From 2bcb2c924de2e0669e0a404556cfae782b618da9 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Tue, 30 May 2023 10:10:22 -0700
Subject: [PATCH 01/35] vbscript deprecation MAXADO-7954828
---
windows/whats-new/deprecated-features-resources.md | 6 +++++-
windows/whats-new/deprecated-features.md | 1 +
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md
index 330293213d..d059f17d61 100644
--- a/windows/whats-new/deprecated-features-resources.md
+++ b/windows/whats-new/deprecated-features-resources.md
@@ -21,11 +21,15 @@ appliesto:
This article provides additional resources about [deprecated features for Windows client](deprecated-features.md) that may be needed by IT professionals. The following information is provided to help IT professionals plan for the removal of deprecated features:
+## VBScript
+
+VBScript will be available as a [feature on demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) before being fully retired in future Windows releases. Initially, the VBScript feature on demand will be preinstalled to allow for uninterrupted use while you prepare for the retirement of VBScript.
+
## Microsoft Support Diagnostic Tool resources
The [Microsoft Support Diagnostic Tool (MSDT)](/windows-server/administration/windows-commands/msdt) gathers diagnostic data for analysis by support professionals. MSDT is the engine used to run legacy Windows built-in troubleshooters. There are currently 28 built-in troubleshooters for MSDT. Half of the built-in troubleshooters have already been [redirected](#redirected-msdt-troubleshooters) to the Get Help platform, while the other half will be [retired](#retired-msdt-troubleshooters).
-If you're using MSDT to run [custom troubleshooting packages](/previous-versions/windows/desktop/wintt/package-schema), it will be available as a [Feature on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) before the tool is fully retired in 2025. This change will allow you to continue to use MSDT to run custom troubleshooting packages while transitioning to a new platform. [Contact Microsoft support](https://support.microsoft.com/contactus) for Windows if you require additional assistance.
+If you're using MSDT to run [custom troubleshooting packages](/previous-versions/windows/desktop/wintt/package-schema), it will be available as a [feature on demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) before the tool is fully retired in 2025. This change will allow you to continue to use MSDT to run custom troubleshooting packages while transitioning to a new platform. [Contact Microsoft support](https://support.microsoft.com/contactus) for Windows if you require additional assistance.
### Redirected MSDT troubleshooters
diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index 073c3bf2f2..ae2d404644 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -36,6 +36,7 @@ The features in this article are no longer being actively developed, and might b
|Feature | Details and mitigation | Deprecation announced |
| ----------- | --------------------- | ---- |
+| VBScript | VBScript is deprecated. In future releases of Windows, VBScript will be available as a feature on demand before its removal from the operating system. For more information, see [Resources for deprecated features](deprecated-features-resources.md#vbscript) | **TBD** |
| Microsoft Support Diagnostic Tool (MSDT) | [MSDT](/windows-server/administration/windows-commands/msdt) is deprecated and will be removed in a future release of Windows. MSDT is used to gather diagnostic data for analysis by support professionals. For more information, see [Resources for deprecated features](deprecated-features-resources.md) | January 2023 |
| Universal Windows Platform (UWP) Applications for 32-bit Arm | This change is applicable only to devices with an Arm processor, for example Snapdragon processors from Qualcomm. If you have a PC built with a processor from Intel or AMD, this content is not applicable. If you are not sure which type of processor you have, check **Settings** > **System** > **About**. Support for 32-bit Arm versions of applications will be removed in a future release of Windows 11. After this change, for the small number of applications affected, app features might be different and you might notice a difference in performance. For more technical details about this change, see [Update app architecture from Arm32 to Arm64](/windows/arm/arm32-to-arm64). | January 2023 |
| Update Compliance | [Update Compliance](/windows/deployment/update/update-compliance-monitor), a cloud-based service for the Windows client, is no longer being developed. This service has been replaced with [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), which provides reporting on client compliance with Microsoft updates from the Azure portal. | November 2022|
From 6fa3848a73ae96adcb4ee74a21074d809349e728 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Tue, 30 May 2023 10:16:58 -0700
Subject: [PATCH 02/35] vbscript deprecation MAXADO-7954828
---
windows/whats-new/deprecated-features-resources.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md
index d059f17d61..6383501d7e 100644
--- a/windows/whats-new/deprecated-features-resources.md
+++ b/windows/whats-new/deprecated-features-resources.md
@@ -29,11 +29,11 @@ VBScript will be available as a [feature on demand](/windows-hardware/manufactur
The [Microsoft Support Diagnostic Tool (MSDT)](/windows-server/administration/windows-commands/msdt) gathers diagnostic data for analysis by support professionals. MSDT is the engine used to run legacy Windows built-in troubleshooters. There are currently 28 built-in troubleshooters for MSDT. Half of the built-in troubleshooters have already been [redirected](#redirected-msdt-troubleshooters) to the Get Help platform, while the other half will be [retired](#retired-msdt-troubleshooters).
-If you're using MSDT to run [custom troubleshooting packages](/previous-versions/windows/desktop/wintt/package-schema), it will be available as a [feature on demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) before the tool is fully retired in 2025. This change will allow you to continue to use MSDT to run custom troubleshooting packages while transitioning to a new platform. [Contact Microsoft support](https://support.microsoft.com/contactus) for Windows if you require additional assistance.
+If you're using MSDT to run [custom troubleshooting packages](/previous-versions/windows/desktop/wintt/package-schema), it will be available as a [feature on demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) before the tool is fully retired in 2025. This change allows you to continue to use MSDT to run custom troubleshooting packages while transitioning to a new platform. [Contact Microsoft support](https://support.microsoft.com/contactus) for Windows if you require more assistance.
### Redirected MSDT troubleshooters
-The following troubleshooters will automatically be redirected when you access them from **Start** > **Settings** > **System** > **Troubleshoot**:
+The following troubleshooters are automatically redirected when you access them from **Start** > **Settings** > **System** > **Troubleshoot**:
- Background Intelligent Transfer Service (BITS)
- Bluetooth
From 31032b6cc302024d52b130f1a7bf1571ded162ea Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Fri, 6 Oct 2023 15:30:06 +0200
Subject: [PATCH 03/35] Update configure-the-windows-firewall-log.md
Adding information on how to handle log file creation failures. This is a quite common issue with an easy solution.
---
.../configure-the-windows-firewall-log.md | 29 +++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
index 2912122082..87cb6b97d1 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
@@ -41,5 +41,34 @@ To complete these procedures, you must be a member of the Domain Administrators
6. Click **OK** twice.
+### Troubleshooting if the log file is not created or written to
+
+Sometimes the log files are not created or no events are written the log files. This can be related to missing permissions for the Windows Defender Firewall Service (mpssvc) on the folder or the logfiles themselves. It can happen if you want to store the log files in a different folder or the permissions were removed or have not been set automatically.
+
+Verify if mpssvc has FullControl on the folder and the files.
+Open an elevated PowerShell and use these commands. Make sure to use the correct path.
+
+```
+$LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
+(Get-ACL -Path $LogPath).Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize
+```
+The output should show NT SERVICE\mpssvc having FullControl:
+```
+IdentityReference FileSystemRights AccessControlType IsInherited InheritanceFlags
+----------------- ---------------- ----------------- ----------- ----------------
+NT AUTHORITY\SYSTEM FullControl Allow False ObjectInherit
+BUILTIN\Administrators FullControl Allow False ObjectInherit
+NT SERVICE\mpssvc FullControl Allow False ObjectInherit
+```
+If not, add FullControl permissions for mpssvc to the folder, subfolders and files. Make sure to use the correct path.
+```
+$LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
+$ACL = get-acl -Path $LogPath
+$ACL.SetAccessRuleProtection($true, $false)
+$RULE = New-Object System.Security.AccessControl.FileSystemAccessRule ("NT SERVICE\mpssvc","FullControl","ContainerInherit,ObjectInherit","None","Allow")
+$ACL.AddAccessRule($RULE)
+```
+Restart the Computer to restart the Windows Defender Firewall Service.
+
### Troubleshooting Slow Log Ingestion
If logs are slow to appear in Sentinel, you can turn down the log file size. Just beware that this downsizing will result in more resource usage due to the increased resource usage for log rotation.
From aafa943dfc2e07eeafbeb3c1721250d6d6e791df Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Mon, 9 Oct 2023 12:33:43 +0200
Subject: [PATCH 04/35] Update configure-the-windows-firewall-log.md
Added a paragraph related to the folder creation issue.
---
.../configure-the-windows-firewall-log.md | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
index 87cb6b97d1..5d7fd690df 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
@@ -43,7 +43,12 @@ To complete these procedures, you must be a member of the Domain Administrators
### Troubleshooting if the log file is not created or written to
-Sometimes the log files are not created or no events are written the log files. This can be related to missing permissions for the Windows Defender Firewall Service (mpssvc) on the folder or the logfiles themselves. It can happen if you want to store the log files in a different folder or the permissions were removed or have not been set automatically.
+Sometimes the log files are not created or no events are written the log files. This can be related to missing permissions for the Windows Defender Firewall Service (mpssvc) on the folder or the logfiles themselves. It can happen if you want to store the log files in a different folder or the permissions were removed or have not been set automatically.
+If firewall logging is configured via Group Policy only, it also can happen that the `firewall` folder is not created in the default location `%windir%\System32\LogFiles\`. The same can happen if a custom path to a non-existant folder is configered via Group Policy. In this case, create the folder manually or via script and add the permissions for MPSSVC.
+
+```
+New-Item -ItemType Directory -Path $env:windir\System32\LogFiles\Firewall
+```
Verify if mpssvc has FullControl on the folder and the files.
Open an elevated PowerShell and use these commands. Make sure to use the correct path.
@@ -70,5 +75,7 @@ $ACL.AddAccessRule($RULE)
```
Restart the Computer to restart the Windows Defender Firewall Service.
+
+
### Troubleshooting Slow Log Ingestion
If logs are slow to appear in Sentinel, you can turn down the log file size. Just beware that this downsizing will result in more resource usage due to the increased resource usage for log rotation.
From 87718f63599ae10f1509fe306283e2b31645943f Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 9 Oct 2023 09:32:20 -0400
Subject: [PATCH 05/35] WHFB requirements table update
---
.../hello-for-business/hello-identity-verification.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index 510a0584ba..537fc88652 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -1,5 +1,5 @@
---
-ms.date: 07/05/2023
+ms.date: 10/09/2023
title: Windows Hello for Business Deployment Prerequisite Overview
description: Overview of all the different infrastructure requirements for Windows Hello for Business deployment models
ms.topic: overview
@@ -37,7 +37,7 @@ The table shows the minimum requirements for each deployment. For key trust in a
| **Certificate Authority**| Not required |Any supported Windows Server versions | Any supported Windows Server versions | Any supported Windows Server versions |
| **AD FS Version** | Not required | Not required | Any supported Windows Server versions | Any supported Windows Server versions |
| **MFA Requirement** | Azure MFA, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter |
-| **Azure AD Connect** | Not required | Required | Required | Required |
+| **Azure AD Connect** | Not required. It's recommended to use Microsoft Entra Connect cloud sync | Required | Required | Required |
| **Azure AD License** | Azure AD Premium, optional | Azure AD Premium, optional | Azure AD Premium, needed for device write-back | Azure AD Premium, optional. Intune license required |
## On-premises Deployments
From 2cf3cc7e1d9977df0fd4fdb13c782be88051f6fd Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Mon, 9 Oct 2023 15:34:13 +0200
Subject: [PATCH 06/35] Update
windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
---
.../windows-firewall/configure-the-windows-firewall-log.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
index 5d7fd690df..88935dbb98 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
@@ -41,7 +41,7 @@ To complete these procedures, you must be a member of the Domain Administrators
6. Click **OK** twice.
-### Troubleshooting if the log file is not created or written to
+### Troubleshooting if the log file is not created or modified
Sometimes the log files are not created or no events are written the log files. This can be related to missing permissions for the Windows Defender Firewall Service (mpssvc) on the folder or the logfiles themselves. It can happen if you want to store the log files in a different folder or the permissions were removed or have not been set automatically.
If firewall logging is configured via Group Policy only, it also can happen that the `firewall` folder is not created in the default location `%windir%\System32\LogFiles\`. The same can happen if a custom path to a non-existant folder is configered via Group Policy. In this case, create the folder manually or via script and add the permissions for MPSSVC.
From f5f96e85787645e9ac79c2761595f49971e99248 Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Mon, 9 Oct 2023 15:34:27 +0200
Subject: [PATCH 07/35] Update
windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
---
.../windows-firewall/configure-the-windows-firewall-log.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
index 88935dbb98..7f6679dd97 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
@@ -46,7 +46,7 @@ To complete these procedures, you must be a member of the Domain Administrators
Sometimes the log files are not created or no events are written the log files. This can be related to missing permissions for the Windows Defender Firewall Service (mpssvc) on the folder or the logfiles themselves. It can happen if you want to store the log files in a different folder or the permissions were removed or have not been set automatically.
If firewall logging is configured via Group Policy only, it also can happen that the `firewall` folder is not created in the default location `%windir%\System32\LogFiles\`. The same can happen if a custom path to a non-existant folder is configered via Group Policy. In this case, create the folder manually or via script and add the permissions for MPSSVC.
-```
+```PowerShell
New-Item -ItemType Directory -Path $env:windir\System32\LogFiles\Firewall
```
From 78b2e60ccae970c42eae1e1e8bfbe4fd6cdec8b1 Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Mon, 9 Oct 2023 15:34:47 +0200
Subject: [PATCH 08/35] Update
windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
---
.../windows-firewall/configure-the-windows-firewall-log.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
index 7f6679dd97..d875961d63 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
@@ -50,7 +50,7 @@ If firewall logging is configured via Group Policy only, it also can happen that
New-Item -ItemType Directory -Path $env:windir\System32\LogFiles\Firewall
```
-Verify if mpssvc has FullControl on the folder and the files.
+Verify if MpsSvc has *FullControl* on the folder and the files.
Open an elevated PowerShell and use these commands. Make sure to use the correct path.
```
From 164539542fd4585a42ef1bf8955903e1d367ed2c Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Mon, 9 Oct 2023 15:35:04 +0200
Subject: [PATCH 09/35] Update
windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
---
.../windows-firewall/configure-the-windows-firewall-log.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
index d875961d63..0ade81bb0a 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
@@ -51,7 +51,7 @@ New-Item -ItemType Directory -Path $env:windir\System32\LogFiles\Firewall
```
Verify if MpsSvc has *FullControl* on the folder and the files.
-Open an elevated PowerShell and use these commands. Make sure to use the correct path.
+From an elevated PowerShell session, use the following commands, ensuring to use the correct path:
```
$LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
From b578e93ceedb6582dbba9f0a0fbf3cc99d9153c4 Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Mon, 9 Oct 2023 15:35:11 +0200
Subject: [PATCH 10/35] Update
windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
---
.../windows-firewall/configure-the-windows-firewall-log.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
index 0ade81bb0a..1f55d3b115 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
@@ -53,7 +53,7 @@ New-Item -ItemType Directory -Path $env:windir\System32\LogFiles\Firewall
Verify if MpsSvc has *FullControl* on the folder and the files.
From an elevated PowerShell session, use the following commands, ensuring to use the correct path:
-```
+```PowerShell
$LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
(Get-ACL -Path $LogPath).Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize
```
From ad72d997c3fd64ed604b1d8bfb51fd697703edbd Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Mon, 9 Oct 2023 15:35:23 +0200
Subject: [PATCH 11/35] Update
windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
---
.../windows-firewall/configure-the-windows-firewall-log.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
index 1f55d3b115..7e133b5be6 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
@@ -58,7 +58,7 @@ $LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
(Get-ACL -Path $LogPath).Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize
```
The output should show NT SERVICE\mpssvc having FullControl:
-```
+```PowerShell
IdentityReference FileSystemRights AccessControlType IsInherited InheritanceFlags
----------------- ---------------- ----------------- ----------- ----------------
NT AUTHORITY\SYSTEM FullControl Allow False ObjectInherit
From 84b9178eaf6fbbbf3d941e5aa1c18e3358b8f2d4 Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Mon, 9 Oct 2023 15:35:32 +0200
Subject: [PATCH 12/35] Update
windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
---
.../windows-firewall/configure-the-windows-firewall-log.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
index 7e133b5be6..08afe5621e 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
@@ -66,7 +66,7 @@ BUILTIN\Administrators FullControl Allow False ObjectI
NT SERVICE\mpssvc FullControl Allow False ObjectInherit
```
If not, add FullControl permissions for mpssvc to the folder, subfolders and files. Make sure to use the correct path.
-```
+```PowerShell
$LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
$ACL = get-acl -Path $LogPath
$ACL.SetAccessRuleProtection($true, $false)
From 96fa42474b5aede18365240f7fca7e50c6c59f9f Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Mon, 9 Oct 2023 15:35:48 +0200
Subject: [PATCH 13/35] Update
windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
---
.../windows-firewall/configure-the-windows-firewall-log.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
index 08afe5621e..02ace74c40 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
@@ -57,7 +57,7 @@ From an elevated PowerShell session, use the following commands, ensuring to use
$LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
(Get-ACL -Path $LogPath).Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize
```
-The output should show NT SERVICE\mpssvc having FullControl:
+The output should show `NT SERVICE\mpssvc` having *FullControl*:
```PowerShell
IdentityReference FileSystemRights AccessControlType IsInherited InheritanceFlags
----------------- ---------------- ----------------- ----------- ----------------
From 7709fcf3b57727addbabc0236dc7772c965f2658 Mon Sep 17 00:00:00 2001
From: msarcletti <56821677+msarcletti@users.noreply.github.com>
Date: Mon, 9 Oct 2023 15:36:01 +0200
Subject: [PATCH 14/35] Update
windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
Co-authored-by: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
---
.../windows-firewall/configure-the-windows-firewall-log.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
index 02ace74c40..9abc0d4784 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
@@ -73,7 +73,7 @@ $ACL.SetAccessRuleProtection($true, $false)
$RULE = New-Object System.Security.AccessControl.FileSystemAccessRule ("NT SERVICE\mpssvc","FullControl","ContainerInherit,ObjectInherit","None","Allow")
$ACL.AddAccessRule($RULE)
```
-Restart the Computer to restart the Windows Defender Firewall Service.
+Restart the device to restart the Windows Defender Firewall Service.
From 3d516fb0e3f35da7c2461e6ff7bf37fbf178caf8 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 9 Oct 2023 09:51:35 -0400
Subject: [PATCH 15/35] WHFB requirements table update
---
.../hello-for-business/hello-identity-verification.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index 537fc88652..663d6662dc 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -37,7 +37,7 @@ The table shows the minimum requirements for each deployment. For key trust in a
| **Certificate Authority**| Not required |Any supported Windows Server versions | Any supported Windows Server versions | Any supported Windows Server versions |
| **AD FS Version** | Not required | Not required | Any supported Windows Server versions | Any supported Windows Server versions |
| **MFA Requirement** | Azure MFA, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter |
-| **Azure AD Connect** | Not required. It's recommended to use Microsoft Entra Connect cloud sync | Required | Required | Required |
+| **Azure AD Connect** | Not required. It's recommended to use [Microsoft Entra Connect cloud sync](/azure/active-directory/hybrid/cloud-sync/what-is-cloud-sync) | Required | Required | Required |
| **Azure AD License** | Azure AD Premium, optional | Azure AD Premium, optional | Azure AD Premium, needed for device write-back | Azure AD Premium, optional. Intune license required |
## On-premises Deployments
From a1e5ab3d70a032aa8f5f992c04a0dcd20e156169 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 9 Oct 2023 10:01:55 -0400
Subject: [PATCH 16/35] Update
windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
---
.../windows-firewall/configure-the-windows-firewall-log.md | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
index 9abc0d4784..bb5da1d87c 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
@@ -43,7 +43,12 @@ To complete these procedures, you must be a member of the Domain Administrators
### Troubleshooting if the log file is not created or modified
-Sometimes the log files are not created or no events are written the log files. This can be related to missing permissions for the Windows Defender Firewall Service (mpssvc) on the folder or the logfiles themselves. It can happen if you want to store the log files in a different folder or the permissions were removed or have not been set automatically.
+Sometimes the Windows Firewall log files aren't created, or the events aren't written to the log files. Some examples when this condition may occur include:
+
+- missing permissions for the Windows Defender Firewall Service (MpsSvc) on the folder or on the log files
+- you want to store the log files in a different folder and the permissions were removed, or haven't been set automatically
+- if firewall logging is configured via Group Policy only, it can happen that the log folder isn't created in the default location `%windir%\System32\LogFiles\firewall`
+- if a custom path to a non-existent folder is configured via Group Policy. In this case, you must create the folder manually or via script, and add the permissions for MpsSvc
If firewall logging is configured via Group Policy only, it also can happen that the `firewall` folder is not created in the default location `%windir%\System32\LogFiles\`. The same can happen if a custom path to a non-existant folder is configered via Group Policy. In this case, create the folder manually or via script and add the permissions for MPSSVC.
```PowerShell
From 8c46a4a0681bfaad5994095a66910d1f27a99835 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 9 Oct 2023 10:08:13 -0400
Subject: [PATCH 17/35] Update configure-the-windows-firewall-log.md
---
.../configure-the-windows-firewall-log.md | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
index bb5da1d87c..b6d0f091f4 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
@@ -41,14 +41,17 @@ To complete these procedures, you must be a member of the Domain Administrators
6. Click **OK** twice.
-### Troubleshooting if the log file is not created or modified
+### Troubleshoot if the log file is not created or modified
Sometimes the Windows Firewall log files aren't created, or the events aren't written to the log files. Some examples when this condition may occur include:
- missing permissions for the Windows Defender Firewall Service (MpsSvc) on the folder or on the log files
- you want to store the log files in a different folder and the permissions were removed, or haven't been set automatically
-- if firewall logging is configured via Group Policy only, it can happen that the log folder isn't created in the default location `%windir%\System32\LogFiles\firewall`
-- if a custom path to a non-existent folder is configured via Group Policy. In this case, you must create the folder manually or via script, and add the permissions for MpsSvc
+- if firewall logging is configured via policy settings, it can happen that
+ - the log folder in the default location `%windir%\System32\LogFiles\firewall` doesn't exist
+ - the log folder in a custom path doesn't exist
+ In both cases, you must create the folder manually or via script, and add the permissions for MpsSvc
+
If firewall logging is configured via Group Policy only, it also can happen that the `firewall` folder is not created in the default location `%windir%\System32\LogFiles\`. The same can happen if a custom path to a non-existant folder is configered via Group Policy. In this case, create the folder manually or via script and add the permissions for MPSSVC.
```PowerShell
@@ -62,7 +65,9 @@ From an elevated PowerShell session, use the following commands, ensuring to use
$LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
(Get-ACL -Path $LogPath).Access | Format-Table IdentityReference,FileSystemRights,AccessControlType,IsInherited,InheritanceFlags -AutoSize
```
+
The output should show `NT SERVICE\mpssvc` having *FullControl*:
+
```PowerShell
IdentityReference FileSystemRights AccessControlType IsInherited InheritanceFlags
----------------- ---------------- ----------------- ----------- ----------------
@@ -70,7 +75,9 @@ NT AUTHORITY\SYSTEM FullControl Allow False ObjectI
BUILTIN\Administrators FullControl Allow False ObjectInherit
NT SERVICE\mpssvc FullControl Allow False ObjectInherit
```
-If not, add FullControl permissions for mpssvc to the folder, subfolders and files. Make sure to use the correct path.
+
+If not, add *FullControl* permissions for mpssvc to the folder, subfolders and files. Make sure to use the correct path.
+
```PowerShell
$LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
$ACL = get-acl -Path $LogPath
@@ -78,9 +85,9 @@ $ACL.SetAccessRuleProtection($true, $false)
$RULE = New-Object System.Security.AccessControl.FileSystemAccessRule ("NT SERVICE\mpssvc","FullControl","ContainerInherit,ObjectInherit","None","Allow")
$ACL.AddAccessRule($RULE)
```
+
Restart the device to restart the Windows Defender Firewall Service.
+### Troubleshoot Slow Log Ingestion
-
-### Troubleshooting Slow Log Ingestion
If logs are slow to appear in Sentinel, you can turn down the log file size. Just beware that this downsizing will result in more resource usage due to the increased resource usage for log rotation.
From 1ecd193386af9e7d5ceade788ebdf4393bbed5c0 Mon Sep 17 00:00:00 2001
From: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com>
Date: Mon, 9 Oct 2023 10:23:34 -0500
Subject: [PATCH 18/35] Update
windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
---
.../windows-firewall/configure-the-windows-firewall-log.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
index b6d0f091f4..daa952247d 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
@@ -52,7 +52,7 @@ Sometimes the Windows Firewall log files aren't created, or the events aren't wr
- the log folder in a custom path doesn't exist
In both cases, you must create the folder manually or via script, and add the permissions for MpsSvc
-If firewall logging is configured via Group Policy only, it also can happen that the `firewall` folder is not created in the default location `%windir%\System32\LogFiles\`. The same can happen if a custom path to a non-existant folder is configered via Group Policy. In this case, create the folder manually or via script and add the permissions for MPSSVC.
+If firewall logging is configured via Group Policy only, it also can happen that the `firewall` folder is not created in the default location `%windir%\System32\LogFiles\`. The same can happen if a custom path to a non-existent folder is configured via Group Policy. In this case, create the folder manually or via script and add the permissions for MPSSVC.
```PowerShell
New-Item -ItemType Directory -Path $env:windir\System32\LogFiles\Firewall
From 9131ec75f49abafee75aaba363ff8dad2ddee5db Mon Sep 17 00:00:00 2001
From: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com>
Date: Mon, 9 Oct 2023 10:26:13 -0500
Subject: [PATCH 19/35] Update
windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
---
.../windows-firewall/configure-the-windows-firewall-log.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
index daa952247d..49182f30f0 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
@@ -43,7 +43,7 @@ To complete these procedures, you must be a member of the Domain Administrators
### Troubleshoot if the log file is not created or modified
-Sometimes the Windows Firewall log files aren't created, or the events aren't written to the log files. Some examples when this condition may occur include:
+Sometimes the Windows Firewall log files aren't created, or the events aren't written to the log files. Some examples when this condition might occur include:
- missing permissions for the Windows Defender Firewall Service (MpsSvc) on the folder or on the log files
- you want to store the log files in a different folder and the permissions were removed, or haven't been set automatically
From d1a29a220b00f0bfe67720917946ed9d0cfd765b Mon Sep 17 00:00:00 2001
From: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com>
Date: Mon, 9 Oct 2023 10:39:07 -0500
Subject: [PATCH 20/35] Update configure-the-windows-firewall-log.md
---
.../configure-the-windows-firewall-log.md | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
index 49182f30f0..e60bc7b3ec 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
@@ -29,17 +29,18 @@ To complete these procedures, you must be a member of the Domain Administrators
3. The default path for the log is **%windir%\\system32\\logfiles\\firewall\\pfirewall.log**. If you want to change this path, clear the **Not configured** check box and type the path to the new location, or click **Browse** to select a file location.
- >**Important:** The location you specify must have permissions assigned that permit the Windows Defender Firewall service to write to the log file.
+ > [!IMPORTANT]
+ > The location you specify must have permissions assigned that permit the Windows Defender Firewall service to write to the log file.
- 4. The default maximum file size for the log is 4,096 kilobytes (KB). If you want to change this size, clear the **Not configured** check box, and type in the new size in KB, or use the up and down arrows to select a size. The file won't grow beyond this size; when the limit is reached, old log entries are deleted to make room for the newly created ones.
+ 5. The default maximum file size for the log is 4,096 kilobytes (KB). If you want to change this size, clear the **Not configured** check box, and type in the new size in KB, or use the up and down arrows to select a size. The file won't grow beyond this size; when the limit is reached, old log entries are deleted to make room for the newly created ones.
- 5. No logging occurs until you set one of following two options:
+ 6. No logging occurs until you set one of following two options:
- To create a log entry when Windows Defender Firewall drops an incoming network packet, change **Log dropped packets** to **Yes**.
- To create a log entry when Windows Defender Firewall allows an inbound connection, change **Log successful connections** to **Yes**.
- 6. Click **OK** twice.
+ 7. Click **OK** twice.
### Troubleshoot if the log file is not created or modified
From 42e3d2c8bbc582514b34748b123f1980e5e09d9a Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Mon, 9 Oct 2023 08:40:45 -0700
Subject: [PATCH 21/35] update date
---
windows/whats-new/deprecated-features.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index d3ef319ee9..9ad7dcd065 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -36,7 +36,7 @@ The features in this article are no longer being actively developed, and might b
|Feature | Details and mitigation | Deprecation announced |
| ----------- | --------------------- | ---- |
-| VBScript | VBScript is being deprecated. In future releases of Windows, VBScript will be available as a feature on demand before its removal from the operating system. For more information, see [Resources for deprecated features](deprecated-features-resources.md#vbscript) | September 2023 |
+| VBScript | VBScript is being deprecated. In future releases of Windows, VBScript will be available as a feature on demand before its removal from the operating system. For more information, see [Resources for deprecated features](deprecated-features-resources.md#vbscript) | October 2023 |
| WordPad | WordPad is no longer being updated and will be removed in a future release of Windows. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt. | September 1, 2023 |
| AllJoyn | Microsoft's implementation of AllJoyn which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) has been deprecated. [AllJoyn](https://openconnectivity.org/technology/reference-implementation/alljoyn/), sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures.AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of [Iotivity.org](https://iotivity.org/), another protocol for Internet of Things scenarios. Customers should refer to the [Iotivity.org](https://iotivity.org/) website for alternatives such as [Iotivity Lite](https://github.com/iotivity/iotivity-lite) or [Iotivity](https://github.com/iotivity/iotivity). | August 17, 2023 |
| TLS 1.0 and 1.1 | Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | August 1, 2023|
From 7ffebc3e06e335b7c4eddf54404df161ebd1c1ac Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Mon, 9 Oct 2023 08:41:27 -0700
Subject: [PATCH 22/35] update date
---
windows/whats-new/deprecated-features-resources.md | 2 +-
windows/whats-new/deprecated-features.md | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/whats-new/deprecated-features-resources.md b/windows/whats-new/deprecated-features-resources.md
index 9919114fdb..6b07079c0f 100644
--- a/windows/whats-new/deprecated-features-resources.md
+++ b/windows/whats-new/deprecated-features-resources.md
@@ -1,7 +1,7 @@
---
title: Resources for deprecated features in the Windows client
description: Resources and details for deprecated features in the Windows client.
-ms.date: 09/23/2023
+ms.date: 10/09/2023
ms.prod: windows-client
ms.technology: itpro-fundamentals
ms.localizationpriority: medium
diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index 9ad7dcd065..b1d6876954 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -1,7 +1,7 @@
---
title: Deprecated features in the Windows client
description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11.
-ms.date: 09/23/2023
+ms.date: 10/09/2023
ms.prod: windows-client
ms.technology: itpro-fundamentals
ms.localizationpriority: medium
From cf4bf0ae8f69caf5a884d55658be710493c85c65 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Mon, 9 Oct 2023 08:46:36 -0700
Subject: [PATCH 23/35] edit
---
windows/whats-new/deprecated-features.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index b1d6876954..881e004c0c 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -36,7 +36,7 @@ The features in this article are no longer being actively developed, and might b
|Feature | Details and mitigation | Deprecation announced |
| ----------- | --------------------- | ---- |
-| VBScript | VBScript is being deprecated. In future releases of Windows, VBScript will be available as a feature on demand before its removal from the operating system. For more information, see [Resources for deprecated features](deprecated-features-resources.md#vbscript) | October 2023 |
+| VBScript | VBScript is being deprecated. In future releases of Windows, VBScript will be available as a feature on demand before its removal from the operating system. For more information, see [Resources for deprecated features](deprecated-features-resources.md#vbscript). | October 2023 |
| WordPad | WordPad is no longer being updated and will be removed in a future release of Windows. We recommend Microsoft Word for rich text documents like .doc and .rtf and Windows Notepad for plain text documents like .txt. | September 1, 2023 |
| AllJoyn | Microsoft's implementation of AllJoyn which included the [Windows.Devices.AllJoyn API namespace](/uwp/api/windows.devices.alljoyn), a [Win32 API](/windows/win32/api/_alljoyn/), a [management configuration service provider (CSP)](/windows/client-management/mdm/alljoynmanagement-csp), and an [Alljoyn Router Service](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server#alljoyn-router-service) has been deprecated. [AllJoyn](https://openconnectivity.org/technology/reference-implementation/alljoyn/), sponsored by AllSeen Alliance, was an open source discovery and communication protocol for Internet of Things scenarios such as turning on/off lights or reading temperatures.AllSeen Alliance promoted the AllJoyn project from 2013 until 2016 when it merged with the Open Connectivity Foundation (OCF), the sponsors of [Iotivity.org](https://iotivity.org/), another protocol for Internet of Things scenarios. Customers should refer to the [Iotivity.org](https://iotivity.org/) website for alternatives such as [Iotivity Lite](https://github.com/iotivity/iotivity-lite) or [Iotivity](https://github.com/iotivity/iotivity). | August 17, 2023 |
| TLS 1.0 and 1.1 | Over the past several years, internet standards and regulatory bodies have [deprecated or disallowed](https://www.ietf.org/rfc/rfc8996.html) TLS versions 1.0 and 1.1 due to various security issues. Starting in Windows 11 Insider Preview builds for September 2023 and continuing in future Windows OS releases, TLS 1.0 and 1.1 will be disabled by default. This change increases the security posture of Windows customers and encourages modern protocol adoption. For organizations that need to use these versions, there's an option to re-enable TLS 1.0 or TLS 1.1. For more information, see [Resources for deprecated features](deprecated-features-resources.md). | August 1, 2023|
From 58d335fa74af306f3ff754e11d2c57327bc71b29 Mon Sep 17 00:00:00 2001
From: Deepak-EDU <140197022+Deepak-EDU@users.noreply.github.com>
Date: Mon, 9 Oct 2023 14:59:31 -0700
Subject: [PATCH 24/35] Update windows-11-se-overview.md
---
education/windows/windows-11-se-overview.md | 49 ++++++++++++++-------
1 file changed, 32 insertions(+), 17 deletions(-)
diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md
index e484296ed5..85683ac20e 100644
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@@ -86,10 +86,13 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `Absolute Software Endpoint Agent` | 7.20.0.1 | `Win32` | `Absolute Software Corporation` |
| `AirSecure` | 8.0.0 | `Win32` | `AIR` |
| `Alertus Desktop` | 5.4.48.0 | `Win32` | `Alertus technologies` |
+| `AristotleK12 Borderless Classroom ` | 3.0.11. | `Win32` | `Sergeant Laboratories` |
+| `AristotleK12 Analytics ` | 10.0.6 | `Win32` | `Sergeant Laboratories` |
+| `AristotleK12 Network filter` | 3.1.10 | `Win32` | `Sergeant Laboratories` |
| `Brave Browser` | 106.0.5249.119 | `Win32` | `Brave` |
| `Bulb Digital Portfolio` | 0.0.7.0 | `Store` | `Bulb` |
-| `CA Secure Browser` | 14.0.0 | `Win32` | `Cambium Development` |
-| `Cisco Umbrella` | 3.0.343.0 | `Win32` | `Cisco` |
+| `CA Secure Browser` | 15.0.0 | `Win32` | `Cambium Development` |
+| `Cisco Umbrella` | 3.0.466.0 | `Win32` | `Cisco` |
| `CKAuthenticator` | 3.6+ | `Win32` | `ContentKeeper` |
| `Class Policy` | 116.0.0 | `Win32` | `Class Policy` |
| `Classroom.cloud` | 1.40.0004 | `Win32` | `NetSupport` |
@@ -97,7 +100,8 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `CoGat Secure Browser` | 11.0.0.19 | `Win32` | `Riverside Insights` |
| `ColorVeil` | 4.0.0.175 | `Win32` | `East-Tec` |
| `ContentKeeper Cloud` | 9.01.45 | `Win32` | `ContentKeeper Technologies` |
-| `DigiExam` | 14.0.6 | `Win32` | `Digiexam` |
+| `DigiExam` | 14.1.0 | `Win32` | `Digiexam` |
+| `Digital Secure testing browser` | 15.0.0 | `Win32` | `Digiexam` |
| `Dragon Professional Individual` | 15.00.100 | `Win32` | `Nuance Communications` |
| `DRC INSIGHT Online Assessments` | 13.0.0.0 | `Store` | `Data recognition Corporation` |
| `Duo from Cisco` | 3.0.0 | `Win32` | `Cisco` |
@@ -106,6 +110,8 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `EasyReader` | 10.0.4.498 | `Win32` | `Dolphin Computer Access` |
| `Easysense 2` | 1.32.0001 | `Win32` | `Data Harvest` |
| `Epson iProjection` | 3.31 | `Win32` | `Epson` |
+| `ESET Endpoint Security` | 10.1.2046.0 | `Win32` | `ESET` |
+| `ESET Remote Administrator Agent` | 10.0.1126.0 | `Win32` | `ESET` |
| `eTests` | 4.0.25 | `Win32` | `CASAS` |
| `Exam Writepad` | 23.2.4.2338 | `Win32` | `Sheldnet` |
| `FirstVoices Keyboard` | 15.0.270 | `Win32` | `SIL International` |
@@ -117,22 +123,26 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `GuideConnect` | 1.24 | `Win32` | `Dolphin Computer Access` |
| `Illuminate Lockdown Browser` | 2.0.5 | `Win32` | `Illuminate Education` |
| `Immunet` | 7.5.8.21178 | `Win32` | `Immunet` |
-| `Impero Backdrop Client` | 5.0.87 | `Win32` | `Impero Software` |
+| `Impero Backdrop Client` | 5.0.151 | `Win32` | `Impero Software` |
| `IMT Lazarus` | 2.86.0 | `Win32` | `IMTLazarus` |
| `Inspiration 10` | 10.11 | `Win32` | `TechEdology Ltd` |
| `JAWS for Windows` | 2022.2112.24 | `Win32` | `Freedom Scientific` |
| `Kite Student Portal` | 9.0.0.0 | `Win32` | `Dynamic Learning Maps` |
-| `Keyman` | 16.0.138 | `Win32` | `SIL International` |
+| `Keyman` | 16.0.141 | `Win32` | `SIL International` |
| `Kortext` | 2.3.433.0 | `Store` | `Kortext` |
| `Kurzweil 3000 Assistive Learning` | 20.13.0000 | `Win32` | `Kurzweil Educational Systems` |
| `LanSchool Classic` | 9.1.0.46 | `Win32` | `Stoneware, Inc.` |
| `LanSchool Air` | 2.0.13312 | `Win32` | `Stoneware, Inc.` |
+| `Lexibar` | 3.07.02 | `Win32` | `Lexibar` |
+| `LGfL HomeProtect` | 8.3.44.11 | `Win32` | `LGFL` |
| `Lightspeed Smart Agent` | 1.9.1 | `Win32` | `Lightspeed Systems` |
| `Lightspeed Filter Agent` | 2.3.4 | `Win32` | `Lightspeed Systems` |
-| `MetaMoJi ClassRoom` | 3.12.4.0 | `Store` | `MetaMoJi Corporation` |
-| `Microsoft Connect` | 10.0.22000.1 | `Store` | `Microsoft` |
-| `Mozilla Firefox` | 105.0.0 | `Win32` | `Mozilla` |
-| `Mobile Plans` | 5.1911.3171.0 | `Store` | `Microsoft Corporation` |
+| `Lightspeed Digital` | 3.12.3.11 | `Win32` | `Lightspeed Systems` |
+| `MetaMoJi ClassRoom` | 3.12.4.0 | `Store` | `MetaMoJi Corporation` |
+| `Microsoft Connect` | 10.0.22000.1 | `Store` | `Microsoft` |
+| `Mozilla Firefox` | 116.0.2 | `Win32` | `Mozilla` |
+| `Mobile Plans` | 5.1911.3171.0 | `Store` | `Microsoft Corporation` |
+| `Musescore` | 4.1.1.232071203 | `Win32` | `Musescore` |
| `NAPLAN` | 5.2.2 | `Win32` | `NAP` |
| `Netref Student` | 23.1.0 | `Win32` | `NetRef` |
| `NetSupport DNA` | 4.80.0000 | `Win32` | `NetSupport` |
@@ -140,21 +150,23 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `NetSupport Notify` | 5.10.1.223 | `Win32` | `NetSupport` |
| `NetSupport School` | 14.00.0012 | `Win32` | `NetSupport` |
| `NextUp Talker` | 1.0.49 | `Win32` | `NextUp Technologies` |
-| `NonVisual Desktop Access` | 2021.3.1 | `Win32` | `NV Access` |
+| `Netsweeper Workstation Agent` | 4.50.54.54 | `Win32` | `Netsweeper` |
+| `NonVisual Desktop Access` | 2023.1. | `Win32` | `NV Access` |
| `NWEA Secure Testing Browser` | 5.4.387.0 | `Win32` | `NWEA` |
| `PC Talker Neo` | 2209 | `Win32` | `Kochi System Development` |
| `PC Talker Neo Plus` | 2209 | `Win32` | `Kochi System Development` |
| `PaperCut` | 22.0.6 | `Win32` | `PaperCut Software International Pty Ltd` |
-| `Pearson TestNav` | 1.11.3 | `Store` | `Pearson` |
-| `Project Monarch Outlook` | 1.2022.2250001 | `Store` | `Microsoft` |
+| `Pearson TestNav` | 1.11.3 | `Store` | `Pearson` |
+| `Project Monarch Outlook` | 1.2023.831.400 | `Store` | `Microsoft` |
| `Questar Secure Browser` | 5.0.1.456 | `Win32` | `Questar, Inc` |
-| `ReadAndWriteForWindows` | 12.0.74 | `Win32` | `Texthelp Ltd.` |
-| `Remote Desktop client (MSRDC)` | 1.2.4240.0 | `Win32` | `Microsoft` |
+| `ReadAndWriteForWindows` | 12.0.78 | `Win32` | `Texthelp Ltd.` |
+| `Remote Desktop client (MSRDC)` | 1.2.4487.0 | `Win32` | `Microsoft` |
| `Remote Help` | 4.0.1.13 | `Win32` | `Microsoft` |
| `Respondus Lockdown Browser` | 2.0.9.03 | `Win32` | `Respondus` |
| `Safe Exam Browser` | 3.5.0.544 | `Win32` | `Safe Exam Browser` |
-|`SchoolYear` | 3.4.21 | `Win32` |`SchoolYear` |
+|`SchoolYear` | 3.5.4 | `Win32` |`SchoolYear` |
|`School Manager` | 3.6.8.1109 | `Win32` |`School Manager` |
+|`Scratch` | 3.0 | `Win32` |`MIT` |
| `Senso.Cloud` | 2021.11.15.0 | `Win32` | `Senso.Cloud` |
| `Skoolnext` | 2.19 | `Win32` | `Skool.net` |
| `Smoothwall Monitor` | 2.9.2 | `Win32` | `Smoothwall Ltd` |
@@ -162,11 +174,14 @@ The following applications can also run on Windows 11 SE, and can be deployed us
| `SuperNova Magnifier & Speech` | 21.03 | `Win32` | `Dolphin Computer Access` |
|`TX Secure Browser` | 15.0.0 | `Win32` | `Cambium Development` |
| `VitalSourceBookShelf` | 10.2.26.0 | `Win32` | `VitalSource Technologies Inc` |
+|`WA Secure Browser` | 16.0.0 | `Win32` | `Cambium Development` |
| `Winbird` | 19 | `Win32` | `Winbird Co., Ltd.` |
| `WordQ` | 5.4.29 | `Win32` | `WordQ` |
+| `Windows SEB` | 3.4.0 | `Win32` | `Illinois Stateboard of Education` |
+| `Windows Notepad` | 12.0.78 | `Store` | `Microsoft Corporation` |
| `Zoom` | 5.12.8 (10232) | `Win32` | `Zoom` |
-| `ZoomText Fusion` | 2023.2303.77.400 | `Win32` | `Freedom Scientific` |
-| `ZoomText Magnifier/Reader` | 2023.2303.33.400 | `Win32` | `Freedom Scientific` |
+| `ZoomText Fusion` | 2023.2307.7.400 | `Win32` | `Freedom Scientific` |
+| `ZoomText Magnifier/Reader` | 2023.2307.29.400 | `Win32` | `Freedom Scientific` |
## Add your own applications
From 640f0896cf75a3d171cbcaec427ea0aa48279b73 Mon Sep 17 00:00:00 2001
From: Thom McKiernan
Date: Tue, 10 Oct 2023 12:59:27 +0100
Subject: [PATCH 25/35] Update install-vamt.md
removed outdated references to Windows 10. The information is relevant to Windows 11 and Windows Server too
---
windows/deployment/volume-activation/install-vamt.md | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md
index c204b95d16..a8d6e07078 100644
--- a/windows/deployment/volume-activation/install-vamt.md
+++ b/windows/deployment/volume-activation/install-vamt.md
@@ -1,6 +1,6 @@
---
-title: Install VAMT (Windows 10)
-description: Learn how to install Volume Activation Management Tool (VAMT) as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10.
+title: Install VAMT
+description: Learn how to install Volume Activation Management Tool (VAMT) as part of the Windows Assessment and Deployment Kit (ADK) for Windows.
ms.reviewer: nganguly
manager: aaroncz
ms.author: frankroj
@@ -18,7 +18,7 @@ This article describes how to install the Volume Activation Management Tool (VAM
## Installing VAMT
-You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10.
+You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows.
>[!IMPORTANT]
>VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products' license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For best results when using Active Directory-based activation, we recommend running VAMT while logged on as a domain administrator.
@@ -30,7 +30,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
- [Windows Server with Desktop Experience](/windows-server/get-started/getting-started-with-server-with-desktop-experience), with internet access (for the main VAMT console) and all updates applied
-- Latest version of the [Windows 10 ADK](/windows-hardware/get-started/adk-install)
+- Latest version of the [Windows ADK](/windows-hardware/get-started/adk-install)
- Any supported [SQL Server Express](https://www.microsoft.com/sql-server/sql-server-editions-express) version, the latest is recommended
@@ -52,7 +52,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
### Install VAMT using the ADK
-1. Download the latest version of [Windows 10 ADK](/windows-hardware/get-started/adk-install).
+1. Download the latest version of [Windows ADK](/windows-hardware/get-started/adk-install).
If an older version is already installed, it's recommended to uninstall the older ADK and install the latest version. Existing VAMT data is maintained in the VAMT database.
From 23c3eba866398281aa6226cbcad1409de174b6bf Mon Sep 17 00:00:00 2001
From: Thom McKiernan
Date: Tue, 10 Oct 2023 13:14:06 +0100
Subject: [PATCH 26/35] Update install-vamt.md
SQL download link went to a dead page that then got redirected to an SQL 2019 page with no download links. I've updated this to be the correct link for the latest SQL Express download.
---
windows/deployment/volume-activation/install-vamt.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md
index a8d6e07078..bc53386011 100644
--- a/windows/deployment/volume-activation/install-vamt.md
+++ b/windows/deployment/volume-activation/install-vamt.md
@@ -32,13 +32,13 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
- Latest version of the [Windows ADK](/windows-hardware/get-started/adk-install)
-- Any supported [SQL Server Express](https://www.microsoft.com/sql-server/sql-server-editions-express) version, the latest is recommended
+- Any supported [SQL Server Express](https://www.microsoft.com/sql-server/sql-server-downloads) version, the latest is recommended
- Alternatively, any supported **full** SQL instance
### Install SQL Server Express / alternatively use any full SQL instance
-1. Download and open the [SQL Server Express](https://www.microsoft.com/sql-server/sql-server-editions-express) package.
+1. Download and open the [SQL Server Express](https://www.microsoft.com/sql-server/sql-server-downloads) package.
2. Select **Basic**.
@@ -68,7 +68,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
### Configure VAMT to connect to SQL Server Express or full SQL Server
-1. Open **Volume Active Management Tool 3.1** from the Start menu.
+1. Open **Volume Active Management Tool** from the Start menu.
2. Enter the server instance name (for a remote SQL use the FQDN) and a name for the database, select **Connect**, and then select **Yes** to create the database. See the following image for an example for SQL.
From 9d729d68d2e5ab4fbd12e2b2584813138a6525ef Mon Sep 17 00:00:00 2001
From: Dan Mabee <40476441+damabe@users.noreply.github.com>
Date: Wed, 11 Oct 2023 00:27:13 -0700
Subject: [PATCH 27/35] Policheck update
---
store-for-business/microsoft-store-for-business-overview.md | 4 ++--
windows/configuration/wcd/wcd-browser.md | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/store-for-business/microsoft-store-for-business-overview.md b/store-for-business/microsoft-store-for-business-overview.md
index 51d26aea04..84a347f046 100644
--- a/store-for-business/microsoft-store-for-business-overview.md
+++ b/store-for-business/microsoft-store-for-business-overview.md
@@ -244,7 +244,6 @@ Store for Business and Education is currently available in these markets.
- Liechtenstein
- Lithuania
- Luxembourg
-- Macedonia
- Madagascar
- Malawi
- Malaysia
@@ -268,6 +267,7 @@ Store for Business and Education is currently available in these markets.
- New Zealand
- Nicaragua
- Nigeria
+- North Macedonia
- Norway
- Oman
- Pakistan
@@ -310,7 +310,7 @@ Store for Business and Education is currently available in these markets.
- Tonga
- Trinidad and Tobago
- Tunisia
-- Turkey
+- Türkiye
- Turks and Caicos Islands
- Uganda
- United Arab Emirates
diff --git a/windows/configuration/wcd/wcd-browser.md b/windows/configuration/wcd/wcd-browser.md
index 97e8ca8ceb..3168b7df93 100644
--- a/windows/configuration/wcd/wcd-browser.md
+++ b/windows/configuration/wcd/wcd-browser.md
@@ -85,7 +85,7 @@ Use *Default* to specify a name that matches one of the search providers you ent
Some countries/regions require specific, default search providers. The following table lists the applicable countries/regions and information for configuring the necessary search provider.
>[!NOTE]
->For Russia + Commonwealth of Independent States (CIS), the independent states consist of Russia, Ukraine, Georgia, The Republic of Azerbaijan, Republic Of Belarus, The Republic of Kazakhstan, The Kyrgyz Republic, The Republic of Moldova, The Republic of Tajikistan, The Republic of Armenia, Turkmenistan, The Republic of Uzbekistan, and Turkey.
+>For Russia + Commonwealth of Independent States (CIS), the independent states consist of Russia, Ukraine, Georgia, The Republic of Azerbaijan, Republic Of Belarus, The Republic of Kazakhstan, The Kyrgyz Republic, The Republic of Moldova, The Republic of Tajikistan, The Republic of Armenia, Turkmenistan, The Republic of Uzbekistan, and Türkiye.
From ef86d7c09d78db31fb2436c8ed8d0f43fe373a41 Mon Sep 17 00:00:00 2001
From: Anders Ahl <58516456+GenerAhl@users.noreply.github.com>
Date: Wed, 11 Oct 2023 10:37:24 +0200
Subject: [PATCH 28/35] Update hello-feature-pin-reset.md
Corrected a typo on the page.
---
.../hello-for-business/hello-feature-pin-reset.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
index ab35e717f2..1c72822304 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
@@ -70,7 +70,7 @@ To register the applications, follow these steps:
:::column span="3":::
3. Review the permissions requested by the *Microsoft Pin Reset Service Production* application and select **Accept** to confirm consent to both applications to access your organization.
>[!NOTE]
- >After accepance, the redirect page will show a blank page. This is a known behavior.
+ >After acceptance, the redirect page will show a blank page. This is a known behavior.
:::column-end:::
:::column span="1":::
:::image type="content" alt-text="Screenshot showing the PIN reset service permissions final page." source="images/pinreset/pin-reset-service-prompt-2.png" lightbox="images/pinreset/pin-reset-service-prompt-2.png" border="true":::
From aa029fda5ecd7baf85ac769e9d9ae9a7a1bd4eb1 Mon Sep 17 00:00:00 2001
From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com>
Date: Wed, 11 Oct 2023 17:42:16 +0530
Subject: [PATCH 29/35] Update mdm-overview.md
corrected grammatical errors and made some words bold
---
windows/client-management/mdm-overview.md | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/windows/client-management/mdm-overview.md b/windows/client-management/mdm-overview.md
index ceca839aaa..da0013abc4 100644
--- a/windows/client-management/mdm-overview.md
+++ b/windows/client-management/mdm-overview.md
@@ -31,7 +31,7 @@ Microsoft provides MDM security baselines that function like the Microsoft group
The MDM security baseline includes policies that cover the following areas:
-- Microsoft inbox security technologies (not deprecated) such as BitLocker, Windows Defender SmartScreen, Exploit Guard, Microsoft Defender Antivirus, and Firewall
+- Microsoft inbox security technologies (not deprecated) such as **BitLocker, Windows Defender SmartScreen, Exploit Guard, Microsoft Defender Antivirus,** and **Firewall**
- Restricting remote access to devices
- Setting credential requirements for passwords and PINs
- Restricting use of legacy technology
@@ -66,6 +66,6 @@ No. Only one MDM is allowed.
| Entry | Description |
| --------------- | -------------------- |
-| What is dmwappushsvc? | It's a Windows service that ships in Windows operating system as a part of the windows management platform. It's used internally by the operating system as a queue for categorizing and processing all Wireless Application Protocol (WAP) messages, which include Windows management messages, and Service Indication/Service Loading (SI/SL). The service also initiates and orchestrates management sync sessions with the MDM server. |
-| What data is handled by dmwappushsvc? | It's a component handling the internal workings of the management platform and involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further. This service doesn't send telemetry. |
-| How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc) and locating *Device Management Wireless Application Protocol (WAP) Push message Routing Service*. However, since this service is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to disable the service. Disabling this service causes your management to fail. |
+| What is dmwappushsvc? | It's a Windows service that ships in the Windows operating system as a part of the Windows management platform. It's used internally by the operating system as a queue for categorizing and processing all Wireless Application Protocol (WAP) messages, which include Windows management messages, and Service Indication/Service Loading (SI/SL). The service also initiates and orchestrates management sync sessions with the MDM server. |
+| What data is handled by dmwappushsvc? | It's a component handling the internal workings of the management platform and is involved in processing messages that have been received by the device remotely for management. The messages in the queue are serviced by another component that is also part of the Windows management stack to process messages. The service also routes and authenticates WAP messages received by the device to internal OS components that process them further. This service doesn't send telemetry. |
+| How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc) and locating *Device Management Wireless Application Protocol (WAP) Push message Routing Service*. However, since this service is a component part of the OS and is required for the proper functioning of the device, we strongly recommend not to disable the service. Disabling this service causes your management to fail. |
From f09a9a126fdfb3d7b224e85d64b684f4df91995f Mon Sep 17 00:00:00 2001
From: Stacyrch140 <102548089+Stacyrch140@users.noreply.github.com>
Date: Wed, 11 Oct 2023 11:49:20 -0400
Subject: [PATCH 30/35] pencil edit
Line 109 - fixed comma spacing
---
store-for-business/microsoft-store-for-business-overview.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/store-for-business/microsoft-store-for-business-overview.md b/store-for-business/microsoft-store-for-business-overview.md
index 84a347f046..53f420d9f9 100644
--- a/store-for-business/microsoft-store-for-business-overview.md
+++ b/store-for-business/microsoft-store-for-business-overview.md
@@ -106,7 +106,7 @@ Also, if your organization plans to use a management tool, you'll need to config
## Get apps and content
-Once signed in to the Microsoft Store, you can browse and search for all products in the Store for Business and Education catalog. Some apps are free,and some apps charge a price. We're continuing to add more paid apps to the Store for Business and Education. Check back if you don't see the app that you're looking for. Currently, you can pay for apps with a credit card, and some items can be paid for with an invoice. We'll be adding more payment options over time.
+Once signed in to the Microsoft Store, you can browse and search for all products in the Store for Business and Education catalog. Some apps are free, and some apps charge a price. We're continuing to add more paid apps to the Store for Business and Education. Check back if you don't see the app that you're looking for. Currently, you can pay for apps with a credit card, and some items can be paid for with an invoice. We'll be adding more payment options over time.
**App types** - These app types are supported in the Store for Business and Education:
@@ -386,4 +386,4 @@ Developers in your organization, or ISVs can create content specific to your org
Once the app is in inventory, admins can choose how to distribute the app. ISVs creating apps through the dev center can make their apps available in Store for Business and Education. ISVs can opt-in their apps to make them available for offline licensing. Apps purchased in Store for Business and Education will work only on Windows 10.
-For more information on line-of-business apps, see [Working with Line-of-Business apps](working-with-line-of-business-apps.md).
\ No newline at end of file
+For more information on line-of-business apps, see [Working with Line-of-Business apps](working-with-line-of-business-apps.md).
From b6407d66affae8ebaf1f086cd715b7f41c1044ea Mon Sep 17 00:00:00 2001
From: tiaraquan
Date: Wed, 11 Oct 2023 11:47:16 -0700
Subject: [PATCH 31/35] Eye twitch
---
...roups-windows-feature-update-summary-dashboard.md | 12 ++++++------
...roups-windows-quality-update-summary-dashboard.md | 8 ++++----
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
index 37d261d766..7ff0cc7a61 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
@@ -17,19 +17,19 @@ ms.collection:
# Windows feature update summary dashboard
-The summary dashboard provides a broader view of the current Windows OS update status for all devices registered with Windows Autopatch.
+The Summary dashboard provides a broader view of the current Windows OS update status for all devices registered with Windows Autopatch.
-The first part of the summary dashboard provides you with an all-devices trend report where you can follow the deployment trends within your organization. You can view if updates were successfully installed, failing, in progress, not ready or have their Windows feature update paused.
+The first part of the Summary dashboard provides you with an all-devices trend report where you can follow the deployment trends within your organization. You can view if updates were successfully installed, failing, in progress, not ready or have their Windows feature update paused.
-**To view a generated summary dashboard for your Windows feature update deployments:**
+**To view a generated Summary dashboard for your Windows feature update deployments:**
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. Select **Reports** from the left navigation menu.
-1. Under the **Windows Autopatch** section, select **Windows feature updates (preview)**.
+1. Under the **Windows Autopatch** section, select **Windows feature updates**.
## Report information
-The following information is available in the summary dashboard:
+The following information is available in the Summary dashboard:
| Column name | Description |
| ----- | ----- |
@@ -48,5 +48,5 @@ The following options are available:
| Option | Description |
| ----- | ----- |
-| Refresh | The option to **Refresh** the summary dashboard is available at the top of the page. This process will ensure that the summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |
+| Refresh | The option to **Refresh** the Summary dashboard is available at the top of the page. This process will ensure that the Summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |
| Summary links | Each column represents the summary of included devices. Select the hyperlinked number to produce a filtered report in a new browser tab. |
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md
index 154e93fb08..e744f0c407 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md
@@ -1,7 +1,7 @@
---
title: Windows quality update summary dashboard
description: Provides a summary view of the current update status for all devices enrolled into Windows Autopatch with Autopatch groups
-ms.date: 07/25/2023
+ms.date: 10/04/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: how-to
@@ -17,7 +17,7 @@ ms.collection:
# Windows quality update summary dashboard
-The summary dashboard provides a summary view of the current update status for all devices enrolled into Windows Autopatch.
+The Summary dashboard provides a summary view of the current update status for all devices enrolled into Windows Autopatch.
**To view the current update status for all your enrolled devices:**
@@ -29,7 +29,7 @@ The summary dashboard provides a summary view of the current update status for a
## Report information
-The following information is available in the summary dashboard:
+The following information is available in the Summary dashboard:
| Column name | Description |
| ----- | ----- |
@@ -47,5 +47,5 @@ The following options are available:
| Option | Description |
| ----- | ----- |
-| Refresh | The option to **Refresh** the summary dashboard is available at the top of the page. This process will ensure that the summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |
+| Refresh | The option to **Refresh** the Summary dashboard is available at the top of the page. This process ensures that the Summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |
| Summary links | Each column represents the summary of included devices. Select the hyperlinked number to produce a filtered report in a new browser tab. |
From 604609b3e612ea505a9fbf9b585233e1eb7d9fbe Mon Sep 17 00:00:00 2001
From: tiaraquan
Date: Wed, 11 Oct 2023 11:55:26 -0700
Subject: [PATCH 32/35] Date
---
...autopatch-groups-windows-feature-update-summary-dashboard.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
index 7ff0cc7a61..e8390b1c35 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
@@ -1,7 +1,7 @@
---
title: Windows feature update summary dashboard
description: Provides a broader view of the current Windows OS upgrade status for all devices registered with Windows Autopatch.
-ms.date: 07/25/2023
+ms.date: 10/11/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: how-to
From 8bbfe640ac2c19037af50ba996a3a0b72cd58e1b Mon Sep 17 00:00:00 2001
From: tiaraquan
Date: Wed, 11 Oct 2023 12:22:08 -0700
Subject: [PATCH 33/35] Tweak
---
...autopatch-groups-windows-feature-update-summary-dashboard.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
index e8390b1c35..6f8527fdc9 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
@@ -48,5 +48,5 @@ The following options are available:
| Option | Description |
| ----- | ----- |
-| Refresh | The option to **Refresh** the Summary dashboard is available at the top of the page. This process will ensure that the Summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |
+| Refresh | The option to **Refresh** the Summary dashboard is available at the top of the page. This process ensures that the Summary dashboard view is updated to the latest available dataset from within the last 24-hour period. |
| Summary links | Each column represents the summary of included devices. Select the hyperlinked number to produce a filtered report in a new browser tab. |
From e2bb8c3019a599886311172d36d66e4f51afc444 Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Wed, 11 Oct 2023 18:03:58 -0400
Subject: [PATCH 34/35] Minor edits
Making agreed on changes with submitter
---
.../volume-activation/install-vamt.md | 42 ++++++++++---------
1 file changed, 22 insertions(+), 20 deletions(-)
diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md
index bc53386011..25337951c9 100644
--- a/windows/deployment/volume-activation/install-vamt.md
+++ b/windows/deployment/volume-activation/install-vamt.md
@@ -7,7 +7,7 @@ ms.author: frankroj
ms.prod: windows-client
author: frankroj
ms.localizationpriority: medium
-ms.date: 11/07/2022
+ms.date: 10/11/2023
ms.topic: article
ms.technology: itpro-fundamentals
---
@@ -21,32 +21,34 @@ This article describes how to install the Volume Activation Management Tool (VAM
You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows.
>[!IMPORTANT]
->VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products' license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For best results when using Active Directory-based activation, we recommend running VAMT while logged on as a domain administrator.
+>
+> VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products' license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you don't have administrator privileges, start VAMT with elevated privileges. For best results when using Active Directory-based activation, we recommend running VAMT while logged on as a domain administrator.
>[!NOTE]
->The VAMT Microsoft Management Console snap-in ships as an x86 package.
+>
+> The VAMT Microsoft Management Console snap-in ships as an x86 package.
### Requirements
-- [Windows Server with Desktop Experience](/windows-server/get-started/getting-started-with-server-with-desktop-experience), with internet access (for the main VAMT console) and all updates applied
+- [Windows Server with Desktop Experience](/windows-server/get-started/getting-started-with-server-with-desktop-experience), with internet access (for the main VAMT console) and all updates applied.
-- Latest version of the [Windows ADK](/windows-hardware/get-started/adk-install)
+- Latest version of the [Windows ADK](/windows-hardware/get-started/adk-install).
-- Any supported [SQL Server Express](https://www.microsoft.com/sql-server/sql-server-downloads) version, the latest is recommended
+- Any supported [SQL Server Express](https://www.microsoft.com/sql-server/sql-server-downloads) version. The latest is recommended.
-- Alternatively, any supported **full** SQL instance
+- Alternatively, any supported **full** SQL instance.
### Install SQL Server Express / alternatively use any full SQL instance
-1. Download and open the [SQL Server Express](https://www.microsoft.com/sql-server/sql-server-downloads) package.
+1. Download and open the [SQL Server Express](https://aka.ms/sqlexpress) package.
-2. Select **Basic**.
+1. Select **Basic**.
-3. Accept the license terms.
+1. Accept the license terms.
-4. Enter an install location or use the default path, and then select **Install**.
+1. Enter an install location or use the default path, and then select **Install**.
-5. On the completion page, note the instance name for your installation, select **Close**, and then select **Yes**.
+1. On the completion page, note the instance name for your installation, select **Close**, and then select **Yes**.
@@ -56,21 +58,21 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
If an older version is already installed, it's recommended to uninstall the older ADK and install the latest version. Existing VAMT data is maintained in the VAMT database.
-2. Enter an install location or use the default path, and then select **Next**.
+1. Enter an install location or use the default path, and then select **Next**.
-3. Select a privacy setting, and then select **Next**.
+1. Select a privacy setting, and then select **Next**.
-4. Accept the license terms.
+1. Accept the license terms.
-5. On the **Select the features you want to install** page, select **Volume Activation Management Tool (VAMT)**, and then select **Install**. If desired, you can select additional features to install as well.
+1. On the **Select the features you want to install** page, select **Volume Activation Management Tool (VAMT)**, and then select **Install**. If desired, you can select additional features to install as well.
-6. On the completion page, select **Close**.
+1. On the completion page, select **Close**.
### Configure VAMT to connect to SQL Server Express or full SQL Server
-1. Open **Volume Active Management Tool** from the Start menu.
+1. In the Start Menu under, **Windows Kits**, **Volume Active Management Tool 3.1**.
-2. Enter the server instance name (for a remote SQL use the FQDN) and a name for the database, select **Connect**, and then select **Yes** to create the database. See the following image for an example for SQL.
+1. Enter the server instance name (for a remote SQL use the FQDN) and a name for the database, select **Connect**, and then select **Yes** to create the database. See the following image for an example for SQL.
@@ -82,4 +84,4 @@ To uninstall VAMT using the **Programs and Features** Control Panel:
1. Open **Control Panel** and select **Programs and Features**.
-2. Select **Assessment and Deployment Kit** from the list of installed programs and select **Change**. Follow the instructions in the Windows ADK installer to remove VAMT.
+1. Select **Assessment and Deployment Kit** from the list of installed programs and select **Change**. Follow the instructions in the Windows ADK installer to remove VAMT.
From dc36f65254603fd2df5ad975528f96cec206f5d1 Mon Sep 17 00:00:00 2001
From: Aditi Srivastava <133841950+aditisrivastava07@users.noreply.github.com>
Date: Thu, 12 Oct 2023 14:05:47 +0530
Subject: [PATCH 35/35] Corrected alt text of images.
---
windows/deployment/volume-activation/install-vamt.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md
index 25337951c9..ec3ea1a746 100644
--- a/windows/deployment/volume-activation/install-vamt.md
+++ b/windows/deployment/volume-activation/install-vamt.md
@@ -50,7 +50,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
1. On the completion page, note the instance name for your installation, select **Close**, and then select **Yes**.
- 
+ 
### Install VAMT using the ADK
@@ -74,7 +74,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
1. Enter the server instance name (for a remote SQL use the FQDN) and a name for the database, select **Connect**, and then select **Yes** to create the database. See the following image for an example for SQL.
- 
+ 
For remote SQL Server, use `servername.yourdomain.com`.