Merged PR 4680: 11/27 PM Publish

2025-05-14 14:27:22 +00:00 · 2017-11-27 23:39:22 +00:00 · 2017-11-27 23:39:22 +00:00 · 23f6edfa16
commit 23f6edfa16
parent 8c302f8b2b a06707fc57
3 changed files with 16 additions and 5 deletions
--- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@ -9,7 +9,7 @@ ms.sitesec: library
 ms.localizationpriority: high
 author: brianlic-msft
 ms.author: brianlic-msft
-ms.date: 07/28/2017
+ms.date: 11/21/2017
 ---

 # Manage connections from Windows operating system components to Microsoft services
@ -33,12 +33,13 @@ We are always striving to improve our documentation and welcome your feedback. Y

 Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub://?referrer=techDocsUcPage&tabid=2&contextid=897&newFeedback=true&topic=manage-connections-from-windows-operating-system-components-to-microsoft-services.md). 

-## What's new in Windows 10, version 1709 
+## What's new in Windows 10, version 1709

 Here's a list of changes that were made to this article for Windows 10, version 1709:

 - Added the Phone calls section.
 - Added the Storage Health section.
+- Added discussion of apps for websites in the Microsoft Store section.

 ## What's new in Windows 10, version 1703

@ -1810,6 +1811,10 @@ You can turn off the ability to launch apps from the Microsoft Store that were p

    -   Create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore!AutoDownload**, with a value of 2 (two).

+### <a href="" id="bkmk-apps-for-websites"></a>26.1 Apps for websites
+
+You can turn off apps for websites, preventing customers who visit websites that are registered with their associated app from directly launching the app.
+
 Disable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Group Policy** > **Configure web-to-app linking with URI handlers**

 ### <a href="" id="bkmk-updates"></a>27. Windows Update Delivery Optimization
--- a/windows/device-security/change-history-for-device-security.md
+++ b/windows/device-security/change-history-for-device-security.md
@ -11,6 +11,11 @@ author: brianlic-msft
 # Change history for device security
 This topic lists new and updated topics in the [Device security](index.md) documentation.

+## November 2017
+|New or changed topic |Description |
+|---------------------|------------|
+| [How to enable virtualization-based protection of code integrity](enable-virtualization-based-protection-of-code-integrity.md)| New. Explains how to enable HVCI.  |
+
 ## October 2017
 |New or changed topic |Description |
 |---------------------|------------|
--- a/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md
@ -16,11 +16,12 @@ ms.date: 11/07/2017
 - Windows 10
 - Windows Server 2016 

-Virtualization-based protection of code integrity (herein referred to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode memory against the injection and execution of malicious or unverified code. Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor.  
+Virtualization-based protection of code integrity (herein refered to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. 
+Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor.  

 Some applications, including device drivers, may be incompatible with HVCI. 
 This can cause devices or software to malfunction and in rare cases may result in a Blue Screen. Such issues may occur after HVCI has been turned on or during the enablement process itself. 
-If this happens, see the [Troubleshooting section](#troubleshooting) for remediation steps. 
+If this happens, see [Troubleshooting](#troubleshooting) for remediation steps. 

 ## How to Turn on virtualization-based protection of code integrity on the Windows 10 Fall Creators Update (version 1709) 

@ -32,7 +33,7 @@ If your device already has a WDAC policy (SIPolicy.p7b), please contact your IT
 > [!NOTE]
 > You must be an administrator to perform this procedure. 

-1. Download the Enable HVCI cabinet file.
+1. Download the [Enable HVCI cabinet file](http://download.microsoft.com/download/7/A/F/7AFBCDD1-578B-49B0-9B27-988EAEA89A8B/EnableHVCI.cab).
 2. Open the cabinet file.
 3. Right-click the SIPolicy.p7b file and extract it. Then move it to the following location: