deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 4680: 11/27 PM Publish

Browse Source
This commit is contained in:
Alma Jenks 2017-11-27 23:39:22 +00:00
commit 23f6edfa16
3 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
ms.localizationpriority: high ms.localizationpriority: high
author: brianlic-msft author: brianlic-msft
ms.author: brianlic-msft ms.author: brianlic-msft
ms.date: 07/28/2017 ms.date: 11/21/2017
--- ---
# Manage connections from Windows operating system components to Microsoft services # Manage connections from Windows operating system components to Microsoft services
@ -39,6 +39,7 @@ Here's a list of changes that were made to this article for Windows 10, version
- Added the Phone calls section. - Added the Phone calls section.
- Added the Storage Health section. - Added the Storage Health section.
- Added discussion of apps for websites in the Microsoft Store section.
## What's new in Windows 10, version 1703 ## What's new in Windows 10, version 1703
@ -1810,6 +1811,10 @@ You can turn off the ability to launch apps from the Microsoft Store that were p
- Create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore!AutoDownload**, with a value of 2 (two). - Create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore!AutoDownload**, with a value of 2 (two).
### <a href="" id="bkmk-apps-for-websites"></a>26.1 Apps for websites
You can turn off apps for websites, preventing customers who visit websites that are registered with their associated app from directly launching the app.
Disable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Group Policy** > **Configure web-to-app linking with URI handlers** Disable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Group Policy** > **Configure web-to-app linking with URI handlers**
### <a href="" id="bkmk-updates"></a>27. Windows Update Delivery Optimization ### <a href="" id="bkmk-updates"></a>27. Windows Update Delivery Optimization

5
windows/device-security/change-history-for-device-security.md
View File

@ -11,6 +11,11 @@ author: brianlic-msft
# Change history for device security # Change history for device security
This topic lists new and updated topics in the [Device security](index.md) documentation. This topic lists new and updated topics in the [Device security](index.md) documentation.
## November 2017
|New or changed topic |Description |
|---------------------|------------|
| [How to enable virtualization-based protection of code integrity](enable-virtualization-based-protection-of-code-integrity.md)| New. Explains how to enable HVCI. |
## October 2017 ## October 2017
|New or changed topic |Description | |New or changed topic |Description |
|---------------------|------------| |---------------------|------------|

7
windows/device-security/enable-virtualization-based-protection-of-code-integrity.md
View File

@ -16,11 +16,12 @@ ms.date: 11/07/2017
- Windows 10 - Windows 10
- Windows Server 2016 - Windows Server 2016
Virtualization-based protection of code integrity (herein referred to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode memory against the injection and execution of malicious or unverified code. Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor. Virtualization-based protection of code integrity (herein refered to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code.
Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor.
Some applications, including device drivers, may be incompatible with HVCI. Some applications, including device drivers, may be incompatible with HVCI.
This can cause devices or software to malfunction and in rare cases may result in a Blue Screen. Such issues may occur after HVCI has been turned on or during the enablement process itself. This can cause devices or software to malfunction and in rare cases may result in a Blue Screen. Such issues may occur after HVCI has been turned on or during the enablement process itself.
If this happens, see the [Troubleshooting section](#troubleshooting) for remediation steps. If this happens, see [Troubleshooting](#troubleshooting) for remediation steps.
## How to Turn on virtualization-based protection of code integrity on the Windows 10 Fall Creators Update (version 1709) ## How to Turn on virtualization-based protection of code integrity on the Windows 10 Fall Creators Update (version 1709)
@ -32,7 +33,7 @@ If your device already has a WDAC policy (SIPolicy.p7b), please contact your IT
> [!NOTE] > [!NOTE]
> You must be an administrator to perform this procedure. > You must be an administrator to perform this procedure.
1. Download the Enable HVCI cabinet file. 1. Download the [Enable HVCI cabinet file](http://download.microsoft.com/download/7/A/F/7AFBCDD1-578B-49B0-9B27-988EAEA89A8B/EnableHVCI.cab).
2. Open the cabinet file. 2. Open the cabinet file.
3. Right-click the SIPolicy.p7b file and extract it. Then move it to the following location: 3. Right-click the SIPolicy.p7b file and extract it. Then move it to the following location: