn>rrs z+xC7dkmQsx@_%gd(6H-27Rav1OrU`L5iBh3FV^DPdRzWe2k~yA|C2}mGOJXj7@7Ul z$pKU1-T!|1B`(qrTW(zB=@XYSh#T}eV;QN`q*K-`{or>o&oWw-R+oV|NNqARlRZ0L zGWpQrDf{7I1{;Fi#)EzN}_{2MN^y)OOZa)Eo^_(x&; z)#}nBllzc|y6lcc-4b+y2G)r$Jh?Bq1^=$+#GhzLdrLsA4E9qx(TC64L!}b|aOGio z>C1zHbeJ-0k zldOVKO=_+AWmc3dgN92f#(`f486p4v{U6m3>{*(DTGHthd|;I!>r*zk@u~l)<8g_KtCV%5L7leV5*V7HVd0-zW#nGXO@U^zY6} zm1xVMQBKBXw$T?P`*oUuj+vLYccZ&`{eYw6HkdRQGP(+OP3}5w=lyYouVLk#3kdoWo~6JhoU{VP4 z_rpp@Q*eP_Zld2nBI*UcdS7`zLH6AI!Hh)S68jV+Zo)L7j3!REVWjC4NJ!%ZHdTHQ zq!1TL=QBf9X{fcYdRJ7`1z0u!@Z$@n>D)djI`F)8nuIZb*L|1e473}n>cj^|AvF?< zf{cE8WMpcX48-PnW}V}hC24_IkV?n_7})wh1{U_2rKVFnbbfyTXZM`{YanwgxwEBU zS~&9>VqAE<%hX>@4qt(j^7L@-Yg}B!=;W#BRi8tz#w-P0hvZFP0y&==I5{?YHQ)da z_ebhCR##=+S3W@*T^76I#qEaW_U5CaafZYX`A!Zmg(L?*eETt6mRClj(HTJN9o%}F zVhdIm4B|w9418*i{Hmng-wQQs+9rfPOaVrlt<+=K` z>p`gMT|mjiB_u2#^d^YgvHR`L;_>(>UTrN64Y{p$&JhSKIY>5;j$_#4sYRWlalHe= zULcm5Wi+NT$wwFgKP6x&7k8d{kjKQoe|d)bSP=cw=`5(?HAUfaPes8MV7Sh<@F9he zE=cd+IjR`Zt-ZtN+Vbv%Zb@U87Dm9jkADU#Y_|ye;e&XQBB@GXpl#4b$=rtSamB(% zQi8G8_D}PDmMw(Ag>(f~Y8UgD=UAOw9UMzT6kQJ5@~gJA6&?&$v~f8`Kt;lyrB`($v({$7kYjM1yy-nhNyY@PtK1#e?^m z&&jnfbjD{y^d8yn<~S*MZsXAf>|R{3?RA*Z*!Eto({2M{k8{?dfY+&hKY&AR7LO*| z6Zn;RIK+|-JqK#*yBESYs!6T63W(|B2aXs$9(4zw<@Tr5T@3g0?{pef9!DnC2AAWe z67!EsG`+iL2g7E6(1b5+y*CS|Lu~($Map@ZZ*|b<(Wq6A8`-I60SzAzXfgKWJVk6c zYr>V&lx~o7XTyEF=0gwrU|}3+)N*ThK6$7QHBF0a7=z(xcs^G|KzDRFjs{YB!#Tu) zuqBG)2g7JwjXSh>b7@8y2mi4>mm+^Llay#NqDUN;b&5azyuV+_aoEFrt8a&+a`sp+ zjLml$*=uBz7De+Yj{e_%{d+I>o3=oO{mAf3ipvjrrb1H=+BX?mYB-}CjM=35BxS4P zE+ZR7OB}AV6jO6?BYnAR<8!}zc6*>d)T%hb8;|Urgp*G>!By`4JJuJPC~eG%I!^5FwkGE9Pmqk|wt9+U z{ov`<-I-4cVMN1)$w!9m^_%IeZ!IQjJBc~NKLZlil3Vp4l^c<7tMBQ+p-0M^oG@&$ z&2{NkL4InZy-E%_V|b^Lvbvg__QbIZY;G%>148QTm^+r{Y5onD=bgQ{7j*c=Fh#~= zO^`v5hp-jvHZlEEdgC}it0;8pkv*32re2xEhWxWQfy%y@%q8LB^Sl?^=5hGTvA*hF zFdF~L*==)Z^4HhDlL&0cNA;&tq~Af*qwYGsOYAq4oh%H@c+J@QZup`g{=*XNRfis! zyY{q3h*HzBq+gHPGbe8e0iz1*ua>#zyE4HD{V^p7_q5ka_WE(Qz{`;jk`7@W;+anf z%&P8eTKIm=JCk}U>&8#H>URFHOrLTxL=NJOXNL1nD-G~u(QwCsmz!5 zjeId+f>DR@4fwtvJZ5B^E?wTJm7XMgjX5d!;!~PS94s;|Cbc{zY=>|U>6%x1hh6x zfAGUUgFYXfi0XLU>xmv1bWK&yck^_*+NU4cA2annl!khRrTCcp4#Bfi*s-YAf!$!9 z>7p*1ACLOWH+(%8tSU3gcOee^kXX+vK7;(I-B$&l%y^G2RKQJwTP!b1l!6Y_;uq8d z>8Jm+VH6JNeSb;2Dl|X4lx(ohfUbhs6>`t+ce<|1W{(6~5GrLrHB-30jvO6+N zv!vg&@vBeEm}5Rf{RA;LI=FRbU}s~8k@eoUT869rP-Cv+i1K``(UfQee<%h7b#JjW zkwpj|zby`S^$!_rBDP3F{1>I8(h^w_N-YOMLe+ly5U%u!P{A?pa`(pEryO0Dz3G@7KeYVN>s-&13%416cgz~<@G2x6N!-nnh?5w&L zCfC`$G?l&@PjPdZVFk08F>}nY8ftuI-5cx#kIWl=W1*Y8UfI??Ci=7Q7KsK9S-)c4 z>p>T~$dk5uQQ6264*=$6QXeA(z-vFN?>y;dY9U1n*~cv;1Gszs9oA>5x4@UR9wFbt z$z|ibCp}4i|I%W<>g_3fjr2G->}IaWp-rc`{kplijU~w&I@F;SL56QOnW3ViL$fXr91yLt;1BrQ=+k239Y*)!&zT#?g`Wv4AXjE3S z+34!#hGyYd08;)Tn>)=_0=~U{a6}OOjpJh%>l2^hjnw?JxV+Yj)5ku3eHy53MKP0U zzV5z)I^SBvhij1O1e-Nl#lZJ#Ik8icvpCqcmNIkcC}Ms} z!GrFx)tK7+WFw;Bg3{D$%s|6Cb>m)IA%oF1jNYjFa3ds%M6U0*LpmHk`Rc+wCC7Ez{`vmN0eb!;QHl8 z4cIrs${L4PS?l>fB6(@PnU{8?Uwq-$*P2rCBRyyHQS1jXo2qdO1`_tJtm+i+vB3lG zmUqUF+j7rgUw8Ap4S5V4f3AUv(?VNPjeWbo6*A=ST9%NHx+~gx<2GNfo{%cU6oH1A zg+<9kT`Z+dbi;cE6;Y!1gB8+Oz0+G~(QL)IHJ2D8DWTfpJHtQfoyy9IqS|jMl;rdg zyU0_%ET3k1msLGqc2oy;SEAYzXhXLV%B^E;m-UB-?0tJ=h84>*Go-?ro6J|bcQPqVE3b*<(@>0R(Md~O!zx2>w-Wb`+%d6byh(+Ea1{*oGEWdhy zzM9d=+M*K}f+iKX_p--4ADI24V^!_tL?ZZ(V56E(j75&_n4sE(-px2sWM`=QTr-WT z08f}&n`wn5{@9->vQNu9<)!6IZmb5q4F2(_PHw0v^M&AJXk&X+Tl!?|+EBkK=4)^x zUeyhVBgJ=Q6>?lxb40ihj8o7t3-!P+Z1EDa$4P#?K%^-ueRDB*RxJwkBcf_VRm9F` zCA&@g{Bu&|RBJ%YDev3PT6kNz zdP;?%PTc*etZ)#|nt!+$rTq3o6Uiv!T9DPgiX66|{otGi3wkG|7W8z35hHZjVx=J3 zZr&|GZ|=-J%H($voi;qzlqDxh_o6ws!jv(p()7LCd)QoI>mXLwI)`M#vnp-0ZH7{@ z%)xMRBM>D*a=YzWl8clB^Q)GRk2daVi{j-x584!nMY*B5+r_cfGdnFHDGxR6xw2=QK-}{V!>;5i>}NgHW>?J2ZP=Tu(URN3Jq?*wbyE;A z%3z=4F{2B&|$jO+H2D0UZ(qxbAl#JXUvF5CSOsKjcLcI2?yreEQx zg4!P`@K8l@Nm;7zo+qkvN3lYK$>?r8uT(l=cT-uh#D$D@Vmm2_0)9H2c3$=<`uXslAKRWEuki7(`(9DToO%!~BdV~p|;KAh2FUT9#Mc1Pv>(p6UnFhtp z6RXai^JZQtjYnm`W>;o%Lqd4{x-hvY#tBnD;r>jR4$RH1!1o&1;k$d8g>_^itKnn9 zzOYvHTCsHholAF3O4<|XV}o%4{e4wDpw}xW>aE+ZeL1X_&;$Mmw_og7xY#yT&M4`* zJz9hc<52Wy{xo&xP3CAt7qswCy|NxKCBk^^sMGJHM1^gOTX}D|oH>wOW~Kr1tX7Gg zLDaUB;$2HJQ;rr#597sSJ!VvCha_%|k||~RU)(?ULUPA^f&YWXptUtCyj93%q+j}# zOc6m3N{1ufdG8Rj{L*eb{#2<|wZBCZgV-!|A*P|Zy#1_~y2Hwax(;3iq~MhGDbT<# z&fOv}9spCi?|Lw6y8}FcGllFFB11to}#-(O!f;&3>d?|Ce+}RJQR? zdY{x+Aw9)*Htpu?R~g0Xx4pkPh#lpcKEDLCIbPi?eslbcr+5g3cH-5z60R!OK$-Jb zCk&XgqJC~?Z3bwJcN1NEHX1yHU&lcUClt<`y&HUML+Wn%ANsMUk@BoetJ%>2q_fWb zSF?ciNbw`>n$uXLKaQ*H>0Q!QuiXRo`N*7#p<3-qIDjRIIQ;h3X3ySS;34{Gnh>_U zr1edm9F}|9_mE#c&BT;MW>pXPQkNgmuKlac$@{oGudBVb$2*{!Wqf#yIQ2FP++`pW zf`#~G>OTyW$D5vg6%&2x7XX#cLTQ&$Yq7L|1MKi^%MPDw4H?lf@9?`J2e7|RfpSi6 z(m4bBT`J4Uv~TJUB^tXiyAp}XmU_0hX$2%I^sotG;-<}m{wldU-aat%M|g-LTf9fS z!n0B7pGb$hwNN3jSG)kYKS)2M3pH)1_}1TOsX+(k>O$53dg&BNMjq`3Uj2))KTYTKy7`^!+M zoJ9h#z4VjDCa}FEm{jT?Ae+zs;#*RX_kN1=rnCsI3Een#kLCXkF6V#E^7>z5o@NCE zSsf79Q4_A6fr^K-Eg{Sld`xoMhcKY6C@(FYU2+N(XLh1{Sv*0!DZK??l;h6I5S_yA z49<^KJ=Ydqk8fqAliz+~Y&<<)X2;9JQwnf!-BeHH1wiE!9%zTArY0PKd&i4e^&sW# zWbTs12Y9uTDvpR~C*c0(9V@TL`$CY>39hQM%G5eZw0A-TSn_kYK{IK;j>IwrUhXtq zXFJ5l;HaS(uCTu(K4Mq`$78g8SDx1&E(mLGNV~7RaB^~r?*xPOPFxNYZg1aq&%50F ztHwwC^DzA{4o5FN0qWc4osnP;N$Md_%|A1IY-YTv}W_=pf==>dQJFE<8?i17~tHKn5KBX3A@zUW=K;Nb{ab{M z%ypZaO>`*$mdsqgtE8?T62OK9IwE&>l-WI-OS65jTcdIEZ_EHHafQoRtE8q&+daE# zYMIF9C@J7dZqT`fZUy|mk?}!5LD;>PQgaLHs`B#Ib8_?VxL^UocV>lUcLHyUPcZ<% zE1`8Q4Tjh6mQfg{4y%;hCg-HhkTk~2&S0^BaDb~JXfZf`0KjCVluILkxl)$*A5gby zWJaOeXLF02TAsB{|AqX7=`7?~oLj{&2HtZf=feL*su0 zrvccaqFR4UGM)paSJ~R?R_T(QOS*%mHU_9NAygnCqkl}NtsP6ymfsod25hT^QBT0A zX7?e-{!c(`Exbth&Dc&G;QI0+1x6SDo~?rs<>BSktc#C}yTZXC37Cs2X#+s0^-c~G zXjK6hga{N;;s1Wq@;?dZ@gvP8R!x}q)QO4T@*DaH+tkGr!@MiEFr&d=!i`1ij-kz~^U#pjr3*QR?`_Jx?54yMO&>1yT*HOlF6Vby7r*vw zROeaB?5HJSe;aW>N2iIVIq8?O6Jp?N-kJkjp-${FYjt9)V-2$oV!I68*qO1W+8V$(4a4pfd9HTw`ql1V?rEsj z7S9!N0F+BEW%_iMY-2OAY!dyP_O^?A8Qa5lT=@^3ILnXlu4W(kgMo3@0b6^GN=Oi! z7EF-w9i-(z;~JPok8PGD2eZ5Ha1tMq_EhC4fj4GK@-M_lVM>OVp1Y(Z$x*b8-kaSz zwR)xOhXS-@p@{!?7gr*V!;XUwB65eCSw2amjABBx3n=C}@73jeu=au#Edyj`qha&Q~={&^B(Pl%JBIb)DI z_qY5LZlXH7Z0=EL_gm#!LWdd^Or^IGgYE$J~&vcuOYoi~-AAbcUF_MbVDK4v+R9CnsTx;0Y23=W*tA}3moA-yMt zs@SO5LS18D*T16_dGzuJ+1$#F|R8sde6PkrfCLtF0-Xl+|WRCFvLBip0E6SElw z4X(nCZp71!EsyDm9AjdUMJ+Fs@(l`(y>%06c9CP}}p zuUJjdYd39up$hVpw7ClJVUwW{TgA=0uzZ{Vw^hR_-kF0+4CuvARNL+b=w$lds(RH9 zPM-$5$i#geM3`S`SmyVh>HJoRUM^^P?)V~o6)YAy*+Q4#fj_q5S@U)uwepdx4yUP{GCOXL9Y<5faQ@02H%nG z>2-d(sjlQbhWXnEUz(LS^h~=kxl?8N+su6P!ss+~#O4=eU1o1jE_-{Zrj*rhWVi!j z2NvUR95_~*k_}N+a#wGZOed0tYVSH+4XHJ2&-a(y{AmtTv~F51zwxani4DWyD98{ zG4Wc8PL&L=O_I*B?F;srcv%APttZQ>LBdNXI}AI1P^s{(S!Z`3ZDQh;jER}3(?45d zCp{HGFV!BbjTJT=g9UMu=B}Mv`x;r~B75|Y4-XB8t>l114gD1}pFmD%NN;`=-W`1Fd#k0(GYZ{f-A4LLO?Sj^;eh7b=UydBrl(5u& z-)xo=O3bHFGq=Az-jd*{n^(JReD-~}g`{+yBwy_nIbg$GvkaHNZhvWJ-sUf|ypUU7 zV|*)*O91@rQZzuujMe8{eE*NjHB+F%c3D-1wJuu1cq+2plI01;TaM4#$5@3~%HCX1 zu1wyqa2xCI{GxwSK-`j~UQAzaLU9m0WdX%DPG1zM-rYjl3EQ~u6yCR&YjI3#8eacV zPI8Jxge^**e{m%mIpy?2LSWKbSR<|l>=olKo@k`Gj1-mLV`tUAp;%|*X%_Wj0@Sp# zPjx=4`^NSDsU8n{bRYwxhtg1@@w0C=FK(bzQ(}AEkJPtYM|ZEhRhRP^i&*9=U!^D3 zkRNOvTxk1q`t zyT|i^YfZ5(@JOvj-+l|F*fx3AoECbuCV1bRa#`rBC@!tHnaFZ>vT=+mjap*qGE=ziy>p3{1@}a{9K4 zlo!Buh1h9b(KhdJu000b9LO>E|A_W(DW>SOu%NEd4~>-?pFL5od~TPKGwM9`5r=+_ z%W!Pw&7&5p+a-?DSJUXr`ve7pg)8q#@k==K-x*vI;H;`qpp|i>_fY!2I-zo#CkBchb-=oT1;9}>&Vn(kLui|`&xnlC~5|_30 z()Y`H{pS4+mW5<95@6>+7QfQfJrz0NCZ2?Zz*oEWvwH9e#l>hvJ(k0=XE>3oUF$4{ z^%~@)-1@%-OnRSf=dUp zxT{ufmasU9b@4TJUt5E`bc|}!I_!@rtnCR$(eZItE43&)f=L0!=8NleJxY6zH{YNK#sD8Hj4bSpXjEAx_NIz3)Bd_O7hu zk<(zpD#(sz7>}8SBvYX$NyL*V4zBaeahL&WkPrkmeFov{uAb_ zgKMZt?nDOw;dvnY>Pzo(Fzz5I-vG>N*_8CJ$p6Sij8LQ*1~o0d_dF|p{aC^||H*`s zqd#UH#l0T$#An{~Kps>qsR83g;3bNMoW?Ze8%DTwMs3jwql9CHOIb}pYSpwLTYyXp zWXN607}1)C=|>M%XXpyYovwZq7P!O`SDCjTXt&-~_;MtoW8CeGX1o_Eqlc%VbV*Ml z;PFW3$XQ45kf^g00-U8PP^~%R(v4{|b5i;7!eBeR{XLcX%QDnE5HZ4fjfHkjd;@@`JJ$8*oMfg{m$jTT zZ8@d|H{L|u-RfxUc@wrV+t)X{5oRqRAlBnt)u^joX|IzEy7y1ksx3#k<!G9 z=32*V{c7>7o-Pn3eCC*zFFA=89hy0`Dj^orjxN&@i{@M&&}H`j zG|_g6dqV>guXw}#O{UPn;<2M0mo^E;+8R%u+*!UpLb_r4$TBM&5P(Z|$9V zR8v{I=BctQyF{Q0M3m7InS}r{2@yU;8DtWXNrs3(kQo`n5Ks{)h=_oOnW!izQ~oRkc9Lh@Kt~J-gWOe$c6r$4Qxl5@L3|A5E;E_h-Q(1mH^T52`Jeu7ucfPp4e+RHX zq)dFhTBsKByL{8^_2l=K1>8anO`kmjlS^Q26i=pFT)EY_iyE#Rm-1a&?7Fo-u*#|-dSN? z1(zc{&>f|k`>ic8Lzt)ahD#AY-@dv_5S}bV#52uwQWv(;Uh^D(!QFxQlc|*B_{_KW ze)`{K*Z<=5^G_)BFUV?bKD1)s%yp*#?BoZj?PW?E0{xbfk{8&tIa7iv%+LQi%)`^I z#(ke`GFvlysrU+~x~R3;15z=|5jZA^_Pu=+_B}O8GU_E79k@WK5fTz2@blcp?(SPY z8L)u*h1&7)@twXi-GFY}t#rK4S90Qg0z`%nQJ0&$IhhGr1RRTV|INB<*rBUpK6@uCA_ovZ6w1)@iFwN*4@G zrOKt5PqmXcr1ILedPQo6523ZkPl2bITUinvGf@GUx|J6o_)Lib`&B-{bagCVAXm#% z&_&}`898vC;0GWmQv}3~09V?T9IdodsD{Hl$M>;i}TRiWM?eumBucg~4FV zDS(RZqD%Y!2cPbEE7$4hyh*5j77eQtxjaIV@I|Se22}qlC7H3q!HXwy6g=zamCq5Q z#IpQj2Era<3{6}Q@;v;Jy9xcLjAt7Yc30<0E^H?)+W$(P>-WpD8lm)>4^1A-i=HLo zyEaA7a<%=cZ>y@i@FzIS1_}&Vf)#g)a7ovd1c37#Pm-z(lIoRC1K%KAjgYcBMVpuO z0|HzdA$5+W3B{^RUx zwx6j(XUz{h&eOY}II%OlvYo38#%Lt9Kz76=@F~WtmmG$7sUw9u^~)$rOX|G8q+|VQ z2W`>nZ2a_sp~6HQ7)U4}yxWPUojvo&9bB{4b{FIMi+K&6vAerfi<7z2@j0SmVyB;a z0T&2huFD%68$c@sK)(fG*Yvr{`p>NeACd%o>tCL??^hs9uA$uQodhvar4L8$hHLfKMAjSQHTyjFRlEQlboW zQrZ)g|4TgbXB|y*paD`hh&w(0^yL2qnm3SH_x=$}vYn`}0vESE8*fGbT9Evl43O## zL4B8d?0(C(sN1fpLcGhs83~7!zsnlk+!o*Or1l-}(GzQ2N<<}3O*5+V3Fv?$#0N9G zj4x0G>yEy(<6@T71#4+>eax)}pTQOAP4gHl8p5=3cxkM3kl_Sl|P z^e;n^8*LDq#RY6Q|2Ny7uBDjR2Nzxo4@6shn{IPn(Xic|%U|vO+_&U?rpCD-`=$x=TeJ?K&RiZtViUa`x5Q=q zs&L4lmW`Jqm%5rxc2;kM3LbX2?yxlj&7CDm94@?=X|(jiklkRzq#1!tf(VEM31tz^m`t|H_kD9$EVX#<-_wV?g4Vtq0F93x;oce%bUjA8{GKfZayq%@-C0TU~gI ze5M#4{8~^B3-3^ReO|5V46OhX$w=fylA6_}L5rv-s14BdN!z5mYLD1wEyRstnmxCq zl0)-ecl7dyd(K|N&lZ|H+fQ7qQucPt=iSX93I)^L(8&6TXHc=IJ^jiHw4-17VPfSq z0)=RfTnTF2wO;+bwgL*GF`&!_7I1BikZyD!WJyW@fQA64wweA@-S9!PrMw`|JZ*KQ zd14;k*0c}89WH}BOdG}IyqiI6(w&Uzeop>O(Y)e~_%{O&h8_OJ`74eM&uc!toKHke z36-;*b9YL<4Y+pWJPj>eHdqngsY+8Ep8?3TR#X7SX58pcMOSrJesroy%4cVT$+q@2ugHNA0EHbX@ zrX4DpzwOR8uID3UOJ1w7C*DzU2yjVfyli>yc}rzaBsK$o_Shc2^Q}9jVzX~;A;a zRnu$9`;zr9T@>d% z&HrC`w257B@Gg%wqx?@EZMfpt8Jv_!jFo9rpkj`SV`sxs4#Nf8Su|2gGB%994hUYx zMwqLHNii3~P}%V}$~jetc7RP(qB$ZFN;|p4OiuiSZMHxKU)KwrDn%!}T~ySEwLa4D zx4?I*|IAms>v@;t>xhH3D!TVO-RZ#H1Jv0T#VTUbx{WKkYyxCr{oS910pKr_UBkWg ziS=Z3^Fa{61N_^2uK*SoMFm+_p=`J-`!oec`q?YXLZHP~iFl4yYPa(4(rA%jmV^TN z_j_mlEHWRiE%&RXR^{b#%~c*&VL&B)D&ENcQ6A?#6Gp)t+@x7_iRC?~=p%*a8^5Hs z)&DGkJGu_Nx8w*|u+P*47-QZ{+{3wq8M|Zh@MIhu9EgCvLKb?u^c4Fg863$Udw?z* zq0rLr-Ebd>x~?9_#m&T_6vg?-P?8(h2&~zkmJ0qeKO)+gR2Av%*o*b=2Ss%@7Fdbe zeiC;+VTHmWhXx7|X^QVE`?HKypWoYCKH5^1iE*ZKHv0HGJ`uskv2d2KL*-G&i+)t9 z(h_;NAzO&4b{F|e9&)4qAR&vpXi#ovZsC=D-RfKg@>Uc2u$6JiWVmy<%L`Bj>uT4H z%0CMyQ+z9k(&{R9n6%SF|BgvhFUv|R zQ*;v!@J{cNS#{^~WAcklFT zCVo&@R6(B`-tOYlJB8G`OtaqXp&(j`z{@X$a0^VgmB*iQ19|i65uJik_*P47gALkd zI)TJ(A*|3^z22Ofyw7shfKY)q{F6^RBN9;TkcCe@UD$h|hvliZTh99omMP>VG{jye za+9?`TH6$9!a8VBSGCxTzu(PcuSLd!$h%R-$-JSbv_}H- z>#sb1g|n+{`p(*o?o7Y~+K`gs$%ZptZRr~aCsIs%+R#_WfBYxX@c&|Gs=pwz`(OQx z{dXvK(#ulf`xZ7<(+2$Iu%q{l-*_JGnR8Cj z${px2T@~pcmc<%T*w`aT;{C$BAl6(s?f)d7lU+-i$|v$W2@cPDid!6zL)A2D=RX~ z@dkxFk}4%F-|0)(KH8Z&dxu?RO`}De4N@HnOm^o_x(cVhvHqdCZMOwQw+<~^dX*jb z#`lHflt4HsY8m@ptV>fS`@{0hUZKn+S=sjWCIZbHyX}c24AzEqALgxXq3;7(NPf0> zaJB}`Y$s!%NgE&B>`=4mWmmR4snS#9d*6}?=z$wKwm+%KWEZNk%Ojgc%axX*>}BGU zL6c#&ZZEYQLIW@b**{SI8s`(ewpUWMEoiUcIddnqgq`%6&Ga07tmsQ6WeJQy#;opW z6OIOo^HS1Pjgynhpv38U3#Dr?W1mROgv9Oe14i30U?X0E%?hb z*lm@fKOwWUmom~3acwrN{6Ypbl6V4L(r{XW5+=w?5hIi!e~eeEhjdWub9@+I<1IJ6?T&_^3=?Wm3d2S(!a^{n`7= zX6@H)4HO4fzQxyvb_`uY2$4r-^&+(O44BQlyl86ak=qFFX(P=!wv;o$CpmNQRN(y@ z)^%+d|0sED)S=1f^FM}u8h{t%=PWu4?b}12^NYreRX+F) zKU84%rcnlcBZiHSP|l*P!-xCLF1{#RK?rA+s$Lb^Xlg2hK^~}0CNfE`+KTv}7{CMs zn!Hp2-B_>%`s$9^BX25J7lV0B^mfY)U9BM=!G2?NOs!$VK-05cfg0)2ehX~*#cq=h z+K|RgoMqs9Wo*e%C~WSfskKGjg3}hYpR6)O&jM-Go4J^wzC_z(*trQg*ln@8C~>We0?h=EW)jgblcf)1~jQHkG(pf`zUINY(B9X z4qdVvd2XBi?CQsrwzf69>HeAvKMO%hhn}!5^9`6oXPSX;#5s9uxtch(Evh51#~A!Kx8(glwg;sH{_TGp1g2=zlYQcm$xTq;TSEPnl9PZY*n7hmA1Y0A{$c_KGV{F(tK@UB zWa?cb%I`GuohAx95BE3;;9N8W1(Lnqad#|$AfM4fxPMGTD*FZa9QGfDQEGBlSFXl+ zg|r{as(2Zm-0nY>u_SfsLElx~fV_CM-sX{$g`?mYj=)#80LKVHM}JFhZ`#P65C#w6 z10yj}=?`J51}0#WI!E!-u|fW9Dfpxaa~;Q80pSQ4{-{2+?`!b~T=i8&s4hNPuzBcq z7Q-`(b-Wu~96XGdLPLG2V6j1c+S_V+bCKTQfB|RIUDr!jl1UTrMLqV(f%y@<8>Y~V z1#J-Id!JJv)6Kv4h%M)Y=|3nftmDA_m4czHn~qd}DTP{lE-7OS?K610M5P8&B1>`7 z%#Ni+_~a9PE%aDCdd4I5AuQ;J6TlZ0>qFm`>EdISCinFj-sKcZS`sm$W?9wRn#wi! zJ1KZRWDI94vo1^v#Mk?1dL~V3{hrsk2E?J3izhkaraCVDuhx&)5L@YM?fk5s5>aB9 zJUOvl>oTZsxTUsE)01ndlHLbrkKMsJ5yY`qvWx=Z$noNB~B#3SkN5xHsm{XAhN;O;aZ|zCiNG+_~ zaQ(V)^lwJICncS4?>wwa?S~?Ta8uFD^`$t?aiJjES@x^#^=>KnnsuJ6`J3@7G&>mO zLNV^jb;3=lL^rY;eJz}ImbFp;1H{k1>AfyA8a+8S=O$NtYdtfr#$F|(M(a}WvVd62 zsz9`;!I}$xaq_wKD^a<^c8K1_ETgio`+FKTbRT4M&R5jpCG(usfaWOB^g;;~x0D$? z4$}RCchy9&NEyTJg#@|637gYtXP4uF*oa;dK{%~1`{mQb=Yll-C-}+{Y32}V10dp~ zO>*UGQR%rdg>r%Zk)tRBWc4UX$Q||B3Mxa+roQ`~{%UD~1ay^AcZ_`34KlKsv!6`P z5^k^|wK@_>bmrQpxt>SXms?G!<-cjj;9D*uVW;)a%svG}7XU;hOa! zK`8Icu!R9_jp13`OJ?^Z%MGY)p@}-ZR>}6P}RP_}57)aNcgZc0$m%_P)&~~5w zg#B0zj_CpKs+bC+TK+ctRt0hN7xYhp0xJIimL;bI_e5p`bGkyJ$D+gQ#7Ijs=Sf-H zSSnfEes(*rFtty1>i8%jmMCO3@{L^jM*e1?7;#@hdD~U=8-WJ$d*nKldg+5;$U~UN zhAf@6P%`^o%~*j`Y_Sg#<{HQ99nHel!jz(#!OE$qt;)u{%`6BUf{3PMxZZhzwpAK` ze0lK|`rzKf$(zj{UrA`>5#neYCoj#o($X}W^7Vc?!g|dq$LYx;i-u38eZW#O2Sc2>4*W@|jd81&~Yj)i=*Sl{9MnPB| z;m_6MvPc+Z!K*YpLWPL=W7r6!W-vI)`GALTS~9w&uw^dmr#^eOoGDyBb_i0YrTUl^ zy?)RBJjDj0EGRH_09c0YNNV3}?1lJyfxC*O)z~i>I0Zh^JGYi-DHf^DC%Zfy>=sRY zThm8k<}}Wi;b3j-)1qh9huhGb6YZc#l>eq-BUXdBoQ#Wo;RnsmYn9HS!o#vm)>Hh( zw43@0{omOCK*Ao6mdj`ad!fS~<=(BBpE6EkU*n36w$YQDl)SKvt|QS;uhQNR_2oirjD`5 znk`j}*i_tCY-s}TuRB`{-Q6hokfL(uu@g`21D#*NWZHcpe)DVBrx5m#L8RLY%Gwix zOyM;2o!iHDzr>I);D^U*=LN#;>?;*>;#=LP*W|2Ebv&AczMOUsyfeMeSn;%VSF8I* zZ-GAQ+)Q&B+DCB>#r{;i0>O78pMmncf2UoKeF%FPfYF8Kw*&jjXWx)a*k>DH<)o_Z zjk6I2`y?F($kIE81^#pI(qSq$Pf7~*hW;}y>tDEG22O>T z4yFyC5KPmbR5-u4-*iXM?enhoC)T#MW&$2virV<`$CPAa)KX|NF3Q)0Tfg18qJ-6c z97JRBSxd0g_QxJQPQ#?Sq4*YV<_?^r<9GtT7d)QC6f#2`ih^yP- z;5=x%`nu6+oo9f9BNr+m{7%VPXM5(%lXAst*G1FJp{C)j+p)jh>Q-v+PU_~an|Be* zcsGRe?l@^ITPgn9R$uDGVWJK0oWa|VeGFVeUA|IJKU&Ve7YP3{Fb>YgGPP=pi7D%50WL26RNOFXfyv29zBg}7Q<~G z+7s*q5gq#P2&e)#h;s(*c_UJkpz$WU9b zu94$ANJY5WXbZ=Us15WZQt{WFj_ekt^#0%<4 zzJ_!n$9Jg(&NF3-Zc{zmN;MHGI`MN;H8SLC;TC{#t=ONgP?XP{G(b#Gl$HL@m8w*! zbil#+ARX^f-g}Yz(k^^H2yDEgYbqAO|M{u)`o(A<2S))NbW`~xK*9xKJXCPzFMO0> z>fj))b4#Q4WO+GTio-NzQSshum z<31nVULBVj_QA2P!f&5)=%`K=Kb;86RL!!F^!%QUNr+*#^4pFcTWDHqj!#zLTBLe5 zF&S>%rE`fT)9twz#NGG{7w5~`ojZ48&*7eqYt&eAD=*4#xzyFFu}nQsIhP8 zzoQwmV2N~G3aFyjJD)(8IbF<5cA2>^R5zM5wO7j{ee-BKJF{eNzY#Y6&A+>&Ifuv& zI{=oZ#PCu`J8Tr5hWtiE|9CTMBlc!Em#W8RV|VXRt}vNO&=)R-zuqsD$K|d#e-Gg{ zn`q}oH&_cc)j(GX*1Rgn_9BC)Snpa1^i9a8`TWrW)AwSImgrF?f#~RCBy& zB!JW?MAv$=IN{(teP?dINnzbU^kl4XNRB6|sDllEgyhLmdDAT2Ul9qBTX^NKoIPAz zF}5Bzo;xe3K^}!bRN5mmQgxbam_Nq$bC9qRx-lSushv;SrP0DMUj-EW-uZOAr5r|7 zwH`~al-}&nyvIVu17OUEl<>_|v>GDHImY*w2Y-X+ipehdb`*2wK#P1>D1 z?Qe7?2^`XN+PXO3^@IRm%y$d$0ybi( zH0W`{Iw7#&Drwa7&!b{uX_qIXjh-%tskNQ~%E3sx#rD8^WbE+|06i)73WL_v)0!L5 zvxl{EowjMI6iKJ2Tc={6@bgutHL=U}tv!EG8aev>_nsJ&+~x7P;w5VKx3%p3pickJ zj-_Q}iSY>`3&WLW$X_BlT}H*SzU|-h?9x8<5r-JV<**l9r`94EG;$gVf!eONh0BFs z$mXPRHJ{I;Ab~iji{IA5cU-Oagd)6*4xe5PGx-vcn_L0D3SOn-2}s2O^|V$o`wz0M zOF0wZiz(jS>un%s=Ed-%kX&ROIt@y-&2@&mX(u}uYmN2oo|o?DJD#-*nwL`!a~M^M z-HWlLoeSQiU33la4jOVf)p$8}X}8;a*4ub_QL=MJaCv@l`Hb50{HN!|CG{!%a>&sG<7 zo1x3?>6uJnlxOoZOHAR7yv~c~io0q2P+Mf*?|h<&D0@R9=*4L#WMf@Y0Q>sNwucqe z5o^ZQ4d!AXBJ&`^ieaHKMWZKBk7Jm=6Va88hbj?5g}piN=05av=xx+>|3u2VW*_ml zT3vZ*X(oKnN7uZ+GD~5s@x>c%%N`t@pRGn2aD#45@(tu+2bpew7VRUs7eb6J_d^4c zvsi+Whv+qlzuVp6gQP3}VD}@W zSnl)&&PT78Vp~BOaw1zu;vJzYZTcvs?_mfr19FGhoLUKn#N!zz zcG>(W!BxiL!Qc(|4~ld5qT+Jc{o{VQrkyYL0&vf@aGOK>;XvF`H(=nb9}a$SL=!{7 z=O{&JBp~_WgmK*tNElUX)57|!Rgp&i09T$fkAhpQEm_1~zE-Tf#5uw4jnShI7AA5Z zexG4Q)L+fg24l$-QhM^%5f>9E!JxR$I_fX!d3aA7Z)2L*!`!_c>EOhIXgr6vm z^o>-|UA6`Tu>6x&UIxWk%V15UvnLq@_DoFR8T;WoYkYaywt25$($4V7pK+Lz3jea#Dzm%=RXE_9s((Pahb+HwmZ8AyC!B$jp)=Zjx%BC;Zn!x_jVMOFTc%&C3l zx}mHA;J94rcOk~tc{Sa=40v+L5hqjN!H;?16tOy-ESe^H?PQjI2xE3DQ?=(;X?k7} zUWS}Qc(bR0ZdMkyQz(3g?ix%1d<*#dB}aH#Gur(6IT9z-6G}dYLAdsmz1`@6P{T>?7bE0K!J-Phrr&)iOo@+i1&(S+=dcC;0GOlv54| zM{PL(Y;y(g?(b1vH-V|ZI8;$FosS zF(E|IZy~^T?ga*d*8;%Ly#MjDzSiD*qU$$Xk!{U;?_UDC`pLwIvC#!R5&|-TQy>w* zz5YxX^!h4{gK027y{=xC$VRMvoGZ8BGt@d8uFbf7DXnTT=V8Li`zeT-aT2*xLrw_i z-C}9#(d*f9OHOpYHP7s|y-FQ=~eJFXK$aL>v&J@zEHYjjvE;NqfJLK%=E*5<#ulSYtz zeaW`!J=lcb`!b(FDk;%tQyX2oaKz}s20NJyvv*BleWunhA05KKKQ!U#Z1K^_X>}5m z9CH{{NvicEScie71YVHvJqvnv?C>PzN9*XY@3Vm}DdURzu$r!GZROKqDzg#|b;P+# z&YSKM;ht%{tyyQ0JR5b|<+I-k0+XCtx3Fb)3s)tp$Igg zzTSET5!Btzew5QD&ClJPjfaRY&!n}7M_xu@fpcwK1p(lN9|2^Jdzh!4=EKZk} zs`+Kz)7cqSB9ZZZU9ZJl0Y?Wdi8JsK z))&J#QHi_HDZh$l-nX+NQ{j8T^5gR`dfL}r49SvIMKxns)EX^JUtBCp*Vi+rs=PH) zpp$~ND$yW0GmEX~{k(5GSvhxqfLBy_aR)!JYSZ&f-n7Dw{qkxZ!KgOn_dh;1+&0(W zJThEi15gc^`+-%LFU00$1k1rfAu=;bZGycJ6)ZR$etAbKJ2X1>2cG8QhS`+=w;79d zqIhgM!60qwBC?ciEIjMC&5e}fjTw*jI6 z8(t`XykK>H-}~M}UHMROPfT;2{q{jctIGkr2}@AjB^jYif6*t^x-nT}y~%mG@nY8h zRO6QVIB3d7KCxfddRlk1De_>3UB1F#sZMvLGSiivDR|ploo0L%N^#(+=6^5t&{f1J zPeig&u63oYYJ8|Tj`b<2__WAIr`=#nrI|qbnxp(;(i~$QeTLkYu^;_}?1gc1Tj(<< z{SgI)tl)z8`Ox?uG%eo#sXBAyj>^@MzlDyZ32%>D-LKJpL}q2tO3L<=K-FtJ$B(Mo z)rxtNLUSNa8RbGp_eTjAOF!t&H-AwuD8 z`l>v%7-n(HI%&;`3i0DkKEF8Gd<0W%Z$fTB>^-En9(6Vi_DsOCDaLwCnZ~g_&+kEie;KRhG6b2&*Ax$DOOjtN9hTZjJ;1F*nZ?MKm1GjFyRx@D!zDyI^@12;qrr zI_~z~{n<6))GSknZi=3{^r--4)t&ybOCMA8ue_ap&_lbndpc!idK5C{ zuYaUVWrghr4qA7JpHwQGy)dD{PyQ}V(9rqB{>nWt+*Kw>?R+Z=T1ut>o#Ub5WK0Z9#uZ1cW8g?Vmo_%p9{L5xc zTFgvB2R{dP04j6=jV{-Gw(pvM%ZfX7I83VnWlk=u8QiX0Zd29SGkbXuDnFA1pdnt+Ts}HAd+BdSPx`lLvhOqb1X%^lyf5@m_nk3WePnOT3H|X` z_AJeQ_QR?BjEhqbp^f%*_(8~<{u-ibKJ`wZk<6ry6F-bZ#OM8!*wd`ZIh__U-i1!l z<+KDpPxg-H2fpprx6Jt#a#i04_QsZd$4aqZ5VJU%)4)nm3VIGL3H#V^7(FU|Ttj2B zCg04~7#7?1X|+5HnxxgPQ$1d}THx~Ceu+l)t)En2iTP(j5cBOO*8eeLk5+ zIXMAGMbM&mhki+zdFXx|tCkD;Ot+Df+2s%v^1wgBPD&Uwp<_ITaj>+Unw77mMHj{Y zD9gEBWCQv&Ya3%J{!TSh;6B5aC>K)`0a>>{%ZGx9Q-wgwJH#ThSP4*`s6j^f-+nnb z&y;$RTxFg@F#ZG<_|HT)rkGQb=qwP$69Ny*_K;y>UF!nT7F|xqPveQt2%4!Rv5u16 z)=>)gdemL->qmer?oI$(n<$R?9ODeyvb-NCI_c&*Ih2txJ+bkZZG$HZubkxLRr z#eRonCUL$Xfn~-ST_XG9vtSxJZpJeM=|}C-NOMfb^T}_qB(AoQkjJV`(vYH+D$^wRDPghoCxvxaVlcxUo}S4ElZ;qj*}Hr3Iuz5=XUW|jV4 zSKHfuvfzDT<0lm50DGVB6wqjzsQs{nbSf4~5#;`zJR%Uhw6rF3<3k>R=k8C|D@xv< z-c`x{gs=W=14*IOZk$hhIQ=Mo?UQ+svPqSZ98+Z>!zhRGJ2#a<@Els#?$}pbrlnaXvXov*>FPq2DZV_~+)})$YgS@%@viR|4sJ`Sj~vu@ z6%fv-dYLRaCItqomWm2g%rkH;*5`G(`uV2%vkW-#IV=1qq?c^fh*1CP99-xonR=JA zXJ%aRb#LLbeKuoWidfOu`)-f70Xaq8dB5UmijUL6-v18vR%M=?GKq_xbpNr~Rue^j zmn`IjKE2<&wW~Vdjp!#X{BB{;{$SEy-#^G?60C+`9oexIM5UBdGc$(2(4*o-bGB8x zpNfVJqzn%vx*Xz(V?@*DALS}7&fbdoc0&I9a_jdadX@@uvruHkYa-}}5bVqTEENmH z<$Ruz*=a0Hk-$8gQIn4-Ikt`e1;W_9u%Pn@f)~I1)lE?S?&}NRz9h*u(pO$KgF#NWQ>^TbB=~~D_{JI%&r*>XB=1u@u!a8-?Ax4+$RnmZJS>3}{(nXn(tj|!2 z$u9dhJ-TOGZdPL@_UgHbynlaZ2lC}Icr|}7t>kv|WDvBOUY4x#`Gsheb%mt>{?4m3 zcPF%-c_2@K!oN6LnX1gaDx{LEg_!|yZntVJ3Mne zs+C5|Dunt94N21_{t<@8Tz!+BXv9(a;wa)WX7jkZdiy03G&M5v{KWcnQz^r*%U8WY z-1DJhO1_Re7d(8ewK0nw(n%2kv74l+kxb(Y+Zu5`zbUbMYbZ1;wfD2Hk#)c-o>jc& z0E?O)%n-WSAA2f0N}TOT^~FUM$VKL;Bu=<~JAL}SY*C+R#}`j{$?L5r#PNwONmsi& zHk0i;x!pr3AkFN|$jB$FWoBIa^+enFI6Ecv!W1O!hEhad`&HTjTQbQ~J^uZQSn@B! zVb&4nE*&1q5*618TG&w7v6Fo_aS|?%{q||gsH01yogf3K%(zu_k=ST``GQhr(t$=y z)o1-w@F(5d`oS@<`d)4T%mbV9bS#76$bDMYTMyKg;3W>xuYa|Vuiu3kO=4?mY!S}C z+7ro40`h@m;WV`cL`n+Ur(RiYJ+J(fw$o8JLHop)KhVZNOw3=yA4c@1sMf59i=2U+ zV8ZXfgo9(AIz^;&I9%%lYEFILN%{-ObN*h^^^uWFdtvlvV{{SBdS)8VCnCF0nu zC%;STP_iSq{!1vMG#i?<5mT7|3)Wwt&wOTIU1LcihM7iO6ytA}SWe}HV?M2%`l`RK zg&YV6b_#`f&6U$2% zMwmx5BMt~*{9@lOcRhVU2zcyB(Qk25=JGO7Kb*Ige?As_x zy(18bM;hQXVpUOk?kg&MTZk-vttHCj{Cl06X03o~{p)?FvLc6k!+zRP`@o{=F)Q+i z4w19n2vNMa+b>G468g_5FM~9QAk}r0yd!o~@D>91fp8k%Q_OI9U8byA2kE(74bIcA zSG<=Tl?^)61C`C_$nhoPzh&SEq4QTX-hWbMBO;(9xY$vOLQJwVp)t%j-<2pPm zOOCFXc05jie*<_sC2FVvt%NSjqwWLwcVJd`|ge2X;kg3e|V}Fn1=caE_7C3 zOVg-5{A5JAl&FbC}~VRlvvow5}fZWX3CDbmZw-FsQ2Gv%W| zsD{UMi&xTCjBuevdMvPlbLE8=wY8@G#AzWhjS|oNt~YN5A@9cdu;ritqj3H_HE+zXgcki6n^l zjC~|-_^JNE!Tl>b6`vTYFo*rvJ(s-PLU-{G!g*oA`Hzj5qtG)IaXC!6#yQJNy^SXX zJf2(%G#7-y?zOpviTta`cUNwZ)r45{kK>rVod2-8+Om`8`3BuRuFRXJMP5Wl?Km9~ z98DJK+=uYFmS`q3e1H=;0MwJQ>o)Md85;lWkF1!dzLstE8D@N_u{rhPpu7(6cy@P) z_k3qUiYx9CmAgKlUs!Fu<&&QvHN+)U5>h>Fz}uxy{U7gDUZQ%tEA(N*w@Y%YALLj) z44-R!;qV!L?z5h>a+k(MTRMlbtgCOhwyb1^Z~S05myE-+dVjSg$E1RP74=7qS%g^l z=hRyM!wLMF2RxexOptRu$wwEat8!$!aV^i%zS(QkU3#@d$Fnztm_``=DA`kl`1VFtseTv2qH}rHz<3S<3yNQ@<@iY;%DveSX|Hn9?V5TH% z$;VmK^qsGJr9LibaqX##P`X95cewQJ|IsoulYoHWk8%RQ{FHxQ6b4a;b!v&E`9OQi z*P}-PVo}YiweOiM>)?#8iVP0U{R{$vPW|ExIDi0G4sN@H9gm<&Nf@9Kp$(;SYNw@| zn!9odW$YHeZ8#X<{*5QAo1i+s z;sU4R%S(8NMm&+%po6I!{}KP3)KsF%61o{>m+?Akhs5+*XTnn)K?%Utf%TY5aQ7a* z?UykJ>Ivx2+7_~BuXx$io0J*J-%bWx(>9M@0RT``9I;}nzqCw^BPjppMb5V5&Q?2~ zKUqn8r!hQ~Y65{s7rhkDkXw8OG?5TN=U@0Em}0d7qO#K3O*5KmY9z*Lj&ZFn1AgNd zpc6@eRs00bgtrTN8Z*vBN>*LR;a{9`Tf52(3oq8hQ4?vu@8jUm00DB986!=PKbX)J z3X>mLs-6CkV15VO%XCcJVz0*qbkl8+Lk})rsDJa!9@A$4)-*AxymjFe-&h+2gpoeK zI?=S7qd!L`MTs|8*$x_TJXgnvt}7$1VrhK%^?ACz0aq1X_m^>q&bn7I5OcbFD~--= zEP9B)l&j{$8gcQg*Xtpkcb+v{I74OFnxNW@bR`Y9n}eQcJ`eg+OV~x~TPfte{53v) z+BCcM6}on8X|fGHh&o()>22^9Z)e4}w4}-|iG94L$!(12h{MtQ?QvpSRmj|+DlTi8 zMcvxj0pkmOF=3^_=Tb-MYZB_@vwJ5WbsbZf^Y;y3L#~Q?;Cv@k;B=N1ZH+b5yxMU4 z1o9+`$=T5%y9BBrL!Ke*%a9Tav_~BWd_M?r=+r@1#BQDh?&+n;;pNPc^y-}XRBX`8 zzLP0CMSD|RJU}@aw7F$t-+3Iq0JoWg*Orq(6cO3DxLf-&<{F#PZ8unDeVZxlB z_j6^lkWNd_*f%Dl_Ls-##|Uw$GaluPfrt5re1Tq~?B?a+*c*L|+{#lx$?A#_J0sBC zeE-+A_aB9U7u3>}&W>||$`@aCgM$Y@@9z@-#gOn`1jOuC`IFE55m7f?+x0$0G|Z0- z4W-7)a2Fv|dklnw0Ijma#DsDaRV`c;wdtfnz_@+qUxnS|#^a{GWfdcgCyIOk06Lg& z@xcx65(2e-AaDo;uQt^uhH$q~ITyO^FK@<2akQMfF{slY_Egslh*~``AdP|-O`WX9 z;Y)7SF4$Y7JWDS|FhLLJ$>MTybBvw$fYHQG3FktE(=hqwsQf^0m{PnOAVpN1F^U=J z{Xygw1F`6Ln$Tg^XaLxu%3`9tyIbP$*3U(tBLn6Kf^M;>#N%S@Oj3uho*i5VdWY0P zuAbZjsEdRP%0#9rQB*!l20^Jf5p)9}>~PQDypl8P4+FOmc*tBfbX|2y%JfFYS!-3J zMFiLwN1A)0>Q0gyvPjGC9ZE@zCYM$d6*EFgoZr@EhnD5g#Yn?c3s&(o6wOa1N~!cl z3mR|FNN6}T^*wqt$JKJFtm(CYYwbQi9IXXJQ?)E$DIzE@pX-GfiKGG3IP9M3>NLDM zTFg;CAqaGSft^?7J>OeofT~?~uiBr?FkL(|BG}eWP$Hqv*C|icvCE(+?T6Tz3 zU(}~It7$W_fyW*nN0i-WJw4&dIp*(HnvVP?)_{)9F-xT7hC--X(UXiUVbpV07xY)@ z6M@~$zlNF>+>BO-XO)vY-Jf@XxrX9$btaQ#axtlwdbVa?E5JW#MXvXs61Dc5KcD-m zKe5g_rjEw&@atL=Wkd7R(?_DdHj~Vc7KG^UAY#Q?)|)^&_u)PPU*+aCbm1JtI|v=2LJx?I6^Q=NJGmpovBtg^ysbpR*+&htTkltx8HIG=vHG`zvRt-uZP zx3M@n;3<5=ex_(J@Y#JUvSPSxKoHQ7`b2`PTwEkv5v|^Wd?GN;luy+{pVrGotFv4Y zzSF%NUQAH@D#47y>ZL%X23Mw?utXq|SY?#X#VBV)gbz_~V<6WJv=E;!$-s7^##;Im zT|#9p&2+f z-5Pm|@Zhn7dW=UzR~ic+#cgfr1F<0Z(ZAZ#!;EmswzJj_DUO*BFRD*EWbP8th(8<} zdiNkfKCY$^OWP&&ajbh&i}aky(`mC^2fPOa&BWDYpyRcp_N((mw{ z#tmku7wf2oN5!>1p5N_yC+Vjd*J+cC|3Wb!RgoISr z&vvj{ZrQ`H#?3z-hs;K(Mi#24)XU|m-`(D-EzV}4++p=Ij`Bz@VcpPiIKQ_#H|HPP zUe7Gqii`r?$@=xA@ex}BW*#qdQW#9=X-(B;?!!v}Me`+iw)b2?nQIaz;=Boy)vrBFDWb|na zM3YtK1U%G!%6OoZ9m$}=q9^kyvz%!kecLAm{~v%{5QH2m+YV%-(tb;jR4IhoPyVOq zd8t%we+h#=M$lr0mAMhdXH#pb8~u(6FfBAPll^Nx@yTjXd>!fWa2UITqfRu{ghTd4 z-1F@z9~Og7$E1vpPgr05M_Bl$UOf8ZlSPFqGsCgC|wFdksD1tH+tz`*3c zAr!|c6rPMB;1<)g)f|T2nx2R9wa`t?jg_SFxg@K(<6{?f8Cjyb$FlmvBd_1 z92kf-PdjZ?6P7vJ4+lyxgb3pc{@I~KncNUq zvzw8@4o}9%kzVVwjy;$rU&VIKrJgfNh!eK-;LWE3p0ExOlyvYdGa5hobjR#R4X~%P z(x@jC6u_~ECIgOjv5@IK(7gDJL?tXNs9IUW3(@|yZX>$7%418qYu*DyDPKJSmt8-9e`cS;S2$xX@RxMhJtTMBEdN*8RLD*v7qC6rD$@t-4U(+Xp=wIF4N{ znT|Y-rGUPgLwCA1xSajdF5p-qe=i$@UsO~^(PgX+BiP&Ss&2g_1Zkr;nMC`EHe%kY zRL;av6oC0N2E zl$69~DipQq&Q6Tdawz2a_!qLVgfuydCB0TSZ`-Jz^8CC?=2ThavK%utHT-!)=#7#( z7Jnw9zp@KbuS*iFdroz3T>ggAZ%f(ylf;XC4fp-lyc@dQQi`~3shub6V_2zzf zMn*C8Ch2m2xODpOv-*oR`8VS4 zL${(yWRsfhJ0c1UYx$JA){kRJj5OR2VVba4yyqQ4wqIac4Qwf+OVaoJzy2an0+v9e ziFGr-Hx#yW8Iy_vnBLmOqL+)WCSLq1^D`X?fA zd4efNn2s6tm8nU;4teu;>#DsY^jlCg=bO_xT>-IE*YXpo2NTAQSKyI_SA%rhbsYEA zu?VJ1Jhm@R(S*8j%4{a?2KK`mJcAzZp#-xY{~Y+HNiYQS@iRa|Q(RMff^?XVR)qgY z7_~=-2`G8^G4=uF>-i9H4)cq915V^dfdJ?cWWaBIpj%~A_RYW5m*^su4hBGA?~3gs z1hU=h?#}-e>i&;?r~iLp|G!u9-*p22dq@7WEBfEM__r?pr33yyy5;|E7yq`4f7`|X zVd?PS$-#eKgZWoosR>h@1f;Haxa1$AwLHk{8- zlTD925!3v|ighmj?Q{Cak zGyFfSwLlpI+q1TMQ}be*tv<00eVo6`KR>PdJU=NR;?k z3f*pqKQ5cgvuzhPCr5WZ3vtSE)CU4ir|;0q3AtY!(s@El)daR{w#53@_Z=W^17SqO z#Kig;{3r6et1n*N&$0r!Y+~Ed=@A3pt7u_=6JU)rsw>t{RchHs>LSLC>__~1HG&&B zqY*b`c^SKF7e+hkKOM1EZ(H9ty4=YO?_4gh^YcGk*52Qq>*+y*mz_F(+A+PPpc|tc zp{<%4oTd<(XucHR?eihPFFadm9~ZWTEV*U&sa6M3-M+360&LGOxlsEVZdD4L)g+d ziHeU?4@}nVO})2K9MIs(ai8BUV{@Xyzr&LtS%AYRdIlaj;@zZ<$ejk1ND9ymMr6?8 zm2ercSV-mrFZ4mUD=&WG5N_@e-AvNa`jfNQOf2-5=nGhSUkaUd@XcCm=H)5RNMeI) z221bzA&o(1;YSq67=JkzZyIy<^YKl5hN^^y4fnKQX>&)3bt`)7v-WmBI(RCwQY9U|E)(ahXEFG(Y;IyVz5wkX{_3J>_lOr?Ku)8< zw=`C26^*vc%$D}qKzW28IkK7Ut-u+~zCJo66Z3)^4{kisvOC+~ZmIQ3wFbrcQG^$| z^e5wpYxsrf)%9Z`yi=D>1@GM00xcN}Cv`@5JX@-t`Dw=e4t4iKRyT9zvERghr3*Rr zorsc*&?edy`cYSXPG_zU+)b@Yw90=S7JsgOghPK#95n$vs0k}zX|K#s&wmsw*8G}Kz##+< zu_ohJT_q3y&%0y(71saP_b&fSCJ7LMp`q7A;MMiatG|ihqxWA}QYxUe`y{Aq`GbZ`R6^${}(Iye>lY6lpS2a>9=A8$FX4z&@98ZzOpn87>aoI zXPu#66N8g~NP%X7v#pBE%uJ9glgFO;9RH7HYgt!xfNWfqG&KmEy8L0`=1qY z9sv_s19t;MkpM*qT<-*0oKAt(^gJSH09g6yH8asn1SRFpAVB2eT?;v1qfW_By=&T^ zqd0jm<-y6XA;MK+z1~+nr!!N|Fv5<>>u+iD!;4JSJ$fMzQovl;o^8wZ>W#npkX?J?0%qK7*^=9hj2H*zp4z3jtbC^fH7VC-t_XS#9tC5EW{exukA z7fJNM-^MruF5ouDxa>JMMq zFW=6O?L=wOSdF+2y`)EMYWIO^#^%oqfPJ5nq~b@_pn03PoHwKgd7UqMwXsAgO^c-5 z&+#<>(832(%}i5{usT{EY$G?7QzPx7kZb=5s%-ZUbsSp-eg+! z{#r!E<`)ZJ1ITUL6gTLe_71{EdKtiv6G$)`B`(CGvv>6<+IXw2e!K+A3P5WtR%LO1 z-&rmvd;PL$JvXpc?1R|t{WvJ|$TW(KAfe)Yh7Gz1L!pbcWLt&d<*#N-HScRXpngxR z?N@EroNMt=wg>12^(=rE4=@P@WPLGIf9L2n>WfIZ`kAYl^=F3jHwEv}dG~kGsifWG zwK1?qMQ~48^p1h}xLH*VP9Upos@A$RvB}D(`B0QZ$pC>_4>5%T)-a|d7pythVBhU2 zPc%Nc*N#!nH$+Ly_U%=MH`4T4BS2mRAnln!#*&SoF#%{*-?mXgyXE~^dSy$Nf7#^W2i>_nY=RZse?(9i5bCgi)8w&dz$Qv6M_t%o<&6JlJSv zWbO@qj&_CmFZcFF@=M_n_(~&+GP<5>)`2sgN#Hcc z4mJph8wXFt!z${{!^Ex_iS(b7-%f!&@7``1}PZ6&TZ^)H(;uM))v!#8yu>UrujoR(E+~lnx9@I6}b;^qs$1 zo0SJXH{us4)FTxQxIk=;Gz*pPngxfDg@UE2_|w6-V5E=BmA~}7b#{N9xF`3UxOsZJ zl|XEz*;Ni!mbTzW6#>;y(7lv>@#|F~2TP6dupj~`b6~@Bk2obj8Ow`vrx@K=+BD{1 zBhic=n8mS(|9giZFf+E0P(TU6RPI$XGa9S&`A`lXQt*Xdj3qQ+r+30HH&;~5jL@|* zQ4EAu@aOP-I+z31R;VU-Q}_4$l&ZTQ+I-5PnkN-OOY)ThoQUGd6UEPzJ23J%HM0=f z!iUR+_ju`Ip!vMdE>zaM$$$a}0hTAY%|MSj=uv^4sD=&UHxcwrZ*54SMb*<)^UTZ~ zBQ=GCQa}mBQ_>Ut&S}a7ZAp)AE9O*;P~r4`0Dx1S!mygDoOr7!mgOZ}r01@J_QF@O zP1RiB@>h_xkvlMHxHLt}9g%9z@=j(UR0}^))3dGsOS6Bd3I^ZPfM&q|Qr<*X*!0Vz z7Mj4%fQIk?3@(hAVFxO;VIU?@AdKbdFoe(o!Rz{<2OWmhOc<0QM{->^`)M6Y3RU2B zIU>{)MsZdMy#L2Ei}N&1#^-kPKfT(KODlBL&_10#DJ-{TGF#Er73Zs1Ih~82!EVcz6??q Zo)Y-k46F5#N5BU-5+bs~#qU3Q|6e1lPLu!u literal 0 HcmV?d00001 From 5a0168c493a6097ffe388f90dec57ffcd6b45b26 Mon Sep 17 00:00:00 2001 From: Rei Ikei <39797543+Rei-Ikei@users.noreply.github.com> Date: Tue, 19 Jun 2018 13:56:51 +0900 Subject: [PATCH 252/319] WSUS URL shoud be " " but not "". In gpedit.msc, WSUS URL cannot be set as "" because it raises error. So it should be set as " " (space). --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index a948b817ad..45a8d78f26 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1974,7 +1974,7 @@ You can turn off Windows Update by setting the following registry entries: -and- -- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Specify intranet Microsoft update service location** and set the **Set the alternate download server** to "". +- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Specify intranet Microsoft update service location** and set the **Set the alternate download server** to " ". You can turn off automatic updates by doing one of the following. This is not recommended. From 0caba8706de6f6619cf9c3f600b25ad9f7460a54 Mon Sep 17 00:00:00 2001 From: John Rajunas Date: Tue, 19 Jun 2018 11:27:29 -0400 Subject: [PATCH 253/319] Spelling correction Corrected spelling error --- store-for-business/distribute-apps-from-your-private-store.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store-for-business/distribute-apps-from-your-private-store.md b/store-for-business/distribute-apps-from-your-private-store.md index 468df4a05e..9f74c6acdd 100644 --- a/store-for-business/distribute-apps-from-your-private-store.md +++ b/store-for-business/distribute-apps-from-your-private-store.md @@ -21,7 +21,7 @@ ms.date: 3/19/2018 - Windows 10 - Windows 10 Mobile -The private store is a feature in Microsoft Store for Business and Education that organizations receive during the signup process. When admins add apps to the private store, all employees in the organization can view and download the apps. Your private store is available as a tab in Micrsoft Store app, and is usually named for your company or organization. Only apps with online licenses can be added to the private store. +The private store is a feature in Microsoft Store for Business and Education that organizations receive during the signup process. When admins add apps to the private store, all employees in the organization can view and download the apps. Your private store is available as a tab in Microsoft Store app, and is usually named for your company or organization. Only apps with online licenses can be added to the private store. You can make an app available in your private store when you acquire the app, or you can do it later from your inventory. Once the app is in your private store, employees can claim and install the app. From 17f5e80909c661e0e7d7b410bff893422de9adfa Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 19 Jun 2018 08:38:10 -0700 Subject: [PATCH 254/319] revised description for value 5 --- .../trusted-platform-module-services-group-policy-settings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md index bcb246ccb6..fe5000ea4f 100644 --- a/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md +++ b/windows/security/hardware-protection/tpm/trusted-platform-module-services-group-policy-settings.md @@ -88,6 +88,7 @@ The following table shows the TPM owner authorization values in the registry. | 2 | Delegated | | 4 | Full | +A value of 5 means discard the **Full** TPM owner authorization for TPM 1.2 but keep it for TPM 2.0.   If you enable this policy setting, the Windows operating system will store the TPM owner authorization in the registry of the local computer according to the TPM authentication setting you choose. From 13dbad1def56cfb3e11c87dd448fa8a1fe2b20f4 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 19 Jun 2018 08:59:20 -0700 Subject: [PATCH 255/319] revised steps --- .../create-wip-policy-using-intune.md | 24 +++++++------------ 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md index 9a4ff4b1c4..2200e5ac5c 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md @@ -193,18 +193,16 @@ In this example, you'd get the following info: Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the publisher name to enter in the **Publisher Name** box. ### Add an AppLocker policy file -Now we’re going to add an AppLocker XML file to the **App Rules** list. You’ll use this option if you want to add multiple apps at the same time. The first example shows how to create a Publisher rule for packaged apps. The second example shows how to create a Path rule for unsigned apps. For more info, see [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview). +Now we’re going to add an AppLocker XML file to the **App Rules** list. You’ll use this option if you want to add multiple apps at the same time. The first example shows how to create a Packaged App rule for Store apps. The second example shows how to create an Executable rule by using a path for unsigned apps. For more info, see [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview). -**To create a Publisher rule and xml file for packaged apps using the AppLocker tool** +**To create a Packaged App rule rule and xml file** 1. Open the Local Security Policy snap-in (SecPol.msc). -2. In the left pane, expand **Application Control Policies**, expand **AppLocker**, and then click **Packaged App Rules**. +2. In the left pane, click **Application Control Policies** > **AppLocker** > **Packaged App Rules**. ![Local security snap-in, showing the Packaged app Rules](images/intune-local-security-snapin.png) -3. Right-click in the right-hand pane, and then click **Create New Rule**. - - The **Create Packaged app Rules** wizard appears. +3. Right-click **Packaged App Rules** > **Create New Rule**. 4. On the **Before You Begin** page, click **Next**. @@ -262,15 +260,15 @@ Now we’re going to add an AppLocker XML file to the **App Rules** list. You’ ``` 12. After you’ve created your XML file, you need to import it by using Microsoft Intune. -**To create a Path rule and xml file for unsigned apps using the AppLocker tool** +**To create an Executable rule and xml file for unsigned apps** 1. Open the Local Security Policy snap-in (SecPol.msc). -2. In the left pane, expand **Application Control Policies**, expand **AppLocker**, and then click **Executable Rules**. +2. In the left pane, click **Application Control Policies** > **AppLocker** > **Executable Rules**. + +3. Right-click **Executable Rules** > **Create New Rule**. ![Local security snap-in, showing the Executable Rules](images/create-new-path-rule.png) -3. Right-click in the right-hand pane, and then click **Create New Rule**. - 4. On the **Before You Begin** page, click **Next**. 5. On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then click **Next**. @@ -287,11 +285,7 @@ Now we’re going to add an AppLocker XML file to the **App Rules** list. You’ 9. On the **Name** page, type a name and description for the rule and then click **Create**. -10. In the left pane, right-click on **AppLocker**, and then click **Export policy**. - - The **Export policy** box opens, letting you export and save your new policy as XML. - - ![Local security snap-in, showing the Export Policy option](images/intune-local-security-export.png) +10. In the left pane, right-click **AppLocker** > **Export policy**. 11. In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then click **Save**. From 437992edcf4381bebaaf0cca5a5c19c4f3b1e660 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Tue, 19 Jun 2018 17:00:19 +0000 Subject: [PATCH 256/319] Merged PR 9171: Add new GP to remove Recently Added from Start --- .../configuration/change-history-for-configure-windows-10.md | 3 ++- .../windows-10-start-layout-options-and-policies.md | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md index 8b3d74ac3b..7318dd20c3 100644 --- a/windows/configuration/change-history-for-configure-windows-10.md +++ b/windows/configuration/change-history-for-configure-windows-10.md @@ -10,7 +10,7 @@ ms.localizationpriority: high author: jdeckerms ms.author: jdecker ms.topic: article -ms.date: 06/05/2018 +ms.date: 06/19/2018 --- # Change history for Configure Windows 10 @@ -22,6 +22,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md) New or changed topic | Description --- | --- [Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education](setup-kiosk-digital-signage.md) and [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) | Updated instructions for using Microsoft Intune to configure a kiosk. +[Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) | Added new Group Policy to remove "Recently added" list from Start menu. ## May 2018 diff --git a/windows/configuration/windows-10-start-layout-options-and-policies.md b/windows/configuration/windows-10-start-layout-options-and-policies.md index 82f903e308..7d57203710 100644 --- a/windows/configuration/windows-10-start-layout-options-and-policies.md +++ b/windows/configuration/windows-10-start-layout-options-and-policies.md @@ -10,7 +10,7 @@ author: jdeckerms ms.author: jdecker ms.topic: article ms.localizationpriority: high -ms.date: 05/24/2018 +ms.date: 06/19/2018 --- # Manage Windows 10 Start and taskbar layout @@ -51,7 +51,7 @@ The following table lists the different parts of Start and any applicable policy | User tile | MDM: **Start/HideUserTile**
    **Start/HideSwitchAccount**
    **Start/HideSignOut**
    **Start/HideLock**
    **Start/HideChangeAccountSettings**

    Group Policy: **Remove Logoff on the Start menu** | none | | Most used | MDM: **Start/HideFrequentlyUsedApps**

    Group Policy: **Remove frequent programs from the Start menu** | **Settings** > **Personalization** > **Start** > **Show most used apps** | | Suggestions
    -and-
    Dynamically inserted app tile | MDM: **Allow Windows Consumer Features**

    Group Policy: **Computer Configuration\Administrative Templates\Windows Components\Cloud Content\Turn off Microsoft consumer experiences**

    **Note:** This policy also enables or disables notifications for a user's Microsoft account and app tiles from Microsoft dynamically inserted in the default Start menu. | **Settings** > **Personalization** > **Start** > **Occasionally show suggestions in Start** | -| Recently added | MDM: **Start/HideRecentlyAddedApps** | **Settings** > **Personalization** > **Start** > **Show recently added apps** | +| Recently added | MDM: **Start/HideRecentlyAddedApps**
    Group Policy: **Computer configuration**\\**Administrative Template**\\**Start Menu and Taskbar**\\**Remove "Recently Added" list from Start Menu** (for Windows 10, version 1803) | **Settings** > **Personalization** > **Start** > **Show recently added apps** | | Pinned folders | MDM: **AllowPinnedFolder** | **Settings** > **Personalization** > **Start** > **Choose which folders appear on Start** | | Power | MDM: **Start/HidePowerButton**
    **Start/HideHibernate**
    **Start/HideRestart**
    **Start/HideShutDown**
    **Start/HideSleep**

    Group Policy: **Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands** | none | | Start layout | MDM: **Start layout**
    **ImportEdgeAssets**

    Group Policy: **Prevent users from customizing their Start screen**

    **Note:** When a full Start screen layout is imported with Group Policy or MDM, the users cannot pin, unpin, or uninstall apps from the Start screen. Users can view and open all apps in the **All Apps** view, but they cannot pin any apps to the Start screen. When a partial Start screen layout is imported, users cannot change the tile groups applied by the partial layout, but can modify other tile groups and create their own.

    **Start layout** policy can be used to pin apps to the taskbar based on an XML File that you provide. Users will be able to change the order of pinned apps, unpin apps, and pin additional apps to the taskbar. | none | From 430c8f349179c0e7d42fd27993e51027945d1ac8 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 19 Jun 2018 10:24:50 -0700 Subject: [PATCH 257/319] onboarding page update --- ...tifications-windows-defender-advanced-threat-protection.md | 4 +--- ...d-configure-windows-defender-advanced-threat-protection.md | 4 ++-- ...s-dashboard-windows-defender-advanced-threat-protection.md | 2 +- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md index 38e33a95da..a3611df82a 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -50,9 +50,7 @@ You can create rules that determine the machines and alert severities to send em 2. Click **Add notification rule**. 3. Specify the General information: - - **Rule name** - Specify a name for the notification rule. - - **Show customer display name** - Specify the customer name that appears on the email notification. - - **Include a deeplink** - Adds a link with the tenant ID to allow access to a specific tenant. + - **Rule name** - **Machines** - Choose whether to notify recipients for alerts on all machines (Global administrator role only) or on selected machine groups. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md). - **Alert severity** - Choose the alert severity level diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md index 56ecea1dca..5f43d024b3 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 04/24/2018 +ms.date: 06/19/2018 --- # Onboard machines to the Windows Defender ATP service @@ -76,7 +76,7 @@ The hardware requirements for Windows Defender ATP on machines is the same as th >[!NOTE] >You'll need to know the exact Linux distros and macOS X versions that are compatible with Windows Defender ATP for the integration to work. -- macOSX +- macOS X - Linux diff --git a/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md index d3740aa25f..9414dd6e89 100644 --- a/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md @@ -114,7 +114,7 @@ This tile shows statistics related to automated investigations in the last 30 da ![Image of automated investigations statistics](images/atp-automated-investigations-statistics.png) -You can click on **Automated investigations**, **Remidated investigations**, and **Alerts investigated** to navigate to the **Invesgations** page, filtered by the appropriate category. This lets you see a detailed breakdown of investigations in context. +You can click on **Automated investigations**, **Remidated investigations**, and **Alerts investigated** to navigate to the **Investigations** page, filtered by the appropriate category. This lets you see a detailed breakdown of investigations in context. ## Users at risk The tile shows you a list of user accounts with the most active alerts and the number of alerts seen on high, medium, or low alerts. From b0a003d6a30e6ca4ffd10f1756227babf0a89787 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 19 Jun 2018 10:30:38 -0700 Subject: [PATCH 258/319] More revision --- ...eive-updates-from-the-publishing-server.md | 20 +++---- .../appv-connect-to-the-management-console.md | 18 +++--- .../app-v/appv-connection-group-file.md | 56 ++++++++----------- 3 files changed, 42 insertions(+), 52 deletions(-) diff --git a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md index 5bcb8ed847..13d0075821 100644 --- a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md +++ b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md @@ -1,6 +1,6 @@ --- -title: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server (Windows 10) -description: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server +title: How to configure the client to receive package and connection groups updates from the publishing server (Windows 10) +description: How to configure the client to receive package and connection groups updates from the publishing server. author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy @@ -8,7 +8,7 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- -# How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server +# How to configure the client to receive package and connection groups updates from the publishing server >Applies to: Windows 10, version 1607 @@ -17,25 +17,25 @@ The App-V publishing server's single-point management and high scalability lets This article will tell you how to configure the App-V client to receive updates from the publishing server. >[!NOTE] ->The following example has the management server installed on a computer named **MyMgmtSrv**, and the publishing server installed on a computer named **MyPubSrv**. If the computers you'll be configuring the App-V client on have different names, please replace the example's names with your computer's names. +>The following example has the management server installed on a computer named **MyMgmtSrv**, and the publishing server installed on a computer named **MyPubSrv**. If the computers you'll be configuring the App-V client on have different names, you should replace the example's names with your computer's names. ## Configure the App-V client to receive updates from the publishing server 1. Deploy the App-V management and publishing servers, and add the required packages and connection groups. For more information about adding packages and connection groups, see [How to add or upgrade packages by using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md) and [How to create a connection group](appv-create-a-connection-group.md). -2. To open the management console click the following link, open a browser and type the following: http://MyMgmtSrv/AppvManagement/Console.html in a web browser, and import, publish, and entitle all the packages and connection groups which will be necessary for a particular set of users. +2. To open the management console, open a web browser and enter the following URL: . Import, publish, and entitle all packages and connection groups that your users will need. 3. On the computer running the App-V client, open an elevated Windows PowerShell command prompt, and run the following command: ```PowerShell - Add-AppvPublishingServer -Name ABC -URL http://MyPubSrv/AppvPublishing + Add-AppvPublishingServer -Name ABC -URL https://MyPubSrv/AppvPublishing ``` This command will configure the specified publishing server. You should see output similar to the following: - ``` + ```PowerShell Id                        : 1 SetByGroupPolicy          : False Name                      : ABC - URL                       : http:// MyPubSrv/AppvPublishing + URL                       : https://MyPubSrv/AppvPublishing GlobalRefreshEnabled      : False GlobalRefreshOnLogon      : False GlobalRefreshInterval     : 0 @@ -46,13 +46,13 @@ This article will tell you how to configure the App-V client to receive updates UserRefreshIntervalUnit   : Day ``` -4. On the computer running the App-V client, open a Windows PowerShell command prompt, and type the following command: +4. On the computer running the App-V client, open a Windows PowerShell command prompt and enter the following cmdlet: ```PowerShell Sync-AppvPublishingServer -ServerId 1 ``` - The command will query the publishing server for the packages and connection groups that need to be added or removed for this particular client based on the entitlements for the packages and connection groups as configured on the management server. + This cmdlet will query the publishing server for which packages and connection groups need to be added or removed for this particular client based on your configured entitlements for the packages and connection groups on the management server. ## Have a suggestion for App-V? diff --git a/windows/application-management/app-v/appv-connect-to-the-management-console.md b/windows/application-management/app-v/appv-connect-to-the-management-console.md index 4da1633e90..cf1a7c37d5 100644 --- a/windows/application-management/app-v/appv-connect-to-the-management-console.md +++ b/windows/application-management/app-v/appv-connect-to-the-management-console.md @@ -1,6 +1,6 @@ --- -title: How to Connect to the Management Console (Windows 10) -description: How to Connect to the Management Console +title: How to connect to the Management Console (Windows 10) +description: How to Connect to the App-V Management Console. author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy @@ -8,23 +8,21 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- +# How to connect to the Management Console -# How to Connect to the Management Console - -**Applies to** -- Windows 10, version 1607 +>Applies to: Windows 10, version 1607 Use the following procedure to connect to the App-V Management Console. -**To connect to the App-V Management Console** +## Connect to the App-V Management Console -1. Open Internet Explorer browser and type the address for the App-V Management server. For example, **https://\<_management server name_\>:\<_management service port number_\>/console.html**. +1. Open your web browser and enter the address for the App-V Management server. For example, **https://\<_management server name_\>:\<_management service port number_\>/console.html**. -2. To view different sections of the console, click the desired section in the navigation pane. +2. To view different sections of the console, click the desired section in the navigation pane. ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics diff --git a/windows/application-management/app-v/appv-connection-group-file.md b/windows/application-management/app-v/appv-connection-group-file.md index 2c0d1e7208..5a03163b1b 100644 --- a/windows/application-management/app-v/appv-connection-group-file.md +++ b/windows/application-management/app-v/appv-connection-group-file.md @@ -8,24 +8,21 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- +# About the connection group file +>Applies to: Windows 10, version 1607 -# About the Connection Group File +## Connection group file overview -**Applies to** -- Windows 10, version 1607 +### What is a connection group? -**In this topic:** +A connection group is an App-V feature that can group packages together to create a virtual environment where applications within that package group can interact with each other. -- [Connection group file purpose and location](#bkmk-cg-purpose-loc) +For example, let's say you want to use plug-ins with Microsoft Office. You can create one package that contains the plug-ins and another package that contains Office, then add both packages to a connection group to enable Office to use those plug-ins. -- [Structure of the connection group XML file](#bkmk-define-cg-5-0sp3) +### How a connection group file works -- [Configuring the priority of packages in a connection group](#bkmk-config-pkg-priority-incg) - -- [Supported virtual application connection configurations](#bkmk-va-conn-configs) - -##     Connection group file purpose and location +When you apply an App-V connection group file, the packages that are enumerated in the file will be combined at runtime into a single virtual environment. Use the Microsoft Application Virtualization (App-V) connection group file to configure existing App-V connection groups. @@ -50,23 +47,20 @@ ms.date: 04/19/2017
    -  +## Structure of the connection group XML file -## Structure of the connection group XML file - - -**In this section:** - -- [Parameters that define the connection group](#bkmk-params-define-cg) - -- [Parameters that define the packages in the connection group](#bkmk-params-define-pkgs-incg) - -- [App-V example connection group XML file](#bkmk-50sp3-exp-cg-xml) - -### Parameters that define the connection group +### Parameters that define the connection group The following table describes the parameters in the XML file that define the connection group itself, not the packages. +|Field|Description| +|-----|-----------| +|Schema name|Name of the schema.
    If you want to use the “optional packages” and “use any version” features that are described in this table, you must specify the following schema in the XML file:
    `xmlns="https://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup"`| +|AppConnectionGroupId|Unique GUID identifier for this connection group. The connection group state is associated with this identifier. Specify this identifier only when you create the connection group.
    You can create a new GUID by entering **[Guid]::NewGuid()**.| +|VersionId|Version GUID identifier for this version of the connection group.
    When you update a connection group (for example, by adding or updating a new package), you must update the version GUID to reflect the new version.| +|DisplayName|Display name of the connection group.| +|Priority|Optional priority field for the connection group.
    A value of **0** indicates the highest priority.
    If a priority is required, but has not been configured, the package will fail because the correct connection group to use cannot be determined.| + @@ -108,9 +102,7 @@ The following table describes the parameters in the XML file that define the con
    -  - -### Parameters that define the packages in the connection group +### Parameters that define the packages in the connection group In the <Packages> section of the connection group XML file, you list the member packages in the connection group by specifying each package’s unique package identifier and version identifier, as described in the following table. The first package in the list has the highest precedence. @@ -149,7 +141,7 @@ In the <Packages> section of the connection group XML file, you list the m   -### App-V example connection group XML file +### App-V example connection group XML file The following example connection group XML file shows examples of the fields in the previous tables. @@ -176,7 +168,7 @@ xmlns:appv="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiong ``` -## Configuring the priority of packages in a connection group +## Configuring the priority of packages in a connection group Package precedence is configured using the package list order. The first package in the document has the highest precedence. Subsequent packages in the list have descending priority. @@ -202,7 +194,7 @@ If a virtual application is opened using another virtual application the virtual The virtual application Microsoft Outlook is running in virtual environment **XYZ**. When you open an attached Microsoft Word document, a virtualized version Microsoft Word opens in the virtual environment **XYZ**, regardless of the virtualized Microsoft Word’s associated connection groups or runtime priorities. -## Supported virtual application connection configurations +## Supported virtual application connection configurations The following application connection configurations are supported. @@ -261,8 +253,8 @@ The following application connection configurations are supported. ## Have a suggestion for App-V? -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics -[Managing Connection Groups](appv-managing-connection-groups.md) +- [Managing Connection Groups](appv-managing-connection-groups.md) From f782b8aa13a34d2ce1621f1f5ab736c2fb8e1e1b Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Tue, 19 Jun 2018 16:56:54 -0700 Subject: [PATCH 259/319] Finished first pass through of connection group file revision --- .../app-v/appv-connection-group-file.md | 198 ++++-------------- 1 file changed, 40 insertions(+), 158 deletions(-) diff --git a/windows/application-management/app-v/appv-connection-group-file.md b/windows/application-management/app-v/appv-connection-group-file.md index 5a03163b1b..39d95adfca 100644 --- a/windows/application-management/app-v/appv-connection-group-file.md +++ b/windows/application-management/app-v/appv-connection-group-file.md @@ -18,134 +18,45 @@ ms.date: 04/19/2017 A connection group is an App-V feature that can group packages together to create a virtual environment where applications within that package group can interact with each other. -For example, let's say you want to use plug-ins with Microsoft Office. You can create one package that contains the plug-ins and another package that contains Office, then add both packages to a connection group to enable Office to use those plug-ins. +For example, let's say you want to use plug-ins with Microsoft Office. You can create one package that contains the plug-ins and another package that contains Office, and then add both packages to the same connection group to enable Office to use those plug-ins. ### How a connection group file works -When you apply an App-V connection group file, the packages that are enumerated in the file will be combined at runtime into a single virtual environment. Use the Microsoft Application Virtualization (App-V) connection group file to configure existing App-V connection groups. +When you apply an App-V connection group file, all packages specified in the file will be combined at runtime into a single virtual environment. Use the Microsoft Application Virtualization (App-V) connection group file to configure existing App-V connection groups. - - ---- - - - - - - - - - - - - - - -

    Connection group purpose

    A connection group is an App-V feature that enables you to group packages together to create a virtual environment in which the applications in those packages can interact with each other.

    -

    Example: You want to use plug-ins with Microsoft Office. You can create a package that contains the plug-ins, and create another package that contains Office, and then add both packages to a connection group to enable Office to use those plug-ins.

    How the connection group file works

    When you apply an App-V connection group file, the packages that are enumerated in the file will be combined at runtime into a single virtual environment. Use the Microsoft Application Virtualization (App-V) connection group file to configure existing App-V connection groups.

    Example file path

    %APPDATA%\Microsoft\AppV\Client\Catalog\PackageGroups\{6CCC7575-162E-4152-9407-ED411DA138F4}\{4D1E16E1-8EF8-41ED-92D5-8910A8527F96}.

    +An example file path for a package file would be %APPDATA%\Microsoft\AppV\Client\Catalog\PackageGroups\{6CCC7575-162E-4152-9407-ED411DA138F4}\{4D1E16E1-8EF8-41ED-92D5-8910A8527F96}. ## Structure of the connection group XML file +This section will tell you more about the components of the connection group XML file. + ### Parameters that define the connection group The following table describes the parameters in the XML file that define the connection group itself, not the packages. |Field|Description| |-----|-----------| -|Schema name|Name of the schema.
    If you want to use the “optional packages” and “use any version” features that are described in this table, you must specify the following schema in the XML file:
    `xmlns="https://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup"`| +|Schema name|Name of the schema.
    If you want to use the “optional packages” and “use any version” features described in this table, you must specify the following schema in the XML file:
    `xmlns="https://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup"`| |AppConnectionGroupId|Unique GUID identifier for this connection group. The connection group state is associated with this identifier. Specify this identifier only when you create the connection group.
    You can create a new GUID by entering **[Guid]::NewGuid()**.| |VersionId|Version GUID identifier for this version of the connection group.
    When you update a connection group (for example, by adding or updating a new package), you must update the version GUID to reflect the new version.| |DisplayName|Display name of the connection group.| -|Priority|Optional priority field for the connection group.
    A value of **0** indicates the highest priority.
    If a priority is required, but has not been configured, the package will fail because the correct connection group to use cannot be determined.| - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription

    Schema name

    Name of the schema.

    -

    If you want to use the “optional packages” and “use any version” features that are described in this table, you must specify the following schema in the XML file:

    -

    xmlns="https://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup"

    AppConnectionGroupId

    Unique GUID identifier for this connection group. The connection group state is associated with this identifier. Specify this identifier only when you create the connection group.

    -

    You can create a new GUID by typing: [Guid]::NewGuid().

    VersionId

    Version GUID identifier for this version of the connection group.

    -

    When you update a connection group (for example, by adding or updating a new package), you must update the version GUID to reflect the new version.

    DisplayName

    Display name of the connection group.

    Priority

    Optional priority field for the connection group.

    -

    “0” - indicates the highest priority.

    -

    If a priority is required, but has not been configured, the package will fail because the correct connection group to use cannot be determined.

    +|Priority|Optional priority field for the connection group.
    A value of **0** indicates the highest priority.
    If a priority is required but has not been configured, the package will fail because it can't determine the correct connection group to use.| ### Parameters that define the packages in the connection group In the <Packages> section of the connection group XML file, you list the member packages in the connection group by specifying each package’s unique package identifier and version identifier, as described in the following table. The first package in the list has the highest precedence. - ---- - - - - - - - - - - - - - - - - - - - - -
    FieldDescription

    PackageId

    Unique GUID identifier for this package. This GUID doesn’t change when newer versions of the package are published.

    VersionId

    Unique GUID identifier for the version of the package.

    -

    If you specify “*” for the package version, the GUID of the latest available package version is dynamically inserted.

    IsOptional

    Parameter that enables you to make a package optional within the connection group. Valid entries are:

    -
      -

    • “true” – package is optional in the connection group

      • -

    • “false” – package is required in the connection group

      • -
    -
    - -  +|Field|Description| +|---|---| +|PackageId|Unique GUID identifier for this package. This GUID doesn’t change when newer versions of the package are published.| +|VersionId|Unique GUID identifier for the version of the package.
    If you specify “*” for the package version, the GUID of the latest available package version is dynamically inserted.| +|IsOptional|Parameter that enables you to make a package optional within the connection group. Valid entries are:
    - “**true**”—package is optional in the connection group
    - “**false**”—package is required in the connection group| ### App-V example connection group XML file -The following example connection group XML file shows examples of the fields in the previous tables. +The following example connection group XML file shows examples of the fields listed in the previous tables. -``` +```XML + /> - - - - - Example - Example description - - - - -

    Virtual application connection group for the financial division

    -
      -

    • Middleware application 1

      • -

    • Middleware application 2

      • -

    • Middleware application 3

      • -

    • Middleware application runtime

      • -
    - - -

    Virtual application connection group for HR division

    -
      -

    • Middleware application 5

      • -

    • Middleware application 6

      • -

    • Middleware application runtime

      • -
    - - - + |Example|Example description| + |---|---| + |Virtual application connection group for the financial division|- Middleware application 1
    - Middleware application 2
    - Middleware application 3
    - Middleware application runtime| + |Virtual application connection group for HR division|- Middleware application 5
    - Middleware application 6
    - Middleware application runtime| -- **An. exe file and an .exe file**. You might have an application that relies on another application, and you want to keep the packages separate for operational efficiencies, licensing restrictions, or rollout timelines. +- **An. exe file and an .exe file**. This is for cases where you have an application that relies on another application, but you want to keep the packages separate for operational efficiencies, licensing restrictions, or rollout timelines. For example, if you are deploying Microsoft Lync 2010, you can use three packages: - - Microsoft Office 2010 + + - Microsoft Office 2010 - Microsoft Communicator 2007 - - Microsoft Lync 2010

    - - You can manage the deployment using the following connection groups: + - Microsoft Lync 2010 + + You can manage the deployment with the following connection groups: + - Microsoft Office 2010 and Microsoft Communicator 2007 - - Microsoft Office 2010 and Microsoft Lync 2010

    - - When the deployment has completed, you can either create a single new Microsoft Office 2010 + Microsoft Lync 2010 package, or keep and maintain them as separate packages and deploy them by using a connection group. + - Microsoft Office 2010 and Microsoft Lync 2010 + + After deployment, you can either create a single new Microsoft Office 2010 + Microsoft Lync 2010 package or keep and maintain them as separate packages and deploy them with a connection group. ## Have a suggestion for App-V? @@ -257,4 +139,4 @@ Add or vote on suggestions on the [Application Virtualization feedback site](htt ## Related topics -- [Managing Connection Groups](appv-managing-connection-groups.md) +- [Managing connection groups](appv-managing-connection-groups.md) From 812997febf859a85e8c0aa052dc2e7e1601311df Mon Sep 17 00:00:00 2001 From: Marcelo di Iorio Date: Wed, 20 Jun 2018 09:55:22 +0200 Subject: [PATCH 260/319] Update hello-hybrid-key-new-install.md --- .../hello-for-business/hello-hybrid-key-new-install.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index 52ec97995f..b0e2b64273 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -80,7 +80,7 @@ If you do not have an existing public key infrastructure, please review [Certifi ### Section Review ### > [!div class="checklist"] -> * Miniumum Windows Server 2012 Certificate Authority. +> * Minimum Windows Server 2012 Certificate Authority. > * Enterprise Certificate Authority. > * Functioning public key infrastructure. > * Root certifcate authority certificate (Azure AD Joined devices). From 50302df4212ab5771d766622859c8158cf151ae7 Mon Sep 17 00:00:00 2001 From: Marcelo di Iorio Date: Wed, 20 Jun 2018 10:25:03 +0200 Subject: [PATCH 261/319] Update hello-hybrid-key-new-install.md --- .../hello-for-business/hello-hybrid-key-new-install.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index 52ec97995f..ebfad0ea04 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -84,7 +84,7 @@ If you do not have an existing public key infrastructure, please review [Certifi > * Enterprise Certificate Authority. > * Functioning public key infrastructure. > * Root certifcate authority certificate (Azure AD Joined devices). -> * Highly availalbe certificate revoication list (Azure AD Joined devices). +> * Highly available certificate revocation list (Azure AD Joined devices). ## Azure Active Directory ## You’ve prepared your Active Directory. Hybrid Windows Hello for Business deployment needs Azure Active Directory to host your cloud-based identities. From fd7544a18485a4dc2a72d043492ea4b0f3cff638 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Wed, 20 Jun 2018 20:47:36 +0000 Subject: [PATCH 262/319] Merged PR 9241: Updated advanced hunting reference to include 2 new columns in schema Updated advanced-hunting-reference-windows-defender-advanced-threat-protection.md --- ...ing-reference-windows-defender-advanced-threat-protection.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md index 50820acbc3..30000c1346 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md @@ -67,6 +67,7 @@ To effectively build queries that span multiple tables, you need to understand t | IsAzureADJoined | boolean | Boolean indicator of whether machine is joined to the Azure Active Directory | | LocalIP | string | IP address assigned to the local machine used during communication | | LocalPort | int | TCP port on the local machine used during communication | +| LogonId | string | Identifier for a logon session. This identifier is unique on the same machine only between restarts. | | LoggedOnUsers | string | List of all users that are logged on the machine at the time of the event in JSON array format | | LogonType | string | Type of logon session, specifically:

    - **Interactive** - User physically interacts with the machine using the local keyboard and screen

    - **Remote interactive (RDP) logons** - User interacts with the machine remotely using Remote Desktop, Terminal Services, Remote Assistance, or other RDP clients

    - **Network** - Session initiated when the machine is accessed using PsExec or when shared resources on the machine, such as printers and shared folders, are accessed

    - **Batch** - Session initiated by scheduled tasks

    - **Service** - Session initiated by services as they start
    | MachineGroup | string | Machine group of the machine. This group is used by role-based access control to determine access to the machine. | @@ -86,6 +87,7 @@ To effectively build queries that span multiple tables, you need to understand t | ProcessIntegrityLevel | string | Integrity level of the newly created process. Windows assigns integrity levels to processes based on certain characteristics, such as if they were launched from an internet downloaded. These integrity levels influence permissions to resources. | | ProcessTokenElevation | string | Token type indicating the presence or absence of User Access Control (UAC) privilege elevation applied to the newly created process | | ProviderId | string | Unique identifier for the Event Tracing for Windows (ETW) provider that collected the event log | +| PublicIP | string | Public IP address used by the onboarded machine to connect to the Windows Defender ATP service. This could be the IP address of the machine itself, a NAT device, or a proxy. | | RegistryKey | string | Registry key that the recorded action was applied to | | RegistryValueData | string | Data of the registry value that the recorded action was applied to | | RegistryValueName | string | Name of the registry value that the recorded action was applied to | From cd4987cb9bd43f8578a32ec8b3ff1ac0b96ec9d1 Mon Sep 17 00:00:00 2001 From: Liza Poggemeyer Date: Wed, 20 Jun 2018 22:26:55 +0000 Subject: [PATCH 263/319] Merged PR 9244: Changed loc priorities set at low to medium for MT Changed loc priorities set at low to medium for MT. This enables the loc team to localize ALL content to a minimum standard. No text changes to any articles. --- .../activex-installation-using-group-policy.md | 2 +- .../ie11-deploy-guide/add-employees-enterprise-mode-portal.md | 2 +- ...-list-using-the-version-1-schema-and-enterprise-mode-tool.md | 2 +- ...-list-using-the-version-2-schema-and-enterprise-mode-tool.md | 2 +- ...e-mode-site-list-using-the-version-1-enterprise-mode-tool.md | 2 +- ...e-mode-site-list-using-the-version-2-enterprise-mode-tool.md | 2 +- .../ie11-deploy-guide/administrative-templates-and-ie11.md | 2 +- .../approve-change-request-enterprise-mode-portal.md | 2 +- .../auto-configuration-and-auto-proxy-problems-with-ie11.md | 2 +- .../ie11-deploy-guide/auto-configuration-settings-for-ie11.md | 2 +- .../ie11-deploy-guide/auto-detect-settings-for-ie11.md | 2 +- .../auto-proxy-configuration-settings-for-ie11.md | 2 +- .../ie11-deploy-guide/blocked-out-of-date-activex-controls.md | 2 +- .../browser-cache-changes-and-roaming-profiles.md | 2 +- .../change-history-for-internet-explorer-11.md | 2 +- .../check-for-new-enterprise-mode-site-list-xml-file.md | 2 +- .../ie11-deploy-guide/choose-how-to-deploy-ie11.md | 2 +- .../ie11-deploy-guide/choose-how-to-install-ie11.md | 2 +- .../collect-data-using-enterprise-site-discovery.md | 2 +- .../configure-settings-enterprise-mode-portal.md | 2 +- .../create-change-request-enterprise-mode-portal.md | 2 +- ...tall-packages-for-multiple-operating-systems-or-languages.md | 2 +- .../ie11-deploy-guide/customize-ie11-install-packages.md | 2 +- ...e-mode-site-list-in-the-enterprise-mode-site-list-manager.md | 2 +- .../deploy-ie11-using-automatic-version-synchronization-avs.md | 2 +- .../deploy-ie11-using-software-distribution-tools.md | 2 +- .../ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md | 2 +- .../ie11-deploy-guide/deprecated-document-modes.md | 2 +- ...ode-site-list-using-the-enterprise-mode-site-list-manager.md | 2 +- ...e-add-ons-using-administrative-templates-and-group-policy.md | 2 +- .../enhanced-protected-mode-problems-with-ie11.md | 2 +- .../ie11-deploy-guide/enterprise-mode-overview-for-ie11.md | 2 +- .../enterprise-mode-schema-version-1-guidance.md | 2 +- .../enterprise-mode-schema-version-2-guidance.md | 2 +- ...mode-site-list-from-the-enterprise-mode-site-list-manager.md | 2 +- ...ompat-issues-with-doc-modes-and-enterprise-mode-site-list.md | 2 +- ...tion-problems-using-the-enterprise-mode-site-list-manager.md | 2 +- .../group-policy-and-advanced-group-policy-mgmt-ie11.md | 2 +- .../group-policy-and-group-policy-mgmt-console-ie11.md | 2 +- .../ie11-deploy-guide/group-policy-and-ie11.md | 2 +- .../group-policy-and-local-group-policy-editor-ie11.md | 2 +- .../ie11-deploy-guide/group-policy-compatability-with-ie11.md | 2 +- .../ie11-deploy-guide/group-policy-objects-and-ie11.md | 2 +- .../ie11-deploy-guide/group-policy-preferences-and-ie11.md | 2 +- .../ie11-deploy-guide/group-policy-problems-ie11.md | 2 +- .../ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md | 2 +- .../ie11-deploy-guide/group-policy-windows-powershell-ie11.md | 2 +- .../ie11-delivery-through-automatic-updates.md | 2 +- .../import-into-the-enterprise-mode-site-list-manager.md | 2 +- browsers/internet-explorer/ie11-deploy-guide/index.md | 2 +- .../ie11-deploy-guide/install-and-deploy-ie11.md | 2 +- .../ie11-deploy-guide/install-ie11-using-microsoft-intune.md | 2 +- .../install-ie11-using-operating-system-deployment-systems.md | 2 +- .../install-ie11-using-system-center-configuration-manager.md | 2 +- .../ie11-deploy-guide/install-ie11-using-the-network.md | 2 +- .../ie11-deploy-guide/install-ie11-using-third-party-tools.md | 2 +- .../install-ie11-using-windows-server-update-services-wsus.md | 2 +- .../ie11-deploy-guide/install-problems-with-ie11.md | 2 +- .../ie11-deploy-guide/intranet-problems-and-ie11.md | 2 +- .../internet-explorer/ie11-deploy-guide/manage-ie11-overview.md | 2 +- .../missing-internet-explorer-maintenance-settings-for-ie11.md | 2 +- .../ie11-deploy-guide/missing-the-compatibility-view-button.md | 2 +- .../ie11-deploy-guide/net-framework-problems-with-ie11.md | 2 +- .../ie11-deploy-guide/new-group-policy-settings-for-ie11.md | 2 +- .../ie11-deploy-guide/out-of-date-activex-control-blocking.md | 2 +- .../ie11-deploy-guide/problems-after-installing-ie11.md | 2 +- ...e-mode-site-list-in-the-enterprise-mode-site-list-manager.md | 2 +- .../remove-sites-from-a-local-compatibililty-view-list.md | 2 +- .../remove-sites-from-a-local-enterprise-mode-site-list.md | 2 +- ...site-list-to-xml-in-the-enterprise-mode-site-list-manager.md | 2 +- .../schedule-production-change-enterprise-mode-portal.md | 2 +- ...e-mode-site-list-in-the-enterprise-mode-site-list-manager.md | 2 +- .../set-the-default-browser-using-group-policy.md | 2 +- .../set-up-enterprise-mode-logging-and-data-collection.md | 2 +- .../ie11-deploy-guide/set-up-enterprise-mode-portal.md | 2 +- .../ie11-deploy-guide/setup-problems-with-ie11.md | 2 +- .../system-requirements-and-language-support-for-ie11.md | 2 +- .../tips-and-tricks-to-manage-ie-compatibility.md | 2 +- .../internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md | 2 +- .../ie11-deploy-guide/turn-off-enterprise-mode.md | 2 +- .../ie11-deploy-guide/turn-off-natural-metrics.md | 2 +- .../turn-on-enterprise-mode-and-use-a-site-list.md | 2 +- .../turn-on-local-control-and-logging-for-enterprise-mode.md | 2 +- .../ie11-deploy-guide/updated-features-and-tools-with-ie11.md | 2 +- .../ie11-deploy-guide/use-the-enterprise-mode-portal.md | 2 +- .../use-the-enterprise-mode-site-list-manager.md | 2 +- .../ie11-deploy-guide/user-interface-problems-with-ie11.md | 2 +- .../ie11-deploy-guide/using-enterprise-mode.md | 2 +- .../using-ieak11-to-create-install-packages.md | 2 +- .../using-inf-files-to-create-install-packages.md | 2 +- .../verify-changes-preprod-enterprise-mode-portal.md | 2 +- .../verify-changes-production-enterprise-mode-portal.md | 2 +- .../ie11-deploy-guide/view-apps-enterprise-mode-site-list.md | 2 +- .../view-enterprise-mode-reports-for-portal.md | 2 +- .../virtualization-and-compatibility-with-ie11.md | 2 +- .../ie11-deploy-guide/what-is-enterprise-mode.md | 2 +- .../what-is-the-internet-explorer-11-blocker-toolkit.md | 2 +- .../workflow-processes-enterprise-mode-portal.md | 2 +- browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md | 2 +- browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md | 2 +- browsers/internet-explorer/ie11-faq/faq-ieak11.md | 2 +- .../internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md | 2 +- .../ie11-ieak/add-and-approve-activex-controls-ieak11.md | 2 +- .../ie11-ieak/add-root-certificate-ieak11-wizard.md | 2 +- .../ie11-ieak/additional-settings-ieak11-wizard.md | 2 +- .../internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md | 2 +- .../ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md | 2 +- .../ie11-ieak/auto-version-sync-ieak11-wizard.md | 2 +- .../ie11-ieak/before-you-create-custom-pkgs-ieak11.md | 2 +- .../internet-explorer/ie11-ieak/branding-ins-file-setting.md | 2 +- .../internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md | 2 +- .../ie11-ieak/browsertoolbars-ins-file-setting.md | 2 +- .../ie11-ieak/browsing-options-ieak11-wizard.md | 2 +- .../internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md | 2 +- .../internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md | 2 +- .../internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md | 2 +- .../ie11-ieak/connection-settings-ieak11-wizard.md | 2 +- .../ie11-ieak/connectionsettings-ins-file-setting.md | 2 +- .../ie11-ieak/create-build-folder-structure-ieak11.md | 2 +- .../ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md | 2 +- .../ie11-ieak/create-multiple-browser-packages-ieak11.md | 2 +- .../create-uninstall-inf-files-for-custom-components.md | 2 +- .../ie11-ieak/custom-components-ieak11-wizard.md | 2 +- .../ie11-ieak/custombranding-ins-file-setting.md | 2 +- .../ie11-ieak/customize-automatic-search-for-ie.md | 2 +- .../internet-explorer/ie11-ieak/extreginf-ins-file-setting.md | 2 +- .../ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md | 2 +- .../internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md | 2 +- .../ie11-ieak/feature-selection-ieak11-wizard.md | 2 +- .../internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md | 2 +- browsers/internet-explorer/ie11-ieak/file-types-ieak11.md | 2 +- .../ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md | 2 +- .../ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md | 2 +- .../ie11-ieak/hardware-and-software-reqs-ieak11.md | 2 +- .../internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md | 2 +- .../ie11-ieak/ie-setup-command-line-options-and-return-codes.md | 2 +- .../ie11-ieak/ieak-information-and-downloads.md | 2 +- .../internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md | 2 +- .../ie11-ieak/iexpress-command-line-options.md | 2 +- .../ie11-ieak/iexpress-wizard-for-win-server.md | 2 +- .../important-urls-home-page-and-support-ieak11-wizard.md | 2 +- browsers/internet-explorer/ie11-ieak/index.md | 2 +- .../ie11-ieak/internal-install-ieak11-wizard.md | 2 +- .../ie11-ieak/isp-security-ins-file-setting.md | 2 +- .../ie11-ieak/language-selection-ieak11-wizard.md | 2 +- .../ie11-ieak/licensing-version-and-features-ieak11.md | 2 +- browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md | 2 +- .../ie11-ieak/pkg-type-selection-ieak11-wizard.md | 2 +- .../ie11-ieak/platform-selection-ieak11-wizard.md | 2 +- .../ie11-ieak/prep-network-install-with-ieak11.md | 2 +- browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md | 2 +- .../internet-explorer/ie11-ieak/proxy-auto-config-examples.md | 2 +- browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md | 2 +- .../internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md | 2 +- .../ie11-ieak/register-uninstall-app-ieak11.md | 2 +- .../ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md | 2 +- .../ie11-ieak/search-providers-ieak11-wizard.md | 2 +- browsers/internet-explorer/ie11-ieak/security-and-ieak11.md | 2 +- .../ie11-ieak/security-and-privacy-settings-ieak11-wizard.md | 2 +- .../ie11-ieak/security-imports-ins-file-setting.md | 2 +- .../ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md | 2 +- browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md | 2 +- .../ie11-ieak/user-experience-ieak11-wizard.md | 2 +- .../ie11-ieak/using-internet-settings-ins-files.md | 2 +- .../internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md | 2 +- .../ie11-ieak/wizard-complete-ieak11-wizard.md | 2 +- browsers/internet-explorer/index.md | 2 +- education/get-started/inclusive-classroom-it-admin.md | 2 +- windows/application-management/add-apps-and-features.md | 2 +- windows/application-management/apps-in-windows-10.md | 2 +- windows/deployment/windows-10-architecture-posters.md | 2 +- 171 files changed, 171 insertions(+), 171 deletions(-) diff --git a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md index 64f64f1366..e322e33728 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md +++ b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: How to use Group Policy to install ActiveX controls. diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md index 72e501af4b..bc4c3b628e 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how to add employees to the Enterprise Mode Site List Portal. diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md index 595d31fa6f..2adca8a912 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md +++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager. diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md index c8077d0f92..13d1ca4110 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md +++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2). diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md index f6061375ab..84a37f22a1 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md +++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md index eafa1921a5..42c566b112 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md +++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer. diff --git a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md index 8f22d23808..0425e61381 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Administrative templates and Internet Explorer 11 diff --git a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md index 24078753c7..41fb47325c 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal. diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md index ad2280f2c7..39df29adb4 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: networking description: Auto configuration and auto proxy problems with Internet Explorer 11 diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md index 918969c1b7..6c7db497a2 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: networking description: Auto configuration settings for Internet Explorer 11 diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md index 825a383e16..e97e9b71b8 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: networking description: Auto detect settings Internet Explorer 11 diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md index b1097b8a83..c06294693c 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: networking description: Auto proxy configuration settings for Internet Explorer 11 diff --git a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md b/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md index 2b02482254..70a66c3670 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md +++ b/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md @@ -7,7 +7,7 @@ manager: elizapo ms.date: 05/10/2018 ms.topic: article ms.prod: ie11 -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security ms.assetid: '' diff --git a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md index c7d3471de2..b1f6fe14b4 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md +++ b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: performance description: Browser cache changes and roaming profiles diff --git a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md index f93b098ea8..a77ebbdf07 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium title: Change history for Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Explorer 11 for IT Pros) description: This topic lists new and updated topics in the Internet Explorer 11 Deployment Guide documentation for Windows 10 and Windows 10 Mobile. ms.mktglfcycl: deploy diff --git a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md index cf0a576c0e..7420dec7e8 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md +++ b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md @@ -9,7 +9,7 @@ ms.sitesec: library author: eross-msft ms.author: lizross ms.date: 08/14/2017 -ms.localizationpriority: low +ms.localizationpriority: medium --- diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md index 81b5bf84d8..b214bf0799 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Choose how to deploy Internet Explorer 11 (IE11) author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md index 605f8ef5ff..b8bd0374a3 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Choose how to install Internet Explorer 11 (IE11) author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md index ff584c1c9d..5168d15d47 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md +++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md index 36066de055..203da80123 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes. diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md index 18b8b34406..91384c4e7e 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how to create a change request within the Enterprise Mode Site List Portal. diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md index d740a697e0..662f5d5eee 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md +++ b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Create packages for multiple operating systems or languages author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md index 8c69271b25..b016ad6d4d 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md +++ b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Customize Internet Explorer 11 installation packages author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md index 13fd5539cd..7d054817f8 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium description: Delete a single site from your global Enterprise Mode site list. ms.pagetype: appcompat ms.mktglfcycl: deploy diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md index 89681e6c97..f93f4b9b75 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md +++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: You can deploy Internet Explorer 11 to your users' computers by using your custom browser packages and Automatic Version Synchronization (AVS). author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md index aa62287130..544b947b20 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md +++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Deploy Internet Explorer 11 using software distribution tools author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md index 98d265dc2f..291f5d0770 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md +++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: You can pin websites to the Windows 8.1 taskbar for quick access using the Microsoft Deployment Toolkit (MDT) 2013. author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md index ec4c251fca..4638023a81 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md +++ b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Windows Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices. diff --git a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md index c6e03cadc0..db13fbe5af 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments. diff --git a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md index a607034785..0d7ebd65fa 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Enable and disable add-ons using administrative templates and group policy diff --git a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md index 4d98f914c6..623e7f191d 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Enhanced Protected Mode problems with Internet Explorer diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md index b7d9399d77..eea6d6d117 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Use the topics in this section to learn how to set up and use Enterprise Mode, Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal for your company. diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md index 88711fd787..0005fb9ed3 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 7 or Windows 8.1 Update. diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md index df6a01cb68..d478768b80 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10. diff --git a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md index 8e779574c1..f709656577 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file. diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md index c9cb13e685..817570bbce 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md +++ b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: The Internet Explorer 11 Enterprise Mode site list lets you specify document modes for specific websites, helping you fix compatibility issues without changing a single line of code on the site. diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md index 62e79b50ba..70c532beaa 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: When you add multiple sites to your Enterprise Mode site list entries, they’re validated by the Enterprise Mode Site List Manager before they’re entered into your global list. diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md index 6292d0894b..71ad9d28ae 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Overview about Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11 diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md index c0efadfe3c..443408e5e0 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Overview about Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11 diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md index a6edc35240..e3c0829a08 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Use the topics in this section to learn about Group Policy and how to use it to manage Internet Explorer. diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md index 1addebc886..29c1c10c2d 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Group Policy, the Local Group Policy Editor, and Internet Explorer 11 diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md index 0a51d356c8..c46d1da1c5 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Group Policy suggestions for compatibility with Internet Explorer 11 diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md index 61e3cff2c2..0409af2e94 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Overview of the available Group Policy management tools diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md index 075c799add..26b9affb45 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Info about Group Policy preferences versus Group Policy settings diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md index e9b1487a45..6ca08c5771 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Links to troubleshooting topics and log files that can help address Group Policy problems with Internet Explorer 11. diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md index 13c812647c..2a6c77541f 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Instructions about how to create and configure shortcut preference extensions to file system objects, URLs, and shell objects. diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md index c262a303fd..fe102784da 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Overview about how Group Policy works with Windows Powershell and Internet Explorer 11 diff --git a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md index 714d86c086..ad0704e0c4 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md +++ b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: support ms.pagetype: security description: diff --git a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md index 886721387e..c98d8b4857 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager. diff --git a/browsers/internet-explorer/ie11-deploy-guide/index.md b/browsers/internet-explorer/ie11-deploy-guide/index.md index 79150cc05c..4fbc7650e6 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/index.md +++ b/browsers/internet-explorer/ie11-deploy-guide/index.md @@ -6,7 +6,7 @@ ms.prod: ie11 ms.assetid: bddc2d97-c38d-45c5-9588-1f5bbff2e9c3 title: Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Explorer 11 for IT Pros) ms.sitesec: library -ms.localizationpriority: low +ms.localizationpriority: medium ms.date: 07/27/2017 --- diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md index 5d114ace45..b83b3b9a7b 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Use the topics in this section to learn how to customize your Internet Explorer installation package, how to choose the right method for installation, and how to deploy IE into your environment. author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md index 9acf8fd693..7a39655881 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md +++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to add and deploy the Internet Explorer 11 update using Microsoft Intune. author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md index ee56fa3c64..5c3e45cb5f 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md +++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to install the Internet Explorer 11 update using Microsoft Deployment Toolkit (MDT) and your Windows images. author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md index 9153cdfb6f..095731f88a 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: How to install the Internet Explorer 11 update using System Center 2012 R2 Configuration Manager diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md index 4d4a9a3cee..0d3dd79dc5 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md +++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to install the Internet Explorer 11 update using your network author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md index 88a9864342..3fa3d99146 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md +++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to install the Internet Explorer 11 update using third-party tools and command-line options. author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md index 6f2a1b756b..8ce20d4a0b 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md +++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to install the Internet Explorer 11 update using Windows Server Update Services (WSUS)' author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md index 178528e352..09d56166da 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to fix potential installation problems with Internet Explorer 11 author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md index 6912fc0568..be8a80afb2 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to fix intranet search problems with Internet Explorer 11 author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md index 24f70c2132..2746219d9f 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md +++ b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for Internet Explorer. author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md index 6a9333717f..71e54b296b 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: support description: IEM-configured settings have been deprecated for Internet Explorer 10 and newer. Use this topic to learn where to go to fix the affected settings through Group Policy Preferences, Administrative Templates (.admx), or the IEAK. author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md b/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md index 02bae6d9ba..a9570894e6 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md +++ b/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: support description: Internet Explorer 11 uses the latest standards mode, which simplifies web page compatibility for users by removing the **Compatibility View** button and reducing the number of compatibility options in the F12 developer tools for developers. author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md index 2bc8d0a284..3b762d15a3 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: support description: How to turn managed browser hosting controls back on in Internet Explorer 11. author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md index c484e544ab..07ec8a9505 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: New group policy settings for Internet Explorer 11 diff --git a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md index 8b6848b28d..66a5d8b70b 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md +++ b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Use out-of-date ActiveX control blocking to help you know when IE prevents a webpage from loading outdated ActiveX controls and to update the outdated control, so that it’s safer to use. diff --git a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md index 39ff7286c9..605793fa0e 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: support description: Possible solutions to the problems you might encounter after installing IE11, such as crashing or seeming slow, getting into an unusable state, or problems with adaptive streaming and DRM playback. author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md index 963880eb75..25679cd75a 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Instructions about how to clear all of the sites from your global Enterprise Mode site list. diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md index 546fe2133e..d1a6b377e2 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md +++ b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Instructions about how to remove sites from a local compatibility view list. diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md index 8b15e9ddd5..a49fe70f0f 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md +++ b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Instructions about how to remove sites from a local Enterprise Mode site list. diff --git a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md index 7ec1867c5b..dc1692a225 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems. diff --git a/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md index f49ad80a75..25511fb5b7 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal. diff --git a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md index 5292cf3570..a02a091de9 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Search to see if a specific site already appears in your global Enterprise Mode site list. diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md index 900f6cbb17..13caae6ad4 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md +++ b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Use the Group Policy setting, Set a default associations configuration file, to set the default browser for your company devices running Windows 10. diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md index bfb9659bd0..ff45cfd903 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md +++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Set up and turn on Enterprise Mode logging and data collection in your organization. diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md index 0aca62e070..88b432430c 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how to set up the Enterprise Mode Site List Portal for your organization. diff --git a/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md index a5f7888b6a..e106af4d3e 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: support ms.pagetype: appcompat description: Reviewing log files to learn more about potential setup problems with Internet Explorer 11. diff --git a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md index 932eb43359..7a9dd0375b 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Lists the minimum system requirements and supported languages for Internet Explorer 11. author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md index 378bcf0af5..de391cfd69 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md +++ b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Find out how to achieve better backward compatibility for your legacy web applications with the Enterprise Mode Site List. diff --git a/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md index 145aa1c678..a3124d50a6 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: support description: Use the topics in this section to learn how to troubleshoot several of the more common problems experienced with Internet Explorer. author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md index 12a4ee7ffd..d0d2e95b50 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md +++ b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: How to turn Enteprrise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it. diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md index 15e7a25f21..02213a01d4 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md +++ b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: support description: Turn off natural metrics for Internet Explorer 11 author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md index c84927f98c..162fa3cee4 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md +++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md @@ -9,7 +9,7 @@ ms.sitesec: library author: eross-msft ms.author: lizross ms.date: 08/14/2017 -ms.localizationpriority: low +ms.localizationpriority: medium diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md index 0f5ff8d1f9..984bad1d9c 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md +++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Turn on local user control and logging for Enterprise Mode. diff --git a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md index 9d2835bb5e..a94957ed71 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: High-level info about some of the new and updated features for Internet Explorer 11. diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md index d57c5f411b..0da4b5a228 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Portal. diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md index 166e02285f..cd9580e571 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md +++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Manager. diff --git a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md index 1db6c00d44..649cdab7ec 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: support description: Info about where features went in the IEAK11, where the Favorites, Command, and Status bars went, and where the search bar went. author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md index 313a07e8e8..d393b04b6e 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md +++ b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: security description: Use this section to learn about how to turn on and use IE7 Enterprise Mode or IE8 Enterprise Mode. diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md index b86a7c45c5..d0811f9e13 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md +++ b/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use IEAK 11 while planning, customizing, and building the custom installation package. author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md index 16d9272749..1f67bf1416 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md +++ b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use Setup Information (.inf) files to create installation packages. author: eross-msft diff --git a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md index 94de88ee4e..1d5418ed8a 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how to make sure your change request info is accurate within the pre-production environment of the Enterprise Mode Site List Portal. diff --git a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md index 00fb099e3f..2c3c1e0c87 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how the Requester makes sure that the change request update is accurate within the production environment using the Enterprise Mode Site List Portal. diff --git a/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md index 29d1d8afe9..f643e1528d 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md +++ b/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how to view the active Enterprise Mode Site List from the Enterprise Mode Site List Portal. diff --git a/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md b/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md index f7407d28f6..6341745034 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Details about how an Administrator can view the available Enterprise Mode reports from the Enterprise Mode Site List Portal. diff --git a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md index f1e4f5365d..032e121d14 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md +++ b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: virtualization description: Virtualization and compatibility with Internet Explorer 11 diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md index 7c4b70d2bf..84f9ad23a0 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md +++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Info about the features included in Enterprise Mode with Internet Explorer 11. diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md index d69d91584e..9809598bf3 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md +++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: support ms.pagetype: security description: How to download and use the Internet Explorer 11 Blocker Toolkit to turn off the automatic delivery of IE11 through the Automatic Updates feature of Windows Update. diff --git a/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md index 02d3275c5c..4e0e904754 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md +++ b/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: Use the topics in this section to learn how to perform all of the workflow-related processes in the Enterprise Mode Site List Portal. diff --git a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md index 8722543ac2..42f5a42878 100644 --- a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md +++ b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: explore description: Frequently asked questions about Internet Explorer 11 for IT Pros author: eross-msft diff --git a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md index 5aa814af97..3bba45984c 100644 --- a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md +++ b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: explore description: Get answers to commonly asked questions about the Internet Explorer 11 Blocker Toolkit. author: shortpatti diff --git a/browsers/internet-explorer/ie11-faq/faq-ieak11.md b/browsers/internet-explorer/ie11-faq/faq-ieak11.md index 092cf003e6..3798a051af 100644 --- a/browsers/internet-explorer/ie11-faq/faq-ieak11.md +++ b/browsers/internet-explorer/ie11-faq/faq-ieak11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: support ms.pagetype: security description: Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions. diff --git a/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md index ef7b62be89..89e951329d 100644 --- a/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Accelerators page in the IEAK 11 Customization Wizard to add accelerators to employee devices. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md b/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md index e5159000fc..786b891e0d 100644 --- a/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use IEAK 11 to add and approve ActiveX controls for your organization. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md index d7ec6692b6..d34a1cfeef 100644 --- a/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: We’re sorry. While we continue to recommend that you digitally sign your package, we’ve removed all of the functionality that allowed you to add a root certificate using the Internet Explorer Customization Wizard 11. The wizard page itself will be removed in a future version of the IEAK. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md index 48566257bc..262747bff0 100644 --- a/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Additional Settings page in IEAK 11 Customization Wizard for additional settings that relate to your employee’s desktop, operating system, and security. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md index 37a45e2b99..336037e339 100644 --- a/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Automatic Configuration page in the IEAK 11 Customization Wizard to add URLs to auto-configure IE. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md index b44afa30dd..9f02e38d81 100644 --- a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to set up automatic detection for DHCP or DNS servers using IEAK 11 in your organization. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md index 08a43eb829..32aaa7e479 100644 --- a/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Automatic Version Synchronization page in the IEAK 11 Customization Wizard to download the IE11 Setup file each time you run the Wizard. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md b/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md index 3894e97e38..6970178857 100644 --- a/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: plan description: A list of steps to follow before you start to create your custom browser installation packages. author: shortpatti diff --git a/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md index 08ee07f8b4..c2beab2672 100644 --- a/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md +++ b/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Use the \[Branding\] .INS file setting to set up your custom branding and setup info in your browser install package. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md index 6ac05013ef..9dad972389 100644 --- a/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Browser User Interface page in the IEAK 11 Customization Wizard to change the toolbar buttons and the title bar. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md index 0bd9e797de..df6a9d6764 100644 --- a/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md +++ b/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: plan description: Use the \[BrowserToolbars\] .INS file setting to customize your Internet Explorer toolbar and buttons. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md index bb57b71af9..6e345a0d61 100644 --- a/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Browsing Options page in the IEAK 11 Customization Wizard to manage items in the Favorites, Favorites Bar, and Feeds section. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md index 1f1568989d..f8908404a6 100644 --- a/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md +++ b/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Use the \[CabSigning\] .INS file setting to customize the digital signature info for your apps. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md index d1b7a58fc8..24d6a351c7 100644 --- a/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy ms.pagetype: appcompat description: We’re sorry. We’ve removed all of the functionality included on the **Compatibility View** page of the Internet Explorer Customization Wizard 11. diff --git a/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md index caff7eef0b..4d8ea71def 100644 --- a/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: We’re sorry. We’ve removed all of the functionality included on the **Connection Manager** page of the Internet Explorer Customization Wizard 11. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md index 188bf23d91..fddce5cada 100644 --- a/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Connection Settings page in IEAK 11 Customization Wizard to import and preset connection settings on your employee’s computers. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md index e62028f5b1..aa4c945116 100644 --- a/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md +++ b/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: plan description: Use the \[ConnectionSettings\] .INS file setting to specify the network connection settings needed to install your custom package. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md index 7c8092e8e7..2c57bf6c16 100644 --- a/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: plan description: How to create your folder structure on the computer that you’ll use to build your custom browser package. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md index 064abc480c..3a1868fb73 100644 --- a/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: plan description: Review this list of tasks and references before you create and deploy your Internet Explorer 11 custom install packages. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md index b90fa80eca..3db92fe111 100644 --- a/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Steps to create multiple versions of your custom browser if you support more than 1 version of Windows, more than 1 language, or have different features in each package. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md b/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md index 857f487d7f..827bcba1e5 100644 --- a/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md +++ b/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Use Setup information (.inf) files to uninstall custom components from your custom browser packages. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md index 16614c697a..900c072e85 100644 --- a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Custom Components page in the IEAK 11 Customization Wizard to add additional components for your employees to install with IE. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md index 7cba88970a..f05693b17c 100644 --- a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md +++ b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: plan description: Use the \[CustomBranding\] .INS file setting to specify the location of your branding cabinet (.cab) file. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md index 80cee645af..731f49011a 100644 --- a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md +++ b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: manage description: Customize Automatic Search in Internet Explorer so that your employees can type a single word into the Address box to search for frequently used pages. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md index 6313b77ce4..c6b893ae59 100644 --- a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md +++ b/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Use the \[ExtRegInf\] .INS file setting to specify your Setup information (.inf) files and the installation mode for your custom components. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md index ab4693d199..b7e9e61455 100644 --- a/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Favorites, Favorites Bar, and Feeds page in IEAK 11 Customization Wizard to add links, web slices, and feeds to your custom browser package. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md index 90775765d1..17111a3d2e 100644 --- a/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md +++ b/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Use the \[FavoritesEx\] .INS file setting to specify your Favorites icon file, whether Favorites is available offline, and your Favorites URLs. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md index 66412ddd7b..ce4ea05ef8 100644 --- a/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Feature Selection page in the IEAK 11 Customization Wizard to choose which parts of the setup processes and Internet Explorer 11 to change for your company. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md index fa1550cab1..81db6122a3 100644 --- a/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the File Locations page in the IEAK 11 Customization Wizard to change the location of your install package and IE11 folders. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md b/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md index 6dcbc164e7..ff98f17921 100644 --- a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: plan description: Review the file types that are created and used by tools in the Internet Explorer Administration Kit 11 (IEAK 11). author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md index 76e5afbc12..024ae25439 100644 --- a/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the First Run Wizard and Welcome Page Options page in the IEAK 11 Customization Wizard to set what your employee’s see the first time they log on to IE, based on their operating system. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md b/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md index f4aeec37b6..5be00d1e01 100644 --- a/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: plan description: Customization guidelines for your Internet Explorer toolbar button and Favorites List icons. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md b/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md index 37a841bff1..8ca4874a43 100644 --- a/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: plan description: List of supported hardware and software requirements for Internet Explorer 11 and the Internet Explorer Administration Kit 11. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md index 2787a57d1d..d2c3f68572 100644 --- a/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md +++ b/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Use the \[HideCustom\] .INS file setting to decide whether to hide the GUID for each custom component. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md b/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md index d91e9cf5a9..ee8f5a506d 100644 --- a/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md +++ b/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Reference about the command-line options and return codes for Internet Explorer Setup. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md b/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md index ad6689257a..21b4aa46b2 100644 --- a/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md +++ b/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: support ms.pagetype: security description: The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. You can use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment. diff --git a/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md b/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md index 133cd15ddf..dd8f4f2e46 100644 --- a/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md +++ b/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: plan description: Review the options available to help you customize your browser install packages for deployment to your employee's devices. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md index 2e17b2bb73..ffcd221cf9 100644 --- a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md +++ b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Reference about the command-line options for the IExpress Wizard. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md b/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md index 060b389a44..9a5d7d0b05 100644 --- a/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md +++ b/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Use the IExpress Wizard on Windows Server 2008 R2 with SP1 to create self-extracting files to run your custom Internet Explorer Setup program. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md index 85f09f674c..e8f38fa7ce 100644 --- a/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Important URLs - Home Page and Support page in the IEAK 11 Customization Wizard to choose one or more **Home** pages and an online support page for your customized version of IE. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/index.md b/browsers/internet-explorer/ie11-ieak/index.md index 998e7264d7..e9dbdc8840 100644 --- a/browsers/internet-explorer/ie11-ieak/index.md +++ b/browsers/internet-explorer/ie11-ieak/index.md @@ -6,7 +6,7 @@ ms.prod: ie11 ms.assetid: 847bd7b4-d5dd-4e10-87b5-4d7d3a99bbac title: Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide (Internet Explorer Administration Kit 11 for IT Pros) ms.sitesec: library -ms.localizationpriority: low +ms.localizationpriority: medium ms.date: 07/27/2017 --- diff --git a/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md index e49c34deeb..e9bfd321d4 100644 --- a/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Internal Install page in the IEAK 11 Customization Wizard to customize Setup for the default browser and the latest browser updates. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md index def833847a..8a0ea02769 100644 --- a/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md +++ b/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Use the \[ISP_Security\] .INS file setting to add the root certificate for your custom Internet Explorer package. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md index cf43edbff7..4a739c06f1 100644 --- a/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Language Selection page in the IEAK 11 Customization Wizard to choose the lanaguage for your IEAK 11 custom package. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md index 0ad5bcf30e..c69fbd1f67 100644 --- a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: plan description: Learn about which version of the IEAK 11 you should run, based on your license agreement. author: pashort diff --git a/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md index 4dd05077cf..bc8385d9c6 100644 --- a/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md +++ b/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Use the \[Media\] .INS file setting to specify the types of media on which your custom install package is available. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md index e452b86aef..5582c13f96 100644 --- a/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Package Type Selection page in the IEAK 11 Customization Wizard to pick the media type you’ll use to distribute your custom package. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md index fe9ee2e713..8439514a79 100644 --- a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Platform Selection page in the IEAK 11 Customization Wizard to pick the specs for your employee devices that will get the install package. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md b/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md index b21003374e..25279d4ae0 100644 --- a/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: plan description: Learn about what you need to do before you deploy your custom browser package using IEAK 11 over your network. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md index 8bce1cbea1..553242559b 100644 --- a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Programs page in the IEAK 11 Customization Wizard to pick the default programs to use for Internet services. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md index 69d1bc3a0d..03ae1fe39f 100644 --- a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md +++ b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Learn about how to use a proxy auto-configuration (.pac) file to specify an automatic proxy URL. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md index 28227c9b71..f54ff8c47c 100644 --- a/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md +++ b/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Use the \[Proxy\] .INS file setting to define whether to use a proxy server. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md index cb0e99d572..13ab11fff7 100644 --- a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Proxy Settings page in the IEAK 11 Customization Wizard to pick the proxy servers used to connect to required services. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md b/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md index f9c3ebee2a..a4d6f308bd 100644 --- a/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Learn how to register an uninstall app for your custom components, using IEAK 11. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md index b254a6285e..7c269a8157 100644 --- a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: manage description: Learn how to use the Resultant Set of Policy (RSoP) snap-in to view your policy settings. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md index 134182e0d0..614f7db2ba 100644 --- a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Search Providers page in the IEAK 11 Customization Wizard to add additional providers and set the default. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md index da06db09c4..4b81854546 100644 --- a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: plan description: Learn about the security features available in Internet Explorer 11 and IEAK 11. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md index d947f3023d..a6649bee68 100644 --- a/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Security and Privacy Settings page in the IEAK 11 Customization Wizard to manage your security zones, privacy settings, and content ratings. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md index 5f16ccd492..a0f042d14e 100644 --- a/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md +++ b/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Use the \[Security Imports\] .INS file setting to decide whether to import security info to your custom package. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md b/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md index f23e871f87..2526c4f33b 100644 --- a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md +++ b/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: support description: Info about some of the known issues using the Internet Exporer Customization Wizard and a custom Internet Explorer install package. author: shortpatti diff --git a/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md index 788872c6de..4d39e29ec6 100644 --- a/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md +++ b/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Use the \[URL\] .INS file setting to decide whether to use an auto-configured proxy server. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md index 5c4fb45863..bfeba39179 100644 --- a/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the User Experience page in the IEAK 11 Customization Wizard to decide user interaction with the Setup process. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md b/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md index 6eafaec05b..17553421f4 100644 --- a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md +++ b/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: Info about how to use Internet Settings (.ins) files and the IEAK 11 to configure your custom browser package. author: eross-msft diff --git a/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md b/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md index afa8430977..2754da89f4 100644 --- a/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md +++ b/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: support ms.pagetype: security description: Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions. diff --git a/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md index 53df3948f6..6a6994cb45 100644 --- a/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md +++ b/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md @@ -1,5 +1,5 @@ --- -ms.localizationpriority: low +ms.localizationpriority: medium ms.mktglfcycl: deploy description: How to use the Wizard Complete - Next Steps page in the IEAK 11 Customization Wizard to build your custom Internet Explorer install package. author: eross-msft diff --git a/browsers/internet-explorer/index.md b/browsers/internet-explorer/index.md index 303df95ed6..f845b1a18f 100644 --- a/browsers/internet-explorer/index.md +++ b/browsers/internet-explorer/index.md @@ -6,7 +6,7 @@ ms.prod: IE11 title: Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros) assetid: be3dc32e-80d9-4d9f-a802-c7db6c50dbe0 ms.sitesec: library -ms.localizationpriority: low +ms.localizationpriority: medium ms.date: 07/27/2017 --- diff --git a/education/get-started/inclusive-classroom-it-admin.md b/education/get-started/inclusive-classroom-it-admin.md index 856e1c3a19..d5a982714e 100644 --- a/education/get-started/inclusive-classroom-it-admin.md +++ b/education/get-started/inclusive-classroom-it-admin.md @@ -6,7 +6,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.topic: article -ms.localizationpriority: low +ms.localizationpriority: medium ms.pagetype: edu ROBOTS: noindex,nofollow author: alhughes diff --git a/windows/application-management/add-apps-and-features.md b/windows/application-management/add-apps-and-features.md index d7320eab03..3b11a9431b 100644 --- a/windows/application-management/add-apps-and-features.md +++ b/windows/application-management/add-apps-and-features.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: article ms.author: elizapo author: lizap -ms.localizationpriority: low +ms.localizationpriority: medium ms.date: 04/26/2018 --- # How to add apps and features to Windows 10 diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 67ceafd469..2a601d2d47 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: mobile ms.author: elizapo author: lizap -ms.localizationpriority: low +ms.localizationpriority: medium ms.date: 04/30/2018 --- # Understand the different apps included in Windows 10 diff --git a/windows/deployment/windows-10-architecture-posters.md b/windows/deployment/windows-10-architecture-posters.md index fe08fd1129..c959b13af5 100644 --- a/windows/deployment/windows-10-architecture-posters.md +++ b/windows/deployment/windows-10-architecture-posters.md @@ -7,7 +7,7 @@ author: lizap ms.date: 09/28/2017 ms.tgt_pltfrm: na ms.topic: article -ms.localizationpriority: low +ms.localizationpriority: medium --- # Architectural planning posters for Windows 10 From 03ccb9916b0383274155777447ce5475bf935bca Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 20 Jun 2018 16:29:47 -0700 Subject: [PATCH 264/319] added new per-user services --- .../per-user-services-in-windows.md | 23 ++++++++++++------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md index 7e6bf874fa..814ba7f22a 100644 --- a/windows/application-management/per-user-services-in-windows.md +++ b/windows/application-management/per-user-services-in-windows.md @@ -33,14 +33,21 @@ Windows 10 and Windows Server (with the Desktop Experience) have the following p Before you disable any of these services, review the **Description** column in this table to understand the implications, including dependent apps that will no longer work correctly. -| Key name | Display name | Default start type | Dependencies | Description | -|------------------------|-----------------------------------------|--------------------|--------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| CDPUserSvc | CDPUserSvc | Auto | | Used for Connected Devices Platform scenarios | -| OneSyncSvc | Sync Host | Auto (delayed) | | Synchronizes mail, contacts, calendar, and other user data. Mail and other applications dependent on this service don't work correctly when this service is not running. | -| PimIndexMaintenanceSvc | Contact Data | Manual | UnistoreSvc | Indexes contact data for fast contact searching. If you stop or disable this service, search results might not display all contacts. | -| UnistoreSvc | User Data Storage | Manual | | Handles storage of structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly. | -| UserDataSvc | User Data Access | Manual | UnistoreSvc | Provides apps access to structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly. | -| WpnUserService | Windows Push Notifications User Service | Manual | | Hosts Windows notification platform, which provides support for local and push notifications. Supported notifications are tile, toast, and raw. | +| Windows version | Key name | Display name | Default start type | Dependencies | Description | +|-----------------|------------------------|-----------------------------------------|--------------------|--------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| 1803 | BcastDVRUserService | GameDVR and Broadcast User Service | Manual | | Used for Game Recordings and Live Broadcasts | +| 1803 | BluetoothUserService | Bluetooth User Support Service | Manual | | Supports proper functionality of Bluetooth features relevant to each user session | +| 1803 | CaptureService | CaptureService | Manual | | OneCore Capture Service | +| 1607 | CDPUserSvc | CDPUserSvc | Auto | Network Connection Broker
    Remote Procedure Call (RPC)
    TCP/IP Protocol Driver | Used for Connected Devices Platform scenarios | +| 1803 | DevicePickerUserSvc | DevicePicker | Manual | | Device Picker | +| 1703 | DevicesFlowUserSvc | DevicesFlow | Manual | | Device Discovery and Connecting | +| 1703 | MessagingService | MessagingService | Manual | | Service supporting text messaging and related functionality | +| 1607 | OneSyncSvc | Sync Host | Auto (delayed) | | Synchronizes mail, contacts, calendar, and other user data. Mail and other applications dependent on this service don't work correctly when this service is not running. | +| 1607 | PimIndexMaintenanceSvc | Contact Data | Manual | UnistoreSvc | Indexes contact data for fast contact searching. If you stop or disable this service, search results might not display all contacts. | +| 1709 | PrintWorkflowUserSvc | PrintWorkflow | Manual | | Print Workflow | +| 1607 | UnistoreSvc | User Data Storage | Manual | | Handles storage of structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly. | +| 1607 | UserDataSvc | User Data Access | Manual | UnistoreSvc | Provides apps access to structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly. | +| 1607 | WpnUserService | Windows Push Notifications User Service | Manual | | Hosts Windows notification platform, which provides support for local and push notifications. Supported notifications are tile, toast, and raw. | ## Disable per-user services From d4b698347eaa50c5cc57aea5894ad341fd0d91c4 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 21 Jun 2018 14:23:18 +0000 Subject: [PATCH 265/319] Merged PR 9258: add info for showing local account on domain-join sign-in --- .../configuration/change-history-for-configure-windows-10.md | 4 ++-- .../configuration/lock-down-windows-10-to-specific-apps.md | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md index 7318dd20c3..4f46eb4473 100644 --- a/windows/configuration/change-history-for-configure-windows-10.md +++ b/windows/configuration/change-history-for-configure-windows-10.md @@ -10,7 +10,7 @@ ms.localizationpriority: high author: jdeckerms ms.author: jdecker ms.topic: article -ms.date: 06/19/2018 +ms.date: 06/21/2018 --- # Change history for Configure Windows 10 @@ -21,7 +21,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md) New or changed topic | Description --- | --- -[Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education](setup-kiosk-digital-signage.md) and [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) | Updated instructions for using Microsoft Intune to configure a kiosk. +[Set up a kiosk or digital signage on Windows 10 Pro, Enterprise, or Education](setup-kiosk-digital-signage.md) and [Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) | Updated instructions for using Microsoft Intune to configure a kiosk. Added instructions for showing local accounts on the sign-in screen for domain-joined devices. [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md) | Added new Group Policy to remove "Recently added" list from Start menu. ## May 2018 diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md index 34225059f4..9c60876bc4 100644 --- a/windows/configuration/lock-down-windows-10-to-specific-apps.md +++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: edu, security author: jdeckerms ms.localizationpriority: high -ms.date: 06/05/2018 +ms.date: 06/21/2018 ms.author: jdecker ms.topic: article --- @@ -298,6 +298,8 @@ You can assign: When you use `` and the configuration is applied to a device, the specified account (managed by Assigned Access) is created on the device as a local standard user account. The specified account is signed in automatically after restart. +On domain-joined devices, local user accounts aren't shown on the sign-in screen by default. To show the **AutoLogonAccount** on the sign-in screen, enable the following Group Policy setting: **Computer Configuration > Administrative Templates > System > Logon > Enumerate local users on domain-joined computers**. + ```xml From dbe14e5b514f40cc6b7a70e79bdf3d5d94ba179a Mon Sep 17 00:00:00 2001 From: Mark Kraus Date: Thu, 21 Jun 2018 10:19:54 -0500 Subject: [PATCH 266/319] Correct Verb tense --- ...dows-7-client-with-windows-10-using-configuration-manager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md index 3168bbcccf..8f5b7daf35 100644 --- a/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md @@ -22,7 +22,7 @@ ms.date: 07/27/2017 >For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). >Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10). -In this topic, you will learn how to replacing a Windows 7 SP1 computer using Microsoft System Center 2012 R2 Configuration Manager. This process is similar to refreshing a computer, but since you are replacing the machine, you have to run the backup job separately from the deployment of Windows 10. +In this topic, you will learn how to replace a Windows 7 SP1 computer using Microsoft System Center 2012 R2 Configuration Manager. This process is similar to refreshing a computer, but since you are replacing the machine, you have to run the backup job separately from the deployment of Windows 10. For the purposes of this topic, we will use three machines: DC01, CM01, and PC0004. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. PC0004 is a machine with Windows 7 SP1 that will be replaced with a new machine running Windows 10. DC01, CM01, and PC0004 are all members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md). From c09bf1faafb7085afb357bf9ded56f1b0589cfac Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 21 Jun 2018 16:07:42 +0000 Subject: [PATCH 267/319] Merged PR 9259: add link to MDM setting --- windows/configuration/lock-down-windows-10-to-specific-apps.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md index 9c60876bc4..f784d72639 100644 --- a/windows/configuration/lock-down-windows-10-to-specific-apps.md +++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md @@ -298,7 +298,7 @@ You can assign: When you use `` and the configuration is applied to a device, the specified account (managed by Assigned Access) is created on the device as a local standard user account. The specified account is signed in automatically after restart. -On domain-joined devices, local user accounts aren't shown on the sign-in screen by default. To show the **AutoLogonAccount** on the sign-in screen, enable the following Group Policy setting: **Computer Configuration > Administrative Templates > System > Logon > Enumerate local users on domain-joined computers**. +On domain-joined devices, local user accounts aren't shown on the sign-in screen by default. To show the **AutoLogonAccount** on the sign-in screen, enable the following Group Policy setting: **Computer Configuration > Administrative Templates > System > Logon > Enumerate local users on domain-joined computers**. (The corresponding MDM policy setting is [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers in the Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-enumeratelocalusersondomainjoinedcomputers).) ```xml From 42a626b3166fbecfbaf44c75ea091fbb03dad609 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 21 Jun 2018 09:17:51 -0700 Subject: [PATCH 268/319] revised table --- .../application-management/per-user-services-in-windows.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md index 814ba7f22a..1391890a98 100644 --- a/windows/application-management/per-user-services-in-windows.md +++ b/windows/application-management/per-user-services-in-windows.md @@ -29,7 +29,7 @@ For more information about disabling system services for Windows Server, see [Gu ## Per-user services -Windows 10 and Windows Server (with the Desktop Experience) have the following per-user services. The template services are located in the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services. +The following table lists per-user services and when they were added to Windows 10 and Windows Server with the Desktop Experience. The template services are located in the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services. Before you disable any of these services, review the **Description** column in this table to understand the implications, including dependent apps that will no longer work correctly. @@ -38,7 +38,7 @@ Before you disable any of these services, review the **Description** column in t | 1803 | BcastDVRUserService | GameDVR and Broadcast User Service | Manual | | Used for Game Recordings and Live Broadcasts | | 1803 | BluetoothUserService | Bluetooth User Support Service | Manual | | Supports proper functionality of Bluetooth features relevant to each user session | | 1803 | CaptureService | CaptureService | Manual | | OneCore Capture Service | -| 1607 | CDPUserSvc | CDPUserSvc | Auto | Network Connection Broker
    Remote Procedure Call (RPC)
    TCP/IP Protocol Driver | Used for Connected Devices Platform scenarios | +| 1607 | CDPUserSvc | CDPUserSvc | Auto | - Network Connection Broker
    - Remote Procedure Call (RPC)
    - TCP/IP Protocol Driver | Used for Connected Devices Platform scenarios | | 1803 | DevicePickerUserSvc | DevicePicker | Manual | | Device Picker | | 1703 | DevicesFlowUserSvc | DevicesFlow | Manual | | Device Discovery and Connecting | | 1703 | MessagingService | MessagingService | Manual | | Service supporting text messaging and related functionality | From 895b5d02eb3975afdbfe7cc1471d7383d1bbd048 Mon Sep 17 00:00:00 2001 From: jcaparas Date: Thu, 21 Jun 2018 10:14:51 -0700 Subject: [PATCH 269/319] remove preview topics --- ...indows-defender-advanced-threat-protection.md | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md index ed796f2f36..e7b6d69d7a 100644 --- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md @@ -10,7 +10,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: high -ms.date: 06/18/2018 +ms.date: 06/21/2018 --- # Windows Defender ATP preview features @@ -49,19 +49,7 @@ Onboard supported versions of Windows machines so that they can send sensor data - Windows 8.1 Enterprise - Windows 8.1 Pro -- [Onboard servers](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
    -Windows Defender ATP supports the onboarding of the following servers: - - Windows Server 2012 R2 - - Windows Server 2016 - - Windows Server, version 1803 - - -- [Create and build Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
    -Windows Defender ATP supports the use of Power BI data connectors to enable you to connect and access Windows Defender ATP data using Microsoft Graph. - -- [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)
    - Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities. - + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink) From e3dcc4fa5298f603282052042a3c62248805693c Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 21 Jun 2018 10:39:19 -0700 Subject: [PATCH 270/319] remove pre-release blurbs --- ...nced-features-windows-defender-advanced-threat-protection.md | 2 +- ...est-practices-windows-defender-advanced-threat-protection.md | 2 +- ...ing-reference-windows-defender-advanced-threat-protection.md | 2 +- ...anced-hunting-windows-defender-advanced-threat-protection.md | 2 +- .../alerts-queue-windows-defender-advanced-threat-protection.md | 2 +- ...portal-access-windows-defender-advanced-threat-protection.md | 2 +- ...k-simulations-windows-defender-advanced-threat-protection.md | 2 +- ...nvestigations-windows-defender-advanced-threat-protection.md | 2 +- .../block-file-windows-defender-advanced-threat-protection.md | 2 +- ...ation-package-windows-defender-advanced-threat-protection.md | 2 +- .../community-windows-defender-advanced-threat-protection.md | 2 +- ...tional-access-windows-defender-advanced-threat-protection.md | 2 +- ...notifications-windows-defender-advanced-threat-protection.md | 2 +- ...-endpoints-gp-windows-defender-advanced-threat-protection.md | 2 +- ...s-non-windows-windows-defender-advanced-threat-protection.md | 2 +- ...ndpoints-sccm-windows-defender-advanced-threat-protection.md | 2 +- ...points-script-windows-defender-advanced-threat-protection.md | 2 +- ...endpoints-vdi-windows-defender-advanced-threat-protection.md | 2 +- ...ure-endpoints-windows-defender-advanced-threat-protection.md | 2 +- ...ver-endpoints-windows-defender-advanced-threat-protection.md | 2 +- ...custom-ti-api-windows-defender-advanced-threat-protection.md | 2 +- ...tion-settings-windows-defender-advanced-threat-protection.md | 2 +- ...ble-custom-ti-windows-defender-advanced-threat-protection.md | 2 +- ...-secure-score-windows-defender-advanced-threat-protection.md | 2 +- ...t-error-codes-windows-defender-advanced-threat-protection.md | 2 +- .../exposed-apis-windows-defender-advanced-threat-protection.md | 2 +- ...ne-info-by-ip-windows-defender-advanced-threat-protection.md | 2 +- ...r-information-windows-defender-advanced-threat-protection.md | 2 +- ...elated-alerts-windows-defender-advanced-threat-protection.md | 2 +- ...rt-info-by-id-windows-defender-advanced-threat-protection.md | 2 +- ...ed-actor-info-windows-defender-advanced-threat-protection.md | 2 +- ...d-domain-info-windows-defender-advanced-threat-protection.md | 2 +- ...ed-files-info-windows-defender-advanced-threat-protection.md | 2 +- ...lated-ip-info-windows-defender-advanced-threat-protection.md | 2 +- ...-machine-info-windows-defender-advanced-threat-protection.md | 2 +- ...ted-user-info-windows-defender-advanced-threat-protection.md | 2 +- .../get-alerts-windows-defender-advanced-threat-protection.md | 2 +- ...elated-alerts-windows-defender-advanced-threat-protection.md | 2 +- ...ated-machines-windows-defender-advanced-threat-protection.md | 2 +- ...in-statistics-windows-defender-advanced-threat-protection.md | 2 +- ...e-information-windows-defender-advanced-threat-protection.md | 2 +- ...elated-alerts-windows-defender-advanced-threat-protection.md | 2 +- ...ated-machines-windows-defender-advanced-threat-protection.md | 2 +- ...le-statistics-windows-defender-advanced-threat-protection.md | 2 +- ...ns-collection-windows-defender-advanced-threat-protection.md | 2 +- ...action-object-windows-defender-advanced-threat-protection.md | 2 +- ...ns-collection-windows-defender-advanced-threat-protection.md | 2 +- ...elated-alerts-windows-defender-advanced-threat-protection.md | 2 +- ...ip-statistics-windows-defender-advanced-threat-protection.md | 2 +- ...machine-by-id-windows-defender-advanced-threat-protection.md | 2 +- ...-log-on-users-windows-defender-advanced-threat-protection.md | 2 +- ...elated-alerts-windows-defender-advanced-threat-protection.md | 2 +- ...action-object-windows-defender-advanced-threat-protection.md | 2 +- ...ns-collection-windows-defender-advanced-threat-protection.md | 2 +- .../get-machines-windows-defender-advanced-threat-protection.md | 2 +- ...ckage-sas-uri-windows-defender-advanced-threat-protection.md | 2 +- ...r-information-windows-defender-advanced-threat-protection.md | 2 +- ...elated-alerts-windows-defender-advanced-threat-protection.md | 2 +- ...ated-machines-windows-defender-advanced-threat-protection.md | 2 +- ...tigate-alerts-windows-defender-advanced-threat-protection.md | 2 +- ...tigate-domain-windows-defender-advanced-threat-protection.md | 2 +- ...stigate-files-windows-defender-advanced-threat-protection.md | 2 +- ...s-ip-seen-org-windows-defender-advanced-threat-protection.md | 2 +- ...olate-machine-windows-defender-advanced-threat-protection.md | 2 +- .../licensing-windows-defender-advanced-threat-protection.md | 2 +- ...achine-groups-windows-defender-advanced-threat-protection.md | 2 +- ...manage-alerts-windows-defender-advanced-threat-protection.md | 2 +- ...-blocked-list-windows-defender-advanced-threat-protection.md | 2 +- ...-file-uploads-windows-defender-advanced-threat-protection.md | 2 +- ...er-exclusions-windows-defender-advanced-threat-protection.md | 2 +- ...ression-rules-windows-defender-advanced-threat-protection.md | 2 +- ...-requirements-windows-defender-advanced-threat-protection.md | 2 +- ...oard-machines-windows-defender-advanced-threat-protection.md | 2 +- ...ard-configure-windows-defender-advanced-threat-protection.md | 2 +- ...ard-downlevel-windows-defender-advanced-threat-protection.md | 2 +- ...rtal-overview-windows-defender-advanced-threat-protection.md | 2 +- ...werbi-reports-windows-defender-advanced-threat-protection.md | 2 +- ...-example-code-windows-defender-advanced-threat-protection.md | 2 +- ...erences-setup-windows-defender-advanced-threat-protection.md | 2 +- ...view-settings-windows-defender-advanced-threat-protection.md | 2 +- .../preview-windows-defender-advanced-threat-protection.md | 2 +- ...sing-rest-api-windows-defender-advanced-threat-protection.md | 2 +- ...-example-code-windows-defender-advanced-threat-protection.md | 2 +- .../rbac-windows-defender-advanced-threat-protection.md | 2 +- ...equest-sample-windows-defender-advanced-threat-protection.md | 2 +- ...ode-execution-windows-defender-advanced-threat-protection.md | 2 +- .../run-av-scan-windows-defender-advanced-threat-protection.md | 2 +- ...ore-dashboard-windows-defender-advanced-threat-protection.md | 2 +- ...ons-dashboard-windows-defender-advanced-threat-protection.md | 2 +- ...ervice-status-windows-defender-advanced-threat-protection.md | 2 +- ...arantine-file-windows-defender-advanced-threat-protection.md | 2 +- ...upported-apis-windows-defender-advanced-threat-protection.md | 2 +- ...ator-concepts-windows-defender-advanced-threat-protection.md | 2 +- ...oot-custom-ti-windows-defender-advanced-threat-protection.md | 2 +- ...ot-onboarding-windows-defender-advanced-threat-protection.md | 2 +- .../unblock-file-windows-defender-advanced-threat-protection.md | 2 +- ...olate-machine-windows-defender-advanced-threat-protection.md | 2 +- ...ode-execution-windows-defender-advanced-threat-protection.md | 2 +- ...use-custom-ti-windows-defender-advanced-threat-protection.md | 2 +- .../windows-defender-advanced-threat-protection.md | 2 +- 100 files changed, 100 insertions(+), 100 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md index f12f23cc7e..fe209b5c7c 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 05/08/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md index f553f152fd..9eb8fc3985 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-bestpractices-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md index 30000c1346..01fba58aae 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-reference-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 06/01/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md index c8d4b355cc..29d6f12edb 100644 --- a/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 06/13/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md index 3955ce8269..1f8c54f547 100644 --- a/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-alertsq-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md index 5acb334a86..412cf9f36d 100644 --- a/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/assign-portal-access-windows-defender-advanced-threat-protection.md @@ -24,7 +24,7 @@ ms.date: 04/24/2018 - Office 365 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-assignaccess-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md index b0954a8441..79b671de37 100644 --- a/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/attack-simulations-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 28/02/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-attacksimulations-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md index 0fbf8430f5..37b00edca3 100644 --- a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 05/21/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automated-investigations-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md index 2f0c164f77..f59eac9c00 100644 --- a/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/block-file-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Prevent a file from being executed in the organization using Windows Defender Antivirus. diff --git a/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md index 9e23f63821..a71011d0c3 100644 --- a/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/collect-investigation-package-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Collect investigation package from a machine. diff --git a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md index d55f04fddc..9597d7f1ec 100644 --- a/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/community-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 04/24/2018 **Applies to:** - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + The Windows Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. diff --git a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md index 10e5212a72..06e1884138 100644 --- a/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/conditional-access-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md index a3611df82a..af1abfe02e 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 06/18/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-emailconfig-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md index a93c05a236..d988cd3c1d 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md @@ -25,7 +25,7 @@ ms.date: 04/24/2018 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md index edb65b80d5..50c7560994 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 04/24/2018 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-nonwindows-abovefoldlink) -[!include[Prerelease information](prerelease.md)] + Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products’ sensor data. diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md index a65ad2ad0f..6885a72206 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md @@ -24,7 +24,7 @@ ms.date: 04/24/2018 - Windows Defender Advanced Threat Protection (Windows Defender ATP) - System Center 2012 Configuration Manager or later versions -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md index 884edde275..599dbd0850 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md index 58d6bfd4b4..319b1e364a 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-vdi-windows-defender-advanced-threat-protection.md @@ -18,7 +18,7 @@ ms.date: 04/24/2018 **Applies to:** - Virtual desktop infrastructure (VDI) machines -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configvdi-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md index dab99dbf01..24e276e1eb 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Machines in your organization must be configured so that the Windows Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the machines in your organization. diff --git a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md index bfc0e1cb53..b9c4c8c0ae 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 05/08/2018 - Windows Server, version 1803 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configserver-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md index e06ccda51d..f9ef13c541 100644 --- a/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/custom-ti-api-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md index 06921f27cf..87fa217fce 100644 --- a/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/data-retention-settings-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-gensettings-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md index d9b646f4e0..49fbb00237 100644 --- a/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/enable-custom-ti-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-enablecustomti-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md index 1feb834265..24d7d6f022 100644 --- a/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/enable-secure-score-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Set the baselines for calculating the score of Windows Defender security controls on the Secure Score dashboard. If you use third-party solutions, consider excluding the corresponding controls from the calculations. diff --git a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md index 1d174e789f..37ed5954a5 100644 --- a/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/event-error-codes-windows-defender-advanced-threat-protection.md @@ -25,7 +25,7 @@ ms.date: 05/21/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual machines. diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md index 2eb3a595ec..8fa4ea3bca 100644 --- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 10/23/2017 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md index c654298268..1a77a042ed 100644 --- a/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Find a machine entity around a specific timestamp by FQDN or internal IP. diff --git a/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md index 52ece2cd59..51cce300c7 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-actor-information-windows-defender-advanced-threat-protection.md @@ -20,7 +20,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves an actor information report. diff --git a/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md index bf950ccad7..139e949a5b 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-actor-related-alerts-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves all alerts related to a given actor. diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md index ea7ebc034a..f908c17957 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alert-info-by-id-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves an alert by its ID. diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md index 4936276d33..2494eef313 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-actor-info-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves the actor information related to the specific alert. diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md index 8585e21488..0229f0e811 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-domain-info-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves all domains related to a specific alert. diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md index 5c00116cbb..27c1f45f77 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-files-info-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves all files related to a specific alert. diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md index 1422fd9d29..43c05e4feb 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-ip-info-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves all IPs related to a specific alert. diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md index 1a6856dd1b..ce606758a4 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-machine-info-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves all machines related to a specific alert. diff --git a/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md index 322e415d1e..aaac777152 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alert-related-user-info-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves the user associated to a specific alert. diff --git a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md index f0da636e39..2f07b3a6a8 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-alerts-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves top recent alerts. diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md index c96b12cd50..6b61d695b3 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-domain-related-alerts-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves a collection of alerts related to a given domain address. diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md index 69f702f7c9..eb0546f243 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-domain-related-machines-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves a collection of machines related to a given domain address. diff --git a/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md index 32271f2620..effc002d08 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-domain-statistics-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves the prevalence for the given domain. diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md index b3a3eefa7b..fb162188a6 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-file-information-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves a file by identifier Sha1, Sha256, or MD5. diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md index fae00da926..310df69574 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-file-related-alerts-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves a collection of alerts related to a given file hash. diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md index 1332ba931e..2d0f4a3757 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-file-related-machines-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves a collection of machines related to a given file hash. diff --git a/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md index a642184c9d..9bb28cc2ae 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-file-statistics-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves the prevalence for the given file. diff --git a/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md index 21560e7198..820d847ef0 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-fileactions-collection-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Gets collection of actions done on files. Get FileActions collection API supports OData V4 queries. diff --git a/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md index 6d6d936711..61737167aa 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-filemachineaction-object-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Gets file and machine actions. diff --git a/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md index 013b12118a..8ce0e6f5a0 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-filemachineactions-collection-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Get collection of file and machine actions. Get FileMachineActions collection API supports OData V4 queries. diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md index e390e5f56a..9cbaad6521 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-ip-related-alerts-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves a collection of alerts related to a given IP address. diff --git a/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md index 77c52c4e99..c932fe20d1 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-ip-statistics-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves the prevalence for the given IP. diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md index f9cd74d2b6..520cada5be 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machine-by-id-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves a machine entity by ID. diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md index ebcdf50543..c95684b1af 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machine-log-on-users-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves a collection of logged on users. diff --git a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md index b5b335d796..512f7def8f 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machine-related-alerts-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves a collection of alerts related to a given machine ID. diff --git a/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md index f680ca3c8e..79d478e9ac 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machineaction-object-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Get actions done on a machine. diff --git a/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md index fd36945114..e39f95f2cb 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machineactions-collection-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Gets collection of actions done on machines. Get MachineAction collection API supports OData V4 queries. diff --git a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md index c446711e57..9a4b7ce1a3 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-machines-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves a collection of recently seen machines. diff --git a/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md index def484c73a..514bb8ce9c 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-package-sas-uri-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Get a URI that allows downloading of an investigation package. diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md index 825ff7a13f..a7536e3363 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-user-information-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieve a User entity by key (user name or domain\user). diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md index 7d3c12a300..991f879daf 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-user-related-alerts-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves a collection of alerts related to a given user ID. diff --git a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md index 779624c483..7d80d182b9 100644 --- a/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/get-user-related-machines-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Retrieves a collection of machines related to a given user ID. diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md index c8df547c6b..d7e60bb8a2 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 04/24/2018 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatealerts-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md index cf096a36d3..3843bf6c2d 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-domain-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatedomain-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md index 042216f1a6..9a5c432509 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-files-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-investigatefiles-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md index a203295bcd..d120192d44 100644 --- a/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/is-ip-seen-org-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Answers whether an IP was seen in the organization. diff --git a/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md index 506bb47499..918573d30b 100644 --- a/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/isolate-machine-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Isolates a machine from accessing external network. diff --git a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md index 30c94ffd40..164f8239fa 100644 --- a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 10/16/2017 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-validatelicense-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md index 88190566eb..2da8a22331 100644 --- a/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md @@ -24,7 +24,7 @@ ms.date: 05/08/2018 - Office 365 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + In an enterprise scenario, security operation teams are typically assigned a set of machines. These machines are grouped together based on a set of attributes such as their domains, computer names, or designated tags. diff --git a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md index 34058bc69a..59447454b7 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-managealerts-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md index 27426578b6..69a274897d 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-allowed-blocked-list-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 06/14/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md index 0633161ea8..5845cd42de 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-file-uploads-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationefileuploads-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md index d754d2cc87..dd0e193fd2 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-automation-folder-exclusions-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionfolder-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md index 8662980b04..1289b90189 100644 --- a/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/manage-suppression-rules-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-suppressionrules-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md index f42a764acb..1786bc10ef 100644 --- a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 06/15/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + There are some minimum requirements for onboarding machines to the service. diff --git a/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md index 5083d2feae..87ced54f2c 100644 --- a/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/offboard-machines-windows-defender-advanced-threat-protection.md @@ -27,7 +27,7 @@ ms.date: 04/24/2018 - Windows Server 2016 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-offboardmachines-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md index 5f43d024b3..5e8f1988cd 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md @@ -31,7 +31,7 @@ ms.date: 06/19/2018 - Linux - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md index 940c705412..a3469ae9f7 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 06/18/2018 - Windows 8.1 Enterprise - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Windows Defender ATP extends support to include down-level operating systems, providing advanced attack detection and investigation capabilities on supported Windows versions. diff --git a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md index d8e518f47c..a059ea2ff3 100644 --- a/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/portal-overview-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-portaloverview-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md index 136ce2f153..abbe688cd9 100644 --- a/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/powerbi-reports-windows-defender-advanced-threat-protection.md @@ -21,7 +21,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-powerbireports-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md index f08533a767..2fc91b974b 100644 --- a/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/powershell-example-code-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + This article provides PowerShell code examples for using the custom threat intelligence API. diff --git a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md index 72dd86675c..f7afb9c490 100644 --- a/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preferences-setup-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-prefsettings-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md index 1e36317ed3..b0d171b47e 100644 --- a/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-previewsettings-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md index e7b6d69d7a..8aa675ea8a 100644 --- a/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 06/21/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + The Windows Defender ATP service is constantly being updated to include new feature enhancements and capabilities. diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md index 441d1895d8..683138cb8a 100644 --- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-pullalerts-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md index 58abb6bddc..67a2cf6f0b 100644 --- a/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/python-example-code-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + ## Before you begin You must [install](http://docs.python-requests.org/en/master/user/install/#install) the "[requests](http://docs.python-requests.org/en/master/)" python library. diff --git a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md index 4599627b02..e6b27c5f03 100644 --- a/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/rbac-windows-defender-advanced-threat-protection.md @@ -24,7 +24,7 @@ ms.date: 05/08/2018 - Office 365 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-rbac-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md index 2a6bf80ab0..85e0d2053b 100644 --- a/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/request-sample-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Request sample of a file from a specific machine. File will be collected from the machine and uploaded to a secure storage. diff --git a/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md index d6e18c2022..ef5cdbf26d 100644 --- a/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/restrict-code-execution-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Restrict execution of set of predefined applications. diff --git a/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md index 28e6945c58..22acf4709c 100644 --- a/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/run-av-scan-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Initiate Windows Defender Antivirus scan on the machine. diff --git a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md index 8fce3d5f13..df4c2834c9 100644 --- a/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/secure-score-dashboard-windows-defender-advanced-threat-protection.md @@ -22,7 +22,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md index 9414dd6e89..d12551bf1e 100644 --- a/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/security-operations-dashboard-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md index 488f25d704..7e2b448949 100644 --- a/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/service-status-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-servicestatus-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md index 44ac36d4ef..91b69510da 100644 --- a/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/stop-quarantine-file-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Stop execution of a file on a machine and ensure it’s not executed again on that machine. diff --git a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md index 9fa8d8f13a..d278d8704c 100644 --- a/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/supported-apis-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-supportedapis-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md index 160df53514..f4d9c74cb0 100644 --- a/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/threat-indicator-concepts-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-threatindicator-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md index b020424608..038b12ad81 100644 --- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 02/26/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + You might need to troubleshoot issues while using the custom threat intelligence feature. diff --git a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 53bbce16ae..c40fd6b347 100644 --- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -25,7 +25,7 @@ ms.date: 04/24/2018 - Windows Server 2012 R2 - Windows Server 2016 -[!include[Prerelease information](prerelease.md)] + You might need to troubleshoot the Windows Defender ATP onboarding process if you encounter issues. This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the machines. diff --git a/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md index a007aefd5d..ea8ff67abf 100644 --- a/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/unblock-file-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Allow a file to be executed in the organization, using Windows Defender Antivirus. diff --git a/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md index e45662c5cd..99073f445e 100644 --- a/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/unisolate-machine-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Undo isolation of a machine. diff --git a/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md index 67c98f2595..a7c2aba602 100644 --- a/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/unrestrict-code-execution-windows-defender-advanced-threat-protection.md @@ -19,7 +19,7 @@ ms.date: 12/08/2017 - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + Unrestrict execution of set of predefined applications. diff --git a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md index fca8e3f3ee..4c13c3af6e 100644 --- a/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/use-custom-ti-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-customti-abovefoldlink) diff --git a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md index 10373e6ddc..080962fba8 100644 --- a/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ ms.date: 04/24/2018 - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -[!include[Prerelease information](prerelease.md)] + >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-main-abovefoldlink) > From cc2210e251832bc1d55505a4eb89d2d2e88c87d4 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 21 Jun 2018 17:49:30 +0000 Subject: [PATCH 271/319] Updated onboard-downlevel-windows-defender-advanced-threat-protection.md --- ...ard-downlevel-windows-defender-advanced-threat-protection.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md index a3469ae9f7..5118827931 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection.md @@ -23,7 +23,9 @@ ms.date: 06/18/2018 - Windows 8.1 Enterprise - Windows Defender Advanced Threat Protection (Windows Defender ATP) +[!include[Prerelease information](prerelease.md)] +>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-downlevel-abovefoldlink) Windows Defender ATP extends support to include down-level operating systems, providing advanced attack detection and investigation capabilities on supported Windows versions. From b8d24a54ce9282f7869427a2dcf3f3ec3faaf6fe Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 21 Jun 2018 11:06:45 -0700 Subject: [PATCH 272/319] added section --- ...er-application-control-with-managed-installer.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md index badaf77f39..9b337c85e7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md @@ -112,7 +112,7 @@ For example: ### Enable the managed installer option in WDAC policy -In order to enable trust for the binaries laid down by managed installers, the Allow: Managed Installer option must be specified in your WDAC policy. +In order to enable trust for the binaries laid down by managed installers, the Enabled: Managed Installer option must be specified in your WDAC policy. This can be done by using the [Set-RuleOption cmdlet](https://docs.microsoft.com/powershell/module/configci/set-ruleoption). An example of the managed installer option being set in policy is shown below. @@ -135,6 +135,17 @@ An example of the managed installer option being set in policy is shown below. ``` +## Set the AppLocker filter driver to autostart + +To enable the managed installer, you need to set the AppLocker filter driver to autostart and start it. +Run the following command as an Administrator: + +```code +appidtel.exe start [-mionly] +``` + +Specify `-mionly` if you will not use the Intelligent Security Graph (ISG). + ## Security considerations with managed installer From d07c151572daa8cb9414914d5b95ab1ae1633a68 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 21 Jun 2018 18:18:02 +0000 Subject: [PATCH 273/319] Merged PR 9266: Add step for taskbar layout xml --- windows/configuration/configure-windows-10-taskbar.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/configuration/configure-windows-10-taskbar.md b/windows/configuration/configure-windows-10-taskbar.md index e3a453d899..187e4b4a0f 100644 --- a/windows/configuration/configure-windows-10-taskbar.md +++ b/windows/configuration/configure-windows-10-taskbar.md @@ -40,6 +40,7 @@ The following example shows how apps will be pinned: Windows default apps to the * If you are also [customizing the Start layout](customize-and-export-start-layout.md), use `Export-StartLayout` to create the XML, and then add the `` section from [the following sample](#sample-taskbar-configuration-added-to-start-layout-xml-file) to the file. * If you are only configuring the taskbar, use [the following sample](#sample-taskbar-configuration-xml-file) to create a layout modification XML file. 2. Edit and save the XML file. You can use [AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867) or Desktop Application Link Path to identify the apps to pin to the taskbar. + * Add `xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"` to the first line of the file, before the closing \>. * Use `` and [AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867) to pin Universal Windows Platform apps. * Use `` and Desktop Application Link Path to pin desktop applications. 3. Apply the layout modification XML file to devices using [Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) or a [provisioning package created in Windows Imaging and Configuration Designer (Windows ICD)](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md). From 94c1a4e3f9de8feca072012d012c12785a4db026 Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Thu, 21 Jun 2018 13:08:29 -0700 Subject: [PATCH 274/319] Update find-machine-info-by-ip-windows-defender-advanced-threat-protection.md --- ...nfo-by-ip-windows-defender-advanced-threat-protection.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md index c654298268..be4033a452 100644 --- a/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md @@ -1,6 +1,6 @@ --- -title: Find machine information by interal IP API -description: Use this API to create calls related to finding a machine entry around a specific timestamp by FQDN or interal IP. +title: Find machine information by internal IP API +description: Use this API to create calls related to finding a machine entry around a specific timestamp by FQDN or internal IP. keywords: apis, graph api, supported apis, find machine, machine information, IP search.product: eADQiWindows 10XVcnh ms.prod: w10 @@ -13,7 +13,7 @@ ms.localizationpriority: high ms.date: 12/08/2017 --- -# Find machine information by interal IP API +# Find machine information by internal IP API **Applies to:** From ffbe2c1236cc7bc3a33096a651d4c5e680421740 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 21 Jun 2018 14:09:54 -0700 Subject: [PATCH 275/319] update applies to --- ...windows-defender-advanced-threat-protection.md | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md index 5e8f1988cd..71d58a6de5 100644 --- a/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md @@ -16,26 +16,13 @@ ms.date: 06/19/2018 # Onboard machines to the Windows Defender ATP service **Applies to:** - -- Windows 7 SP1 Enterprise -- Windows 7 SP1 Pro -- Windows 8.1 Enterprise -- Windows 8.1 Pro -- Windows 10 Enterprise -- Windows 10 Education -- Windows 10 Pro -- Windows 10 Pro Education -- Windows Server 2012 R2 -- Windows Server 2016 -- macOS -- Linux - Windows Defender Advanced Threat Protection (Windows Defender ATP) >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink) -You need to onboard to Windows Defender ATP before you can use the service. +You need to onboard machines to Windows Defender ATP before you can use the service. For more information, see [Onboard your Windows 10 machines to Windows Defender ATP](https://www.youtube.com/watch?v=JT7VGYfeRlA&feature=youtu.be). From 3234d89060d54896365f5c7380a98dcfa139aed2 Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Thu, 21 Jun 2018 21:11:25 +0000 Subject: [PATCH 276/319] Updated educator-tib-get-started.md --- education/trial-in-a-box/educator-tib-get-started.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md index 588d7d6d1d..61e5c7b2b3 100644 --- a/education/trial-in-a-box/educator-tib-get-started.md +++ b/education/trial-in-a-box/educator-tib-get-started.md @@ -270,7 +270,8 @@ Today, we'll explore a Minecraft world through the eyes of a student. The **Math Assistant** and **Ink Replay** features available in the OneNote app for Windows 10 and OneNote Online give your students step-by-step instructions on how to solve their math problems and help them visualize math functions on an interactive 2D graph. -**Solve 3x+4=7 in OneNote!** +**Let's solve 3x+4=7 in OneNote using the pen!** +To get started: 1. Open the OneNote app for Windows 10 (not OneNote 2016). 2. Click **Add Page** to launch a blank work space. From d4dcbf438d590c86534263b15f5a150ac6166c82 Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Thu, 21 Jun 2018 21:11:50 +0000 Subject: [PATCH 277/319] Added OneNote_logo.png --- education/trial-in-a-box/images/OneNote_logo.png | Bin 0 -> 2809 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 education/trial-in-a-box/images/OneNote_logo.png diff --git a/education/trial-in-a-box/images/OneNote_logo.png b/education/trial-in-a-box/images/OneNote_logo.png new file mode 100644 index 0000000000000000000000000000000000000000..9adca44e69376ab7faa5c508dacde3be24e203cf GIT binary patch literal 2809 zcmVPx#1ZP1_K>z@;j|==^1poj532;bRa{vGi!vFvd!vV){sAK>D3XVxcK~z{r#hJa1 zCDj#$J2p1N&Yc;|WCr8hZvhX$16U?>&g2LYI&nbe3@j5`vc!ZAMhFo(f{`Gxgfx7o zzdft=-F0tIcQsNUEzazpwg0M4)xEd5`sEvMzxL>lue|=&t8c!8{Hx#nfgPYCUquIy zRP`aOXp}$y`tJkSS2X_s^yh7%nrU-`zy0aI-AzwdWab~EyPMEo{Py=-Z5=LD>@#_X z_LZD}*a38a>b~5x5FJ?+z^=@~Npv8u>ow{D+}O)kjlNjsSUHDpizBtZFc56}OwKJ% z-vDvAS3TV9ATubO+;e0rDM!EpS}AX zdrnLi-jLV%8Z{*mHX`-HbV#sH$3Aku^cq&zmb!!`5==zq+0f){rza$Y@U#SR)d4^s zSMMxf63kvtI2eqxFou0KX=$uaKB)WV>Hz|p%~z9#75&BPmj6FnDl}WGO9CYA_bgQU zg1M^sPpYwVruShVz4IT`lWHSOC|`%vLX}C)YSJ5^Z|p8)AajKg?LFuu*RY^Mw#>3|06a3Qe|##zW@zv8ho0lMQNpkhbxdC`)X6{chudm@3& zD+_5WOi36oy9acRa(%u+>TGvYr~*`DkhKGZ$kJkAN7c@5wv*R_f|toKNvHxZs$|O> zo+Oe(1E?{Ax|-1=o6FG=*az#t4gMmg^ z@cDbs{`b#1?X2P5!-S5J!rSY?Q;eE`N_=6RB_tMjG0p5eV0*7v3?!g(Tv(y)$y&&n zv4C>bLjhJDDTbVPi1t7u%Xbj4QueK$I&kWd0^!MD)~;&A z>@Y0mJPM#b*{K&3Dn{A98Z?SlfpfxYH4dl(9dXV-{DBS=Or7kj6LoR7A6 zPkwTChbaV+k>ywwK{Cc+Q4aD7UFXH;!vNC(9 z$O%EfyUvSjb+Z61T{V~S>|M|sIZ$Oc^QzaaVm!8o;W6x)!Ft{Ud|-qfMiL@enCnsJ zlRYhru)|2DoI6n0lga=$`v?|yugkgs|w>{gY{=ju0~R_e1Wc`t#S zWFxKD&tbOb0fimNuB?~Wo^$E*&k|Kn6Ovs3*_Gq+y2LRYIEIs0b*tyu6|yV(@=D&p zkA+mufMAtX&oQlp0D63v{l28k>T+L(0MnA+K`p$U7flQ*y9fKXw0*q}jr|r{EcwZd zu+EE>fbJfjVC37(*Xx-xQ?eshJ&Nl9vW-tLkH>B1W5r@NOZpU2W&3>k{+XlKQ8$!=Q5NdE1-sN?SOksU5}R+qEn2y2kg%%bierj(T3 zdE|qW$FIvqn#IC>mz;F5#KplbFGEZfs(Byvuk*=@@JExIHNy$GqHJt~5-;kshf9$M`24q&&a zQC$E=S)#ry0T{i8jId)Dz4hL!AdiAksBjWuAvqWocp|#jK#f8gb~$J5Isdv4=Cjv* zvE(JnE^ryxvn$Bdi-nR{+>K)I9KDjU04%!X09}%WUIbi`ReSz=_CksZBRyd;yK`Dk zjzXe9F1g0eQOGd5!Z)o(b~sp6<(o}Ad(?rn2ewxWRMQ!ZFImP%_Jf1QI_Oz=3ACJy zr=kx5w|1}e$o}B4H$bc2e8ZkBlz*kyPcNA^46@uM&Js`})E=X_iJ;pEBLMeFyJrx&?w-~@ zTNq$uuQrda+a%%F-1v>vVYl{%z+kEh9qUJ5w;I!_$Rm5TaCF@%$=Nw`>G!*UK>ys; zD_mR(@k+UI$=oCD*)4nSA#g|!@b>os1u@todlkQ4G5+;8|4?wk zpXKhU?(bedgtkqSIeqpop`N||u;$}I7Z};C?drx4-~5*{v;ACmFG7dyiQEZWRnUlV z@`FeQ@YVxKBfBMC!lL*VfK38tNavX| z&DZ~U8yA2xsYUO|Zpp*z_DQ6j{aB|x8WXlEv_xLd-b*JO*{ywe-7?93s(`M*Z6;jL z9==d9?WY~td7S)t`t6t1%AMB8b^ta;pZ?lbwc(+jyg7A*6#K}2GkDQ`{@yd@=aZc~ zuwR3J0BO}3Y*h=L_i^f5izYt?oJ}6!3XSX!4tvfF5gamJ)cQ)TJ3<&*M)n5>Ed`F` zp8mNdTIzq%vWp%d6^!f;4tfLW+$NniJuB3B982}?PCP($Y*mMkQ8|cLmuhGxVOLOw z6C;qBD62p~me##m@|s~6xayDacAynGs(T+kMiXfd-)tcRpJ%=MkibCqaB{{}b?G%5 zUh-=k2?2!qQkLw>`eN6mr6 Date: Thu, 21 Jun 2018 21:20:40 +0000 Subject: [PATCH 278/319] Updated educator-tib-get-started.md --- education/trial-in-a-box/educator-tib-get-started.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md index 61e5c7b2b3..d9cacc3536 100644 --- a/education/trial-in-a-box/educator-tib-get-started.md +++ b/education/trial-in-a-box/educator-tib-get-started.md @@ -274,21 +274,21 @@ The **Math Assistant** and **Ink Replay** features available in the OneNote app To get started: 1. Open the OneNote app for Windows 10 (not OneNote 2016). + ![OneNote icon](images/OneNote_logo.png) + 2. Click **Add Page** to launch a blank work space. ![Select add page button](images/plus-page.png) 3. Write the equation 3x+4=7 in ink or type it as text. -4. If you wrote the equation using digital ink, use the **Lasso** tool to circle the equation. If you typed the equation, highlight it using your cursor. - - ![Lasso tool button](images/lasso.png) +4. Make sure your pen is paired to the device. To pair, see Connect to Bluetooth devices. 5. On the Draw tab, click the **Math** button. ![Math button](images/math-button.png) -To solve 3x+4=7: +To solve the equation 3x+4=7, follow these instructions: 1. From the drop-down menu in the **Math** pane, select the option to **Solve for x**. You can now see the final solution of the equation. ![Solve for x menu](images/solve-for-x.png) From 85bdf0bd0fb4437e2343b1145393e21d042cf420 Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Thu, 21 Jun 2018 21:20:49 +0000 Subject: [PATCH 279/319] Added left_arrow.png --- education/trial-in-a-box/images/left_arrow.png | Bin 0 -> 11433 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 education/trial-in-a-box/images/left_arrow.png diff --git a/education/trial-in-a-box/images/left_arrow.png b/education/trial-in-a-box/images/left_arrow.png new file mode 100644 index 0000000000000000000000000000000000000000..5521199254e4e88ef823e48af0dd1a14ba2b07df GIT binary patch literal 11433 zcma)iWk6I>w>BlA(kN0x4V}{6HKZUlQqmwWbR$Rz(lB&OI3Us>-AGAEgF~lumoV@h z-}m0%-~BPnVVyna?7i1o&-3iPSL7>AW&FpKkI~T3@F6M+I%sINFPY+&vN zvxnKDby96b05+We{@&Bg(i-jJA$0G5o5?#nIa$Lz&@P8lI{+K@zh=7j9*)*%C5IC% zXlQh35CvIXpX`H0Zy)37oa2)tr`O=vW@|`&6chQNP#-?kC)Y={;9w%Uw>5*z=<;%u zctka~hiC0zD#O$&DjnSUummMxA9g@_n+xl& z{B$TTOQawpre8N^)rbEmJ80wu12HC&tm}_DKcmnRS<1%-t(BGELfwnlQOu_fSgXb? z6&U?h8WHC&AwIf#ScUlv!C#S9WK8Q2eb@cfB|2c_!MG|cD|0Z@9Ns#|A>y|D5V{|q zK7fH)`tgW30hpSwMmh{Q9c~B_`TtB+$p1{$i~A2#W~$6nUoDN|(&^Z6LtNr0mp*`H zi~8wmMKZ=vw@)Wd@2V-?{>^uj^)p;u&-8-Tb2sEsgCPT1WG-Z?Pq&P%K8E8}7fLgeq{X)%&*|ldsPP^D;+E zTZGP*3RCQ)tT*%nQ)S>_7fqd<&kt8|>vTUA0{G$%4m*kcIq@0$rS7j&z;V>e-O6hs zhnWs=PS=`6a`9ZINR?mZl{;FqN*ni5EtV>%F4k|XAB}R2I_J*#4R25yFy2%4fu94& zF4_!SCB`JIRC7y(vehNHmXaIhukixMeA`P zzVYAkoncfrxPV^r(%%{07iZw$b75=Lc(@eJmMcifpSeO_Vg5ElXvr#NFG!F)NM@bK z%t#Gv_qn7ePyOAF5F`Tx=Wnf>z05g>iI~pUhjOYJqmKC5ZgdGCJGpbBRQMVDL1#oq z(x!_38VN3G!MjPlBhzeQEuN_XL458HUy}_Ek%RRqp4XFgU1K{FP4}y!8|o_7(>Ynt z>l{9}p@|aHS=H&^&#fK?-c+sb2T1YPZ@&_J?NU}5XKdguo<_BzGU@mq_T0HnPe_J6eKnw$n=eGiR>9PB>|1`9qEDKG5D)t zc&zo@973M1zdzlcLWBehS!kCTBi$2S)~EbS!X(w4^zfz6jk361`HrHVRRDTy^(24e zH3DxK<%Xx$ZuT#kLf7ldx=q9~#}*@OrsOWzuXO~6KPlFYQ44HsKe1y4WvIjlQ+z)z z_Fs6f@NhNvrO?m1l?}y(hbNaK7RA1L-$axQ7-;ma;Q2JC)wDds}BzNN?F5hx%)g3cI7h# zPoArOzVot5ohm4^_+c*PmprrI99XnR+;JO~fK%ks&{Z;lCM+$UmyP$e?0Qsb=Amgf z`>_&jny_MFZBx7xkKVW`GJ0Laiu?;7YI1#m6PM_K|CJ;kzW?vJ6IFbEDWedO(0tt~ zCRu!U**CQek1oSqX*=u1*UuC}u|=8ehZ}2>>!_s>=73|)s|It0zkM}cj&b@;rVb1( zg~?9p*^v7FOLUHRNhTyKH7&)z8Vi%Q+DwcCCb6va3fhy;N}rk!4ia73R~ zP)GB8UKJq_H!Ul^L<#BUg%H=P44(4sgspOE<#*@{i7sOc_TKbdP%V{prq^cxfYaf-J%Yqv+M`V7W z1CEySlFUpa8Ta2^pBdCD8os#LAiL_;DXr$_N;vT1;cH(}f&D*Ls64_1qtw0_hbWcN zQ;c7eBwMHs-O1^>{so>izIOp1@PkSj=AQSuQtQ;TaklxhYxuX!q1-UxoaRcL+-;V8 zizDXs<)ytz$s#6(H4MauFX!$&@U7KOS=;HNFGJhV=E5~}5NT(X+~7G%Yvj*20v$j1 zsrp~O3t&IGM_@2I_C^8Wr^zqzg>t7Pq^W2t3o1?eKV>GHN<`JDo%!yO-|~9wHRfj5nyYk3sx=Hs^W^ZL?k#Gf zbbJmkH5{*pg5AYl_$CRG3Fzp=-QTgdf3W>^CIMkT@NARt8rrLyy+{y$8M-t>R4yp# z_y#&?0D=zxneYHB7Pva&@JLrBMm12ql6VYXf7NzFByK7?@cqhoICJ@+sP^S2p3f(v zmMvd>8WMRP-00aTq||%1KGIg&u9vFvoxTQKTeF&hnmV-G{Cm4ik0kNJSo8!9O*u{U zT{rDluzAc}jk~j|zk`v~TPNvd%ME@k^!ZzlALftGY?eFrk0UuJ5iO$X`r40`ejrW{ zA6%UIwSaimxHSL>8Y8z( zMO!x~U+e)~nE!H9N3+kgUxQPBgKzJ&1se3~&LdvW-{@dc<&|ibe82*5{kzfc9fx?g`{|F4Q0>rlk@WDM zYpvJ1fNIk_oa?MA6x~ z6VTCZeXzd?6&p|?E5Gdo|DU1jN+sj_C3hdi^ z^QT+k>80+xJ6P9R4hVJ8N)~^(^i@hjnD0LKME<_+ajHB^J8JFq&P8#u?U+ggK7*uw z3V+(}aa5cx!jiXmG;`8Y+17XDY%)?{gg9v_FaoOs`^WA1oarw9W~?2C4WGf z2vwAAI6Sn4&FAH!v9{iBc-@~L2&$VJch(I>kN0dHA2evGz_Ix{pJIqgE!~ivJ0AQlG;z& zP-Z(+D>#?hV|$pZ@PKjUHRz&xwXnj!iBbjx|f`o152eAd{L_4cq~(^0OsqZmfMaE2D}oZMfU&jntpj z5T4Y8%)NeGqkkF`fJ44$ct)TGy)&vb#3ephOuhV){=LCSan;tgzx~qe$nait;~$6h zYLC5aV@hK<7z{1288R1=XvxzUGw8c_^6`?!nGx>IEgoRUS#n0WnUJOh1u@@z$x!(F zlylO2ZK2xuGKWIIz~fa5ikFXF1m@terN^Y6%^&^=_R6ixPSqy9kM`K5H-|sbiq|pg zNoC%rqJi{g4R8Mhjc@E3B0PE7YXXdIuBgwM!AkJ#(p;T|QB_hcen4ofmP~Fz?FkwZ@wUF^JKM(kX zB!DPZV-6ZqPEOJlo3=)PdIbTJnuN06)1|Q{4HE6fW|ppO`<@m7bHCSn#0vkBYd{H6 zy?Q0agELw4LXs^du2~8g%+E3&GRy=MxSVQz8bBvi1v6DNS@M2r`F>WEULL3YJoh6%U~+bdq|fb+vJoF|Dq?zIqzYNhNsa`t0$wF6W}s ziOTh4E09dPi97G`Efh2^+o4(q^*y0mf)FroV*^&(O)-E2ugj}GGOfxh{ro~$EIoV8z}lxKo!X- zi)ds1!~${M-W>=H9jlg(CyT?(P-H`^)4w2KPhIf(JnKaK^U#$OLh{6!YkRFS1#XlJ z5;sK$^yydRzE5@T*rGHhB&3GPSB0eY&RM+aKL5!JX`YDpmBQMAz95rWbK&*B!|F97psfz-M4hN<4S)5V#COZP?6u=f(h>@BsbCd!)!GTpbG)$u)kTLM3}uE094X-|FY>1@s5g>UjO>uHv&|7Wosi5mx;-) zR>NaLG|iOqK5e_7uf)>Qn`6sVjZb4E6+)Ty_TD6l=(Mf=L76LX{$seHyMvEYF#ByD zv-j~!J;YJlHtvgK+%mh;72jrPm5%r+goU%T*I)0z@Lo53jr~31l*}{2@=fHCb4}mx z<)a_CSw5syLj*G8;NK3R0R8rVG-I>ATcCDh`C<{qRbNrkMgGeI`dK*%e2lGo**fvV zfp9z=Z6-Zy;=n6i@AGd{T=Sb6Fjv!T+5K zdHi&J0YM*R+mCLRsk9et3NpIn9?CQ6BoA~&Cm^7@H{L{u<;lwqx>7r4%W}nA24QFI z7obHMm@gyo)mz_k!k1A-@f-OtTPikapz79!#n}n-ugqo*B~A9h3@N!qv8G;%4`HFP zVPTjG49!%yW5JcSpVvC`QH!m958S3r-YjN8=EQ12BGV&v$O+97wf?lNd|z+!)Xnqa z#pW|5V4*M(q5g!T(NH8V6eOh0#pJ4HEei8%1-ZShr$M%9H}8)QCI_-d;0IL{6jmHH zw){n}-*j2hvy8;n$ZhqM6f{CsRRMaZ&(!RUtuFAFJfM|0@4P79(`W;^MGQ%``@J{< z$Y5U7*`q`6`UZ|JLhS~%tHtF*+rICLoJ|gVk0$wVR&t(;QOTEN2HfG7VIj;XXF*JC zJ@Tk}f`T^K%t5F7dvyHiZLfHke?{upy_Hy6fF+5i5poCim>AzK%-<7X{4%_CaA)7I z3B7F$%r+$MD4cK0LUxJsr6)yF;_pZA#+!^APJbWn8iwk7Ej`9|ot_V`r@vCA-&)Ku zlX6q`6!}{E+$-+^i<;NmTwu15p)L&^=-IM(#+BCQM%>V+M@6JsEGeF6RXE^vVOG2YIhQV!fQH=@;nMof1mHYVW>p$CK=ff%irB z@rAVp;@is~fJ4<=Y7*@8xITXuQz=qrnXm*Kzk=&U0vg{3ll^NUifnke=x!pQ&kWwP zG@I#jlY20SkQ8ycPJg%*2tP)YBoEVkq^MRIIy=koAH`W%f2|Mx``dH3!P8})5JBV^ zeY*BAk1cZ%-t)&i%eO&&1I1Emzl1y(U4*=?VV=~ZE%1})*i74G93*iF>L5nCB(##m z3BDQ|MHQFuo- zE9saBImei(ynLuaC?6GWwVr!l=i{s5oI4Jv36F-y)$nszq~Z9ALf&`$+6{* z8rw#zx{pW6LNv-q&kC!YaQNSuBU#!Tk*T2+-(4MXkgf@WkyM9y%5QZ^z8ymQpFGs( zcCt#t8EUWhCL7n{pbFjL;)FjaeGa;m;ns%f{bf9xB8Tpa*VZ-1TVFkBch?uC_sxf% z-~ellRgna7ddyx%mW`a^wZ!;g3)&J)gi61LDhL;=hQU0GfRsFLtEL6qvnra%Z);S)I8>7H_GFf$W9&8)t1y{#~O=x2Xy zV^bZ_i?Q3_eSEF4hwJ%=H5cpm5L}#TbtdJB1)*r1`~ku%_o3^#kQDSlGw_1#1wDtC zrOSD{fdrqC!L*J5OO|!~up*(6htTmRC8-w}QOu-{v9C`2NH^2Av}>zlGh@pScX5;x_2wmctiAW$ zhupu% zsk}L!?|YVb69Us4*7o~)?)l`P>pG1)J2x>InWI0CoGlJ4PqdX-r}AsBDKju$t)CkP(PiXf8gN-r?XIUM_L{*!fTCQwNTW-g07W z8B$1N!9t;yJ z6gW6k&4yH?EMJI{V!$rKg7?+>%dKbM%&T4H^R|C@E*_C{f1_lH_%b<3jVP2Nd-4ha zBYm-HscVlmyRrioX#EQ0cFqer2p*@qFl;xe)Irn4G0B@vfle`7VH$h<<3u(G_mNa!T4@+ zny8>QpD^C6t6mmve*QxM*ph*%wHUqs;ReJ-H#Fni^G_X(3(F?Kw#lD)LKT;yU+=1o zF2ox+V^fxwf81(;6jCF+WqepMNaB#-t822D668D4X0<_AnQ1G5JR?E+)Pt?Y_h+CE zN-FAlt_BN_GLDLl)`YFsFAKIl&&G{t?ebe3F%6O|f$=5RQYjN%mgUdb22fC7wcmp7 zjN7ss&OnF0(g<}X0HQ?JD~aGdVds#ggG9V3{`~^3(OftUm2~QDM^gHI$4dr%$6>8h zrj7eDMeot1SWx}1fT*nSfZ=&-1y0T$C4FlNytxspu=4d%Zf*PCMiDx6i(dC&Um8MhnYbmgO-#h#QB%AM+>E zjQu~kXhuFY_Lm4Nx)V;^yXhki^_>#Xz<7#D*hkJd=T(vGF5sK>k|Sm9&Bi~M)VUsy zaR5RFlm)Pg6kj->lK6+HAqU!CZBr|zSR@bO+qi=xuxPAX{!LBZcJmA&{a;dtN7P6P zvR9htzYmvp``a!fnd`*rdqR(an{sx1kllm1=3JUPCsy$>38Wl8RXSt!Zz zhTJ#9mE-bAt=B-_F_*Ii=Ox9B$yeUrLAQalm#C)^t3yY7gsL>(Wpf*?CEYuWRVOPn zy{YZNkAQ;*tkt@w&TD}|mnKG@3FL=MAv}6iq9e}#ZZJ~ZXIPEOOfHh%LV;5wkt?uD zR6KB0!aEW9e>y?=-@~Te>gms8o;FibENOqFxm@o`QN^7cSoDR+OCR}5#WXw~0zI^1osaaW%I!Aj13cF0^(s*1~XBA9%#oqb(c|vZkl&&*l3|$Q;=~L_zzqXQ6*5z{uKqSu2 zJofhXDsb>+G0|0c>yW0NUQ|?+0(p$fo67^FvcCTFjEsz)Ha0vS%2*w3?UxH#^tio-X1_lEk8AbGbhsLuDWbCW+jOzO1%_ z_6ca@2Ao1bL3d-<0a8H2YR;s$yr0Zp#L!CT2Hm7R$U`7(<8~g6!Z%^?q$Ft5sc7J3 z?SsY18q9g9}Q0+Dr+kMLHku#-5Oo#cW<8kKPW#nZkNjSC{VM6=ps8 z`1zsjclusOOM|=9-v)<<*451Z@|BkI*-wC@qWgQDcrmVSA7h73O;1nE%v|ORKZ1jS z$+3U;uDhlzsXjy+@82n-NFkYG*WSh2iO)-oq_s5*z}YU;5to-TbDDqg#o& zP|=bgkB58I)YMc!SyE@c6VP)Jk3YXCkT$X}AYe#Tjx+G;sVQAp%R!cLz)7*i;8WAe z_^7D&=NA`D#*0J2Md7Kb&%qFj-*xtYpI_qaTSg(BJ1Q#Tw)28=`$7IOc@KBncc*C` zRu{X|9v&Xqmky2#jfu2(D>(a$E#x0kI1Fk6Zrp(IA@v`9f3?_O7%%m=8bim(hzjuD z!!RbHL;|k~KI8mqPXzS)yJ@!DeS=EVkC37bHu%?oR_5lj|_~BX*G@!X|2@^9aaXRIL4$OBobA^T3aQa_Rx_%t~T$%z6+F2 zGjP}xOode*XA2t8F|{T8B9z}j9q)5^-HplM849~>mB0h80M&K?e^}tH9=@(2|YFP zKcx6m54Wc1SdOnyo^NpGsdplcRA6OgwK`erEh(i`W78x9kmd2mKZl0}RW6hn8Bmtt zSEQO+3y+GnbN%C%@3w>kw)pc_cfVC4>gvc`wuN+cbptjiZI!Q9xlNjrzo?~wu5RO7 z7G&v&Rz}5-?goNbvPJi1E4LGsL6Lg(m$#^X&sz^q&y#Ovs3;n7FJ8a%KXcSCR`*|| zqj5k;#J%=cddbb+o^6fzNPtdHPp{L0ZVZ0@{JFEYr&jV3*uda@np9fK-rUl{%Eo5C zKUa+v+O@h=7xv5m-F~_Ky~O?Xy0PzO%0l4nK`1w8Cc<^ecN^a?P=p$hpHH7UsAFiT z^5)HNh*?KlTMm#ceQ`8uIyyT0C&AW)1T9Z?xb3r!4>0N@e#y#IE+kYB4w|OqOGbG|dAP`Qo_U!I% zxx@BbSaoYJlmr*c=WIlHuG#a+N^WRQPEJXws;{r;^4}TnbV+}&?njI-N;H>;fWX4V z!r0i}W>J?@YK{8#q3+!@J4P_tP#TZ)=8BDm27bK6DK0)f{y>eon%a}s2=&#hK+L~fKfEESZO$GV6N@6XrX{GIIpIV4Kn9rwHl zmxV$pD%=0E0|6TW^81u`e_mXKK%CM(oY2~O+2R&&o(}PB10Ng_djkjz1}kGSf9ChPYSiz zVHiM5Y6+hNU{YF5kJ$2Pfw1G@*=|`zaRbxk;pOFa)OK|Wj3)f{u*Lb+6T1(bLw1>7 z#zPKAOKn!x)~*2jBqS&Qz@ZK33?-EMWDQ*a5*CONAb+N(r^%i_KkdXMB*Mi~(bU8i zv2Ma&-51G;&ak7%F+teF^YUn^_8Xic>g$CFXxK*a;~hAaE@GaE37^*$^T_C*$ocOel3t=j(f;o-OjyoP^2> zYO|+*<;U;3rZ6!%Nm}#KIDS)vfHvS5-MRGyn~RGJ z2s2MlPsg3}N$X7JM~@z1VFb&@o4E}#NnFlZRx{1v_s|Ior^Up?#NT&etx_{VboLn} ziR@I>)NUry+K028+hzUz#X<2A6&0FZ2fr1e&>I)np)$h|pN2*(YBpQ~41uK2ERO5y z#p>NkO*QmbezAHg=arX=+SqNW1*~|&u3ALl$nhsU1iDw3er+3DTfHGE;vmbX+ctq< z%<{;-KBayz01hUax&a04(NfZG}fhMp*Xq-KcRiCQHi8^NWik_V=~r zb$TUW6%}xBwcR+wn>TL^Yi&j%q#7C;(*7}p@7b2?nBiE4a$}dk}@#yeAa{0*Mk4K;omu$#NjsMF67cxL%@fkn`a>Q)Iq{K@xR^>R zGd$r;weEjh@i#!~jgisKCQne;?sVnLz&k7;Ri=a718t7z*4{lGTt7LEbq)yK*swD7 z+hH>GKM(}aD{Ad>Boi@s)qW)jP-5ftTD0%#M{*ILV>&1l${H0?!1|{dB+lz$Qryx) z)#K8F0r(aW388Pa0YZzR6pU(E@{0yWivhr|0+5VAmh~K6Vg8z(Rpxy`JtarUTEWT; z?Tc^`QPSBY8Y*aM5jV#kB{fl1ee5t(W`1>OGFR`9F78qCF^<4{e?UOP3cAH% zcJmnMfoq#CX5(y0Fn4))xYF+4-p%h>n8nXzwhzd1=S&+pCb0~}V2$>LuLb4i=l31{4>zmWf;Vj{J zCuBYG12o*V~&kE*KbT#faU^73*{fNj;do2*`$?WP!*LIfyj&eLc2Hp8i4 zBIZhYE|*+}RUcf}``+786pt4wyCa<%UV83M)izphKlh&hNCb*+2+IBv3yy_Fh)efa^MpP+^{215y2LQyg>-c)XrpX43a)?33(ZwFw1ik6m^ z=tVKCpoo^1EP#Q34h>m;F~M53qVCTxCE+0Kd+SOeb!V} zwU{nVkvRFW-fvxjQO(2x$Y{}{R{P;BZ#)3mfDoGHdZMSdv%9-C+Yy)^OSP=5CkTh% z0h+gam3MJ*k<+v_9nfGx0a9jiUd#5G;ZDf9y1FWd*^0Tk)Vexd0Q3e&Mi>PJW82&F zIby*Wa3W!#aIiL8+-?<@)7ypMC%2v1Jqq-Yi3l&8EW}AQBIhZ2zpLh4lw<~} zUeUN`j-7yCpH%I?8o_LBMqfXLf)W0|yqSn zQ_L}>{ihUhyF}}a$(p+NSZ>OPeNIcCNrodl>Zcmri*4!*c&k}`aJKJgeeP%`5fsq{e09yw1-2b22O7`cYr2pzsgMZJ@i!LC6%>+8!l7oYT zo;G~oD&)h|{5+ct{bS&|NAto*;(yKTQQZG*Co)*z|GcH7pr!_BPDH5iSn&x^a literal 0 HcmV?d00001 From 8003eb756741bf65091ad25347999af5616068a2 Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Thu, 21 Jun 2018 21:29:55 +0000 Subject: [PATCH 280/319] Updated educator-tib-get-started.md, updated the math section --- .../educator-tib-get-started.md | 26 ++++++++++++------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md index d9cacc3536..30beebee8b 100644 --- a/education/trial-in-a-box/educator-tib-get-started.md +++ b/education/trial-in-a-box/educator-tib-get-started.md @@ -276,30 +276,38 @@ To get started: ![OneNote icon](images/OneNote_logo.png) -2. Click **Add Page** to launch a blank work space. +2. In the top left corner, click on the **<** arrow to access your notebooks and pages. + + ![OneNote back arrow navigation button](images/left_arrow.png) + +3. Click **Add Page** to launch a blank work space. ![Select add page button](images/plus-page.png) -3. Write the equation 3x+4=7 in ink or type it as text. - 4. Make sure your pen is paired to the device. To pair, see Connect to Bluetooth devices. -5. On the Draw tab, click the **Math** button. +To solve the equation 3x+4=7, follow these instructions: +1. Write the equation 3x+4=7 in ink using the pen or type it in as text. + +2. If you wrote the equation using digital ink, use the Lasso tool to circle the equation. If you typed the equation, highlight it using your mouse. + + ![Lasso button](images/lasso.png) + +3. On the **Draw** tab, click the **Math** button. ![Math button](images/math-button.png) -To solve the equation 3x+4=7, follow these instructions: -1. From the drop-down menu in the **Math** pane, select the option to **Solve for x**. You can now see the final solution of the equation. +4. From the drop-down menu in the **Math** pane, select the option to **Solve for x**. You can now see the final solution of the equation. ![Solve for x menu](images/solve-for-x.png) -2. From the second drop-down below, choose **Steps for Solving Linear Formula**, which shows you the step-by-step solution of this equation. +5. From the second drop-down below, choose **Steps for Solving Linear Formula**, which shows you the step-by-step solution of this equation. -3. On the **View** tab, click the **Replay** button and select the written equation to watch it replay your text. Replay is great for students to review how the teacher solved the equation, for example. +6. 6. On the **View** tab, click the **Replay** button. Use your mouse to select the written equation and watch your text in replay. Replay is great for students to review how the teacher solved the equation and for teachers to review how students approached a problem. ![Replay button](images/replay.png) -To graph 3x+4=7: +To graph the equation 3x+4=7, follow these instructions: 1. From the drop-down menu in the **Math** pane, select the option to **Graph Both Sides in 2D**. You can play with the interactive graph of your equation - use a single finger to move the graph position or two fingers to change the **zoom** level. ![Graph both sides in 2D](images/graph-for-x.png) From 479ab4b727783df121741f95bb52e7153648f94a Mon Sep 17 00:00:00 2001 From: Benjamin Howorth Date: Thu, 21 Jun 2018 21:33:09 +0000 Subject: [PATCH 281/319] Updated educator-tib-get-started.md, final updates to math section --- education/trial-in-a-box/educator-tib-get-started.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md index 30beebee8b..f639fbf9aa 100644 --- a/education/trial-in-a-box/educator-tib-get-started.md +++ b/education/trial-in-a-box/educator-tib-get-started.md @@ -289,7 +289,7 @@ To get started: To solve the equation 3x+4=7, follow these instructions: 1. Write the equation 3x+4=7 in ink using the pen or type it in as text. -2. If you wrote the equation using digital ink, use the Lasso tool to circle the equation. If you typed the equation, highlight it using your mouse. +2. If you wrote the equation using digital ink, use the **Lasso tool** to circle the equation. If you typed the equation, highlight it using your mouse. ![Lasso button](images/lasso.png) @@ -303,7 +303,7 @@ To solve the equation 3x+4=7, follow these instructions: 5. From the second drop-down below, choose **Steps for Solving Linear Formula**, which shows you the step-by-step solution of this equation. -6. 6. On the **View** tab, click the **Replay** button. Use your mouse to select the written equation and watch your text in replay. Replay is great for students to review how the teacher solved the equation and for teachers to review how students approached a problem. +6. On the **View** tab, click the **Replay** button. Use your mouse to select the written equation and watch your text in replay. Replay is great for students to review how the teacher solved the equation and for teachers to review how students approached a problem. ![Replay button](images/replay.png) From 9af8c9da52b5425e7c6b471d64c30a3f38bb8cf6 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 21 Jun 2018 17:07:58 -0700 Subject: [PATCH 282/319] updated the logic for the settings --- windows/client-management/mdm/policy-csp-browser.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 8672f1e47e..a2207e5193 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -2397,8 +2397,9 @@ ADMX Info: The following list shows the supported values: -- 0 (default) – Intranet traffic is sent to Internet Explorer. -- 1 – Intranet traffic is sent to Microsoft Edge. +- 0 (default) - Opens all websites, including intranet sites, in Microsoft Edge. +- 1 - Opens all intranet sites in Internet Explorer 11. + From aae575f8ce4f8fbac283d0ba951badc1da8ea304 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 21 Jun 2018 17:09:25 -0700 Subject: [PATCH 283/319] updated the logic for the settings --- windows/client-management/mdm/policy-csp-browser.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index a2207e5193..646bb2d9c2 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -2397,8 +2397,8 @@ ADMX Info: The following list shows the supported values: -- 0 (default) - Opens all websites, including intranet sites, in Microsoft Edge. -- 1 - Opens all intranet sites in Internet Explorer 11. +- 0 (default) - Open all websites, including intranet sites, in Microsoft Edge. +- 1 - Open all intranet sites in Internet Explorer 11. From 1675efc207e4f37b11db741c28f98a677cb4bd78 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 21 Jun 2018 17:13:54 -0700 Subject: [PATCH 284/319] updated the logic for the settings --- windows/client-management/mdm/policy-csp-browser.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index 646bb2d9c2..d538ab1be7 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -2381,7 +2381,7 @@ ADMX Info: > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. -Specifies whether to send intranet traffic over to Internet Explorer. +By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically. Most restricted value is 0. @@ -2397,8 +2397,8 @@ ADMX Info: The following list shows the supported values: -- 0 (default) - Open all websites, including intranet sites, in Microsoft Edge. -- 1 - Open all intranet sites in Internet Explorer 11. +- 0 (default) - All websites, including intranet sites, open in Microsoft Edge automatically. +- 1 - Only intranet sites open in Internet Explorer 11 automatically. From 71546ad1ec6f9a1dccaa9651fec27e83901c5495 Mon Sep 17 00:00:00 2001 From: Patti Short Date: Thu, 21 Jun 2018 17:48:13 -0700 Subject: [PATCH 285/319] updated policy descriptions --- .../mdm/policy-csp-browser.md | 39 +++++++++---------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md index d538ab1be7..e4a66aaaa6 100644 --- a/windows/client-management/mdm/policy-csp-browser.md +++ b/windows/client-management/mdm/policy-csp-browser.md @@ -1,12 +1,12 @@ --- title: Policy CSP - Browser description: Policy CSP - Browser -ms.author: maricia ms.topic: article ms.prod: w10 ms.technology: windows -author: MariciaAlforque -ms.date: 05/14/2018 +author: shortpatti +ms.author: pashort +ms.date: 06/21/2018 --- # Policy CSP - Browser @@ -181,10 +181,9 @@ ms.date: 05/14/2018 -Added in Windows 10, version 1703. Specifies whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality.  +Added in Windows 10, version 1703. -> [!NOTE] -> Disabling this setting turns off the address bar drop-down functionality. Because search suggestions are shown in the drop-down list, this setting takes precedence over the Browser/AllowSearchSuggestionsinAddressBar setting. +By default, Microsoft Edge shows the Address bar drop-down list and makes it available. When enabled (default setting), this policy takes precedence over the [Browser/AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) policy. If you want to minimize network connections from Microsoft Edge to Microsoft service, we recommend disabling this policy, which hides the Address bar drop-down list functionality. When disabled, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings.   Most restricted value is 0. @@ -245,7 +244,7 @@ The following list shows the supported values: -Specifies whether autofill on websites is allowed. +By default, users can choose to use Autofill for filling in form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill. Most restricted value is 0. @@ -318,13 +317,10 @@ To verify AllowAutofill is set to 0 (not allowed): > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead. - -Specifies whether the browser is allowed on the device. +By default, the device allows Microsoft Edge on Windows 10 Mobile. Disabling this policy disables the Microsoft Edge tile, and when clicking the tile, a message opens indicating that the administrator disabled Internet browsing. Most restricted value is 0. -When this policy is set to 0 (not allowed), the Microsoft Edge for Windows 10 Mobile tile will appear greyed out, and clicking on the tile will display a message indicating theat Internet browsing has been disabled by your administrator. - The following list shows the supported values: @@ -374,7 +370,7 @@ The following list shows the supported values: -This policy setting lets you decide whether Microsoft Edge can automatically update the configuration data for the Books Library. +By default, Microsoft Edge automatically updates the configuration data for the Books Library. Enabling this policy prevents Microsoft Edge from updating the configuration data. @@ -425,7 +421,7 @@ The following list shows the supported values: -Specifies whether cookies are allowed. +By default, Microsoft Edge allows all cookies from all websites. With this policy, however, you can configure Microsoft to block only 3rd-party cookies or block all cookies. Most restricted value is 0. @@ -443,9 +439,9 @@ ADMX Info: The following list shows the supported values: -- 0 – Block all cookies -- 1 – Block only third party cookies -- 2 - Allow cookies +- 0 – Block all cookies from all sites. +- 1 – Block only cookies from third party websites. +- 2 - Allow all cookies from all sites. @@ -501,8 +497,7 @@ To verify AllowCookies is set to 0 (not allowed): > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. - -Specifies whether employees can use F12 Developer Tools on Microsoft Edge. Turning this setting on, or not configuring it, lets employees use F12 Developer Tools. Turning this setting off stops employees from using F12 Developer Tools. +By default, Microsoft Edge allows users to use the F12 developer tools to build and debug web pages. Disabling this policy prevents users from using the F12 developer tools. Most restricted value is 0. @@ -563,7 +558,7 @@ The following list shows the supported values: -Specifies whether Do Not Track headers are allowed. +By default, Microsoft Edge does not send Do Not Track requests to websites asking for tracking information, but users can choose to send tracking information to sites they visit. With this policy, you can configure Microsoft Edge to send or never send tracking information. Most restricted value is 1. @@ -579,8 +574,10 @@ ADMX Info: The following list shows the supported values: -- 0 (default) – Not allowed. -- 1 – Allowed. +- Blank/Null (default) Not configured - Does not send tracking information, but allow users to choose whether to send tracking information to sites they visit. +- 0 (Disabled) - Never sends tracking information. +- 1 (Enabled) - Sends tracking information, including to the third parties whose content may be hosted on the sites visited. + From 424a1feccde141680a8520ecaecd5736d54e7dcc Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Fri, 22 Jun 2018 13:59:39 +0000 Subject: [PATCH 286/319] Merged PR 9294: fix instructions for .lnk files (#1135) --- .../lock-down-windows-10-to-specific-apps.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md index f784d72639..48eed432ff 100644 --- a/windows/configuration/lock-down-windows-10-to-specific-apps.md +++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md @@ -747,6 +747,10 @@ copy .lnk "%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\ **DeviceContext**: -- Under **CommandFiles**, upload your batch file, your .lnk file, and your desktop app installation file -- Under **CommandLine**, enter cmd /c *FileName*.bat +- Under **CommandFiles**, upload your batch file, your .lnk file, and your desktop app installation file. + + >[!IMPORTANT] + >Paste the full file path to the .lnk file in the **CommandFiles** field. If you browse to and select the .lnk file, the file path will be changed to the path of the target of the .lnk. + +- Under **CommandLine**, enter `cmd /c *FileName*.bat`. From 5624def1bba2673a0195514bccb7b5369065217a Mon Sep 17 00:00:00 2001 From: nicksev <38920847+nicksev@users.noreply.github.com> Date: Fri, 22 Jun 2018 12:53:24 -0700 Subject: [PATCH 287/319] Update to trial information text Refining text around the trial for M:EE. --- education/windows/teacher-get-minecraft.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/teacher-get-minecraft.md b/education/windows/teacher-get-minecraft.md index 9e459af597..40707e3ea5 100644 --- a/education/windows/teacher-get-minecraft.md +++ b/education/windows/teacher-get-minecraft.md @@ -28,7 +28,7 @@ To get started, go to http://education.minecraft.net/ and select **GET STARTED** ## Try Minecraft: Education Edition for Free -Minecraft: Education Edition is available for anyone to try, but there is a limit to the number of logins allowed before purchasing a subscription is required. +Minecraft: Education Edition is available for anyone to try for free! The free trial is fully-functional but limited by the number of logins (25 for teachers and 10 for students) before a paid license will be required to continue playing. To learn more and get started, go to http://education.minecraft.net/ and select **GET STARTED**. From f9b387486011bf0d9bf6ac456bb19685743cc862 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Fri, 22 Jun 2018 20:21:55 +0000 Subject: [PATCH 288/319] Merged PR 9309: Added placeholder statement for 3 TextInput policies --- .../policy-configuration-service-provider.md | 9 + .../mdm/policy-csp-textinput.md | 170 +++++++++++++++++- 2 files changed, 178 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 921e2c246d..af2ccbcbbb 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -3100,6 +3100,15 @@ The following diagram shows the Policy configuration service provider in tree fo
    TextInput/AllowLinguisticDataCollection
    +
    + TextInput/ConfigureJapaneseIMEVersion +
    +
    + TextInput/ConfigureSimplifiedChineseIMEVersion +
    +
    + TextInput/ConfigureTraditionalChineseIMEVersion +
    TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
    diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index b82a760086..52aedcfba8 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -6,11 +6,13 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 05/14/2018 +ms.date: 06/05/2018 --- # Policy CSP - TextInput +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
    @@ -55,6 +57,15 @@ ms.date: 05/14/2018
    TextInput/AllowLinguisticDataCollection
    +
    + TextInput/ConfigureJapaneseIMEVersion +
    +
    + TextInput/ConfigureSimplifiedChineseIMEVersion +
    +
    + TextInput/ConfigureTraditionalChineseIMEVersion +
    TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
    @@ -677,6 +688,162 @@ This setting supports a range of values between 0 and 1.
    + +**TextInput/ConfigureJapaneseIMEVersion** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark5check mark5check mark5check mark5
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +Added in Windows 10, next major version. This is only a placeholder. Do not use in production code. + + + + + + + + + + + + + +
    + + +**TextInput/ConfigureSimplifiedChineseIMEVersion** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark5check mark5check mark5check mark5
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +Added in Windows 10, next major version. This is only a placeholder. Do not use in production code. + + + + + + + + + + + + + +
    + + +**TextInput/ConfigureTraditionalChineseIMEVersion** + + + + + + + + + + + + + + + + + + + + + +
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    cross markcheck mark5check mark5check mark5check mark5
    + + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +Added in Windows 10, next major version. This is only a placeholder. Do not use in production code. + + + + + + + + + + + + + +
    + **TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode** @@ -1308,6 +1475,7 @@ Footnote: - 2 - Added in Windows 10, version 1703. - 3 - Added in Windows 10, version 1709. - 4 - Added in Windows 10, version 1803. +- 5 - Added in the next major release of Windows 10. From c45bdd02ba5e990595cb2c75065ba534104b90d7 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Fri, 22 Jun 2018 14:29:48 -0700 Subject: [PATCH 289/319] More cleanup --- ...pv-connection-group-virtual-environment.md | 97 ++++++------------- 1 file changed, 27 insertions(+), 70 deletions(-) diff --git a/windows/application-management/app-v/appv-connection-group-virtual-environment.md b/windows/application-management/app-v/appv-connection-group-virtual-environment.md index 6ba91b41f8..d257df5484 100644 --- a/windows/application-management/app-v/appv-connection-group-virtual-environment.md +++ b/windows/application-management/app-v/appv-connection-group-virtual-environment.md @@ -1,6 +1,6 @@ --- -title: About the Connection Group Virtual Environment (Windows 10) -description: About the Connection Group Virtual Environment +title: About the connection group virtual environment (Windows 10) +description: About the connection group virtual environment author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy @@ -8,105 +8,62 @@ ms.sitesec: library ms.prod: w10 ms.date: 04/19/2017 --- +# About the connection group virtual environment +>Applies to: Windows 10, version 1607 -# About the Connection Group Virtual Environment +## How package priority is determined -**Applies to** -- Windows 10, version 1607 - -**In this topic:** - -- [How package priority is determined](#bkmk-pkg-priority-deter) - -- [Merging identical package paths into one virtual directory in connection groups](#bkmk-merged-root-ve-exp) - -## How package priority is determined - - -The virtual environment and its current state are associated with the connection group, not with the individual packages. If an App-V package is removed from the connection group, the state that existed as part of the connection group will not migrate with the package. +The virtual environment and its current state are associated with the connection group, not with the individual packages. If you remove an App-V package from the connection group, the state that existed as part of the connection group will not migrate with the package. If the same package is a part of two different connection groups, you have to indicate which connection group App-V should use. For example, you might have two packages in a connection group that each define the same registry DWORD value. The connection group that is used is based on the order in which a package appears inside the **AppConnectionGroup** XML document: -- The first package has the highest precedence. - -- The second package has the second highest precedence. +- The first package has the highest precedence. +- The second package has the second highest precedence. Consider the following example section: -``` syntax +```XML ``` -Assume that same DWORD value ABC (HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region) is defined in the first and third package, such as: +Assume that same DWORD value ABC (HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region) is defined in the first and third package. -- Package 1 (A8731008-4523-4713-83A4-CD1363907160): HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=5 +For this example, the DWORD value definition would be the following: -- Package 3 (04220DCA-EE77-42BE-A9F5-96FD8E8593F2): HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=10 +- Package 1 (A8731008-4523-4713-83A4-CD1363907160): HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=5 +- Package 3 (04220DCA-EE77-42BE-A9F5-96FD8E8593F2): HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=10 Since Package 1 appears first, the AppConnectionGroup's virtual environment will have the single DWORD value of 5 (HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=5). This means that the virtual applications in Package 1, Package 2, and Package 3 will all see the value 5 when they query for HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region. -Other virtual environment resources are resolved similarly, but the usual case is that the collisions occur in the registry. +Other virtual environment resources are resolved in a similar way, but usually collisions occur in the registry. -## Merging identical package paths into one virtual directory in connection groups +## Merging identical package paths into one virtual directory in connection groups +If two or more packages in a connection group contain identical directory paths, the paths are merged into a single virtual directory inside the connection group's virtual environment. Merging these paths allows an application in one package to access files that are in a different package. -If two or more packages in a connection group contain identical directory paths, the paths are merged into a single virtual directory inside the connection group virtual environment. This merging of paths allows an application in one package to access files that are in a different package. +When you remove a package from a connection group, the removed package's applications can no longer access files from packages in the connection group it was removed from. -When you remove a package from a connection group, the applications in that removed package are no longer able to access files in the remaining packages in the connection group. - -The order in which App-V looks up a file’s name in the connection group is specified by the order in which the App-V packages are listed in the connection group manifest file. +App-V looks up a file’s name in the connection group in the order App-V packages are listed in the connection group manifest file. The following example shows the order and relationship of a file name lookup in a connection group for **Package A** and **Package B**. - ---- - - - - - - - - - - - - - - - - -
    Package APackage B

    C:\Windows\System32

    C:\Windows\System32

    C:\AppTest

    C:\AppTest

    +|Package A|Package B| +|---|---| +|C:\Windows\System32|C:\Windows\System32| +|C:\AppTest|C:\AppTest| -  +When a virtualized application tries to find a specific file, App-V will first for a matching file path in Package A. If it doesn't find a matching path in Package A, it will then search Package B using the following mapping rules: -In the example above, when a virtualized application tries to find a specific file, Package A is searched first for a matching file path. If a matching path is not found, Package B is searched, using the following mapping rules: - -- If a file named **test.txt** exists in the same virtual folder hierarchy in both application packages, the first matching file is used. - -- If a file named **bar.txt** exists in the virtual folder hierarchy of one application package, but not in the other, the first matching file is used. +- If a file named **test.txt** exists in the same virtual folder hierarchy in both application packages, App-V will use the first matching file. +- If a file named **bar.txt** exists in the virtual folder hierarchy of one application package, but not in the other, App-V will use the first matching file. ## Have a suggestion for App-V? - -Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). +Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization). ## Related topics - -[Managing Connection Groups](appv-managing-connection-groups.md) - -  - -  - - - - - +- [Managing Connection Groups](appv-managing-connection-groups.md) \ No newline at end of file From 6d370d4aa4f7355e4dff1ab41cb0fb663fc42505 Mon Sep 17 00:00:00 2001 From: Heidi Lohr Date: Fri, 22 Jun 2018 14:35:21 -0700 Subject: [PATCH 290/319] Updated metadata dates --- ...he-client-to-receive-updates-from-the-publishing-server.md | 2 +- .../app-v/appv-connect-to-the-management-console.md | 2 +- .../app-v/appv-connection-group-file.md | 2 +- .../app-v/appv-connection-group-virtual-environment.md | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md index 13d0075821..b917328548 100644 --- a/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md +++ b/windows/application-management/app-v/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md @@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 06/22/2018 --- # How to configure the client to receive package and connection groups updates from the publishing server diff --git a/windows/application-management/app-v/appv-connect-to-the-management-console.md b/windows/application-management/app-v/appv-connect-to-the-management-console.md index cf1a7c37d5..550b1e1e10 100644 --- a/windows/application-management/app-v/appv-connect-to-the-management-console.md +++ b/windows/application-management/app-v/appv-connect-to-the-management-console.md @@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 06/22/2018 --- # How to connect to the Management Console diff --git a/windows/application-management/app-v/appv-connection-group-file.md b/windows/application-management/app-v/appv-connection-group-file.md index 39d95adfca..c59effb1b8 100644 --- a/windows/application-management/app-v/appv-connection-group-file.md +++ b/windows/application-management/app-v/appv-connection-group-file.md @@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 06/22/2018 --- # About the connection group file diff --git a/windows/application-management/app-v/appv-connection-group-virtual-environment.md b/windows/application-management/app-v/appv-connection-group-virtual-environment.md index d257df5484..041f22abe0 100644 --- a/windows/application-management/app-v/appv-connection-group-virtual-environment.md +++ b/windows/application-management/app-v/appv-connection-group-virtual-environment.md @@ -1,12 +1,12 @@ --- title: About the connection group virtual environment (Windows 10) -description: About the connection group virtual environment +description: Overview of how the connection group virtual environment works. author: MaggiePucciEvans ms.pagetype: mdop, appcompat, virtualization ms.mktglfcycl: deploy ms.sitesec: library ms.prod: w10 -ms.date: 04/19/2017 +ms.date: 06/22/2018 --- # About the connection group virtual environment From 9bd4958503727eef458e61b6a8dd6ab60a37a691 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Fri, 22 Jun 2018 21:41:46 +0000 Subject: [PATCH 291/319] Merged PR 9311: Removed references to BitLocker CSP content --- .../mdm/policy-csp-bitlocker.md | 30 +------------------ 1 file changed, 1 insertion(+), 29 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md index bdbbdbb143..55976c06ee 100644 --- a/windows/client-management/mdm/policy-csp-bitlocker.md +++ b/windows/client-management/mdm/policy-csp-bitlocker.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 05/14/2018 +ms.date: 06/22/2018 --- # Policy CSP - Bitlocker @@ -68,34 +68,6 @@ Specifies the BitLocker Drive Encryption method and cipher strength. > [!NOTE] > XTS-AES 128-bit and XTS-AES 256-bit values are only supported on Windows 10 for desktop. -You can find the following policies in BitLocker CSP: -
    -
    - BitLocker/EncryptionMethodByDriveType -
    -
    - BitLocker/FixedDrivesRecoveryOptions -
    -
    - BitLocker/FixedDrivesRequireEncryption -
    -
    - BitLocker/RemovableDrivesRequireEncryption -
    -
    - BitLocker/SystemDrivesMinimumPINLength -
    -
    - BitLocker/SystemDrivesRecoveryMessage -
    -
    - BitLocker/SystemDrivesRecoveryOptions -
    -
    - BitLocker/SystemDrivesRequireStartupAuthentication -
    -
    - The following list shows the supported values: From c0e174692fe1913532b78c1680f3349f9b135838 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Mon, 25 Jun 2018 14:32:39 +0000 Subject: [PATCH 292/319] Merged PR 9321: premises --- .../appendix-a-powershell-scripts-for-surface-hub.md | 4 ++-- devices/surface-hub/miracast-over-infrastructure.md | 7 ++++--- ...-premises-deployment-surface-hub-device-accounts.md | 2 +- .../on-premises-deployment-surface-hub-multi-forest.md | 2 +- .../use-fully-qualified-domain-name-surface-hub.md | 2 +- ...indows-10-in-your-organization-modern-management.md | 2 +- .../client-management/mdm/appv-deploy-and-config.md | 4 ++-- .../bulk-enrollment-using-windows-provisioning-tool.md | 4 ++-- .../client-management/mdm/device-update-management.md | 2 +- windows/client-management/mdm/healthattestation-csp.md | 10 +++++----- .../client-management/mdm/mobile-device-enrollment.md | 2 +- .../mdm/new-in-windows-mdm-enrollment-management.md | 7 ++++--- windows/client-management/mdm/passportforwork-csp.md | 2 +- windows/client-management/mdm/passportforwork-ddf.md | 2 +- .../client-management/mdm/policy-csp-authentication.md | 2 +- windows/client-management/mdm/policy-csp-update.md | 2 +- windows/client-management/mdm/provisioning-csp.md | 2 +- .../lock-down-windows-10-to-specific-apps.md | 2 +- windows/configuration/wcd/wcd-workplace.md | 2 +- windows/deployment/update/device-health-get-started.md | 2 +- .../deployment/update/update-compliance-get-started.md | 2 +- .../upgrade/upgrade-readiness-requirements.md | 2 +- ...perating-system-components-to-microsoft-services.md | 2 +- .../bitlocker/bitlocker-recovery-guide-plan.md | 2 +- 24 files changed, 37 insertions(+), 35 deletions(-) diff --git a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md index 7dafdcf898..ae2a7ce2e0 100644 --- a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md +++ b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md @@ -18,7 +18,7 @@ ms.localizationpriority: medium PowerShell scripts to help set up and manage your Microsoft Surface Hub. - [PowerShell scripts for Surface Hub admins](#scripts-for-admins) - - [Create an on-premise account](#create-on-premise-ps-scripts) + - [Create an on-premises account](#create-on-premises-ps-scripts) - [Create a device account using Office 365](#create-os356-ps-scripts) - [Account verification script](#acct-verification-ps-scripts) - [Enable Skype for Business (EnableSfb.ps1)](#enable-sfb-ps-scripts) @@ -185,7 +185,7 @@ These scripts will create a device account for you. You can use the [Account ver The account creation scripts cannot modify an already existing account, but can be used to help you understand which cmdlets need to be run to configure the existing account correctly. -### Create an on-premise account +### Create an on-premises account Creates an account as described in [On-premises deployment](on-premises-deployment-surface-hub-device-accounts.md). diff --git a/devices/surface-hub/miracast-over-infrastructure.md b/devices/surface-hub/miracast-over-infrastructure.md index fb81f8e16d..7b6737d1ac 100644 --- a/devices/surface-hub/miracast-over-infrastructure.md +++ b/devices/surface-hub/miracast-over-infrastructure.md @@ -35,10 +35,11 @@ If you have a Surface Hub or other Windows 10 device that has been updated to Wi - The Surface Hub or device (Windows PC or phone) needs to be running Windows 10, version 1703. - A Surface Hub or Windows PC can act as a Miracast over Infrastructure *receiver*. A Windows PC or phone can act as a Miracast over Infrastructure *source*. - - As a Miracast receiver, the Surface Hub or device must be connected to your enterprise network via either Ethernet or a secure Wi-Fi connection (e.g. using either WPA2-PSK or WPA2-Enterprise security). If the Hub is connected to an open Wi-Fi connection, Miracast over Infrastructure will disable itself. + - As a Miracast receiver, the Surface Hub or device must be connected to your enterprise network via either Ethernet or a secure Wi-Fi connection (e.g. using either WPA2-PSK or WPA2-Enterprise security). If the Surface Hub or device is connected to an open Wi-Fi connection, Miracast over Infrastructure will disable itself. - As a Miracast source, the Windows PC or phone must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. -- The DNS Hostname (device name) of the Surface Hub or deviceneeds to be resolvable via your DNS servers. You can achieve this by either allowing your Surface Hub to register automatically via Dynamic DNS, or by manually creating an A or AAAA record for the Surface Hub's hostname. -- Windows 10 PCs must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. +- The DNS Hostname (device name) of the Surface Hub or device needs to be resolvable via your DNS servers. You can achieve this by either allowing your Surface Hub to register automatically via Dynamic DNS, or by manually creating an A or AAAA record for the Surface Hub's hostname. +- Windows 10 PCs must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. +- On Windows 10 PCs, the **Projecting to this PC** feature must be enabled within System Settings, and the device must have a Wi-Fi interface enabled in order to respond to discovery requests. It is important to note that Miracast over Infrastructure is not a replacement for standard Miracast. Instead, the functionality is complementary, and provides an advantage to users who are part of the enterprise network. Users who are guests to a particular location and don’t have access to the enterprise network will continue to connect using the Wi-Fi Direct connection method. diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md index 15d5c2746e..953c771d7c 100644 --- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md @@ -16,7 +16,7 @@ ms.localizationpriority: medium This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment. -If you have a single-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premise-ps-scripts) to create device accounts. If you’re using a multi-forest deployment, see [On-premises deployment for Surface Hub in a multi-forest environment](on-premises-deployment-surface-hub-multi-forest.md). +If you have a single-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premises-ps-scripts) to create device accounts. If you’re using a multi-forest deployment, see [On-premises deployment for Surface Hub in a multi-forest environment](on-premises-deployment-surface-hub-multi-forest.md). 1. Start a remote PowerShell session from a PC and connect to Exchange. diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md index b367367025..ff5af2b652 100644 --- a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md +++ b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md @@ -15,7 +15,7 @@ ms.localizationpriority: medium This topic explains how you add a device account for your Microsoft Surface Hub when you have a multi-forest, on-premises deployment. -If you have a multi-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premise-ps-scripts) to create device accounts. If you’re using a single-forest deployment, see [On-premises deployment for Surface Hub in a single-forest environment](on-premises-deployment-surface-hub-device-accounts.md). +If you have a multi-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premises-ps-scripts) to create device accounts. If you’re using a single-forest deployment, see [On-premises deployment for Surface Hub in a single-forest environment](on-premises-deployment-surface-hub-device-accounts.md). 1. Start a remote PowerShell session from a PC and connect to Exchange. diff --git a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md index c9183716e7..f64a9fbf5d 100644 --- a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md +++ b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md @@ -16,7 +16,7 @@ ms.sitesec: library There are a few scenarios where you need to specify the domain name of your Skype for Business server: - **Multiple DNS suffixes** - When your Skype for Business infrastructure has disjointed namespaces such that one or more servers have a DNS suffix that doesn't match the suffix of the sign-in address (SIP) for Skype for Business. - **Skype for Business and Exchange suffixes are different** - When the suffix of the sign-in address for Skype for Business differs from the suffix of the Exchange address used for the device account. -- **Working with certificates** - Large organizations with on-premise Skype for Business servers commonly use certificates with their own root certificate authority (CA). It is common for the CA domain to be different than the domain of the Skype for Business server which causes the certificate to not be trusted, and sign-in fails. Skype needs to know the domain name of the certificate in order to set up a trust relationship. Enterprises typically use Group Policy to push this out to Skype desktop, but Group Policy is not supported on Surface Hub. +- **Working with certificates** - Large organizations with on-premises Skype for Business servers commonly use certificates with their own root certificate authority (CA). It is common for the CA domain to be different than the domain of the Skype for Business server which causes the certificate to not be trusted, and sign-in fails. Skype needs to know the domain name of the certificate in order to set up a trust relationship. Enterprises typically use Group Policy to push this out to Skype desktop, but Group Policy is not supported on Surface Hub. **To configure the domain name for your Skype for Business server**
    1. On Surface Hub, open **Settings**. diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md index 4e93c9b375..ff5186b3bf 100644 --- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md +++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md @@ -94,7 +94,7 @@ As you review the roles in your organization, you can use the following generali Your configuration requirements are defined by multiple factors, including the level of management needed, the devices and data managed, and your industry requirements. Meanwhile, employees are frequently concerned about IT applying strict policies to their personal devices, but they still want access to corporate email and documents. With Windows 10, you can create a consistent set of configurations across PCs, tablets, and phones through the common MDM layer.  -**MDM**: [MDM](https://www.microsoft.com/en-us/cloud-platform/mobile-device-management) gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, Group Policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using GP that requires on-premise domain joined devices. This makes MDM the best choice for devices that are constantly on the go. +**MDM**: [MDM](https://www.microsoft.com/en-us/cloud-platform/mobile-device-management) gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, Group Policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using GP that requires on-premises domain-joined devices. This makes MDM the best choice for devices that are constantly on the go. **Group Policy** and **System Center Configuration Manager**: Your organization might still need to manage domain joined computers at a granular level such as Internet Explorer’s 1,500 configurable Group Policy settings. If so, Group Policy and System Center Configuration Manager continue to be excellent management choices: diff --git a/windows/client-management/mdm/appv-deploy-and-config.md b/windows/client-management/mdm/appv-deploy-and-config.md index 5b7d449cb7..62c91ca217 100644 --- a/windows/client-management/mdm/appv-deploy-and-config.md +++ b/windows/client-management/mdm/appv-deploy-and-config.md @@ -13,7 +13,7 @@ ms.date: 06/26/2017 ## Executive summary -

    Microsoft Application Virtualization (App-V) apps have typically been configured, deployed, and managed through on-premise group policies using System Center Configuration Manager (SCCM) or App-V server. In Windows 10, version 1703, App-V apps can be configured, deployed, and managed using mobile device management (MDM), matching their on-premise counterparts.

    +

    Microsoft Application Virtualization (App-V) apps have typically been configured, deployed, and managed through on-premises group policies using System Center Configuration Manager (SCCM) or App-V server. In Windows 10, version 1703, App-V apps can be configured, deployed, and managed using mobile device management (MDM), matching their on-premises counterparts.

    MDM services can be used to publish App-V packages to clients running Windows 10, version 1703 (or later). All capabilities such as App-V enablement, configuration, and publishing can be completed using the EnterpriseAppVManagement CSP.

    @@ -79,7 +79,7 @@ ms.date: 06/26/2017 ## Scenarios addressed in App-V MDM functionality -

    All App-V group policies will be reflected by having a corresponding CSP that can be set using the Policy CSP. The CSPs match all on-premise App-V configuration capabilities. In addition, new App-V package management capability has been added to closely match the App-V PowerShell functionality.

    +

    All App-V group policies will be reflected by having a corresponding CSP that can be set using the Policy CSP. The CSPs match all on-premises App-V configuration capabilities. In addition, new App-V package management capability has been added to closely match the App-V PowerShell functionality.

    A complete list of App-V policies can be found here:

    diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md index 63c22e0fb2..fc0c578410 100644 --- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md +++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md @@ -30,7 +30,7 @@ On the desktop, you can create an Active Directory account, such as "enrollment@ On the desktop and mobile devices, you can use an enrollment certificate or enrollment username and password, such as "enroll@contoso.com" and "enrollmentpassword." These credentials are used in the provisioning package, which you can use to enroll multiple devices to the MDM service. Once the devices are joined, many users can use them. -> **Note**   +>[!NOTE]   > - Bulk-join is not supported in Azure Active Directory Join. > - Bulk enrollment does not work in Intune standalone enviroment. > - Bulk enrollment works in System Center Configuration Manager (SCCM) + Intune hybrid environment where the ppkg is generated from the SCCM console. @@ -47,7 +47,7 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro Some organizations require custom APNs to be provisioned before talking to the enrollment endpoint or custom VPN to join a domain. -## Create and apply a provisioning package for on-premise authentication +## Create and apply a provisioning package for on-premises authentication Using the ICD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings. diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md index f20da5c4c5..2e48c36d75 100644 --- a/windows/client-management/mdm/device-update-management.md +++ b/windows/client-management/mdm/device-update-management.md @@ -630,7 +630,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego > [!Important] > Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Enterprise. -

    Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premise MDMs that need to update devices that cannot connect to the Internet. +

    Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.

    Supported operations are Get and Replace. diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md index 2ebb1b49fe..a08bdd89b6 100644 --- a/windows/client-management/mdm/healthattestation-csp.md +++ b/windows/client-management/mdm/healthattestation-csp.md @@ -138,11 +138,11 @@ The following is a list of functions performed by the Device HealthAttestation C Device Health Attestation – On Premise

    (DHA-OnPrem)

    -

    DHA-OnPrem refers to DHA-Service that is running on premise:

    +

    DHA-OnPrem refers to DHA-Service that is running on premises:

    • Offered to Windows Server 2016 customer (no added licensing cost for enabling/running DHA-Service)
    • Hosted on an enterprise owned and managed server device/hardware
      • -
    • Supported by 1st and 3rd party DHA-Enabled device management solution providers that support on premise and hybrid (Cloud + OnPrem) hardware attestation scenarios
      • +
    • Supported by 1st and 3rd party DHA-Enabled device management solution providers that support on-premises and hybrid (Cloud + OnPrem) hardware attestation scenarios

    • Accessible to all enterprise managed devices via following:

      • FQDN = (enterprise assigned)
        • @@ -151,14 +151,14 @@ The following is a list of functions performed by the Device HealthAttestation C
    -The operation cost of running one or more instances of Server 2016 on premise. +The operation cost of running one or more instances of Server 2016 on-premises. Device Health Attestation - Enterprise Managed Cloud

    (DHA-EMC)

    DHA-EMC refers to an enterprise managed DHA-Service that is running as a virtual host/service on a Windows Server 2016 compatible - enterprise managed cloud service, such as Microsoft Azure.