From bf170b697e2f1fc1c313522b2312cdc879308448 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 18:07:17 +0800 Subject: [PATCH 01/34] Fixed markdown issue in line 74 Resolves #4239 --- .../windows-firewall/basic-firewall-policy-design.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md index 7382a66a00..04739b0f9c 100644 --- a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md @@ -71,4 +71,4 @@ For more information about this design: - For a list of detailed tasks that you can use to deploy your basic firewall policy design, see [Checklist: Implementing a Basic Firewall Policy Design](checklist-implementing-a-basic-firewall-policy-design.md). -**Next: **[Domain Isolation Policy Design](domain-isolation-policy-design.md) +**Next:** [Domain Isolation Policy Design](domain-isolation-policy-design.md) From c675c7ea0ef6a0f1ea9dac500d8e53318b341dd7 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 18:40:29 +0800 Subject: [PATCH 02/34] markdown issue in line 41 --- ...goals-to-a-windows-firewall-with-advanced-security-design.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md index 8c6362f758..9c73c224b9 100644 --- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md +++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md @@ -38,4 +38,4 @@ Use the following table to determine which Windows Firewall with Advanced Securi To examine details for a specific design, click the design title at the top of the column in the preceding table. -**Next: **[Basic Firewall Policy Design](basic-firewall-policy-design.md) +**Next:** [Basic Firewall Policy Design](basic-firewall-policy-design.md) From 327c4b6913718dfd7753c742263fcc4d920e7b03 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 18:47:09 +0800 Subject: [PATCH 03/34] Markdown issue in line 62 --- .../windows-firewall/server-isolation-policy-design.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md index 8a3e3033be..1eeea3dc76 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md @@ -59,4 +59,4 @@ For more info about this design: - For a list of tasks that you can use to deploy your server isolation policy design, see [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md). -**Next: **[Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md) +**Next:** [Certificate-based Isolation Policy Design](certificate-based-isolation-policy-design.md) From b9a828e53df94e8ae4d1d8a5c235588880d0aacc Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 18:57:57 +0800 Subject: [PATCH 04/34] Fixed markdown issue in line 60 --- .../certificate-based-isolation-policy-design-example.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md index accc64084b..efa67c42bc 100644 --- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md @@ -57,4 +57,4 @@ By using the Active Directory Users and Computers snap-in, Woodgrove Bank create Woodgrove Bank then created a GPO that contains the certificate, and then attached security group filters to the GPO that allow read and apply permissions to only members of the NAG\_COMPUTER\_WGBUNIX group. The GPO places the certificate in the **Local Computer / Personal / Certificates** certificate store. The certificate used must chain back to a certificate that is in the **Trusted Root Certification Authorities** store on the local device. -**Next: **[Designing a Windows Defender Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md) +**Next:** [Designing a Windows Defender Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md) From 63c8d971e070e385b480b6ba5b592966f8d39f23 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 19:02:57 +0800 Subject: [PATCH 05/34] Fixes markdown issue in line 48 --- .../certificate-based-isolation-policy-design.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md index 3bd6236176..1be717ce49 100644 --- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md +++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md @@ -45,4 +45,4 @@ For more info about this design: - For a list of tasks that you can use to deploy your certificate-based policy design, see [Checklist: Implementing a Certificate-based Isolation Policy Design](checklist-implementing-a-certificate-based-isolation-policy-design.md). -**Next: **[Evaluating Windows Defender Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md) +**Next:** [Evaluating Windows Defender Firewall with Advanced Security Design Examples](evaluating-windows-firewall-with-advanced-security-design-examples.md) From e774b9c4961820aae8f9169194075a39d5c80d0b Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 19:38:30 +0800 Subject: [PATCH 06/34] Fixes markdown issue in line 113 --- .../windows-firewall/firewall-policy-design-example.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md index fef8bc41e2..5127569bc4 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md @@ -110,5 +110,5 @@ The following groups were created by using the Active Directory Users and Comput In your own design, create a group for each computer role in your organization that requires different or additional firewall rules. For example, file servers and print servers require additional rules to allow the incoming network traffic for those functions. If a function is ordinarily performed on most devices on the network, you might consider adding devices performing those roles to the common default firewall GPO set, unless there is a security reason not to include it there. -**Next: **[Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md) +**Next:** [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md) From df076231f926af2e8f779ad17e300d2a9785f53c Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 19:40:10 +0800 Subject: [PATCH 07/34] Fixes markdown issue in line 66 --- .../windows-firewall/domain-isolation-policy-design-example.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md index 8179db1063..d0e345f2c5 100644 --- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md @@ -63,4 +63,4 @@ The following groups were created by using the Active Directory Users and Comput >**Note:**  If you are designing GPOs for only Windows 8, Windows 7, Windows Vista, Windows Server 2012, Windows Server 2008, and Windows Server 2008 R2, you can design your GPOs in nested groups. For example, you can make the boundary group a member of the isolated domain group, so that it receives the firewall and basic isolated domain settings through that nested membership, with only the changes supplied by the boundary zone GPO. However, devices that are running older versions of Windows can only support a single IPsec policy being active at a time. The policies for each GPO must be complete (and to a great extent redundant with each other), because you cannot layer them as you can in the newer versions of Windows. For simplicity, this guide describes the techniques used to create the independent, non-layered policies. We recommend that you create and periodically run a script that compares the memberships of the groups that must be mutually exclusive and reports any devices that are incorrectly assigned to more than one group. -**Next: **[Server Isolation Policy Design Example](server-isolation-policy-design-example.md) +**Next:** [Server Isolation Policy Design Example](server-isolation-policy-design-example.md) From aad18597d55be0d14b8144523ee8ed9b1591b7be Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 19:43:03 +0800 Subject: [PATCH 08/34] Fixes markdown issue in line 85 --- .../windows-firewall/server-isolation-policy-design-example.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md index f693d8a70b..b93e884682 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md @@ -82,4 +82,4 @@ If Woodgrove Bank wants to implement server isolation without domain isolation, You do not have to include the encryption-capable rules on all devices. Instead, you can create GPOs that are applied only to members of the NAG, in addition to the standard domain isolation GPO, that contain connection security rules to support encryption. -**Next: **[Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md) +**Next:** [Certificate-based Isolation Policy Design Example](certificate-based-isolation-policy-design-example.md) From d19a7b745dc6bcdd63b42366c53f8a148137520a Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:05:27 +0800 Subject: [PATCH 09/34] Fixes markdown issue in line 55 --- ...igning-a-windows-firewall-with-advanced-security-strategy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md index 048a242e05..83f35fe206 100644 --- a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md +++ b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md @@ -52,4 +52,4 @@ The information that you gather will help you answer the following questions. Th This guide describes how to plan your groups and GPOs for an environment with a mix of operating systems. Details can be found in the section [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) later in this guide. -**Next: **[Gathering the Information You Need](gathering-the-information-you-need.md) +**Next:** [Gathering the Information You Need](gathering-the-information-you-need.md) From 52c549c6f8deac438682c7bc3a95db522957fe04 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:07:05 +0800 Subject: [PATCH 10/34] Fixes markdown issue in line 121 --- ...ing-information-about-your-current-network-infrastructure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md index 34b00db3ac..992c8390e8 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md @@ -118,4 +118,4 @@ Some of the more common applications and protocols are as follows: - **Other traffic**. Windows Defender Firewall can help secure transmissions between devices by providing authentication of the packets in addition to encrypting the data that they contain. The important thing to do is to identify what must be protected, and the threats that must be mitigated. Examine and model other traffic or traffic types that must be secured. -**Next: **[Gathering Information about Your Active Directory Deployment](gathering-information-about-your-active-directory-deployment.md) +**Next:** [Gathering Information about Your Active Directory Deployment](gathering-information-about-your-active-directory-deployment.md) From a0a261d9964995f8ed42b7da30df2add9ad7323a Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:08:42 +0800 Subject: [PATCH 11/34] Fixes markdown issue in line 40 --- ...hering-information-about-your-active-directory-deployment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md index 5b0c733db4..cd4b6c6d78 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md @@ -37,4 +37,4 @@ Active Directory is another important item about which you must gather informati - **Existing IPsec policy**. Because this project culminates in the implementation of IPsec policy, you must understand how the network currently uses IPsec (if at all). Windows Defender Firewall connection security rules for versions of Windows prior to Windows Vista and Windows Server 2008 are not compatible with earlier versions of Windows. If you already have IPsec policies deployed to devices running Windows XP and Windows Server 2003 in your organization, you must ensure that the new IPsec policies you deploy enable devices using either the old or new IPsec policies to communicate with each other. -**Next: **[Gathering Information about Your Devices](gathering-information-about-your-devices.md) +**Next:** [Gathering Information about Your Devices](gathering-information-about-your-devices.md) From ec9cc66f8c8d8ad894dbf8b6b089583139411bbe Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:09:32 +0800 Subject: [PATCH 12/34] Fixes markdown issue in line 62 --- .../gathering-information-about-your-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md index 79f64faa4e..2feb5a2fd1 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md +++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md @@ -59,4 +59,4 @@ Whether you use an automatic, manual, or hybrid option to gather the information This inventory will be critical for planning and implementing your Windows Defender Firewall design. -**Next: **[Gathering Other Relevant Information](gathering-other-relevant-information.md) +**Next:** [Gathering Other Relevant Information](gathering-other-relevant-information.md) From 4b62a897a010ec7ea3ef2c0c03593670da888419 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:10:27 +0800 Subject: [PATCH 13/34] Fixes markdown issue in line 85 --- .../windows-firewall/gathering-other-relevant-information.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md index 7a20dd71a7..5d29784f77 100644 --- a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md +++ b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md @@ -82,4 +82,4 @@ Network Monitor includes parsers for the ISAKMP (IKE), AH, and ESP protocols. Ne Message Analyzer is available on the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=44226). -**Next: **[Determining the Trusted State of Your Devices](determining-the-trusted-state-of-your-devices.md) +**Next:** [Determining the Trusted State of Your Devices](determining-the-trusted-state-of-your-devices.md) From 2de42cb2c9d0bc20b172548a7b457dff55f682dd Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:11:57 +0800 Subject: [PATCH 14/34] Fixes markdown issue in line 147 --- .../determining-the-trusted-state-of-your-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md index e5abd70033..d7bed686fa 100644 --- a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md +++ b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md @@ -144,4 +144,4 @@ With the other information that you have gathered in this section, this informat The costs identified in this section only capture the projected cost of the device upgrades. Many additional design, support, test, and training costs should be accounted for in the overall project plan. -**Next: **[Planning Your Windows Defender Firewall with Advanced Security Design](planning-your-windows-firewall-with-advanced-security-design.md) +**Next:** [Planning Your Windows Defender Firewall with Advanced Security Design](planning-your-windows-firewall-with-advanced-security-design.md) From ad38f79d4bd63317e668899813740ece118abe5d Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:13:47 +0800 Subject: [PATCH 15/34] Fixes markdown issue in line 98 --- ...nning-your-windows-firewall-with-advanced-security-design.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md index b00682c8e7..6992965186 100644 --- a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md +++ b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md @@ -95,4 +95,4 @@ After you have selected a design and assigned your devices to zones, you can beg When you are ready to examine the options for the groups, filters, and GPOs, see the [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) section. -**Next: **[Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md) +**Next:** [Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md) From d53eda73d581e358e304892dd6a2ecb866fee040 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:15:49 +0800 Subject: [PATCH 16/34] Fixes markdown issue in line 58 --- .../planning-settings-for-a-basic-firewall-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md index f75466f965..8138bd8ee1 100644 --- a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md +++ b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md @@ -55,4 +55,4 @@ The following is a list of the firewall settings that you might consider for inc - **Outbound rules**. Only create outbound rules to block network traffic that must be prevented in all cases. If your organization prohibits the use of certain network programs, you can support that policy by blocking the known network traffic used by the program. Be sure to test the restrictions before you deploy them to avoid interfering with traffic for needed and authorized programs. -**Next: **[Planning Domain Isolation Zones](planning-domain-isolation-zones.md) +**Next:** [Planning Domain Isolation Zones](planning-domain-isolation-zones.md) From c85d7be4a69fb1a3c9b440da303c3a5e0b2b9ce0 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:19:10 +0800 Subject: [PATCH 17/34] Fixes markdown issue in line 60 --- .../threat-protection/windows-firewall/exemption-list.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/exemption-list.md b/windows/security/threat-protection/windows-firewall/exemption-list.md index 93dbefc241..5911a0bedc 100644 --- a/windows/security/threat-protection/windows-firewall/exemption-list.md +++ b/windows/security/threat-protection/windows-firewall/exemption-list.md @@ -57,4 +57,4 @@ To keep the number of exemptions as small as possible, you have several options: As with defining the boundary zone, create a formal process to approve hosts being added to the exemption list. For a model of processing requests for exemptions, see the decision flowchart in the [Boundary Zone](boundary-zone.md) section. -**Next: **[Isolated Domain](isolated-domain.md) +**Next:** [Isolated Domain](isolated-domain.md) From 2857eb30979f84f291e2366537a05a661859d578 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:20:06 +0800 Subject: [PATCH 18/34] Fixes markdown issue in line 67 --- .../threat-protection/windows-firewall/isolated-domain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/threat-protection/windows-firewall/isolated-domain.md index 7c2bb196ff..bb06dc1bff 100644 --- a/windows/security/threat-protection/windows-firewall/isolated-domain.md +++ b/windows/security/threat-protection/windows-firewall/isolated-domain.md @@ -64,4 +64,4 @@ GPOs for devices running at least Windows Vista and Windows Server 2008 should >**Note:**  For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md). -**Next: **[Boundary Zone](boundary-zone.md) +**Next:** [Boundary Zone](boundary-zone.md) From 094733f8d0b6bfba84bfd004c0658c0940061115 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:21:45 +0800 Subject: [PATCH 19/34] Fixes markdown issue in line 70 --- .../threat-protection/windows-firewall/encryption-zone.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone.md b/windows/security/threat-protection/windows-firewall/encryption-zone.md index 2330b6ee32..ced058672b 100644 --- a/windows/security/threat-protection/windows-firewall/encryption-zone.md +++ b/windows/security/threat-protection/windows-firewall/encryption-zone.md @@ -67,4 +67,4 @@ The GPO for devices that are running at least Windows Server 2008 should includ - If domain member devices must communicate with devices in the encryption zone, ensure that you include in the isolated domain GPOs quick mode combinations that are compatible with the requirements of the encryption zone GPOs. -**Next: **[Planning Server Isolation Zones](planning-server-isolation-zones.md) +**Next:** [Planning Server Isolation Zones](planning-server-isolation-zones.md) From 7290ddbfdb7435770613c0c1ed7ea5abddf88755 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:22:55 +0800 Subject: [PATCH 20/34] Fixes markdown issue in line 82 --- .../windows-firewall/planning-server-isolation-zones.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md index f1977f0234..f42eca057b 100644 --- a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md @@ -79,4 +79,4 @@ GPOs for devices running at least Windows Server 2008 should include the follow >**Note:**  For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md). -**Next: **[Planning Certificate-based Authentication](planning-certificate-based-authentication.md) +**Next:** [Planning Certificate-based Authentication](planning-certificate-based-authentication.md) From 9e9880f610d3a9d2b5f88dfe81a59e491a0f15f0 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:23:57 +0800 Subject: [PATCH 21/34] Fixes markdown issue in line 62 --- .../planning-certificate-based-authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md index 71ef3b2620..100858ecbe 100644 --- a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md +++ b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md @@ -59,4 +59,4 @@ When the clients and servers have the certificates available, you can configure Starting in Windows Server 2012,you can configure certificate selection criteria so the desired certificate is selected and/or validated. Enhanced Key Usage (EKU) criteria can be configured, as well as name restrictions and certificate thumbprints. This is configured using the **Advanced** button when choosing certificates for the authentication method in the user interface, or through Windows PowerShell. -**Next: **[Documenting the Zones](documenting-the-zones.md) +**Next:** [Documenting the Zones](documenting-the-zones.md) From 12f7c19f11a0c8eb666f9876a9c6cc78e4e9fd9d Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:24:50 +0800 Subject: [PATCH 22/34] Fixes markdown issue in line 35 --- .../threat-protection/windows-firewall/documenting-the-zones.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md index 45577c869a..0fa1893aa6 100644 --- a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md +++ b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md @@ -32,4 +32,4 @@ Generally, the task of determining zone membership is not complex, but it can be | SENSITIVE001 | Yes| Yes| Not required.| Running Windows Server 2012. Ready for inclusion.| $0| Isolated server (in zone by itself)| | PRINTSVR1 | Yes| Yes| Not required.| Running Windows Server 2008 R2. Ready for inclusion.| $0| Boundary| -**Next: **[Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) +**Next:** [Planning Group Policy Deployment for Your Isolation Zones](planning-group-policy-deployment-for-your-isolation-zones.md) From e993cfda52ad5447a9f9f1978bde8e8fcfc71b89 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:26:22 +0800 Subject: [PATCH 23/34] Fixes markdown issue in line 46 --- .../windows-firewall/planning-isolation-groups-for-the-zones.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md index 0536c63506..0798ba72d5 100644 --- a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md +++ b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md @@ -43,5 +43,5 @@ Multiple GPOs might be delivered to each group. Which one actually becomes appli If multiple GPOs are assigned to a group, and similar rules are applied, the rule that most specifically matches the network traffic is the one that is used by the device. For example, if one IPsec rule says to request authentication for all IP traffic, and a second rule from a different GPO says to require authentication for IP traffic to and from a specific IP address, then the second rule takes precedence because it is more specific. -**Next: **[Planning Network Access Groups](planning-network-access-groups.md) +**Next:** [Planning Network Access Groups](planning-network-access-groups.md) From a4bf5f48b7d5f236d22e6368bb4511ac334d2659 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:27:38 +0800 Subject: [PATCH 24/34] Fixes markdown issue in line 41 --- .../windows-firewall/planning-network-access-groups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md index fb13446ed6..3043878e04 100644 --- a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md +++ b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md @@ -38,4 +38,4 @@ For the Woodgrove Bank scenario, access to the devices running SQL Server that s >**Note:**  Membership in a NAG does not control the level of IPsec traffic protection. The IKE negotiation is only aware of whether the device or user passed or failed the Kerberos V5 authentication process. The connection security rules in the applied GPO control the security methods that are used for protecting traffic and are independent of the identity being authenticated by Kerberos V5. -**Next: **[Planning the GPOs](planning-the-gpos.md) +**Next:** [Planning the GPOs](planning-the-gpos.md) From bb68d2e765a7565fbeea08b2e3b861200e0458f4 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:28:50 +0800 Subject: [PATCH 25/34] Fixes markdown issue in line 73 --- .../threat-protection/windows-firewall/gpo-domiso-firewall.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md index 81e55a89ac..e44b50dd82 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md @@ -70,4 +70,4 @@ This GPO provides the following rules: - A firewall exception rule to allow required network traffic for the WGBank dashboard program. This inbound rule allows network traffic for the program Dashboard.exe in the %ProgramFiles%\\WGBank folder. The rule is also filtered to only allow traffic on port 1551. This rule is applied only to the domain profile. -**Next: **[Isolated Domain GPOs](isolated-domain-gpos.md) +**Next:** [Isolated Domain GPOs](isolated-domain-gpos.md) From 57db078dd7733cad79176b91627028b6646cb8f6 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:30:22 +0800 Subject: [PATCH 26/34] Fixes markdown issue in line 91 --- .../windows-firewall/gpo-domiso-isolateddomain-clients.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md index 4701b4565d..eda2c2ccc5 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md @@ -88,4 +88,4 @@ This GPO provides the following rules: - Authentication mode is set to **Do not authenticate**. -**Next: **[GPO\_DOMISO\_IsolatedDomain\_Servers](gpo-domiso-isolateddomain-servers.md) +**Next:** [GPO\_DOMISO\_IsolatedDomain\_Servers](gpo-domiso-isolateddomain-servers.md) From bd01e9073b7a3936a06c10ea4b8c7835128efdef Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:33:02 +0800 Subject: [PATCH 27/34] Fixes markdown issue in line 34 --- .../windows-firewall/gpo-domiso-isolateddomain-servers.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md index 6e5fc43ced..bfe618f15f 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md @@ -31,5 +31,5 @@ Because so many of the settings and rules for this GPO are common to those in th >**Important:**  Windows Vista and Windows Server 2008 support only one network location profile at a time. The profile for the least secure network type is applied to the device. If you attach a network adapter to a device that is not physically connected to a network, the public network location type is associated with the network adapter and applied to the device. -**Next: **[Boundary Zone GPOs](boundary-zone-gpos.md) +**Next:** [Boundary Zone GPOs](boundary-zone-gpos.md) From a22983c4405e85dd307152de1218532596aec4e8 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:34:53 +0800 Subject: [PATCH 28/34] Fixes markdown issue in line 51 --- .../threat-protection/windows-firewall/gpo-domiso-boundary.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md index 65e05e7876..006015b36a 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md @@ -48,4 +48,4 @@ Copy the firewall rules for the boundary zone from the GPO that contains the fir Make sure that the GPO that contains firewall rules for the isolated domain does not also apply to the boundary zone to prevent overlapping, and possibly conflicting rules. -**Next: **[Encryption Zone GPOs](encryption-zone-gpos.md) +**Next:** [Encryption Zone GPOs](encryption-zone-gpos.md) From 4e62c3ecf447f14da7d7fda8fbe89f0491fd8153 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:35:54 +0800 Subject: [PATCH 29/34] Fixes markdown issue in line 53 --- .../threat-protection/windows-firewall/gpo-domiso-encryption.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md index 0820c4aacb..e16a7ecc32 100644 --- a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md +++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md @@ -50,7 +50,7 @@ Change the action for every inbound firewall rule from **Allow the connection** Make sure that the GPO that contains firewall rules for the isolated domain does not also apply to the boundary zone to prevent overlapping, and possibly conflicting rules. -**Next: **[Server Isolation GPOs](server-isolation-gpos.md) +**Next:** [Server Isolation GPOs](server-isolation-gpos.md)   From 14069de45075650b8d478a9b348d8895e0f43463 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:37:02 +0800 Subject: [PATCH 30/34] Fixes markdown issue in line 39 --- .../threat-protection/windows-firewall/server-isolation-gpos.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md index a22b209144..dbffb1b8f1 100644 --- a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md +++ b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md @@ -36,4 +36,4 @@ This GPO is identical to the GPO\_DOMISO\_Encryption GPO with the following chan >**Important:**  Earlier versions of Windows support only device-based authentication. If you specify that user authentication is mandatory, only users on devices that are running at least Windows Vista or Windows Server 2008 can connect. -**Next: **[Planning GPO Deployment](planning-gpo-deployment.md) +**Next:** [Planning GPO Deployment](planning-gpo-deployment.md) From 8e4a039c8ad003e0b57ad4ab2fd931f3b3140fcf Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:43:22 +0800 Subject: [PATCH 31/34] Fixes markdown issue in line 50 --- .../protect-devices-from-unwanted-network-traffic.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md index 46d4138780..a3ca3c4b6e 100644 --- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md +++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md @@ -47,4 +47,4 @@ The following component is recommended for this deployment goal: Other means of deploying a firewall policy are available, such as creating scripts that use the netsh command-line tool, and then running those scripts on each computer in the organization. This guide uses Active Directory as a recommended means of deployment because of its ability to scale to very large organizations. -**Next: **[Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md) +**Next:** [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md) From 0ea6f655f2a967c29a9dfc7f2466d39a68ed10fd Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:44:44 +0800 Subject: [PATCH 32/34] Fixes markdown issue in line 62 --- .../windows-firewall/restrict-access-to-only-trusted-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md index 015a1f0957..cbdd8e51d9 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md +++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md @@ -59,4 +59,4 @@ The following components are required for this deployment goal: - **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant devices in the domain. -**Next: **[Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md) +**Next:** [Require Encryption When Accessing Sensitive Network Resources](require-encryption-when-accessing-sensitive-network-resources.md) From 6f65dfca7809b4dbdd971a7db1f77b2fae485da7 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:45:43 +0800 Subject: [PATCH 33/34] Fixes markdown issue in line 48 --- ...ire-encryption-when-accessing-sensitive-network-resources.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md index d82a578afb..4f5c2b1cb0 100644 --- a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md +++ b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md @@ -45,4 +45,4 @@ The following components are required for this deployment goal: - **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant devices in the domain. -**Next: **[Restrict Access to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md) +**Next:** [Restrict Access to Only Specified Users or Devices](restrict-access-to-only-specified-users-or-devices.md) From eafa2f8f23e54c0aa4da2ca687c3115dea3bf4a6 Mon Sep 17 00:00:00 2001 From: Joyce Y <47188252+mypil@users.noreply.github.com> Date: Tue, 25 Jun 2019 20:46:50 +0800 Subject: [PATCH 34/34] Fixes markdown issue in line 52 --- .../restrict-access-to-only-specified-users-or-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md index 66ddfe63d9..b34c8d48ea 100644 --- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md +++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md @@ -49,4 +49,4 @@ The following components are required for this deployment goal: - **Active Directory**: Active Directory supports centralized management of connection security rules by configuring the rules in one or more GPOs that can be automatically applied to all relevant devices in the domain. -**Next: **[Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md) +**Next:** [Mapping Your Deployment Goals to a Windows Defender Firewall with Advanced Security Design](mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)