diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 9936a424f2..ab81b9b5e2 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -51,8 +51,9 @@ Before you begin the process to add Update Compliance to your Azure subscription ## Add Update Compliance to your Azure subscription -Update Compliance is offered as an Azure Marketplace application which is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. To configure this, follow these steps: +Update Compliance is offered as an Azure Marketplace application that is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. Note that, for the following steps, you must have either an Owner or Contributor [Azure role](/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) as a minimum in order to add the solution. +To configure this, follow these steps: 1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to login to your Azure subscription to access this. 2. Select **Get it now**. 3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the following table. Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data. @@ -60,6 +61,12 @@ Update Compliance is offered as an Azure Marketplace application which is linked - [Azure Update Management](/azure/automation/automation-intro#update-management) users should use the same workspace for Update Compliance. 4. After your workspace is configured and selected, select **Create**. You'll receive a notification when the solution has been successfully created. +Once the solution is in place, you can leverage one of the following Azure roles with Update Compliance: + +- To edit and write queries we recommend the [Log Analytics Contributor](/azure/role-based-access-control/built-in-roles#log-analytics-contributor) role. + +- To read and only view data we recommend the [Log Analytics Reader](/azure/role-based-access-control/built-in-roles#log-analytics-reader) role. + |Compatible Log Analytics regions | | ------------------------------- | |Australia Central | diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index 8e20414961..03e2aee015 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -88,7 +88,7 @@ If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [C - [Prepare the app for Intune](#prepare-the-app-for-intune) - [Create app in Intune](#create-app-in-intune) - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile) - - [Add Office 365](#add-office-365) + - [Add Office 365](#add-microsoft-365-apps) - [Create app in Intune](#create-app-in-intune) - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile) - [Glossary](#glossary) @@ -508,7 +508,7 @@ Select **Next** to continue with the **Out-of-box experience (OOBE)** settings: | Privacy Settings | Hide | | Hide change account options | Hide | | User account type | Standard | -| Allow White Glove OOBE | No | +| Allow pre-provisioned deployment | No | | Language (Region) | Operating system default | | Automatically configure keyboard | Yes | | Apply device name template | No | @@ -814,9 +814,9 @@ At this point, you have completed steps to add a Win32 app to Intune. For more information on adding apps to Intune, see [Intune Standalone - Win32 app management](/intune/apps-win32-app-management). -### Add Office 365 +### Add Microsoft 365 Apps -#### Create app in Intune +#### Create app in Microsoft Endpoint Manager Log in to the Azure portal and select **Intune**. @@ -824,7 +824,7 @@ Go to **Intune > Clients apps > Apps**, and then select the **Add** button to cr ![Create app step 1.](images/app17.png) -Under **App Type**, select **Office 365 Suite > Windows 10**: +Under **App Type**, select **Microsoft 365 Apps > Windows 10 and later**: ![Create app step 2.](images/app18.png) diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md index 6298f7d90f..f4e8cb2358 100644 --- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md +++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md @@ -6,7 +6,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: dansimp -ms.date: 09/23/2021 +ms.date: 03/22/2022 ms.reviewer: manager: dansimp ms.author: dansimp @@ -29,6 +29,9 @@ The credentials are placed in Credential Manager as a "\*Session" credential. A "\*Session" credential implies that it is valid for the current user session. The credentials are also cleaned up when the WiFi or VPN connection is disconnected. +> [!NOTE] +> In Windows 10, version 21h2 and later, the "\*Session" credential is not visible in Credential Manager. + For example, if someone using Microsoft Edge tries to access a domain resource, Microsoft Edge has the right Enterprise Authentication capability. This allows [WinInet](/windows/win32/wininet/wininet-reference) to release the credentials that it gets from the Credential Manager to the SSP that is requesting it. For more information about the Enterprise Authentication capability, see [App capability declarations](/windows/uwp/packaging/app-capability-declarations). @@ -93,4 +96,4 @@ Domain controllers must have appropriate KDC certificates for the client to trus Domain controllers must be using certificates based on the updated KDC certificate template Kerberos Authentication. This requires that all authenticating domain controllers run Windows Server 2016, or you'll need to enable strict KDC validation on domain controllers that run previous versions of Windows Server. -For more information, see [Enabling Strict KDC Validation in Windows Kerberos](https://www.microsoft.com/download/details.aspx?id=6382). \ No newline at end of file +For more information, see [Enabling Strict KDC Validation in Windows Kerberos](https://www.microsoft.com/download/details.aspx?id=6382). diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index 40d7b72e87..07705c394b 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -16,6 +16,7 @@ ms.collection: - M365-security-compliance - highpri ms.topic: conceptual +adobe-target: true --- # Trusted Platform Module Technology Overview diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index 3ae137caca..0cf382492f 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -9,9 +9,9 @@ ms.mktglfcycl: ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: cabailey -ms.author: cabailey -manager: laurawi +author: aczechowski +ms.author: aaroncz +manager: dougeby audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual @@ -33,7 +33,7 @@ In the **Website learning report**, you can view a summary of the devices that h 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). -1. Click **Client apps** > **App protection status** > **Reports**. +1. Select **Apps** > **Monitor** > **App protection status** > **Reports**. ![Image showing the UI path to the WIP report.](images/access-wip-learning-report.png) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 8ff7c7eec6..3203610df6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -14,7 +14,7 @@ author: jgeurten ms.reviewer: jsuther1974 ms.author: dansimp manager: dansimp -ms.date: 11/29/2021 +ms.date: 03/22/2022 ms.technology: windows-sec --- @@ -26,7 +26,7 @@ In this article we explain: 1. File Rule Precedence Order 2. Adding Allow Rules -3. Singe Policy Considerations +3. Single Policy Considerations 4. Multiple Policy Considerations 5. Best Practices 6. Tutorial