From 0fa76610daed8bb4567fddc91f17a40ed99429f6 Mon Sep 17 00:00:00 2001 From: ricastil <57725157+ricastil@users.noreply.github.com> Date: Thu, 10 Mar 2022 11:56:19 -0600 Subject: [PATCH 01/16] Add roles/permissions to section: Add Update Compliance to your Azure subscription adding the following information on roles required to enable, write or read in log analytics. --- .../deployment/update/update-compliance-get-started.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index fc12dbcd1f..5eeb00b62c 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -51,8 +51,9 @@ Before you begin the process to add Update Compliance to your Azure subscription ## Add Update Compliance to your Azure subscription -Update Compliance is offered as an Azure Marketplace application which is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. To configure this, follow these steps: +Update Compliance is offered as an Azure Marketplace application which is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. Please note that for the following steps you must have one of the following [Azure roles](https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) at minimum in order to add the solution: Owner or Contributor. +To configure this, follow these steps: 1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to login to your Azure subscription to access this. 2. Select **Get it now**. 3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the following table. Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data. @@ -60,6 +61,11 @@ Update Compliance is offered as an Azure Marketplace application which is linked - [Azure Update Management](/azure/automation/automation-intro#update-management) users should use the same workspace for Update Compliance. 4. After your workspace is configured and selected, select **Create**. You'll receive a notification when the solution has been successfully created. +Once the solution is in place, a user can leverage one of the following Azure roles with Update Compliance: + +• To edit and write queries we recommend the [Log Analytics Contributor ](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#log-analytics-contributor) +• To read and only view date we recommend the [Log Analytics Reader](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#log-analytics-reader) + |Compatible Log Analytics regions | | ------------------------------- | |Australia Central | From 7072d798f45ac5982a346e2ed9e0ca8cc8d30e59 Mon Sep 17 00:00:00 2001 From: ricastil <57725157+ricastil@users.noreply.github.com> Date: Sun, 13 Mar 2022 12:02:41 -0500 Subject: [PATCH 02/16] Update windows/deployment/update/update-compliance-get-started.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/update-compliance-get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 5eeb00b62c..3c4dfeceea 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -51,7 +51,7 @@ Before you begin the process to add Update Compliance to your Azure subscription ## Add Update Compliance to your Azure subscription -Update Compliance is offered as an Azure Marketplace application which is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. Please note that for the following steps you must have one of the following [Azure roles](https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) at minimum in order to add the solution: Owner or Contributor. +Update Compliance is offered as an Azure Marketplace application that is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. Note that, for the following steps, you must have either an Owner or Contributor [Azure role](/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) as a minimum in order to add the solution. To configure this, follow these steps: 1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to login to your Azure subscription to access this. From c1c5c4835e23f26cbc2a8449a7286aeec93f6336 Mon Sep 17 00:00:00 2001 From: ricastil <57725157+ricastil@users.noreply.github.com> Date: Sun, 13 Mar 2022 12:02:46 -0500 Subject: [PATCH 03/16] Update windows/deployment/update/update-compliance-get-started.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/update-compliance-get-started.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 3c4dfeceea..da329d77f9 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -61,10 +61,11 @@ To configure this, follow these steps: - [Azure Update Management](/azure/automation/automation-intro#update-management) users should use the same workspace for Update Compliance. 4. After your workspace is configured and selected, select **Create**. You'll receive a notification when the solution has been successfully created. -Once the solution is in place, a user can leverage one of the following Azure roles with Update Compliance: +Once the solution is in place, you can leverage one of the following Azure roles with Update Compliance: -• To edit and write queries we recommend the [Log Analytics Contributor ](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#log-analytics-contributor) -• To read and only view date we recommend the [Log Analytics Reader](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#log-analytics-reader) +- To edit and write queries we recommend the [Log Analytics Contributor](/azure/role-based-access-control/built-in-roles#log-analytics-contributor) role. + +- To read and only view data we recommend the [Log Analytics Reader](/azure/role-based-access-control/built-in-roles#log-analytics-reader) role. |Compatible Log Analytics regions | | ------------------------------- | From bf20d7c0bdaa6f7da8eb4506caf171c4893323bb Mon Sep 17 00:00:00 2001 From: "wh0se@sk1ng" Date: Wed, 16 Mar 2022 11:48:05 -0500 Subject: [PATCH 04/16] Update wip-learning.md --- .../windows-information-protection/wip-learning.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index 3ae137caca..2e28240bcc 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -33,7 +33,7 @@ In the **Website learning report**, you can view a summary of the devices that h 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). -1. Click **Client apps** > **App protection status** > **Reports**. +1. Click **Apps** > **Monitor** > **App protection status** > **Reports**. ![Image showing the UI path to the WIP report.](images/access-wip-learning-report.png) From b280797ed9c4f68e33f7b469d4ef1165960feabf Mon Sep 17 00:00:00 2001 From: anwarmahmood1 <43573768+anwarmahmood1@users.noreply.github.com> Date: Sun, 20 Mar 2022 12:27:41 +0000 Subject: [PATCH 05/16] now named "Allow pre-provisioned deployment" ? --- .../windows-autopilot/demonstrate-deployment-on-vm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index 8e20414961..86203e2980 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -508,7 +508,7 @@ Select **Next** to continue with the **Out-of-box experience (OOBE)** settings: | Privacy Settings | Hide | | Hide change account options | Hide | | User account type | Standard | -| Allow White Glove OOBE | No | +| Allow pre-provisioned deployment | No | | Language (Region) | Operating system default | | Automatically configure keyboard | Yes | | Apply device name template | No | From 0c227854b070e4f940a495b6d8c9440ca9e75d3b Mon Sep 17 00:00:00 2001 From: anwarmahmood1 <43573768+anwarmahmood1@users.noreply.github.com> Date: Sun, 20 Mar 2022 12:48:33 +0000 Subject: [PATCH 06/16] correct InTune and Office 365 names --- .../windows-autopilot/demonstrate-deployment-on-vm.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index 8e20414961..26946f6e30 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -814,9 +814,9 @@ At this point, you have completed steps to add a Win32 app to Intune. For more information on adding apps to Intune, see [Intune Standalone - Win32 app management](/intune/apps-win32-app-management). -### Add Office 365 +### Add Microsoft 365 Apps -#### Create app in Intune +#### Create app in Microsoft Endpoint Manager Log in to the Azure portal and select **Intune**. @@ -824,7 +824,7 @@ Go to **Intune > Clients apps > Apps**, and then select the **Add** button to cr ![Create app step 1.](images/app17.png) -Under **App Type**, select **Office 365 Suite > Windows 10**: +Under **App Type**, select **Microsoft 365 Apps > Windows 10 and later**: ![Create app step 2.](images/app18.png) From 6f93994e821d294841dc11302159276098a16437 Mon Sep 17 00:00:00 2001 From: "wh0se@sk1ng" Date: Mon, 21 Mar 2022 07:36:13 -0700 Subject: [PATCH 07/16] Update windows/security/information-protection/windows-information-protection/wip-learning.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../windows-information-protection/wip-learning.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index 2e28240bcc..db8059550f 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -33,7 +33,7 @@ In the **Website learning report**, you can view a summary of the devices that h 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). -1. Click **Apps** > **Monitor** > **App protection status** > **Reports**. +1. Select **Apps** > **Monitor** > **App protection status** > **Reports**. ![Image showing the UI path to the WIP report.](images/access-wip-learning-report.png) From 90f66b3f12e2b68aac13f13aa1c499300c6f4f17 Mon Sep 17 00:00:00 2001 From: Will Bjorn <30843002+wibjorn@users.noreply.github.com> Date: Mon, 21 Mar 2022 10:41:20 -0700 Subject: [PATCH 08/16] Update trusted-platform-module-overview.md --- .../tpm/trusted-platform-module-overview.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index 40d7b72e87..07705c394b 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -16,6 +16,7 @@ ms.collection: - M365-security-compliance - highpri ms.topic: conceptual +adobe-target: true --- # Trusted Platform Module Technology Overview From d52acf881fc3b4921ebd919608f325d5f9a24e1c Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 22 Mar 2022 08:59:46 +0500 Subject: [PATCH 09/16] Update how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md --- ...-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md index 6298f7d90f..7404c39cfd 100644 --- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md +++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md @@ -29,6 +29,9 @@ The credentials are placed in Credential Manager as a "\*Session" credential. A "\*Session" credential implies that it is valid for the current user session. The credentials are also cleaned up when the WiFi or VPN connection is disconnected. +> [!NOTE] +> In Windows 10 version 21h2 or newer, "\*Session" credential is not visible in Credential Manager. + For example, if someone using Microsoft Edge tries to access a domain resource, Microsoft Edge has the right Enterprise Authentication capability. This allows [WinInet](/windows/win32/wininet/wininet-reference) to release the credentials that it gets from the Credential Manager to the SSP that is requesting it. For more information about the Enterprise Authentication capability, see [App capability declarations](/windows/uwp/packaging/app-capability-declarations). @@ -93,4 +96,4 @@ Domain controllers must have appropriate KDC certificates for the client to trus Domain controllers must be using certificates based on the updated KDC certificate template Kerberos Authentication. This requires that all authenticating domain controllers run Windows Server 2016, or you'll need to enable strict KDC validation on domain controllers that run previous versions of Windows Server. -For more information, see [Enabling Strict KDC Validation in Windows Kerberos](https://www.microsoft.com/download/details.aspx?id=6382). \ No newline at end of file +For more information, see [Enabling Strict KDC Validation in Windows Kerberos](https://www.microsoft.com/download/details.aspx?id=6382). From 94220cb25b3b73cb8ae02204b84528c36104126a Mon Sep 17 00:00:00 2001 From: Grzegorz Tworek Date: Tue, 22 Mar 2022 12:27:21 +0100 Subject: [PATCH 10/16] Typo --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 8ff7c7eec6..8b9884dc96 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -26,7 +26,7 @@ In this article we explain: 1. File Rule Precedence Order 2. Adding Allow Rules -3. Singe Policy Considerations +3. Single Policy Considerations 4. Multiple Policy Considerations 5. Best Practices 6. Tutorial From 16b1dda187390223be99ea4cdd9b465972768314 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 22 Mar 2022 12:42:08 -0700 Subject: [PATCH 11/16] Update how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md --- ...-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md index 7404c39cfd..ee723db1ff 100644 --- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md +++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md @@ -6,7 +6,7 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security author: dansimp -ms.date: 09/23/2021 +ms.date: 03/22/2022 ms.reviewer: manager: dansimp ms.author: dansimp From aa1bf1e5d21ae61f1f32b16e63a2ba7c133abe0b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 22 Mar 2022 12:42:19 -0700 Subject: [PATCH 12/16] Update windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- ...-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md index ee723db1ff..f4e8cb2358 100644 --- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md +++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md @@ -30,7 +30,7 @@ A "\*Session" credential implies that it is valid for the current user session. The credentials are also cleaned up when the WiFi or VPN connection is disconnected. > [!NOTE] -> In Windows 10 version 21h2 or newer, "\*Session" credential is not visible in Credential Manager. +> In Windows 10, version 21h2 and later, the "\*Session" credential is not visible in Credential Manager. For example, if someone using Microsoft Edge tries to access a domain resource, Microsoft Edge has the right Enterprise Authentication capability. This allows [WinInet](/windows/win32/wininet/wininet-reference) to release the credentials that it gets from the Credential Manager to the SSP that is requesting it. For more information about the Enterprise Authentication capability, see [App capability declarations](/windows/uwp/packaging/app-capability-declarations). From 16f4d4ac25885231e9498cff1c0ea16a2139a682 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 22 Mar 2022 12:43:14 -0700 Subject: [PATCH 13/16] Update create-wdac-deny-policy.md --- .../create-wdac-deny-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md index 8b9884dc96..3203610df6 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md @@ -14,7 +14,7 @@ author: jgeurten ms.reviewer: jsuther1974 ms.author: dansimp manager: dansimp -ms.date: 11/29/2021 +ms.date: 03/22/2022 ms.technology: windows-sec --- From 0b38e0ece42c6054a5cd374831438d70985d274b Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 22 Mar 2022 13:53:31 -0700 Subject: [PATCH 14/16] update author metadata --- .../windows-information-protection/wip-learning.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index db8059550f..0cf382492f 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -9,9 +9,9 @@ ms.mktglfcycl: ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: cabailey -ms.author: cabailey -manager: laurawi +author: aczechowski +ms.author: aaroncz +manager: dougeby audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual From c2ce7fe2462020ab15ae8dd9e7fb9a45b8befa9c Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Wed, 23 Mar 2022 10:01:58 -0600 Subject: [PATCH 15/16] Update demonstrate-deployment-on-vm.md Sync PR https://github.com/MicrosoftDocs/windows-docs-pr/pull/6384 Fix warning --- .../windows-autopilot/demonstrate-deployment-on-vm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md index afc3e62c70..03e2aee015 100644 --- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md +++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md @@ -88,7 +88,7 @@ If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [C - [Prepare the app for Intune](#prepare-the-app-for-intune) - [Create app in Intune](#create-app-in-intune) - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile) - - [Add Office 365](#add-office-365) + - [Add Office 365](#add-microsoft-365-apps) - [Create app in Intune](#create-app-in-intune) - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile) - [Glossary](#glossary) From 209bb7ffecc3ee9d01b39962e482394c6d185cb6 Mon Sep 17 00:00:00 2001 From: Jeremy Danyow Date: Thu, 24 Mar 2022 15:12:09 -0700 Subject: [PATCH 16/16] enabling experimentation --- .../tpm/trusted-platform-module-overview.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index 40d7b72e87..07705c394b 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -16,6 +16,7 @@ ms.collection: - M365-security-compliance - highpri ms.topic: conceptual +adobe-target: true --- # Trusted Platform Module Technology Overview