From b2a43a1b20ffa3582f3030f51c56093aa39f3042 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 23 Oct 2018 15:42:31 -0700 Subject: [PATCH 1/6] add firewall events --- ...chines-windows-defender-advanced-threat-protection.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index 74a365a6b4..0d6147cd7b 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -114,6 +114,15 @@ Use the search bar to look for specific timeline events. Harness the power of us Filtering by event type allows you to define precise queries so that you see events with a specific focus. For example, you can search for a file name, then filter the results to only see Process events matching the search criteria or to only view file events, or even better: to view only network events over a period of time to make sure no suspicious outbound communications go unnoticed. + +>[!NOTE] +> For firewall events to be displayed, you'll need to enable the audit policy, see [Audit Filtering Platform connection](https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-filtering-platform-connection). +>Firewall covers the following events: +>- [5157](https://docs.microsoft.com/windows/security/threat-protection/auditing/event-5157) - blocked connection +>- [5031](https://docs.microsoft.com/windows/security/threat-protection/auditing/event-5031) - application blocked from accepting incoming connections on the network +>- [5025](https://docs.microsoft.com/windows/security/threat-protection/auditing/event-5025) - firewall service stopped + + - **User account** – Click the drop-down button to filter the machine timeline by the following user associated events: - Logon users - System From 6ce0f557261e335993f5c621c7f2cbf1f17fa244 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 24 Oct 2018 10:56:27 -0700 Subject: [PATCH 2/6] update --- ...-machines-windows-defender-advanced-threat-protection.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md index 0d6147cd7b..cc74d3e88b 100644 --- a/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md @@ -118,9 +118,11 @@ Use the search bar to look for specific timeline events. Harness the power of us >[!NOTE] > For firewall events to be displayed, you'll need to enable the audit policy, see [Audit Filtering Platform connection](https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-filtering-platform-connection). >Firewall covers the following events: ->- [5157](https://docs.microsoft.com/windows/security/threat-protection/auditing/event-5157) - blocked connection ->- [5031](https://docs.microsoft.com/windows/security/threat-protection/auditing/event-5031) - application blocked from accepting incoming connections on the network >- [5025](https://docs.microsoft.com/windows/security/threat-protection/auditing/event-5025) - firewall service stopped +>- [5031](https://docs.microsoft.com/windows/security/threat-protection/auditing/event-5031) - application blocked from accepting incoming connections on the network +>- [5157](https://docs.microsoft.com/windows/security/threat-protection/auditing/event-5157) - blocked connection + + - **User account** – Click the drop-down button to filter the machine timeline by the following user associated events: From c5ab41e50703634eb2ea9f4e5b7f5e031335e7ad Mon Sep 17 00:00:00 2001 From: Liza Poggemeyer Date: Wed, 24 Oct 2018 18:52:55 +0000 Subject: [PATCH 3/6] Initialize open publishing repository: https://cpubwin.visualstudio.com/DefaultCollection/it-client/_git/it-client of branch master --- .openpublishing.publish.config.json | 16 ++++++++++ window/eulas/TOC.yml | 2 ++ window/eulas/breadcrumb/toc.yml | 3 ++ window/eulas/docfx.json | 47 +++++++++++++++++++++++++++++ window/eulas/index.md | 1 + 5 files changed, 69 insertions(+) create mode 100644 window/eulas/TOC.yml create mode 100644 window/eulas/breadcrumb/toc.yml create mode 100644 window/eulas/docfx.json create mode 100644 window/eulas/index.md diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index d9934af08a..636b21031e 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -34,6 +34,22 @@ "moniker_groups": [], "version": 0 }, + { + "docset_name": "eula", + "build_source_folder": "window/eulas", + "build_output_subfolder": "eula", + "locale": "en-us", + "monikers": [], + "moniker_ranges": [], + "open_to_public_contributors": false, + "type_mapping": { + "Conceptual": "Content", + "ManagedReference": "Content", + "RestApi": "Content" + }, + "build_entry_point": "docs", + "template_folder": "_themes" + }, { "docset_name": "gdpr", "build_source_folder": "gdpr", diff --git a/window/eulas/TOC.yml b/window/eulas/TOC.yml new file mode 100644 index 0000000000..b5ef71ac32 --- /dev/null +++ b/window/eulas/TOC.yml @@ -0,0 +1,2 @@ +- name: Index + href: index.md \ No newline at end of file diff --git a/window/eulas/breadcrumb/toc.yml b/window/eulas/breadcrumb/toc.yml new file mode 100644 index 0000000000..61d8fca61e --- /dev/null +++ b/window/eulas/breadcrumb/toc.yml @@ -0,0 +1,3 @@ +- name: Docs + tocHref: / + topicHref: / \ No newline at end of file diff --git a/window/eulas/docfx.json b/window/eulas/docfx.json new file mode 100644 index 0000000000..d3b2b21a41 --- /dev/null +++ b/window/eulas/docfx.json @@ -0,0 +1,47 @@ +{ + "build": { + "content": [ + { + "files": [ + "**/*.md", + "**/*.yml" + ], + "exclude": [ + "**/obj/**", + "**/includes/**", + "_themes/**", + "_themes.pdf/**", + "README.md", + "LICENSE", + "LICENSE-CODE", + "ThirdPartyNotices" + ] + } + ], + "resource": [ + { + "files": [ + "**/*.png", + "**/*.jpg" + ], + "exclude": [ + "**/obj/**", + "**/includes/**", + "_themes/**", + "_themes.pdf/**" + ] + } + ], + "overwrite": [], + "externalReference": [], + "globalMetadata": { + "breadcrumb_path": "/eula/breadcrumb/toc.json", + "extendBreadcrumb": true, + "feedback_system": "None" + }, + "fileMetadata": {}, + "template": [], + "dest": "eula", + "markdownEngineName": "markdig" + } +} \ No newline at end of file diff --git a/window/eulas/index.md b/window/eulas/index.md new file mode 100644 index 0000000000..2241b2d6b9 --- /dev/null +++ b/window/eulas/index.md @@ -0,0 +1 @@ +# Welcome to eula! \ No newline at end of file From 6937a274917484d5f161449710be2987f734b860 Mon Sep 17 00:00:00 2001 From: Liza Poggemeyer Date: Wed, 24 Oct 2018 11:55:06 -0700 Subject: [PATCH 4/6] removed docset --- .openpublishing.publish.config.json | 16 ---------- window/eulas/TOC.yml | 2 -- window/eulas/breadcrumb/toc.yml | 3 -- window/eulas/docfx.json | 47 ----------------------------- window/eulas/index.md | 1 - 5 files changed, 69 deletions(-) delete mode 100644 window/eulas/TOC.yml delete mode 100644 window/eulas/breadcrumb/toc.yml delete mode 100644 window/eulas/docfx.json delete mode 100644 window/eulas/index.md diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 636b21031e..d9934af08a 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -34,22 +34,6 @@ "moniker_groups": [], "version": 0 }, - { - "docset_name": "eula", - "build_source_folder": "window/eulas", - "build_output_subfolder": "eula", - "locale": "en-us", - "monikers": [], - "moniker_ranges": [], - "open_to_public_contributors": false, - "type_mapping": { - "Conceptual": "Content", - "ManagedReference": "Content", - "RestApi": "Content" - }, - "build_entry_point": "docs", - "template_folder": "_themes" - }, { "docset_name": "gdpr", "build_source_folder": "gdpr", diff --git a/window/eulas/TOC.yml b/window/eulas/TOC.yml deleted file mode 100644 index b5ef71ac32..0000000000 --- a/window/eulas/TOC.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: Index - href: index.md \ No newline at end of file diff --git a/window/eulas/breadcrumb/toc.yml b/window/eulas/breadcrumb/toc.yml deleted file mode 100644 index 61d8fca61e..0000000000 --- a/window/eulas/breadcrumb/toc.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: Docs - tocHref: / - topicHref: / \ No newline at end of file diff --git a/window/eulas/docfx.json b/window/eulas/docfx.json deleted file mode 100644 index d3b2b21a41..0000000000 --- a/window/eulas/docfx.json +++ /dev/null @@ -1,47 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/*.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "_themes/**", - "_themes.pdf/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "_themes/**", - "_themes.pdf/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "breadcrumb_path": "/eula/breadcrumb/toc.json", - "extendBreadcrumb": true, - "feedback_system": "None" - }, - "fileMetadata": {}, - "template": [], - "dest": "eula", - "markdownEngineName": "markdig" - } -} \ No newline at end of file diff --git a/window/eulas/index.md b/window/eulas/index.md deleted file mode 100644 index 2241b2d6b9..0000000000 --- a/window/eulas/index.md +++ /dev/null @@ -1 +0,0 @@ -# Welcome to eula! \ No newline at end of file From 5fb36a09a236d7fd1da5d0dde7a815452c6cb9e1 Mon Sep 17 00:00:00 2001 From: Laura Newsad Date: Wed, 24 Oct 2018 14:26:36 -0700 Subject: [PATCH 5/6] conflict updates --- education/windows/use-set-up-school-pcs-app.md | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md index 6137f65166..d9a63ba9d3 100644 --- a/education/windows/use-set-up-school-pcs-app.md +++ b/education/windows/use-set-up-school-pcs-app.md @@ -173,7 +173,6 @@ Setting selections vary based on the OS version you select. The example screensh The following table describes each setting and lists the applicable Windows 10 versions. To find out if a setting is available in your version of Windows 10, look for an *X* in the setting row and in the version column. -<<<<<<< HEAD |Setting |1703|1709|1803|1809|What happens if I select it? |Note| |---------|---------|---------|---------|---------|---------|---------| |Remove apps pre-installed by the device manufacturer |X|X|X|X| Uninstalls apps that came loaded on the computer by the device's manufacturer. |Adds about 30 minutes to the provisioning process.| @@ -182,15 +181,6 @@ The following table describes each setting and lists the applicable Windows 10 v |Let guests sign in to these PCs |X|X|X|X|Allows guests to use student PCs without a school account. |Common to use within a public, shared space, such as a library. Also used when a student loses their password. Adds a **Guest** account to the PC sign-in screen that anyone can sign in to.| |Enable Autopilot Reset |Not available|X|X|X|Lets you remotely reset a student’s PC from the lock screen, apply the device’s original settings, and enroll it in device management (Azure AD and MDM). |Requires Windows 10, version 1709 and WinRE must be enabled on the PC. Setup will fail if both requirements aren't met.| |Lock screen background|X|X|X|X|Change the default screen lock background to a custom image.|Click **Browse** to search for an image file on your computer. Accepted image formats are jpg, jpeg, and png.| -======= -|Setting |1703|1709|1803|What happens if I select it? |Note| -|---------|---------|---------|---------|---------|---------| -|Remove apps pre-installed by the device manufacturer |X|X|X| Uninstalls apps that came loaded on the computer by the device's manufacturer. |Adds about 30 minutes to the provisioning process.| -|Allow local storage (not recommended for shared devices) |X|X|X| Lets students save files to the Desktop and Documents folder on the Student PC. |Not recommended if the device will be part of a shared cart or lab.| -|Optimize device for a single student, instead of a shared cart or lab |X|X|X|Optimizes the device for use by a single student, rather than many students. |Recommended option only if the device is not shared with other students in the school. Single-optimized accounts are set to expire, and require a signin, 180 days after setup. This setting increases the maximum PC storage to 100% of the available disk space. In this case, student accounts aren't deleted unless the account has been inactive for 180 days. | -|Let guests sign in to these PCs |X|X|X|Allows guests to use student PCs without a school account. |Common to use within a public, shared space, such as a library. Also used when a student loses their password. Adds a **Guest** account to the PC sign-in screen that anyone can sign in to.| -|Enable Autopilot Reset |Not available|X|X| Lets you remotely reset a student’s PC from the lock screen, apply the device’s original settings, and enroll it in device management (Azure AD and MDM). |Requires Windows 10, version 1709 and WinRE must be enabled on the PC. Setup will fail if both requirements aren't met.| ->>>>>>> 5f81e85c4666f9d7f83ded9aed9b9968f3600127 After you've made your selections, click **Next**. @@ -211,7 +201,7 @@ Optionally, type in a 25-digit product key to: ![Example screenshot of the Set up School PC app, Product key screen, showing a value field, Next button, and Continue without change option.](images/1810_suspc_product_key.png) ### Take a Test -Set up the Take a Test app to give online quizzes and high-stakes assessments. During assessments,Windows locks down the student PC so that students can't access anything else on the device. +Set up the Take a Test app to give online quizzes and high-stakes assessments. During assessments, Windows locks down the student PC so that students can't access anything else on the device. 1. Select **Yes** to create a Take a Test button on the sign-in screens of your students' PCs. From a6bb4684bc3a59908e0cb03bfe29863086ff04fd Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 24 Oct 2018 21:55:19 +0000 Subject: [PATCH 6/6] Merged PR 12340: Fix typo in metadata Fix typo --- windows/deployment/windows-autopilot/existing-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md index 3f06543ea7..1457f0b172 100644 --- a/windows/deployment/windows-autopilot/existing-devices.md +++ b/windows/deployment/windows-autopilot/existing-devices.md @@ -1,5 +1,5 @@ --- -title: Windows Autopilot for existind devices +title: Windows Autopilot for existing devices description: Listing of Autopilot scenarios keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune ms.prod: w10