From 85bc62bfb8f31a7c94cf4c0078e93c73ee835e77 Mon Sep 17 00:00:00 2001 From: Patti Short <35278231+shortpatti@users.noreply.github.com> Date: Wed, 13 Jun 2018 14:43:43 -0700 Subject: [PATCH 01/27] Revert "Update set-the-default-browser-using-group-policy.md" --- .../set-the-default-browser-using-group-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md index 900f6cbb17..899c3da6e3 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md +++ b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md @@ -17,7 +17,7 @@ You can use the Group Policy setting, **Set a default associations configuration **To set the default browser as Internet Explorer 11** -1. Open your Group Policy editor and go to the **Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.

+1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.

Turning this setting on also requires you to create and store a default associations configuration file, locally or on a network share. For more information about creating this file, see [Export or Import Default Application Associations]( https://go.microsoft.com/fwlink/p/?LinkId=618268). ![set default associations group policy setting](images/setdefaultbrowsergp.png) From b2080997aef9245a2c4fc3d23e056bc056829f44 Mon Sep 17 00:00:00 2001 From: Mihai Peicu <41653989+MihaiSP@users.noreply.github.com> Date: Wed, 25 Jul 2018 14:55:30 -0700 Subject: [PATCH 02/27] Update firewall-csp.md --- windows/client-management/mdm/firewall-csp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 57a80b55f0..2a75d65c24 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -14,7 +14,7 @@ ms.date: 01/26/2018 The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, as well as the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network. This CSP was added Windows 10, version 1709. -Each of the Firewall rules in the FirewallRules section must be wrapped in an Atomic block in SyncML. +Firewall rules in the FirewallRules section must be wrapped in an Atomic block in SyncML, either individually or collectively. For detailed information on some of the fields below see [[MS-FASP]: Firewall and Advanced Security Protocol documentation](https://msdn.microsoft.com/en-us/library/mt620101.aspx). @@ -331,7 +331,7 @@ Sample syncxml to provision the firewall settings to evaluate

New rules have the EdgeTraversal property disabled by default.

Value type is bool. Supported operations are Add, Get, Replace, and Delete.

-**FirewallRules/_FirewallRuleName_/LocalUserAuthorizedList** +**FirewallRules/_FirewallRuleName_/LocalUserAuthorizationList**

Specifies the list of authorized local users for the app container. This is a string in Security Descriptor Definition Language (SDDL) format.

Value type is string. Supported operations are Add, Get, Replace, and Delete.

From 708c70a158fffe5ef06b91a6aaae0781639004a1 Mon Sep 17 00:00:00 2001 From: alvinmorales1 Date: Thu, 26 Jul 2018 10:41:44 -0700 Subject: [PATCH 03/27] Adding Preserving user Always On preference Adding a note under the AlwaysOn node to explain to users how the AlwaysOn preference is stored in the registry and take precedence over the AlwaysOn setting if enabled. --- windows/client-management/mdm/vpnv2-csp.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index e98cd44400..e7dc68df1b 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -255,7 +255,14 @@ An optional flag to enable Always On mode. This will automatically connect the V > **Note**  Always On only works for the active profile. The first profile provisioned that can be auto triggered will automatically be set as active. -  +Preserving user Always On preference + +Windows has a feature to preserve a user’s AlwaysOn preference. In the event that a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList. +Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows will not check the box if the profile name exists in the below registry value in order to preserve user preference. +Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config +Value: AutoTriggerDisabledProfilesList +Type: REG_MULTI_SZ + Valid values: From 6dd59afcf5fbd66f5fc2053e12064818a0a96bdb Mon Sep 17 00:00:00 2001 From: alvinmorales1 Date: Thu, 26 Jul 2018 10:45:34 -0700 Subject: [PATCH 04/27] Adding info Preserving user Always On preference Adding information under the Always On section to educate customers about how the Always On preference is stored in the registry and how it can override the setting. --- .../vpn/vpn-auto-trigger-profile.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md index 22c5b6361e..a57b762d3a 100644 --- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md +++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md @@ -58,6 +58,15 @@ When the trigger occurs, VPN tries to connect. If an error occurs or any user in When a device has multiple profiles with Always On triggers, the user can specify the active profile in **Settings** > **Network & Internet** > **VPN** > *VPN profile* by selecting the **Let apps automatically use this VPN connection** checkbox. By default, the first MDM-configured profile is marked as **Active**. +Preserving user Always On preference + +Windows has a feature to preserve a user’s AlwaysOn preference. In the event that a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList. +Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows will not check the box if the profile name exists in the below registry value in order to preserve user preference. +Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config +Value: AutoTriggerDisabledProfilesList +Type: REG_MULTI_SZ + + ## Trusted network detection This feature configures the VPN such that it would not get triggered if a user is on a trusted corporate network. The value of this setting is a list of DNS suffices. The VPN stack will look at the DNS suffix on the physical interface and if it matches any in the configured list and the network is private or provisioned by MDM, then VPN will not get triggered. @@ -86,4 +95,4 @@ After you add an associated app, if you select the **Only these apps can use thi - [VPN and conditional access](vpn-conditional-access.md) - [VPN name resolution](vpn-name-resolution.md) - [VPN security features](vpn-security-features.md) -- [VPN profile options](vpn-profile-options.md) \ No newline at end of file +- [VPN profile options](vpn-profile-options.md) From 2320f4674d2f7fb25e9a5449c229b9a5f2c1e21f Mon Sep 17 00:00:00 2001 From: Nash Pherson Date: Thu, 26 Jul 2018 13:45:43 -0400 Subject: [PATCH 05/27] Fixed typo --- windows/deployment/update/waas-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md index 0e3ae864cf..d0c4ddbf52 100644 --- a/windows/deployment/update/waas-overview.md +++ b/windows/deployment/update/waas-overview.md @@ -70,7 +70,7 @@ To align with this new update delivery model, Windows 10 has three servicing cha ### Naming changes As part of the alignment with Windows 10 and Office 365 ProPlus, we are adopting common terminology to make it as easy as possible to understand the servicing process. Going forward, these are the new terms we will be using: -* Semi-Annual Channel - We will be referreing to Current Branch (CB) as "Semi-Annual Channel (Targeted)", while Current Branch for Business (CBB) will simply be referred to as "Semi-Annual Channel". +* Semi-Annual Channel - We will be referring to Current Branch (CB) as "Semi-Annual Channel (Targeted)", while Current Branch for Business (CBB) will simply be referred to as "Semi-Annual Channel". * Long-Term Servicing Channel -  The Long-Term Servicing Branch (LTSB) will be referred to as Long-Term Servicing Channel (LTSC). >[!IMPORTANT] From 40178881834497bf2e96f2a60447fef5fc7046f8 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Thu, 26 Jul 2018 18:18:32 +0000 Subject: [PATCH 06/27] Merged PR 10109: Added SyncML examples to WindowsLicensing CSP --- ...ew-in-windows-mdm-enrollment-management.md | 10 +- .../mdm/windowslicensing-csp.md | 142 +++++++++++++++++- 2 files changed, 145 insertions(+), 7 deletions(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index e5266a6456..80cdf791b0 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -10,7 +10,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 07/23 /2018 +ms.date: 07/23/2018 --- # What's new in MDM enrollment and management @@ -1638,12 +1638,16 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware +[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) +

Added NonRemovable setting under AppManagement node.

+ + [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)

Added new configuration service provider.

[WindowsLicensing CSP](windowslicensing-csp.md) -

Added S mode settings.

+

Added S mode settings and SyncML examples.

[SUPL CSP](supl-csp.md) @@ -1687,7 +1691,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware

Recent changes:

    -
  • DataUsage/SetCost3G - deprecated in RS5.
    • +
  • DataUsage/SetCost3G - deprecated in Windows 10, next major version.
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md index 82c46fc738..1e61634c31 100644 --- a/windows/client-management/mdm/windowslicensing-csp.md +++ b/windows/client-management/mdm/windowslicensing-csp.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 07/16/2018 +ms.date: 07/25/2018 --- # WindowsLicensing CSP @@ -164,7 +164,7 @@ The supported operation is Get. Interior node for managing S mode. **SMode/SwitchingPolicy** -Added in Windows 10, next major version. Determines whether a consumer can switch the device out of S mode. This setting is only applicable to devices available in S mode. +Added in Windows 10, next major version. Determines whether a consumer can switch the device out of S mode. This setting is only applicable to devices available in S mode. For examples, see [Add S mode SwitchingPolicy](#smode-switchingpolicy-add), [Get S mode SwitchingPolicy](#smode-switchingpolicy-get), [Replace S mode SwitchingPolicy](#smode-switchingpolicy-replace) and [Delete S mode SwitchingPolicy](#smode-switchingpolicy-delete) Value type is integer. Supported operations are Add, Get, Replace, and Delete. @@ -173,12 +173,12 @@ Supported values: - 1 - User Blocked: The admin has blocked the user from switching their device out of S mode. Only the admin can switch the device out of S mode through the SMode/SwitchFromSMode node. **SMode/SwitchFromSMode** -Added in Windows 10, next major version. Switches a device out of S mode if possible. Does not reboot. +Added in Windows 10, next major version. Switches a device out of S mode if possible. Does not reboot. For an example, see [Execute SwitchFromSMode](#smode-switchfromsmode-execute) Supported operation is Execute. **SMode/Status** -Added in Windows 10, next major version. Returns the status of the latest SwitchFromSMode set request. +Added in Windows 10, next major version. Returns the status of the latest SwitchFromSMode set request. For an example, see [Get S mode status](#smode-status-example) Value type is integer. Supported operation is Get. @@ -315,6 +315,140 @@ Value type is integer. Supported operation is Get. ``` +**Get S mode status** + +``` + + + + 6 + + + + ./Vendor/MSFT/WindowsLicensing/SMode/Status + + + + + + + +``` + +**Execute SwitchFromSMode** + +``` + + + + 5 + + + + ./Vendor/MSFT/WindowsLicensing/SMode/SwitchFromSMode + + + + null + text/plain + + + + + + + +``` + +**Add S mode SwitchingPolicy** + +``` + + + + 4 + + + + ./Vendor/MSFT/WindowsLicensing/SMode/SwitchingPolicy + + + + int + text/plain + + 1 + + + + + +``` + +**Get S mode SwitchingPolicy** + +``` + + + + 2 + + + + ./Vendor/MSFT/WindowsLicensing/SMode/SwitchingPolicy + + + + + + + +``` + +**Replace S mode SwitchingPolicy** + +``` + + + + 1 + + + + ./Vendor/MSFT/WindowsLicensing/SMode/SwitchingPolicy + + + + int + text/plain + + 1 + + + + + +``` + +**Delete S mode SwitchingPolicy** + +``` + + + + 3 + + + + ./Vendor/MSFT/WindowsLicensing/SMode/SwitchingPolicy + + + + + + + +``` ## Related topics From 94e94c4c73f038caeeade420c8627c2bc0fb2452 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Thu, 26 Jul 2018 19:26:56 +0000 Subject: [PATCH 07/27] Doc bug --- .../scheduled-catch-up-scans-windows-defender-antivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md index 4439eb8cb4..3d9338e7b5 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.localizationpriority: medium author: andreabichsel ms.author: v-anbic -ms.date: 07/10/2018 +ms.date: 07/26/2018 --- @@ -84,7 +84,7 @@ Location | Setting | Description | Default setting (if not configured) Scan | Specify the scan type to use for a scheduled scan | Quick scan Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am) | 2 am -Root | Randomize scheduled task times | Randomize the start time of the scan to any interval plus or minus 30 minutes. This can be useful in VM or VDI deployments | Enabled +Root | Randomize scheduled task times | Randomize the start time of the scan to any interval from 0 to 4 hours. This can be useful in VM or VDI deployments | Enabled **Use PowerShell cmdlets to schedule scans:** From d6c22a6d4cc3d6602e41b1e44af6bcd00ade3a3f Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Thu, 26 Jul 2018 20:57:28 +0000 Subject: [PATCH 08/27] Incorporated review feedback. --- .../scheduled-catch-up-scans-windows-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md index 3d9338e7b5..a4b3ea748f 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md @@ -84,7 +84,7 @@ Location | Setting | Description | Default setting (if not configured) Scan | Specify the scan type to use for a scheduled scan | Quick scan Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am) | 2 am -Root | Randomize scheduled task times | Randomize the start time of the scan to any interval from 0 to 4 hours. This can be useful in VM or VDI deployments | Enabled +Root | Randomize scheduled task times | Randomize the start time of the scan to any interval from 0 to 4 hours, or to any interval plus or minus 30 minutes for third-party antivirus scans). This can be useful in VM or VDI deployments | Enabled **Use PowerShell cmdlets to schedule scans:** From 602ff3468f74f90e43e04c9f870a2e1436ee5aec Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Thu, 26 Jul 2018 21:23:51 +0000 Subject: [PATCH 09/27] Incorporated review feedback. --- .../scheduled-catch-up-scans-windows-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md index a4b3ea748f..921a4773cb 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md @@ -84,7 +84,7 @@ Location | Setting | Description | Default setting (if not configured) Scan | Specify the scan type to use for a scheduled scan | Quick scan Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am) | 2 am -Root | Randomize scheduled task times | Randomize the start time of the scan to any interval from 0 to 4 hours, or to any interval plus or minus 30 minutes for third-party antivirus scans). This can be useful in VM or VDI deployments | Enabled +Root | Randomize scheduled task times | Randomize the start time of the scan to any interval from 0 to 4 hours, or to any interval plus or minus 30 minutes for non-Windows Defender scans). This can be useful in VM or VDI deployments | Enabled **Use PowerShell cmdlets to schedule scans:** From 7d53b3396580218f7269d75d938542942df52655 Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Thu, 26 Jul 2018 21:32:14 +0000 Subject: [PATCH 10/27] Removed extra paren. --- .../scheduled-catch-up-scans-windows-defender-antivirus.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md index 921a4773cb..f8c0ea7c5e 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md @@ -84,7 +84,7 @@ Location | Setting | Description | Default setting (if not configured) Scan | Specify the scan type to use for a scheduled scan | Quick scan Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am) | 2 am -Root | Randomize scheduled task times | Randomize the start time of the scan to any interval from 0 to 4 hours, or to any interval plus or minus 30 minutes for non-Windows Defender scans). This can be useful in VM or VDI deployments | Enabled +Root | Randomize scheduled task times | Randomize the start time of the scan to any interval from 0 to 4 hours, or to any interval plus or minus 30 minutes for non-Windows Defender scans. This can be useful in VM or VDI deployments | Enabled **Use PowerShell cmdlets to schedule scans:** From e77f0a579f43836aa23c988579d1479d3dcde80f Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 26 Jul 2018 14:41:33 -0700 Subject: [PATCH 11/27] fixed list --- .../microsoft-recommended-block-rules.md | 52 +++++++++---------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md index 2754f9f13f..1aec53e4ed 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md @@ -655,32 +655,32 @@ Microsoft recommends that you block the following Microsoft-signed applications - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + From e699fdae6e25b8c7b1c35264ef1198f308590fe1 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Thu, 26 Jul 2018 21:58:30 +0000 Subject: [PATCH 12/27] Merged PR 10119: PassportForWork CSP - added new settings --- .../provisioning-csp-passportforwork2.png | Bin 33608 -> 45424 bytes .../mdm/passportforwork-csp.md | 190 +++++++---- .../mdm/passportforwork-ddf.md | 317 ++++++++++++++---- 3 files changed, 369 insertions(+), 138 deletions(-) diff --git a/windows/client-management/mdm/images/provisioning-csp-passportforwork2.png b/windows/client-management/mdm/images/provisioning-csp-passportforwork2.png index f12f2fbd44a2615196de81322471c6be4124ca82..af267f4f6d791a264ef8db2eb272ae18338f1694 100644 GIT binary patch literal 45424 zcmce;cRbbq|39pOj1n@UQe@{yLUva6juQ^b-g4}nMA@6{O~{cI$IJ>x_R20Cdt`5} z=b?JPKi})RUAN!wx_;m9AKh}!dA**m=kqb{kNxsfQjoliPlb<#g>_k4N?ZjC>jDE7 z*2RyP&Vz5Zh6vQaf9GsfBt@|h9XIB|hl|D{@*-GRg&_ooFR;O9yq8iMwpdtK8ZiIP zHCul$06$_&i;FyU(pf&zwY$;pRdCtX88QopAg9A+$)Tflnyo&AagO<|JL~e~6Vm~8 zjJ)2pa^zmE@e#tmM0Mm96azwj8#$qI)Cfsp&?-uU={v zeNZ$~qF*Y4NWJ`z|glj=ukS320+w|f{tk@ku=!3MG5IB3jaT5d)X zfd6hgl0+>I}B@M$^l<|(IB&=MxYQoXZ>G9m)!tMq4TigAH>>d=_)&2TP9u*dI;K}iTyQHEb7r_IrC<%Lv>`0FNZ*O=7Vx|no+B34g$_Qxm()=zmPX?-ujWu0Vq&%JqKpo8FIAn!$|+R zLg#ku{;*uK=7+_?Z9n-V*^6Kyt?cpJcGHLcg>9%?U534Z9mb^k6y!PY*|7=yK zLlwzW)yjj|A!cF0>PGo#+pBwfBOyTvw;b4oF^72Tst$#|W%2&{p-N}}>tgTG1^AHC zbxG{LEQa0+xN~*5p24Pw1wM0tp{5$**DOPRi;4WUt(EDpD!s8iJfc|IO-RIWN`Ek- zsFjFR8?0zKleD+DC)ljRk3tv&lK6bnF5l5uP(iM{#aTJsTU8=Dq>mD zskkrU@~Agk_PrJp3+0N5N0mao@iiF~gK(|Duj)cS~<`ZPv)V;}9m;-KORa zZ4r&ma_ku~c)CGyfSf$kP&GK{OstKVx<>-~%NHX+Q&BPRDTS-R0{8sUb)SIH7RPTo~e;BfRQl!_6N7me% zO0@rURi=KHd{Z?pTD7i3y6o;p8@Qun)9BpW0Jm!#duv*r!U7LI)L`@|RJgqZ9xFu5 z`Q;#vmO|9%N1K;5S%uC;`B?6$yU5aKZEITO?KrC9enEGcV!BCP(K5%QPx(b~(@^wN zo1?;E*9v5Yrr&Bn0ExJJrz>Gu#*Ku(iW<3aCaO#FS|ST-Im(%`^{`%7(=8AF z4ArCK?SyB#TPYmHrifO-O*dZ9GV4SYwRUdc-lDlFob!8IJ8s8&v(`6`syXhOhtX9F z5tDtRbf(|OVuxOkwAq&D_D06my&0?*<@bj-KPSOyU;f0vIS|e( zltC4wN5H8{RA@O7JM=r9s^P80{mDgI5YbwJchd@&ab=M+yxt64wz> zoKp#h?`5I;BHMHp=c8w7u;a zx4X6X23O~%0*7m6wu#{M;4DC_;gF{YG#Z`WaN+Bh8`4gMHZyv0?la-RBn zd1w6s5D?c;6#ee*`ZVim?eoC)47Z{66{60BDM=;F3PCE6y1Cuf84uDZJ1vjnZT+b3 zI?enn2rqbQNx)+yP;JStzQ;S2@<(elJzUPmU#7&;oAdf}E5^YUT~E%VN&3u6i)Wj! zBspy`9^B%>vFNFG-p{Wcv0du#UW=&D?T^9%Jl`f!fy7YrSUpv^T+LIyQ})*5aOrrJ za>~(keR{=OXl*|vX|%MCiCrGEhg#lEx;tHBjEdhnJM;1|@SS-32@*z5P7d){?{0Z! zSe|isoY*bt>FKd}+-p{C7npFX=GPkUovx}X40PI%MCENR-AbfD(I4jxfMa68FQ7${ z;Q!l>N{~}~0LT45@CBnX(rT=Ni-(7Y&qGE0sJjNPyi!~E=z%&h#mYh{Yg=2}fsjg??MQ{q8i+pU2zN&0P3j%SXL4hKGGo2$1g1v&X> z8xdH2S%hV9XhXl2uY8E|z1BBiWi-b+?M_~4q~6BcDX!t}HGV23Ju$th>He}(omNY0 zc*r>NVQ*H1Th!vLwJMS*uNY*C>)<$a z_;lo1k8a9p^i&C;^I)_zgf}akH?sc1ps;Z5?DxE{p`$MKEc(W`kauO#@KF;hc!Z`s zp#?;xr^ZUVC{89awbS zBj(3 z`Hb8wAqcZ&T!UfcERlc^kc{6dymCFB@(5V?>tgW5ZnY;6)`l(v(E`%M%l@%6aCZqZ z--&cMchilIEzYr6(VGDXK4~-gyFDqJqK;}S^kYm+VFzZP`Etx%7vahzSr^p2#LV z?3SLDW6ZSnY2$1Qnb<%087A`Ej+r*!gEDn|lYh=zXUk)HOChy@`H8d@%5bxo7rm}| z)zx{HRwi&B63Y<9dZ=u0!w92Z!*Z_U==I6n=mLr`XkvmC7haw(3m$9C@pK_xe5(#} zwD>#Zc(Ig}EzDE}DekxN>mkMBr1qIjNb)S4qtAe;aOp+LI_4<(@$aN_^YTqn2lhrf zK5{l$cFueuHLPykzhtapZWhs<;;Lfq;#?x0wWfdrXU_8xXN&*EPL6>zIew2A*^qP@ z70C<%c^9IoX~Iw~COS(x%{1{wVv6hf`_1gueW9Z(^qZWYxzwzbYAG85q9dP zj3*$EWc5BAaTOLi>DJgu!$9wd5{mwjt(9F{rSQWiCMsD1l_&gk`eGOl5e~>@Lg59^ zM<9ZOliiRf6ki|7qlka@M)i76vg9pZ2ESY0Rf5D2P%z^7ZVQ7ufeTr|1K2)SM{1qK z%Y!;32am|UA0_*#yc~cIFQ33K_=zn5m&5t8;||LDwlDxM8*9QxhppPwf$MN_7?;hm zj?1dCXbNk#uhnRIDguxm%kDKL8m^(EQv zxDu?gO*Q$Fmpb$sxPwnJ4IY&=mcAj1Z1n8s1K&KhN`Wz9kZSr0$_Ea(@Ob6_%on^Y zgZ1_GO^QPBV+C~Re(&2ZoT^%O=ZzV8dwR@HE~BCX;A7=B`c4MFs_Uw21vjUF)*bha zUygSamK%=9p4jJKi>=)p?-ZisdkA-VFT4aOD}jYZJwuw64#(Q216#Q_RdzhCbgt(Z z1FV49y5*1VAOb2x!2=S(l`6>Gelzsuk7!3v6T-ucVrRfCz{R}0yahgR)RLQ#tej|Y zNqrf{cztzJ^bgg&wL3mHgl`Mn*)C=!#J9-BZ%E~tGXDhVxaZHQwul8Y%#9S0tkmcV zo2jpWp;Y<;ei_zPIy428KFe(Y|1n`nJJ`YSB~(-p9Jt#nyL3&PmFuK-a5W$ zma(g894g?R386VOa@mioz)0`%c{J)V@=3EICQ#BhS$#H1GcHX;AZT{2zwvc~gTM1J z(^w1ZYVz74vjc_mqXKk=7U#6vn!G)vR%o}AG$PF#EMl4I7`520s)9`7e<|?{8oZ~e7A$?_kVR1(sp`PF*6M&M4C#_OH0SI%9*K7Li98u1lspV;um0VZV*VQ>jE45 z%AvawwKdYfDT;j1`sFPR`E1z?nzN=WQf-$bIa@avYtP7NH$q*Pw7gNfKAbVnR5MH7 z+^7Ac7%|k$$w0{+@AT-!F#343f0ZPe$FJFTP6@$pwhZ%%UX-TCk>vsEk_=7-tfP@H zj1uvSVSum1PBD1~tMK^^HHAqD#;0u4a;f_&#Z^0#q>jYFnbJu{MnA zMqKmM^MV2|lg$~=`9;a5o@m)kk6~d9DKy9Zte*syKIY=f= zKL+xv|Kai4#x&wG^-13j@C&KXO(DBqBy{)>7xklvfT%$rklZ}L?k-*>1T3=6(Ajwp z)z8ea5E7{7TN$KV%f%p+yu6yEvN+}q?lUqrwjQgr4c`5= z*P6IMYRDfWl@Lx!7z;!w@;~(Fx;i2%DhfoneywX5bK6XusvQ`p22pgcr#ZyIGGSz* zK#?hWpw#mE5wLhZoAvKW`US`PKZH+q^J^!n4qo(hVC)Ec^-i%@>JeS`TVi%#ieAA} zVQbSFuzs^rxXUj^Nsj}7fxft*+q1yGVrX2%fX@1FpoR)KGYzhAmN{@#q<< zT0bVp?hNiT*0 z2nN-JJ$_B1b7U7@pTl}Q0DvDVFvK#rwDhf`_V6voS4ZgQ&b~pT{lNMMXk6DC8<4gz zE6qh*$HFqeKV2#nvs7vXW0J?>Y9L3Aci8dM9nLY~=j!jisv+^+qoPSj@S8=$`X%au!DiOFf$wh|nJveUe{C%e7UZ!4u^95g5YylTtbxv3;^3`+ zD+>KhIR`h`d!%}w_89Why>wqERsBwCDJli}Oc(gFvoRF6G5i2F^20w1SO`9#6H3zN40mzTdglrumG39&F(N`p9JvV;gmgt*5l6eE#Km^ziH$dZ5;bh zV<)5Wdp^Qrw;H%I;q!WoQ>6@A4l?*WV_P77QUPMCEnse6En(DUl=-j{rn8=i_74!y zEBv^KKAuIu5>@^Z8a`X!JnLaQC;7E&e5jE%hJSB5s*P{Ba+w3w|E&_XW-8t`9PiCI zUS%`oi!mgjH-W%M@#|fpxPasUq>1CczDBbbdlG$L0a?FQEt>yYU)uxQ5nsN;0^8^K zo+j}+hP%0h>pS`9u-35vVc^-X0N&|sRC*b+Yu9}EDeTy-z*g z)Oq4Gb+Waad~BWmX?L$K$@(49VGM4~4u~O}StUD@XaG(x#0NP)sD32~jF9j)@vdx&6>5O$YhU7ILh|`~d7ApMD}Qtap0o?k<^^0xb!} zD5KY9j2rh5`@i+i>ns@bp?#dKtSgDtav8AWJav%@iSzNW&ML$bd*@ zCW^<@Kw2T6&Y@`y@ln`aIGD)a;xSSx_BH%m$+_RRg-dX6vG+H#K6!!r&(|_3uo2@0 zb58ep`XKQYwKFVYQmEIqTroIc$R1qq9w{Xm8t&;3O3y$NT}7XtyYqYT!#P)89hGZ~ zsD+Dan1EFw-+J_^oJLQEa4HN-@ZuR&W0HUAkPnAJAE-klLuMFwa@3l?%+S)yFED^@ ziedcb?@Au%TtXb8AFrE@RfwzLTaj#PNWF#TG7ED5n?5z=oYJ%vsK!!eIu^wp=$oBg zt!k$+StZ1GoUMVrZuE-ITeRD_T=Ic#*-d1^z6dWzTvUHwGkuUeY56wDikn^HeG`tLzvA}>hF z3q-s$(z7!pCQiF*$@s1?z-5KplsD@>5BfpHa01+!?Ok=1@w+r}RNA;g1d42riSKG8 zLCWP*+W%mQdC5>}CHr;)jXy3(64v1Pt(cAZYVg%Yf#V3jHApd4@kN#G_3Ao&g zXUIb_o)?@PHv{I)^t_GCt^UTirdbgS4-*-)Ig%|${zJA9BzwV8j}~yV&~mNfOSv5A z@Z1+H&@OmMSK_gj3WU6H9Cd48r>#k3k3%wCEg6g4`s*Qq~{KPdj)3gXL4V2j( zWpi^S$SZD)*?%r}JyN!@7n^a|iG9}e5UxsGA`g#w6rybNv^Af1On6=(Fu;;GtIM9a zS=+#lbA#Y=y1!Jor$fb2qaD}hIw^COI~08~gj!~wBD~-^4x&*b6n}}KM1p3qvZJ_z z#QiHbDKK7KwAnvTzkrIeRYH9JN3c?08FC^>tYM6wfWZ@H)xSHvfRaD~`29`k&{X)% z>mI8BgGqbpmUe##gX^kJk?9UAI#)eU-&j(zS&^h?2zZKO?#$*OHUe1J5g()9pcspmF_{`6nZe?D4<@UdTN&kybHm8DKh)>YT8$9|ZZ}otsBmsCz zTcxozQhP4fzw^#+nN^Vt#Tmw}{M?THL2CP;Tu>#u@Vm#Oy?;1qR|scYUb2PWY-=5^ zSo)Y|EimV2Qa5Z$CEX=9uX5S0|HBOBce|6vN~u2qxC&lA<)@(%!Z(p_M{2J);(fGU zHY`{CfKv7!?NNGyhR-}t>+EES(sE~=DPzmkNdj&r14!hP`7M@nsU%st&-&_4m~ zU!42~GLJSZ$T)7?tegL-kZ;)k?vBc_G1+ls!kZf$SrJcEJv{5>o05IHpSu2|K^|4J zs%uAkF@iBZuBGA0)myEKj+cdz2k~F8zE@2nA{Ugm!Ex=xDKT?F(mj#EHgLXxGW;Oc zqdZEUVP-Jee>`^`b~)BExgowTVrpD+Fu z_`}}dfXRahwVIQ!!jxjq6~Znc^|@yR{P#>cV{ee;J#kKX&_hI}j7SNV>QS!3*V#$P zqFM@q_Dehh4x4E<=#QdJn~)|;3oZN zVN(=YLL7u|{e~F5=0w8#=;*%IH(7doOB4(|0D%539K!<5!()a@(+PgmC)(vB`+Fb| zfOE}=Kezse^eHgL&&6j9VLIxAo?i_kG1DD0Y?H3K8 z{P?K}35|m1fBcvb`$&+_BRsU@$@kiQmGh5<{`>}_q>xjbxPSr?xBMxh{CE8+HWF!W zneSn2h|X)05dB!}wm1;Cp?#ho6jS<09uu5xsSNJNu^yqA?JKE3L_|bGL&dxK(^T~1 zMog;mngmsDV8X#%PY^Z12WYXy$miv8*H!oV%owYQntXq(I7}hsi|=9NqC=_6_F=PL z;Nf7k{=|gPonTQZhP{=~ww=p-wm-fh`dBOxVi!6RkX!bh9EL;}CCdbL9_$y2Y(8q6`2 zQ&!`L`@epC5WYAQX8bjG^08)IL~2!}`QYKl!OXCRuzZb~o*JJS1(789FB`vSi~7B9 ztvo+hI~tj}Y(qNwsl>#@b|yT93;MB>7CTUnI|aw@7oB z44vegmDBeK*jw#o?oA5@B?K!sb9`E;(H8OX?ZrlI9W9fJ(Pihca@}J8+_F4U#$!ER z^`ZgCgO5z_j6$S$BtA_1wy0R1GpF%}U`sWc%?ZsrGCp1#*zR_WPOL1Adqi3Ct*@_7j7ac}z1O)@ z^2dTMkn!l68hbmFMw&gi{~9EwfVqa=MDqvXNz&zaaOI)zaVfC<;9!Lu`BWUS^;u@0 z9Vd=VxLiRve>#n}1iw#LQ8831W3=PV!iQb;xUSZ%co~6!_XETH1iQno`pG&6O9P2& zNo+<Rqt_YdLE5h^sZFmA(&@icyIz3HUh8?7A-s-`44r#J%cbWaaw(RP z$%d}_&gC_f;nJM-18Tdhl#*@32{$pB+#9Pj(ur$hOz#j%FB0)brG#b5gQ*LK8aXu! za=sT!S;*f~i0F3Ph7b$hD30P(D1tLj;rTj@rByx5fPD?VgAP~Ka3Q3DFSZEXRSRBJdx9c!d$gZ@Ege=v zO`qJ&C*PDLF+5AB*vRbnPIJK7{rS>*X{Xh=PIcQNESC1;q8IM1A9!@-zn$&DRKG&wuNJ#XDx-Is4)Gp?eEC1Lq-d7XiylleU!`fx?z_(9&kJ<18g_4}+M)`p3+Ztj*gf?RSfE7f@u!4-KT}V4_>q z_%)k%?Ny%iB_wJl1X;6e-|Nv-1(^@cclVF$enupF+Eb%ZeyOQZ|djs?Q?$V!NKoz1^xW9~gD0qRfu4 ze6vQBD71rak1EI$c=j!z`IajHc1y4mU@n0SJWxgqYaVUOEEn*s-k=fM8nfIJ(zoGQUW{~{ges#-M zmdi%=_8x^UdUlgJgPr>q?wION+gAUWu-I0?pyat+94vXUgx07|EJ08btM6(n8LM}El1;qr8 z$NO9U`^pdol`;g1WYHbS|>Z5 zG|q=)*Cx~`C+b!d+qrIaXeY7ETw(9tIimzfTY%kR%~G}rq^N;gqjJ5I&tew?VE z?c5>-M`aB%=+IE|>+rhUIEd^H%mz4;_i4e_-^%vwkbnfzg3X_R=i+)0LT%4!El7<+GDR z-&nUw`meJ=0$ClE5Vy{3wndbzK~o_@f_Jd=LFLQY1>L+D;acaFi1}g~#l%Nk3M%UZ zVXBoxAvgFV1j2r zcAX{WODUqVBX3i-40^J^HO5Zvo=6mSM`tN3 z9KKr(*(Jy8t#A-S4U9q^5fdP{m;$WFv!X~reiIwhyrec z3v|-X@V8G9$buD0v^by?@`Ry#kH`)uGOzi}3|pgLe;r!-25)E2|6upEI*Tco*?C;(i^ z9#vur_v1G9kqt4!n*eU_?%d^<{)(a}`aF(^(Q#ACquX)%)g)^skH{^35(j@b|Af2c z)|+?-8CZ!>0nw=R<8=PO0Ed%H|r<)ba#KBC!xZ@>mRG_Y@)nO#O%hBdsSR};>PUn$(8GgE7f zo9MScLpJj8IIW` z&(%unS7mQMWO3cdnJI(6OyAWV3U{uuk6Wkis<;zVHFjiJJDEwrBlJNthWf~8)aT;n za-Gf1zdU>ooC`c8A}^V3tcJCuGGi5v6e3Q!CUUKLUnZj~lu&x9hRQVQ zT0Qe-S$U-oYZe#%G0$+&ua)Dt%9k(GVYbKA2u5Q1^XW=yP%fd%h0JsHE`QJRF>;Xw z)gKXtvbVIF-!?OiY70H@saD}Ve49c$MCu-4fRqK-W#u`G0c{E0Z5yifq)lX^>wULR zC0Tlvsbs# zKOe3$*BRENzCo;&=u(mQrmCsglyNTQgTW=3i|X3gOHG^Z;qXkC)gyTiIuc7%!j$SJET&nLo_IJ?%`LfHCG!o zL!9F)?xB;>uN|&Fdw%BlpDO=)1OkQ-2)eP|HoL?2Ms5CAT4;WL{kMncaIU7@?*{uC zp>sBsOiUCd9hu*=BZ+?}vjIw=v!&5-(HlB1DoJpRuH~k{G+zA+Ret&jd)!4dDelPo z1?VLj@96H;I_MtO9t-@u(x4q@hYoK`;?9BZ$#uEbwP{&tA`@@}5Uuw5!yjRaAm|B; zzD`A@!X^qml^So*dA);+W;s9MY~Mp8r1ed>3f{pqj{pTE7gE;E2hmW~8kbcet;j6& z(ntoJmwoju(Xh5@F&q=!5tV+U3lS*#^eKhPX9ZJtIYps+6FEV0Z2smi5;ux}9+2X5HKSjWIqc5SbE&l+Z+-5nPmyhgFCN~u()AITe z*Vcqce_M5R1rrmLu4UrbVj6l?<)w$v(^BGNukIAn{LvHpr^}8q-nw$jD!-|Z5;u(u zcy3GDENSc)&DS~UkM+cd z01BeuvmvwP@z_Paqce&e(q1Y~uCmrH-6M>x0q2qUT>>ms8mpgWOEMOJrzBZOnV{_1 zhs7|jT&KwlyvP~e9*;hm?;aQHZWTqB*?zj`(6!Cwu>G!N;o5wVY5Wl#3LdkoUWs?= zCMh8v0J{Z86~Jl+oybY00=;Jh#?$hY;-)T+)Q?Yd<;VD%n}~C_1n<(PM!mF#8DOV> z82OI}<3`H*g|Tz^jyj3cOD<(MvVJGuX0VoLzdYD=pXZ%@{+GF^@04qK`*3H@jmZ*oUH2U7mN`-9Hml;b&*?wzN6rL_} z`_^^$g{|U@?4sEglf9@mWlHUr3HB7VPa|^-E%U+?p2t7V4XNk6-4H0p(X)N^5nHRi z_#tzaVKsZ${uriY2h!Tm*q2d@Z9ef)y`A!8pA<78jeG|{g` ze`k5r7#gKq9qr`_D|E+UvD)RfTl>p7?9zL-XqT;F-MnIg{#p-;`-^+7Z9bz)n@UvG^G+WJgOi*$hg z>llBYd4H7V7Gyr?W8cbX)S$M44O*zx2foF3>e#2i&|-mQdf&+CtS#jgT*7qTl@B1y z(N% z<-vU`dBxo+4kX}P{KDpAhdv*vi+28fHgLTOblLpRDL#~t!o`HW1+eOwV{K#N7Q8>6 zPO3ecWNH}rk_9|9eDC043X)8N=p6I@%Jo4J4#eSOq|1%7AV3ANf2do_=R}C6y&0^8 z2uRk^uAw{Wdrp14BLA-^rohbC*(=>`+(FUtW{46Zgk85f&38WMUZRBFQBI4c{Im*Wd-2_r3JQm+m)KeIL`w24bneGHzVGU1G zzYXN<5BHTQOYz;3L?R&LH34vRGe}<8O}7yLjd={!5Fllw_oct6oJ%F!t0V(fq|oIB z@;O#W3)?aGpySS9?FTHO-&0`D4c90xo#G8sF`Vt2Fe$V312)zeXtOfYU_OcnQV&z5i3+~iA|oI6hKw~3C}4w_f| zt`E#ns_Hvl*az4{bRQ3a8cl}&o(tpRBSp3dO^2W^o=+KL)%iC;haoA*9=d?A5S&cl z^kkTd!2Ub6xHpmX?=~;!=9dg5DiMa@Ei`vLm8MxgYRFG#ewyN5=k?k>;(+epYMJ%q z&u?(X8NB_YL4no@jy3Vu#oHuhuAfRHM3C#xn}cssb6b?VAAHt)n{*bM&4RtXWk6s` z^OXt7)w~?Gw!hLlCmspRfI}+wqUihUpb5J}?Ak*0sLbWL#*d^5>8Q-DJC9;A8k!dL z)8N?4xVSO`VISa4%Q}H6u-IbDkys z*5x(oY#(83y#m*nq2;d9Zv)sA)gc8n173}!e#(%7`=cl4FQQRbQ#Im&dM*_<_wl{L z{VfyX$PBqTRDWM3%mqk??-dFbimgPWMB8rsAa3Jqa^nk(vSz&M$b^Aux%UXWL?Toa znX0NPk>F-mG@BM!=L}U1)gjCmJz$(tYB$u1E37S)RUs!di@fnw(zn~aM$N3Sd2-ud zCf?R`HuJPIjEp}_Z>CYei;n+Mu9-TX^3I}n?uA9$8j7sUb=DhhSpV5_1e2cyS(ef( zSIyvHkFg6qHKRF7HDmKW(_3O3wofekxVr@kE!ip!U9|_i$ z+qsgV{SASLf&7jtE7s>T+-biDwY1#pSkSGlIT!+=_VLzs)M8n7&E1SKq|4FvQhg%3 zHDVOlu_%;}?YZgmr%b-i1g);o)T*pj(E@S#etQ(iE6k9uUfQ9}Xy0>N>p1K|fgss> zEGK_pnuqkPHRp@(JtO2oY3V-7YL z%v`1RlBs8-W2Zfv1;K6T+0XwU%fz7G3&sj&Kzm9~zu5xyziPVwrQ};&T>L*!^7S`5 z2;6{HVCL#(7<#rX7Ibq%pn>&`e@j%ppP6Ge-^bQ$hJT&X2qPVNQq>|NXkzeuHX%I! zrSlcMM4x59H`Jz5q-+kR%uyoFx7!p+(C3+MoXVYDDts&GZL@WE$LKVJr~R0CFts}C zJg)ahI{I?<+D6gQ#l!bB5);!Uq4D-Bd`{glUxX?I zIoQ)tBjr4$F?n)8bmB>aB5&HTK7}t(YV-@THPiM$57iaY0ZwwO?9(8IsMrVJe)X z-yKIg<3-qwr;e6P)d--O(tfx)6)xX&6UzT)PlSF4R*+-Rvh3$^trok#wX3ujB>`d( z!)j{?+HblLeqlzanmWx{PNkM zhEo-B8QXV7kl()QPg460dFVAK#03|Whb8t+H{>lj3c1l14Rtx2qOA^cG)Zp^3McG| zaP5Z0B`1x04!y2rIhfK$&qT6*HnR9zN^P)}aE_4;o(w+cq+gYOE$(_tInjGj%^!?4 zHQx7HZ&z=8^}FkKO@tuGJSbkuJIFm_COdme z*X%?0>wODl$ScSh5`Sii$$p?PtwgoKei{9K;aSX$)h%Z7sEgWCA8EM!ObD_bibt`2 zwrQ3+jHXUPy$hj9{mZFQUlI0JDBh2nzK72vYGum>UcUamkC&CUY$78T2=^;Dx;m`v`jQ)T9(OFPVP`qa%Udk-YQ3{>zmHiK4{mepf z2lU|lY2^A}?zedb#~7#o=i7j#DNH45d?g8d)v*)qXV@+Q; zwFVl@piyx1(r@bpTC%VGxBgioiJ3*DxCv}_U$UW>fX1_DSCbt|HPyf_Zu6f3z7}$3 zcD9+}2^dDcAa)?3BV5$K%inl6q>85;>NX5ICc)T?Q1yB%3gusM3k!?wtYYhN+N<;R z01O;s#ot&Kf(&eFVR~BFwQ;|G> zd@g^~mZ}Vc`;PtJsaQ7SQA2O__&@1@hR9N_J`eks8(^Ssq3GXBfH|D~c+;x^c_=t z2OVFRLkN#SBRkI%$I3VDVsX7rP4^t59r1P7*igU7kQF7xom!S+fmfboY>`ua1A{T+ zp!Z9g7weVLsdIKm7EN`F`>Xxpn|3-0 z;|6(U+UO&`Ix$7!{0la3L$$XSB^6~RB%)j3^4HN8x(+yd!#{O9J34Yf$95OtsqhMH z%`i?L^ty0YbFbC;(S0qqx~ZKs4NrLLBiF>-S7vqVJ1@od9d;3S;%XbHca<8wnim=K zm`#&Z>5{jtPNF#yMytep=RNwEU>wz179ihf&MKTGUdCwOvE}Gf`e~H}Yh*Y>DSnBA_Q8LnW zpGerxVN%Yn-85w58@@*o7~-Ff7^XLTf+{RryFR34ThLNOS|;l|YZzK4>~^%jwYY!+ zLUVRjAa{+^y9GqY#b7D=@#vnV#@M;sw>xm-_!1Ic=tEAXy9|9&_g(uwz`3>{G0`b7 zVT4D@OV272Ud1ePJsdC!`V*tBpijL0ta-y1We=VKo-{@|yqu=>?pCkDCLeJfd@|=f zb*Wlz6bs&-{8TZ_gCKS2o@LB0n?&~p4+gE5H0-`trjvZ6=DLQ>$Zd{$^dz*ov0gEp zRZhgv;RUvdd|~~Hwq#rg_;nv=1~f;e<*qUW>yL~56qEs5nqFEF{zA)CMzL;C%z8Ti za0MOJn4yP@7$`@{|i0hvw&i2bPs%rI4LzEetb! zHrLpCaSeIlcP+xYe;%x2gtf9?XcNnf4{a@fs;l zx-$tH7;!_c5LMZ1?i6g+cG>UEBZRGwdk<<|3p$xr{V(-WAqW!%g+G^s8>XlBNox`l~I*nNOB>4oO0$ zv9SJ_hI!y{Vd4C?6aQl$Kq3e<`#U(OAKke%M-Qw>e+*X2z0)(jf@elV!NCv-QG!$R zZgFqMCNYIJ%mwHZ69E&2BiDD#1*!05-tC2%F`@`e!HJ0?k|;8uk_xnv_lO{+SVfR2 zktwjzevmVcx`L9>#6w|cUPMnKaHy3Kc1n;Q86^l4{hzhG;bH2p;Udf;$nv~8oJiK2 zk$F3R2C9KM`satl*Gz+$A?j+(=yc=`cpb-jW}N(XxEo9p4ygP+cOAXJ+hf@ z9h-RQJB^b*Ek@;Sj5QAThwoL~CeU9fSN|F3|9}wcTfe1^Z4;v(X+B0?)!^J#w-P4r z(U~afZk_l24saHrRbUPorJ@Z*Fxs>bA)txocc1)X;E?FHtzAl)>~F zOwiYid-fTx8x3OE}*Yg2C?5Q{ktK zeH(oth@pRz_GRuA*!(q6YHW+e6G#a}p;v?iDNaVa0(jfdjPl5OcoxaZ9TfJbf0!VE zhDZB6yj%Vb$|;8K;Xw{eTBGEV3CGz9MoNrX=r^_$1V#ib>s@sWkp$0g{-JO7D->Gl z@%_qP9CXjjTb!~sB)zAq2MR67vnexenkzKNG7}r?@7maC%R_~?u-nOGSj;pKbD|E2|~>L}|ai_TF0`<%dOjrz}vX!9?k zU#q7~jHCsM?S@A;`$4h47)U(HH(`S&<5&zrWvfPCBif^pfzbpbe^wYrH0NDFFkEEs@n5_MC?Wa(MMe>%%Y*p+n1v~_^e%>f)0g=* z+!DBt{fl7k<%u(h`0we0mjXeoZ>un;U7n$`C&%E8CUTJUkITr?IXGhgoY`|3UVnIo z{TFaPMbPsT%!k6~*QYh0Pm!CPmhtd;T<{JKfSJDmCyfaJ&Yg4no1Fk~euV(Q*)`>Q zksVeu#}}k?OHkFF6@{&I^{>$0NA(+DddqZ8hotbT@xF{;mF0s+`FT-3oji?OFg+Q zh8IMQ>i@D5mfkEKRkrjfRP}>(kSZd@sQk6+iaV@`SPkO(A**Y%lhZ9_dMqAD-#>N% zKLZwwTV8Q{tbWb=jUUZ*%ZRD#vc1E1L#-&`=1=Cf!0|hvNLjFF9m_VJbl(If)9SnQfZEl*q~* zSpd~A@2!u8*|cgPN0S&6Kk6`M4P7)Q`3IeDU;d-#%yDqu2G9Ei`p@3M>}RYE5~Ww6 zch75wx=ahH_YPb1#R~Mo4P+M*E18ASDkSqUCdRYkQLaW=leaj!V*{VO=36NgHvoY3 znCh>sx`?LLXj)^FPttsugY)lm0`n{97k^D0i4}+Q2TZ{1HT^cTLGZsV#s9WlPb7>o z|Ix?~oU6w!ER$*JFeRZsg3QQ@*3{Nc^i2}~>t}!gH-P-WO~Jy-{9U~Uo&f>Ym*3-T z|6?B#KSl-!@Aek|!u3pX`lFPLkh=y$o=p(<$W}19NA#Lw zUVwle`!DunSxyyYm|)7Gc;i3J2$UZrYV5H82t#i>sx-&bw8Aq5ylg=?g1F72bW`3c zwdIF{8k3pA4ipUSv6ypt)49;s)eu=D2wi;aJ3maCGcZ9*igaj$YdEVGJZ~3D`X$K9 z?K~j(w@!0gC0|QcWN@A=?FR4N=%ozT`sRW{YxtORdO6&+grll)xX!`R_g>PaXFZy8 zl86q3KJ`hVz94F4mq{wkC-V_bug={exUT%r0m3oX_Tb;xJnw*BzuBU8*_!J`#5_&M zn^0K)j(t&54y8XQ50d$NoKxf@v<#vu7|!Ja30pCw`nQF!+w*RE1YW*%m#fLSCaWpO z$i)BPzC!XQTyN=COT_3Hvt0(`8k01NOc!|$?LWo=hdkMNy-xUVFEtUOga}QSidmnr zsMnzs@&8jf1wyALZyWG+R+p;QeCdEf%|V> zU_&8LyTe&M6^-+zp*rXSzW6xT7+Kk;s-j#zD}jm&V9c6YB1+a&sYh8)f~~M9HNJ3r z=sVI$dVqiN-@Zcj9EyJOS$ymfe_L~i*-#>8|uLRYo3mV+`$z{`re}m zZ<$w{o8OUpJc^lTv6v#Cv_xDmUa6t{HyrCs(a6{sFrPOxDAMch=Pbn zQY3>Qk_1U2AUQ(|5)=i=p-D-sjtYHbVDWt7=uvnsdxK#}EOHcMf4nxP!fPbH15noBh?FK}EeZ6dX=ZPjf9%K^!A8FvSad0U-!Dz~5jn>HW|ecn_dg z_xXOJ=s)-m4W=%DbZu<1w>(nKR67WjewnZ>jj8_AuAP^Dd$b^%?-*EC{A{)I9~`%T z9v=OZX~f0;;WgsGQRVd$1t3-mUSN}}m%saWpAvqneQjbNB})!Jf93EVyN&(|Dt_Zw ze!5!Gv#JpHz;Z!x#bdLeZ|Di3(Eo#8}OTN zs~9!vA(NVD`TP`}Au2&lqLM_(B{98{aE-$;;9_4Fef3zV6bL*v_QRVCq2r7(C+gAE z@S7*xpBxY2;JupA(aK%T(se1^H^s;AnfJUev&{w7_>4GeINbzeYr9kyS#&#IIM-8} z+&@f3Pmv%ecB7yA?$>y&cqW!}Ol0LmXwLh3IrF}Z_L)W*k2kzH8EE0#5>Z@nOrF@| zoW?Xhz?#V;nrxAopNN$rEBYF^4$sR(Ij)}%2CMp7nTA3}{cIpjLvr-fWo+K6caz_H zi*D7%J5M?62>I#l?eQq*qy&H+tL_4^v7Ws@b2zijQ;K$Z-TF&tDE{*E5Bu$Q(*Smw_agnYv1ED1E{tr_mrYre*J?)6oH#va;7H{WtP zC-Y3a*V9B>DBW(DcYJ0$l1o&IQA2e%SAAfD+??LjWEX6AgoM{JzsqNGAu;{y-Msyj zGl$Qx=($pUCLxe~>~@WDMs%HcBx%kR!}2tUR9x$`;*C~bJ~Lxq24zHOo1Y^3EYqMu z1fo8>Txo(i<#jv#H__(X*mvCTLwLNFQ4A84y_nT-lVrb*GdFU!8_K8nc3)%sixlGS=CA7jXe#v< zvLQI~A~s}n(8#?!ivcCjLRzc6b>fi$`gGSRy4z@?Z~kkFrcLg|K8)}z;pCGE-zvMy zrvEmr70lsFgag-)!e6~^uPf2g6vc{axd#K*R8I2qN^FIJ{drx55=a>fPHps71P7%Z z=~g*itZ4><&NssOZ}Uov0vg-oPO>W3fl9|6xlPITZM)OrOGoStD2B(Z8$Vq*kdvEx16b@XrE5iS z@|^$)>hCC?R4oY=?B4<$MU-Je46V#-yA>lk0zmgLF7Y#_tyM#PQYa?^G)H8m*WVA< z#RB+5hIm*C;*a)0J;-GJ5-WU(Bx-`qHM2xU|2ktXq9_4WQvXK0K+(6dlhE4{YMr-F z_e{-fO_iM7azNMAFo|;}>)Xg)+CpQ|6t(N&0mj(B*+QP}u0N~?^+&5O7lTT;2$FfqSMduVo}=u>$v4>urGX{%vQW0b}T7 zO5r&+*ah9jh18;ayio+>LNe;cy+1#AS|KE}Rf=^`_SD?RNDRsSY}Ps3_@5RCSPopQ zZ;ch}wTDj@0x~QRnmHFX*}@am<#D>&h9>Q8|Gs5<09Y{tpGcOU5LO=eBf+3gny&SA zI^5`iAo1ZSFHY;jsogdsg$<|<{m=;hY5w7l#R5Qxt{h!qAt%!ZhQfcMj{qK!d3RD! zDqCG;0Cs3YdO{oW%zt_h{%zy`eM9mIx=aGH_di1?P#rM9w=)X(qxX!>`uom9u*@Co zS3p?|5qA7(i2kV!`{({fc-%ZL+xf!U!P2hMX6AqZVw+rL+Y4V zH1HhyJIm{hoD2MZuY8blf}>9euS+|LWsfvgPxNVLYe|RXi-nnpoNNbFACGl)>naqk zL>o9y5n+|L9V5A;ZZ!2?ng}QNT*C}ZU#Pss& zK8#Wz!TkN9-l~w=`Cs$l_U;Ih1*acNWF&zueX4LGJFI~vxLtd2!5lC<9bWC{$gvAC zCotKcD8lm7S^@{d_Ht=<{L5J<{h%`=%Mk&2b=A}NL4^}$Fe}Q2_N8Tr6?p}Cg z%W%a-tTKToVW0M|oA2fII_hl}{T9s+kHQUMdtG~bsPqpQDq4ngmm(bWQXjtGznJUz z(;o##9+dPRu7uc0_l}dHw#+~Lc_LO(g#J7FvAO<Z4r1sHh|kORn%lRlww-$wv$xa=QavU=J$LuY1AiA^P!)A^0I9xPHnpqpy$V+}M(e z+-~z=V)T~~R!>0GpW@l|rg3o_OpNTn1Kd!*pA6h_ep^`ke5|tH`b58s@Uum44k}WH zdQ39?Ux3-{8J#+Y`@7KNC6Fbu;oNiVE}OzYOOrOB>GDpL9_HMT(SA4)Op;&gl#9Xg z3}xSFz-gH|Fn1kP#VY8efub|C`jTpvc;rvR!C5$x@(N*8%dPpttnnsD0=58XWiM-N zOsE~FwWA_THo;LWk3KUZpktFac11OZ&KJl~A z;|d(~&p2bhwB%xNbEtbZ0Ab}86s+HZ(zJ5~vy?)7T(-*y;4i>&U~$}g9zvZIRLJ)^ zikxJ4TVX|T4;OTMW<2K!C)~{eB%tQ~rRjhg@h3Hn7XqYD2iqAwly2U6G|fQS*lw}i zH#q3VY27|aa|G7?vzV@+xR~DtB&!Ep8ZRzL)h+^#$Zl7sG1A4@Oc{{&-6u5cVTNa` zlMCL5WDIH^DBux2)b{csTyQ@J)7;Cuc$$Wp*x4D3>F!is9F>Y+SS+L_=M&6gyZEal z?+>a{6;K5Ci-Bv&)cpcJpL#d}EKX{FsETNz-K|C5z@7e!eYY;AYk|B)ZwJUhuHT1> zJAe+0(!Ia79uFjjsoeQ{p&f`U*a@9JgKxcgg(#@@Di%kJ{U&LS*ne1%V=B6_1O|HD zbL9-Z8X6Stt$(J#EzGPapLcLBrP-Yd+w4f$#O>vm+MM**d7)==fd&X=Y>&k*Dv%xl zEs_w`Lrfog7~s&eeW;y1(%aa!^HJ5`s_eaw&^?NrqDTtjg(aEHQOxTp3F*>a?Ict> zf4s9kdQ_Q1ozxmBIuf=+nv%L6zya6v?4nbkpIsI9rY6D{Cg+Ajh1#HjIctELI-nUxA9uPcsU zW4T7a7_L&w9&YP@=Xj>nT_!Pb@UjE);or4_AaI4}Xs=gp;@mjB7+{+&x04?_eCN~E zk0Pm^Dr{ix z$b_?JG@O97(C(et;07-NhcYO{e9!S$sOTPb?k^V8pOtI(vBkDiow=Azg_*twrx%lM zJ{umNLp5nB{jEgwc-QWR{%(uVqc;pV^?=6w>1c0Su__FvzW*SA^}t{>1=n+hvr8?% zw0GC9)hD!+oA76)DiwwfFpCPfEU-hw-8E?n{2{T^j!S@Uos>=f`+Zo;es3TkAAV_E zz|Xz95zUv2ddu0e?L&%C;ggx)vujv%VBG6zI z*mQ-eSHc1UPI_yVfZ4b&%yoUS-r^%-Hkx?uA{NjH4IY_)K^RLx)akgrVQb3)h<*1G zq@JZ=GEemN^>e?irFIDe$1*jxPjO1SVqqa~qvZ%JZ@=E$jv3CI_iRjje!Y=>o<$u7 z!`oZ`dqrA6{^~#d4^XpmztB9IN|+l^ge|F7iGPHoEdE}+@+bcJ-*=5tGsC7n&N(gY zZey5QcRR0sUEhh_Z8eO|`omcT4sFSy15Mfs*YBUWs^W^MJ!BNLn@F_r@|CIQY=Y?g zvFiAP5i%U-$XV*^EH*}mPQ+vt9;_x{NJgERj%pYvzBHGr)2>u0dM~_hEbDI$NwOM> z)k&|9%f;KWY0rKUna-$c?s^}-7GR@NBRfr1k0Swcxb?2`yhVLXvTCR|8!;PoyAD_v z?nf7xi%WF!W?v{HSx_$1OpzXXcUz@CE;@J(Z+@q+FaAg~wp*I5QxWSreAvHl7M@wV z=OpAxv7yzgmpu|ht@8|9rd{*2_dy#{Mu^&9$jusA@vWLSd)%%1Rj1fw$>gw<4}#R5 zwCBjj^dGZ`&@qnS7zRp4RTY!lovW!Os?pslflM}mSQ5-5BeR+n9;fpDPQ~577i#PX ze}nQsYCA??po4YoY0y%D?Lbm)-P$pd^lyk$aVx7()F^O zm3UfzMPOb;zNx$1X#Tw12kK||*EBD-6~w{o%Lv#T#Dv!k4mlt!(RYZuc4P0rtG7G! zcGd>N%ALKS+7>a~9ZR3{IJK$*k--MTQ+~eJPnoILznz#*O(&Wp$0OoTD??OMF>09m zYpcdyO{GxrMjRQz`Q|DdnflN)cptO%La4 zzuu7nab%s>s*_w~Qt;$(_*C(CJTGdrAD_(m2pZq?fp-X>n^eOR!tMhzBB^?Wpmb9@ ztTzJ673a-EFAa&?wu4SKH#k)mzzEmcjXaEit+Zqyf>VZ>!&LE2noo8VOajp9+gZ3iCsgKVrhb8)~DylZ5-H0Ad@#iVT zyp!B*E0y5t$#3YkyGqiUX2{)}-^tfABQH(5-?K^z-8V}M)hBuTq=wIVJg)%qW9i;3 zHUV`^ODjQrU6q0{Dn`S8{pAL9P1;c#?2}%L;s()xJY?OD~w)RQ!TjigbIc9TL!E0f)v z8*fnxuG@1WOs4(iUrI~WBFsa0$&U@|W^y-;pWgk#Tdlf?`LdfpET^wEMDr9c-cPt!PI_S`@co_qn_rfbR&E{CT!f!1lTTbG z-D6UW$xrltfi9>Kzr^R4U$=ho3a&DK+bBx3orkaHW^||Ut|AvP^KO{gl>o-@{5P-8 zAIDL?NI~T^AIE-q!efU*!<3skwYO;TI9jyr(IrX=xWoL(pIn0sjvb?|#N z35wRa=P1M6vNmBBB|Zm!^I?~(4wsBtm`=xdsjmjCW5U|GmFzO*|YfG^UIdi2J;Vkwg$ndrMn5gmwC*t1gHQ%^G zGIQa0xDP`DcV?GQ_8h^?V5-H&dT~R>?H&$WJE>@1;mjYMHN|D}ZX37>W@Z~0RF~SL zf<^cT!0(DPs64HL*}9EhTX7@U9bWd^*rmHBT5-%ri3XQv(fN|K;yK$9W6fKqO57*M z8Rc9Kv@Lt-O&9syP}&=1a1M6n`i&i*hTDCap^5{7Hj+Z3 zW8{**PW;2~IozqI=(Xu3(@yM!xi2JW8jnlfJMz2&HXAAgT?%W3nIXMBSnJ4NZj zD3f((Mh`SanT0jWyNRZhkK%lhbyup$zLXu2IKyKub(Ui-xghkNOj=-hRFc*wQCc6b z>-JJpPul*XU}32_M~rKb9Y~zR8BECYgW=k3SG~#1n|E8Wjlu(pPnO<$&p9>LlJ6Ah zF{g2L$IVNf$RsG7u5w01eC?=1+b>~0T->9=SX;TnP!BY(%((CrP=>*7p`7k@pXd!( zIZl)+N>#AYZ0LN-<2!p|*kp;38Qi{hG~b1ups}?k`dpXAhe7nKqBUw$)mwV@gp->b zW0hMHqS5oh9aYVD`OmHw`KyK1kaIOlmVnl6zbaQxIlF>N_=k=?@{#I7YJMqC3^tIX z{1G4VHLGE<>oxBEdh^7THwr@5w8fUn^7Z-RJTcqzZ4=r3$mw@la{TUmJYJfMGQE_c zCq^xY6PzB)Qoo7rpFC#WB01!PJ1=~%Nw~DGPj1_GGDy~lz01pUrDfeXHLhUJ$?wQKzWcFfeDuC*_nKJh<(rRTi8Ey5kstbQEfXWyo>cEIZeks%TsCK^zuZ3T`9()UGtbR z2P;p1ggU!_+GU=#$mI`$daERx>F*^Ef4?5!VV*2u4`Jg3RlDKI<}NZrRW$NCTgn!X zvYJkUYZ;Vc^b!k0?=6LQ7@*zMlU|oOC)Qmf=iRuEWs@ijT~Sj5zfa*EVykt&fdjcq z0Q9);O^VM%g@>h)R;E>cU6qjWh*_>E_<>SK=&cgd^B>MXm4E!cF!KY)%XS>I#P_p9 zuRT{fK4f&dHF4Au$kUc;U517Ru5(J%;5Y$1Suv6V&8#cIE5e=qF` zNS0C28a`Cn4Uuzun{v|GTj3=_+hP9GyC8Q)k0|$REHL z%HsDru_d65=BS?R5xx`ZS!CBErI;U4N8!WbIKZ>Xz}Xrkvf4*0_21mXhHS+1si_)1 zmI_W{IR;u;kHO+_Z=X|>fYJ&p2)o_AR!$q7IH7|o~~#T@|?X$ zv;g$i76wL+&pP-xUT$r+aTQab zaJwm-HLRhF82w=AOBi{6^cIhvT&vP^O0Mx7p2vstdFM({)R~xh(g82EUSRiDET)lp=%bY7;?hHm(K+7!HgPd@qWMi`~#Jjud!{wI1 zX{6C|lq+JqaMD7tgr4i-dGfg-e7##hwii^r^RkdmXz2lpw9pI7SKa8pN*6AZ!s1jQ z%aSWqiqOA&Sv%$WMN$|P*F(R0iQxO((}?RW*Q$M{Qbip0Tmtgn^+LtK#)oIf7zXI*E< zfBaQ3IiT@sP z1DprLjc_P>9&~~&h%dQ-dtCIJv+f_DKp;I|%( zzv2K)6v}8&5tQBmVRk@k_kHh~;U1w-g!imETQG4YH7YAB4U!-J3-ES=gQUX*4)l%B z&0NXSnmB`W{_0f3^W<|bd~A%<@!VNZ+74#wQyL$?%L15K@;iugM9L_TFInDrDsI;1 zRQJ|WnUET{up~@>B&++W_)gcik*=s&>K~atV)t8QdXM?orEId~5zfv&ywX0o=@IrR z4o8jxKV*PnqZR1JdO6?lbYW_+%3@KDe~2ZrimJDu zr!O&W1oe)7FLnSc&+MX6Zcd1xJQG zrQCNwMRnRX3M~IZD2?}&9^3He`jiDt51QDe%R!_Kln*;9vODO25Z}Ri2W|eV<2212Uzt)Iu1%h&0K(F2cNMAcH0%>ul>o((%=HU%!V*nDl1HH+Akcq81 zs}m@IHmMwT-B=GT`Dla;zbYD0UEqk`MFU;+tB=9})ma9lLEa(&IQ%eJKr(7M9~uO- zD9^-FTw=TW(Zxj8$@ANQU~;ESOrL_0+G}f35LpEhANX#0pvIyHl=?j!cAd$`^h`L=jL zR8~JP$-?sw=A=&pkP?6c<_QFXIRce4_ppY%b5r^2mWQ5f=`}*_gxeF37fO7g5*bdG zB`OzxT8`>$QwkabU3+!Y!zoeogpw(`*%xBB+P6u1a9vlcgo-@ofot^ZSz@y98dN=5 zo7yoMdeq2c5f!z$YR{}NyOY8}I~D<$b4MRv4Dudk>1Qi9dOL@x{`}NqB@8PasnydK z9+q3r?>Q-cCOhL9cCb@bdE>eenPbEZfRbT!P%>&76gxXJ3sr6{lnL+JKay+QFzpsuXY>KQBp4EsAjnH~|L4xpBIx)&7zWeZf8G6A2NA%*YC_7P#VDp0s5*?^ zD=OP>A++TvOiuCCYg546@d&o@1nP6y-pjjT=!mQhHD+U9_Ht;W#qx!`E2`Q}fuh*Y z#dRvo&jvKC9E{-Kv0e!=;(4GL`e2at3Q)ZQ3xiiY?%QGq4M-^%1633BfNceKG4k~O zHUY=HAyC1BcFh0!j|{?CO%087)i2b2ZZSg(Ul{(S4c+$MIR#>sI3JP%%5n}iY_TLd ziLj%9YeoVzhj;eKz)`OWyHdosbKehv%+Jpc$)YuH_>6{S>RTDPZHp1Mdb*|jew|Ap zh-~WZvu`O-P0sSnMo)gfqE(h~PWxo4T>|rB$W|`m$^sG08%2_l=u??#t*SKzAy}m920GDVo>o};bip5jCH!u^ZR*i=B5^3 zlsuJ!69=b7dyhBA!@c>Uda^igk?=_?yG>w7_@k?i)kgqwjh7Kt49Q_tUo3vGX8qo7 z#XFx8&Yx@w(CRv6N{@{5=q{`90$0clCr*|o;Ob677-jR#GuL6{eHM}og)8X{w!hSH zLSe|h4VW;;BBnoec}P4#hpgaH(+pZ#5sLOKYPe6n*xr zOisBH*e;8t`3r|8aQjojql>fcxf46}x0@`qQmuw&u!XPk!(F_)E17iX@2^nl(%V(e zU(rBCEI4u(X`4$cvjrC&tACpjcfGq>*w=qDL{@p*{e2y%R`_W?{E&V&;=kVe-}e!y zY5V|yfH+|78N&q`N$Ua4-NE;sOa+t8lkF7mMyy?Y-$c$ZwzD0Lfez!-^+~6@%l zSi^P+KZh%2TJTL*$J##lW{KdlXoDZ&7sT`LJOTA_`%gs@48q*a%+Ekv3{&8oA|%v4 zJ`EpH;N9rIy4#kp+LbQ;P{`USekTzGHcb%krFaq?DFbjziOttPy7B_nQ+sJP2C8t) zA)sV$oFu^)kPRKAd{e^$`uKt;{a6S;6f0l_Sd5Fx5pjn2@-N4nK_W8+QLkcYw@MmS zMWtyWe3o6IA_{XG-=#`NZxzS@jaydG&s}3o@a`c*ZIf&BXS5m=}Oo_+AXf zmKLvV{Gu%{2~kiV`*=ZCFM6YVz*}xOOwnibr32c8wz$`@HlUoI#NIH+!o0xJXH)*( zkEgA2X-s3p*0;`1zB8pAzqgR`gEhSKZPJ+r74>Z+Q>rt+-bNBugUy2b>FaP+^BNN# zw96N&Mxyvj%^6DO6sqRSaO_}ycRn;_EA3 z;rl&B(JE}UMBw!78Sx9ePB^U1b}f(FEaL7PuP({7+q`+_Qo$vXvF-{z%T()1Yj?w! zoj+Uik7n~P8k?&$8v!hu8}QlYXHoVE=D&|>8MNG%__-}nGk~w;<5wgiRju`mO=N%WR5dY0lz*EMw#}eg_L$!< zH^tXm5k*{C3#jXE8eRK%vs`s|JYT8%LtUZ?;f31%8!T^ncz)zS(*lVGG1Guvx;btO(rR%Ru=LtYR1p0l~Td^IsT;LS=#C<5UovQy6gZ>y9E> z*s(;9R>opoT}FFH-c{zts{lnfxnerE%Bw>e1Zon^F}rJkoD5>Bf*Z1jhKBwmUB-ot zYbv6q!(>i>hNI+S)1toiyN)urQjy-hq8;J7Rk;q-=ti3eYfjvi$Ddawz4*03hP`a5 zidZ3y1oj+-gT>rKtE;Osr!wg9*+}?zZhV(3=8x2gJUe7N+Iv^l-u8IBmT2i0JeY|6 zON4&9RzpKWtwP}TVr=tdA~%y<%r|Z!8{??1(yyO^wi-3yBffe!FwGYBoDEPd%c83! zo%9}?wwn-dT$Yo*FxU?0<{NDbVgbJ}F4fZq#>Udw$6z+(jBo>t?POz>N)G2owVkb; z!kW*{OFqSuEfO^~HSV_a%z`i*Kt9ZaS+3p+FA4IWIL0aU`G8BjTLffu(}E~?@V-S8 zo={*1ERQCHW{&}1aFF228_grIab`u7DH5oiF7%m=Eh(V|gNKy6-b38txsqYImT_r( z+~dlik3gZ!W#!A;Q?@hlWhb#jL&>1Vsu&ju@Ka4tJqA=@oF&cgpSH3(omFfB-;)$= z!gjZ$11b3OBP|j@j}UM*yXZ_FeU1Wfg$SC>)d8!!YB!p$S31wyD4ZBJ5)q?@+I3oO z?Cp)(I3eN))FT|ezrckiHhd40pmeellF+hi`h0>|ySZ0w?QP=3V=vM^xxtitO0|cw zDm1NU#J-X72?!?Goi_MRL`dqub7_DeS!+Rd>iwheQjA%XbxCv7?sy2e`nUCTH)!Z5 z9N=iXm@Tc-Q3|s~OT8~xvJF00rF8NCpb3}!@|0@3Y>E7?G==W`2O&;%wG=u^mXXJ( z0z)|uyYtwqUc?c;QzB6^>6P_z9JeC87PDBs5~wkfLh8t$r!NXSuas`wxXths48qgX z6B@_hgf@1=c9;9nSu?tz?I-g{7Op<*>ypeiO=Om#?aP!#N|gxT36Y{IPFnkpNF{u= zcD!iX<$-|q?{B)3xWD=QIN@CTHX@>Uu6%Q?=_G9Yg2VQwA&`b;b6T#<&%4&Ci| zt1A+q#5SNh@^V$R*)Nl6hf8hCDQrT-NDiB()oNZ>cOv?Xm|0f#dVOr|=cq_kUHb8} zKMB~6z!-T-8^QqSkop-@E4%Tu_d^wVkcra#dolShDX$1|jkLJSAg!_bsnCS&Lc2909(C4XqWM9TWsRbvtPg( zU#4kxSG-rZ5;hmBIp|zxh?vNmw}9>vw-=1ikTLo2umWXEV{I~Q@%jBSKR0f z?U3OsaRt;mBJ{{G>*%I^EU=dJ74~D=kK#QW{#qATQY-@R;k4!4ntHn0$s^m+$_TCbnhqlGA-9_LZIl#-PUf=^lm%iku_g zJVs?A*H>7^>?ip@%CWz186lEEeL@UQ^<#7MS)jU52C?ho!Wf~lA?WuW z*!u$;oq?3Mplx?#A6Z~yWCgOBK#KD@^jdy?QhXE=ZHO2muUhdQfGm|q9G{$=f}Yz z0j=CWKQ8lQVCS3bu!7bxkv)kq2z)V(&dBN5R$ZOB!7}ou(r+P7rQP6JI4uL#VLaX| zkb*A(nh{9o9?XdN4M7_JCl7bXK0fZ+GIh4f{1{>FJ`*5&YRY)v+GNC}8 zO!X}2@^*UqJI?wi9<%gHY<4#EZK45b0-Wl$)Jz-r+Tl@16QJu_zBvmx@L`mYS2Epm z!&1)4Q`l)Z6ac~XJRhHKw(CywPX$%=o#U%VE{wj;l-{^1Tw5r>i|B_fb}&n!kG6;C zkQm9$6v!+1Mn)lJEI$jDZMsgu;x6ySG{TOK($wsZf^7j#t@C3ETXzG3`QH7N+`C2s zsz^<)^gb9*=FqUVn+}1$HwlT|6D|T?2()X7_r5>tR!tf9nH|{b4`d&U-;LE7xzf%C zN=}@T3A;twaRG~H3>_NTb$c(BCSjWq>ya;|Smjz@x<_Tn z{PZ&+h;D^`>p`yn@5qf2?&tP^fUJz9Y61Uqn3z;P`t9Yi*FB#{zl2|gP@-{2h)-X^1#pxBWo(!YBW3!C|CZ2;!0wV$>^l)I5kVgwP5_I0c z4qnNgdfxx}W+NGp1L(I;$zdS^;f?z@{=XUqS!f>jU-ddvcqzzZBh4l6zzpds?ruT%{v62;6#NF6b$T#?rsQ=t7ESv z&X9Y!RCP|4S1!I^_!PUFKi^i4vuhM5Oh%9IW_O0&AyN$8-TGD%pPPnQnT@aDbzA7r zZ&=!ttcYHylDd4p9%RKIN9t0RI<2iq?QNb`sb|&=YINII5{K{iYatg;yvb1qTvu;i zFD|IJM1XX;7yUQQ--zaVPdSrwY2$U^zK;t72`Re1Iyjpv8>TR}j^f^TW%DgOBTRC^ zS>x-YpY+n^XMc~-ikfv+V13==b9pn*7^?3k|IHy_NP>%MpGBN1P(v3l_0ar6eg?Hs zmQlE_gA5LQ%J`Yp$u zM3pD>k~vtvb@q<`e{9V2_t0m|OP>tiE|@01e=+%!@iUcI=CJbsblN+h0RT&eQibHF zmQ;mqT1^highK-Z>h=GZI_4c+V$w|G?BEm%z2abkJlw&QXd=?=&#*qIm=pq&K|uTH zPO8{&QYz$>jR|A)DQ4pSmC9zbB>dt7G@7O-1@Omy4LI-qDoirovb%`mm2Z(~mv@w? z#csE=VDB(r7*F~5jEQ<%Z*}@^g3C?a$DKyZAIM$e;VLGI=6)0stmzvZeKtYa)JmB& zom;4*5Q84%If>`Vo%**GHeVF6KR9A&zabUST-Q!gi0htCqCqK2dwTX#mE?HZi#e;v za_7iy2Yr>HVo!V9iCh~nBp{6!q-of~7 zFxU;T=gP;GD5h9~Mep381$EF#&y-K5whRo-UO>IszfwiXrpau@rvOCLx7f2TiGsL-0wlkjz?swr=NMN3|9)U-?uT>zByn+jn~)K1YE$4~ zkTrRq6jNX>y|y7RBLCn84CmnJ(j!*SgybYgEc2tP0AZQ|`urx6DDKtI?*gtBJ`?N( z%zmM{ZMZ!Mu?gwi#zKOf_21XH$)r+R)OxHx>8(J4cKic)`%mwR|LOXV`OqE7UhUQ} z88%1$j^_xe;0VeRTKr_k>T=vsfyZCe8VfQlx7p-SnB}^wK@{~bJv^p&T~EWtaiD`a zW}q~uie}N&!7O3-9xqF{@V5~KUG4;}D`t2dM)F<7JZR>wft{HFAtX*kv1;N0U;H&I z^OY(5Sp8V*E^`XXORc!WY`!UXrLft}KpBgLXf;1Kv%*b$KbNE?CcVT4H+>d?Sm%6v z+XJAt?98UC?tFJmBP2w%xL=J1sV ztz7S@P6BBt`Wr6_j;q{#QRSV7%WICrHpdQG@!~%wKsT9Gon!PUEX+>_I<+CClInPq zcV(r&v9=g9CeXnIAvR)?;C@xM)%f@or+0-;GRLvfR~1PVqPSkP3EV9X(meGo=yEqG z%(Of6y86u5@|tFjN3 zN3qw6@klPv7F-*Vb7^-lD)RI!|1?oq<7N(zQbwoEq^{P8t6%qpIY2FV2f(~^Ey-0~ zz0>GX3PmLk8u(aTHyCI*kA8Kf-4*1$lXSC;K3N7Wlbh;ORnM zY*;v=4+xHd^T|s-kc#@!UfdZ#1{nThFO?vc0dv1v7fCUcV}L$fhRDv!iW1zl+MRC& zh>e+pnJ9&ajYauK=bP zk*9=u+w)n+IcT+Tq4_{I@geR)XKOAwuX&mYA+YKDk0gQyL8N}ZTaKj}6w)rUng@I_ zl1U=UmXo`SQHvqVMC}VA-V|3tHSKaMkx|0Ksf&*sjQa(mugGdRJMq!RtKLybY@1ju z$2;II-}bOe21%R|w@>Y*cL&7x9V^snplG&C@VsI#_5$dl zL)ilQ;?3Azs|oZmxMriuEqW@~g3w)c4hb}pHrjRRM}mR4vId2mm6=4CiDn9)T$%>_ zgBG>&5LTTNDgUjS&%KL9iEXl$DO{uJmUQFn?N$Dn`!ri6)w4&TA+(oZ3Z{@zSPb*P z`W*(>9aUmV;TQy8M8b4c*;z6IeMF-ALXA?zTdm8hinkYw~s68 zQ!A`ZvcQR+1IoO=u1B|KXue+YM7J>J7zd^;9xqA z4(&o>5&5xb^{1(*(++t?&wJ+$t0c6hAlhRrc9Mu{xxf z)dK{PSCwo}lkWF|seEf4D!gvZ5PJ<3x;AE0bp!0ZQ6dGB5&%Q(ZBPObZ3489=fvm` z?W_+~Zlir+G*>ZtLM&)@ksS=5uETiK7Vy{)bm2N)!9 zRrbOGjfK|a^l(DE1wn@p6L*WUXCsY`PhvBt2>O7U{N60R2@*onNMNDes~KwkIi-t! zL&1OW{x2&)#lZ}+D;ulFo|KnlhYCw60H%OKh0=}wxACEgprTN<>tZp%!E@t-a6VQC z&7(@T{@}-w#Yz~@?kb9Nce}txcZQM^BNGZ`0(3nkyc7bO8eLM@uGuggSP@--UZyrQ zs^bEqoZQj+TBu0PXL{Za(3kFI$fucd5&y(2f=`M>ihu_V zVF{<_4}77vI)lfY&jON62jS$qRC}aMSUxQ;8i-iG0waS6V}0| zYb%ShRlg{lK@e3U8s$UHHo zaDh)7)7^AA2wZ@n3C>p$gIrt)l&U!n^rhNYXVo6nHC|WPv8rG+dZLGvk!oANOUQ1l zP8(L;dcMm*6`i6V(e55$tKYDEg-*wu`_4qZcGR7xWklEnmng*Bj?%=cX)2o>SUDYZ zc_8fxAYtQui0;AX&;2nsJR46h0y#c1x*30Zeixv?!6n|~!@EpUM?N~buA4d_5lQob=yhfW;;wC_?!FmwSJzjSWY zML?ICq%|vsG)@H)t+_a$K-2~kppwQ-b>1_>!@+!(YWBnM<5o_yM+jvUB(4fliO>|@ zfd=XmX0lx+oO<;d9Rs#_wcjx{CFKCw{VPUC9aY5Okkl~(5~d&A5fB8~yf?%wtpzfz zTG#3fCxC6Q%=VQ$tUPf5R=-P4rDhGG2=PLg^_M;a_%?JWYjCH%P?ZW}ySu#_6cF(1 zS`eb~mW5RKB_6CAcodERQT#L*`mx6z#PN2g{S7j;wrD_30^sn|pz`Y%5x1Y89{}2L zAiY|UpM{?I?*1mlkF$N6aS~F&g!Ufe4FR>|&qbk!W+XjN7Q=j0Bp&P$C|!ZCKyoC` zaPPrzJoJA9@i-t!4tnw;qVwBgR{LvGNc!c}_s)pR2x zc<_9vOb#aw@PK#{FiyF_#%il7eT6bCg{ml-%?l2qUDHStpkWJAHigjKEA8Ekg{N3k zkW+m*8y~C5djV4bDszEWZ&OoKx-IN^!ppronN}Ec3o7RXQ3SpYeRGeIRQU7}7zEow zcQFDkU{=_DM(d|m+2utY+WnxXSpa!DMn+;KtmzUVTeMv%C1~!o!Y^TNVkWg{IwnF2 zz1WWeHq{qzyvKm!?Sznk(Rn)=8*E5Jj68RomU5CoEnB_lgih|<3qC?JTN3LTX04Ah z?OBLZ14NxrLfjV=7Os?X^H`jItC2hv)(~s9keYKz3H6G{W0EV?L_0DCIpsmB^Aw=> z9blk?09W=#j(^fKeU|xN%WBiNO3-XNgA1hvC8`9M&VB?eE!xL1IO0j+;96JknYl8w z93H|o;h=0%c4}vHE;cGkbqWR{8Q?S1m}K^n2&`eKVzPTzf20Zu<(!jw8|wg+oB`^e z0_E$EgXJbU5hfGaqS?z#AY~M~cuU9lwM^`|rY?F!v@x(ROaf^#*Ix!|CltZ^g^qsl zq|C4e{y+;O74=-sd&$kk7;au(d+;W%u|D1{0VF%mz=A#pe9ty2)`%0G$E4t>Z-o}Z zOD$jwcZ?}vahW1ukV`4R`ywb9b1TE%r=#ep%)# zN1&UH&Fe!0)F_h?om;WDBF90zB literal 33608 zcmcG$c|6qp_dh)CSE&>sN!pNYgtBkRQrRlYWEqMidzQgiOG&aNA+m&QGmK=Nu}q64 z`#MGp!i;4s!&rtf_`Qefx~|{-``-8GzQ6bP4-YeD-mm4n&Uv2aIj?hs-qh1Nbl}7R z5D0YW`Ze|2AkZ#B;3w*@oxoo#o(cH_zjnCa)=~qZT2D>_Z+6>W(Y*o!6-Kcz?(G5I z?|*d7#2o}W{EhjuquwRwJ_r;va9#b1p|{1%K)?G*y#K@+LnvS|gU@TV!R2=B!e`-B zVK^VI!T2?MM|hF7vxrul%xLeYlFVbJ>DpE%ahXmHAH~jox?rK3_*gyqjqGR8?kjV9 z=LKG$c>GG}_fi!Gyg7CzA7gB6JT^X_t*5W27ZqisRo`wg>| z>{dPhJ4)2CHSzVSYKn4|%K~j^b*zV%^`g?Hk!*o68H$ouvClOkzO(Z+eG+&~??o<3 z|3SgaK_Aae<5A((#n~4Oc}Z!v$x#-v?LiRe02cz~Qx!m-?l#j3urV)6aBD6Y;+1u^ zS7W@vwebLpyI=?%2PXyCtYp_^CJJ>aR&4s7t?b_ZC;cT?I+$uOU-AKo{O3P*LEN zwc0OyJovFi?j)zYw!=B%C+K$|wQ<85CHhmYZ8tW&TpymE74i>lx!)wPezKb;=5}M3 z)MYe5WivVrPVrTM9x^s~w9vHErPh4xC0#_2iqaMXi4+7tW5VG){-FiecDySnLf46lHxXBD>|jap$~iXiFwU6 z*M~yQWudX?F;Tp!pm$V(v|M*> zsI<)lPA`V{%78!@UgV+N$J;8sf9|U@l5@HrygT}+S44dN&&uR+k5HQ95q8NUD>wCi zqlZ@u6`fpWpS1~_2W+gqxZW39MCeyf39UBIr${IG9$PqAGS>-NsFPLNtR;_6`t$nO zQGNNBIfbPq`e=?q%=;-w*ZU~7e5p#Cz1SS3@(zrA~iWJ!;T^}@aoLKSYtT^O+jDPlg8YWz-Fb~yz*r4Ko-f2^)Tapyb^4bm4 zOhr;#+w#UtjUn#O;H!<9@vIv)<-&rICOi^&Z*)z>UKMPyEiNZpEuVc_*z?<)Dvj0~ zk*1c%qDqZM^!nfhBD0Idly^lNjvw{>V0K=$H6K10H5zQp#cP2;H!qq%Wn2ac3t!&V z8JY0F3-K;mduS1r{PfEf$_FKDe@M$69G;+>FZuI_*xw4D9 zSw=n2#@8Fh$Ee$nfBIa5WQm)y&Ec)hL-lrbS>!F0l$NzesBRjPg!ZgwyEy9rvoe<3 z!%F%DXT!NW9b_aThP>SOh#zL`B<*ioZuT-tE85v9K~kJlIPU?kF@R) zbRg{KteX*=Uyd~pi*8F3OuBs=wpvKa6T&WA26;YDgYcqI&$?KudLP}Iq+yC(TpkJv z*~J3-r-clOi;o|$1W^1Y$OQT|x5xmnS9|lf88LIMkdSPJw#HPjVwE6GQPS0_dA(y7 z=&@A}+0?{j^`nn>1~x_6PbSAKi}@{Q#j2|r`(_E~(T#~6AXN!N*nU3CisJP-@$e=o zgK9VcS^#z#tH6Mn-n_>=GqBAL2zd0)HTps0rA-W_A|@NL2=rbxjqH|;Rg{v%lx1S`Qzof!x3+VD=?{1R5Sn${ z0csbL!10TUit6Y^@p1F4E>-M0i!Gh;`Ck4q-nzPMR9t3rqk&RY)o{lm5^jYrt7)4h zJynsrMnrtCx=miV#ri1mTS1Dy9cBMg`TaVP z5nHd-M*fZRvmnsG>3qx$mwMu%ThI|KSpo!7?Y{{%1cte=6Q==qmd9uRJ8wT2acv&9 zb{QSIw;S~ST@56DLd^AxvZOS1%4=WBU>Uq06;e9u{oZe(iZ>9wO4ARZ%;?rp-J01e zs`&#v#rYTwX&t-R1?xCDIe+a<2L`QnyR{fsewPR0n&ma#pcEAzKC9$4>``R_QF#Cy zQr=Bis5Z4hDh8{x806aWpi!dW;HHO_y@!*N?s_F~Oi$EsFu+;0u{ukEaXJZOmNb7a zs$r~x1%N8zIZRhq4I@J8G!lh|DuII>7jMf+l?Md!5`n_uaMrktp}_HXbsUM4?T*|Q zjyjNtV024#VRU9DKTV4ja9e4JsqP=Sfty{d;STO~On)T9$UPMGR>Y&>SzA$|vclcG zSCYG=N|rQjZknB?mC9baD{5zx+FD$O2`Htx2xcK>qfP;9xoQllvf#@%cEfgL;-4D` z4zO8h?lm!rmN|EIAq{`|qLVUl>ba9lV5U z{2^#AQcO(!k$y`4s5GBRr;l@K6(+!UqSkbV{WqTCaSjj*?tsQ}VcS$9 z`StbTs*LO^B}o2mmj$#-XM%Rk^Ypufwd+>liJ=4echJ)29FwD{f`SY^@iYvZUMC@~ z2u+JiugsKD__=|HS_bg?d@D?dF+}FN#7|3$jk+a{FROU^X!@N4&fv;@Sh7OkSnV#k zz#Q#x3n{7t2e+yI#FRQ^e=ULEEk;A^U|?1wTzKq}bNb|uWAcR)S8ZP}3kZC=n(%z~ zDmu0~<8COym?djW|29ept37iaETK>7SCmtl{VfAF$dD&PcTvx1B|}i-VqgAglT*W$ zFTnGr>SkAzy43_3Z%QL&G#>=Fb(zSyy42z8*ye-Ho^|lI7C(C3Dv})Cz+sWn|1TeK zVZs9PFlkNZ%EWG$&kZY&IO&;IqIPC5?(rX{Fu3m#GkAf9sD!gmgIyu!>(I-j5ML;8 zig_Q~VDQoN@s`J#sg zeGO{^ERTudWzGYAfzzyjV_my+3;Idg3ZdPW+s;Ni{K}_Mh)u;R2?`I13F#RuzjXGx zZ;$W86x+_hZiBkR16(C2@hEU~7vuU~e<27Dqmj7H>*p!nw+F;y0&4M?9AEv^8G|{7wOl8E^XPi-l|;E*kK$`5Ph{=JH4cv zczrJ})00C!u zC4(%u=O#@rDeO8^REHX^yK<*)%>s^{ZZgpjFBE^;#mW1iY21G;&|_ucAX zB-U?{wrj}OH>R-iQWY@2*D1t!A9F|aUhsDCef~u*uB5cob78CnAYq14@pG1i({3?cqwxji829l=`aKY+-OdnVhCo^r zw6(Mt3n=#jq(J=C%9kill}cFsE}dwmg#Hb+tb2iAAq_(zNYC;Zhq{?y6mtE*p}fIuXdj{^h>&cIOfPz{sw*)%6<@UjlAdHEZ5Wu=dQ zscR?b{T)MyGY+;+pYGS%jB-t|{VH{F;2{%qYg?FcOCh-fhcjA|+66dQLx}PgO|OrF zEsridEs9vuyw4f3_pC#y@7@RY^Yy&ki7wsGwazxNB&G5ZJeM;J$n|>xe~^RnL;T_3 zpS>QI9u$`zvn^GRD{~ERe!ULhnF^0i$)~}bgC|(Rk}24QmJa*iDBLd4OD!1506N~9 z3ZMVX8qVSulC_I65-cSmvBpMu!l95JrNNI(Jqa8&Aj@1-D7&@(EWD;1;uxret@djM6WS6sZ@MxaZwJT`bwajh{L?T*Jb%hn_6F{9#I z5q??1jKlA}%7hZFETkKr9q7BJol~P*3?uGNoj*Wnd{K0`wP|0V+vmRoPtK9<(6WA z)4sqw?WK8~c0q)qwfTU;#XegETYOIN@G0u%?sU(mH^8)^vpR&D@`|illTMVp(zy&@ zE+&mQ40@b?6S`^`U;Z-80qqK-e6AVz@tT$yD<_XQ{&qn)nMLQua5zi70g`NhxC1#>P`~Q#pY^Go5J*K2^#R zm+1g7Ihao;IKM56WROQ47{NzDk0Sw1$^+kXa&mI>VU&1P{A`nw98|1!?|RaB_%#ct z-NX>miX+Jf!pGVto^09Erq28VGCGx)M}_{Qg%Q{Y0u?_a+iS!2d(9FOl1{0ZDlGz@ zA(TO`U7be>R;w(MH~ZG0)^Po1_ccD>@d=&`Tw`q$moWr_)8DfN3w=gV6p2JyU4=(m zR>|(F(0@s3n`MpSY4WwwYttDjceQ3Rt@9wz#3cl>3Ww{mkdp)k9!CY{o&tFI!5lC` z*-GRA+cl!=#pQRH+CTS);kp#p3utZ5U_SZc-qtINPV$Y4&faLSBn zOkWyX0nAeHn$6)m2zsB)+{>+Z2#0(3hQG~!1LEW62~gHKCbouXvieE-8m)VSKu%X- zx1gbYx1dD}CD9#KQ53>`^R-l(|;fV(ypn zZPeD|!A!V(e`sr_YFtTWrC%`}?1jd_H8p8qQPCW}vtKdbIVAyk5eb2s zJ?H9LaQMc7@p^uE)6Lo0c)b?{LZ@SLQ0j8V_!52827O=_ab&#?_gN=DVU8R^_Sp{5 zm#lYzh%dLcaR-VU%@|mwxdjh_Prh}&l!g3KRLDN~p;*c^KQBK&7eL3;DqBmgC!gTq zkpj=~0^HMW)-c!Wl*rRTx)nqBYrp-JFG~pr+p=-KHw({H*wtMdRPb?S16Gie8dIDb zPAly5>#M00^8ouHoah3*!+|f7R{|J{uPTX%7Y zJa+&Z-Qxc`@7zLbhm14fXW%i=D;2;O-&iE3h>Wbo_?I%q7CSn=)n!(Vjvk9uu`q2g zyGdWqZ&!$tz{R%f+wWO0DU_k55oQ?8oPq1869^Vi-!tZ}#Ribr&5rynT!c7_Mi`4Q z$6$XGqnvLXj}GwGHG%r{H_R^!(56KvG4Cvx0U(e9A_IAiSA4(giMiyiHEAA*PnPxr zAo`2cJ!t}k8mU|asSW~qjg)n8aIlW4Pa!P402E(d8L$wKa-UZ;&K>XbnV;W8B9VXw zk8dvO*BPZw{$xC)edCMd6F`IB4=_J}xa6}=OlSaXtFpg${%F+_aJGngEr_vkcho*m zyEL#y95)LK3&4=->y*8xz9S0`shm5IH$FCBX0cK)6X+s39SX$!xj<5F^5N2}39*fN zKG21OKr9UFB$LV6sR5=)ocfa`0%QHB-Ta#SLq>UF<=Qy8Lf z#{HtVpgIZ9$vY3I0*3Zc9VTG|X!!*Yb9-#K+BbGN;P;?k55?5~j)r-U|NhSH{RoFg zr9i~{s`^7hwAtlfVQ||s{gM(cg^LDeE{1zc_}yFpldgN+Q~d;3gBEa#EO9yDz{UKe zOOtVPjZ=FN+}w$*RmD&2iX=&|IoV&5chdjbUI9tpTO^G75KlCR>YZt6bG*fx{MWlE zQM*FfT=4s-tqsItF^Jfo$+Anzi8{Mo?#)@4*~4m`*owv{)C$us9H#}mK3?@;ME{$d zhf}$5XMJD~4`q=JA>tWAAMEZRjScQ^s_-e=H5)jv{=ML-%*l6zY;#@ziu=WOhal58 zp{hH!mb>A)2A^MB5U)TfmQd{D;0x^u&UvV}{nC1xH5|{Y`Bq^^xJ_@bAZrJY+>lQy zYln|^4meF*`WoWS-V%6RzVHKogTf`6fL7MMM<+hL3gUM&D@aHj$~HF$2$N4VxB4UH zq4laf)bzs0EISllpuK$M!p`Q4ZqEI(tjUNu!6czR?=;RIMM)EC;#$QV#H;ykYE3N# zq#Eq!pN3st4`;=wd27@RZPUK&1xefcZW@tB6MuF<@H#FMUoGpk-Xtn@dBL?T0HrMu zWFV-gBP(OQc>n0=b2Sf@FUQSt`>ltSkg*ZLPDt>mp&1hF!fGWlW1Kpz;jbcQ3?Z6z zJo%$Ku|#+1m+@CM-*>)%$7oAGTeJJHBKhJvw^tI8dhQ&fP|%j3#It6|@(o8CveQ0z zV$?ydgFQ?R$9dp-HD%oV5K!|i*9_0m}jC|1bEOjaFZFXYuw})rsMk{k* z>$wxJIhVO>GR?)h?Sl{Fewj<|K^%Xb$X?rG?dnRiQE}SUFJfl`yXme%8Fjh*UZlRc z@CB6lbc!`6Ms9={c2cR85v*ybkysZ9^8wW+*-szN2qx-X*jK`@dGRv3?LDSDK&>FB z{BLP|z+k)HptXw=I~F7}sMxGgH&s*l1AS^Zyeht>6ouY~#%Tjz@nB37jv z3;B(E-QRE}vX_1;d#DLg=0356J(>KeQ*$b>C@W!q>&-Dk_H6sSG4(r6-skV6O#%mA zt;qyS!{=msd4)dZPn*;70$sgE@uuniJlYq3uQ5~7INn`QfG%J=^%qYDNpY#NX$8} zDL$F8^D@0gBib*17@hf}ko10;2a9fvlADw%_B#HL{^trvdW5%L2FY^3j&^Tvz4+ST%Be}M&^&>J!8xOzT`DY?reu0F4G-p0Oi_Mx69S`P%A;!pl?vT%&ySi82c&px!s4cKG9QNmf6tfNW)Ncyou?0w-82$u*miOz(kq_Yt^!1cy1_uu3+uoR7 z1#(Msor^uu1ro*T3Np6MH?`#(oQa{>Pp&mGi+_AO0N1ztHDjhL;Hh6K&CFj#?b-`tnC? zfN5)MYoD!r+?tr03i&4%>;x_D|DPa3f77f?D};j`d^IdMSY>myjXdPEBaeWAX*13a zSeltxLa?R}8(NbUa1hnKTP(&YAM6UN^dpgbYr2O!8g}s|^=`~|hgIlb3}2d7kmnDG z7Pe-O>9SQ>o6fo>PDR4KD1+;*Ueyb+1%9L@yd@+IB(gma0_-Z3lw1*z=fkK~GT6N6 zZF(~3o?8;1bLz&ov|MuNWN@v52SgiXj;4M;7xiMZd3Lrplaqt z2067H!KWD~BR7+a>Qm2 zl;?ut#u%U)240Ysriwqmt$d0-X|9 z$gl4ay`m}?h*d4)gcR2y6Zgie+DBFm=bYb18-G!FE>e-bm|e`fmxXk6bms+6(j4`W zp5`>%hUPolki#`m`HZJ8r6fMf-m9XV{LnnUEx8=j^E}j#RTb>2v#&}wf8C0Cyrpo!g@-mj z)gMFlTcPj#@Rm-)EFMZuzpWqad7P{wE?P;qEK~#`}-VRHJv%^g=qJi zam1B-iH~0MP=x8iY@S9d5uXbS3u`MJXv7dQjv^>24;-FM_57i)Eb?27kRpeRb!vUF zsl2q@AhXf^1<2%GZyw;(9lLykurxUFe1$A2y_hQLH9>gMxh&q+67}Ij?5N23$@>h& z1HjDDNe8IcRBqhAEHUWJZrPz(@v{154Ya}9PNHx5C~m2ix*of>B#(r{MhtEo*e!hc0(sug_HP)Z#sNq0P>BD&?T5+D1OCZwBrjNKR-X&$LDubNp%Pa zy8(M6xkHf-OFU&!)sWHo5vxLlITh=b{-9TM#fHX|#Tmy#@GGkRvnhcas{oiF z_DwJoNPD!=hWK?lJvp|-8aHYd&=rl9Q>(kue%3ztZd!$T_tTWqefZgy zGczkevPpWg(3adBEK(LftAMM`M=_k3`d)d8dHMY1_9+lJlslau z`$?D)t@~4Saa7eo!02MD?3E*WM>c;1$KOA)8$MiXyeO0{)@{&Q)aoW^L+C)B4IoXJ z1apzK-mt_VL}ag5!R{{y$2}Y$3+J}KE|~BU`Idc|t8S)oAXKK#p}~JpNg6)WR^}p} zk0KN-WFPMzZj2SNTqi?TE6#6)z;BvT?^R+;t33)f#{0Fkw4yd~4peIk9b3(;JH8Y_ z*bHMrCA&VWH30L-Wq5Yo*I|lrrcQdb@T!t3b{jZJymci@OBKi^Gi{`xEqHUyVqv0uu(aEDMTfyQZaC?NCD|(+>?Y&Ng>;Zt*)*D?nQ(!OLqT_0yzZ*Llu@>kP3Zl zxvwL2anvP+DjuTqNVl@`jN5}f+A1TAh%)S9H^&+AK+;>xh=Gc)~V$bAz) zjK6)xbUNL%>I}+rBvHo8VfEX*(AO{_$3aSFcpPODK0hd!Dz2MSUHq{+|J5*5t? zz34LgvXygE-lFM~xOYuw(ar&A@&-#dl~tS#I-?GI@+-7ptI3=V@b~}0QqY%Q5kJNi znTmeo=r}T99pf9B4WM($b z4h2H2?W1;qg_=N-6<(Ff6-Dy2+QyPLiUk_&7ckp{MyBeeZoa*qc+P-J-H7pk_@*$a zV|=mJK??6|&hVJ0+G;~oux1ri)XA?(f@mVP>cXb7Pdaiv2fUS(Al-om@mSE3%T91X zdTK~>ZDBNZU!3y*2mYEw`scU3a*G|~n>3_t=}e`gsO@4jRzoIUqcLnKXI0$TnSd6g zZ#2c0_)4O^Z3|Bua{YGRUk(+N(CJl|SDi;kpsV|MR4UFbXg6oG=rB%JtOT!IVKkwl zB1qwKVKisa#x=9_ve~@6&}vIkM6J~==vG|WScNg4nxg7chG=~blPQeRi1g2#vxBx) zwj<=PKmo~WLyAb9n2vpe>`sN&3sII2@2U@(A zbtKoH`Ax!$&F|vvzrS`M2YhLi05gJ;CE9^>;I9l7G>EKL@axdjVX*xOmZ~7~7J#tf zaQr#o#RCYIErmCP#J|V10}Si;gJbgO%5&o>qT@T+AMwt`Wp^{9>7j5Qp-x;OZi zE~>{F>UM(XSI~`72jfT^`3KkyvMp6E=5A(m=uD2ss^~>T>h~mDf|mN*rFrwgNBIMz zllbKz@ru2g?=1X=r~2gG!V0jDZYjNH#brG3B)yP}@cStCKG--U(NtkN^0$O-J6??iPy!<}ZoyHgW21m4C; zTgB&(g)iBCU{m1mJw!28kc0Q-Ctui(>v8-{TJr@8MMkB*$IzYc!;A#uN!S}dfHBQs z=qKlR&Kwi?By=)L`GkiCK~3gmQt;q%VZRSyR8B;R9#oc(ejO*?N*A99SulI>6k40| z9NTVY(4Xc9b~`>FYpODKX~23)tK0Z!6vM!2@9#N3LE_7MUb4(K+E@9E9K+#UMh)@v zwG}kVKtY*8g}gB|z~b%dd##W)b;8&8dJNtgXP&vzBS<@i$hkX22B>jUMM=i5_ROWj_C41P&u-U0y0Nm%Gf1hV6fnI%>m zwnTbCmN!<~sQqLHB}3A6<&B`G+`ALf1G$--{K0)<)o;4=1my+YKmrMG>fXF%)-bxq zA#3IaV`#!|LS!#8C)3J>dg!Wq)QI+#eo>tvo0VxsmjmbT{kb7fbyV^R94=(k7(bJV z0|-Kiv@IkA(WLwGF=BV2thC8lmWb9@R%N&knYUjQwFlM>h*nzlp=vfGQZ&8YH>1~T zH?&CS#<9ao=L^*@a^9dL>b$NhawMs3lkprB_zFzIB#VKw@p!U%bL^>)TEJwM`pDNu zVKu0%qb$kUOXeNeWjO`vAk|%ec53)(=8W+2rQ+bU0+MDF#tU6zwaQ&MF)7QV&K07k zWVhLpww*b`?8Yt4A-TMU;tIYd^~(gTkblIZCRiYz*!>)%(0yI*4Ss|hB7 z!~Fik0IOywX)Sk&7|_YD&#;q&?mltcTaUNwrN~^Pt8MC;Oxr8Z=M|--h@^SU%dPF# zyP0?Yk~tj(BvpTeY4^vQBT}n2-(cCV_p7!qpZ6ZOo3)%hT?swA9r+=(Z$jzcr4Q_T zRb3+_%wb^>5qy=5W3p{8Uw(6_+r9fXh3&o*L_DEegOY2JsO%kbbcWOL=kqPB*^<&^ zj0MzLMYnQX99y{NSspiNcBE?Q^$V$d3^8#e&AU;j_-=arOl%tFRYz?vO_=?+^#_qV zvunwSh6>B!&um8@h#Fpn*=TNilTb35E&Bmw1=2nZSfOn=f7Rtl96xrs@w!;N%V8hB zWoorE8k6L8eBkXATBsaTO^q#J$g)~N?6W8S81x+sWOE8{%LscIw~EBKZhZS`XMN8_ z*AJGfZ?mT%Gp^|}NpOBZhTFzbuD|pSwAFU?+rF8!$qsU2V&ZKD4gFsScH^qK-P#y$ zT{%fO`@SNYhBQTh(Ww)SRZ^ATUYrH)RhU`&%nk~U6wo_$g_H1mejQmS07LK_mQd5C-NS4I)dTXHqH6%K zHIiDfs8MCH@0W@08xaCOZoVul(aGkjbb8%+VFLL$?)Gr@QkSPj{NiuTxs-znNTCi* z9k8!;5X?_2?vCE^;ncHT*ZwMf=*eN1HDY{BNY%$qRe@*L66Lj8pM&j?C zuPge`9nOfCw)noAceMRe{aR=K1u^%a@voD_8B@y>7FXHfYAG+U=NC`=NrTZrg*p3v zi~9;}X<_l(IEEliRj8Zb(Jywd@kCT@J*m_g{~X``R{uqP-_FsznwaRCmu5W<|J*x$ z1V|($p7QUGLaa=`G>(67d?+P`WpTaSa_WjrU2L28SI3-QB_0L6UU$|%N>G5pv+7ir zukG$qS!m?TZnT8z)lNi=DtfMJ*GevxEa#Dve#%|xi5k&(byVvCkDb|Httmu_v->%U zY}d`tPSH;PvbRe~WK(Q~X=;V5!&oP-iwl(`A812o)ay)YG2XYCm%G_)EC6(@Ag`zY zB$PJ~?7{N;!5%!1!xGH3gCl-WMSKuBV1Zs<9T1U;Pw0$Vxq^2ds4Db!nV;>eDp|s; z7(EpH<8%{VG|iAr*PDDDfOtctqDZ)Js%uXc<6Jl@+CrXvzk3lS*GpMtM9Xf52V28#gwQzD?CMV6ma)gN<{D zf+0&YOB?z_@(32-m7MPV6pvrjCIi!`Wey|B;w`gWG#OeO1QylbroI!nlKVvvxE{yd z+@?b57-pTsFBY-qJ^wGF0#s~?rTyZE5ZFLf#qC}4GxVjYT83P8z%TF+iYK$-(fal! zycFHzn`gzp9aFTnwr(9V;op?pQ@kIyXDeo%1_}~fMkKvvViL>8LZK2m`?L)4FV|>A zF;JjNV4Ks1knO)?kFGVA=mY8h(Q}BYCXQ9s(Qfnr4#;V4X%w{_&%derI;!9{RA(F* zfUAi{LG|=+x~S3$k`=t1`--nCsapPtJa8p+k_i6SU<=|9K#~nI+&GsDZUV2hpT+w; zu2yII(l-XMeBhzC;NwP6WUE$1x61|UB^8xTW}0hupn@zxXWMp!vGRZ;an`A{6@9bN z8Cyq>O)PvhxpEUaQwp2v8BYzg_#O5LJHXZ-*=v}4l$dx6ebQr($;A-mzwFPO4(Nx1 zY3Sk7y45ya=q2O3R=}Q-2?+@W{xc4QiR~~j;a4K2Of~`8WLBShL8dYh1>R%~RZD1j zUzP!?+mu#*KHYct;zGF3 zJ<%9K>f{1SQ|x4H$Ey`D`;HH=^U>5`Xb%2e-{Iq}fp~o-lIXEfEN?=2fb3JN zGTl6|6MSUD04cKZD2>#&k>Su-H93?-_?uNd+;b5pt=I8f7ULpIfLk4+EKIl)#`={O&XSQcdED=){F(o6eMh z3ybGO?c6CpA`jzmhXH}~7TdA&jR!FcTJG8{yw5}NQL3px^{eS#`~Rkc|H4yb2dRs))Yv?c`ADiR12B&o)NTbPrpEFlwwG^6FaLdII0@+ zlXx|k=<;?&ZSl}RXuqO&Y0Om^DUzsmjHwv6Q~gmQXv}@3m00#bRvk*zBbXhJyfunF z?Ptd0w#TD?1#=w2JJ_5tdM62w`jhIG*ZKmmxj3GtANvz^lB5j_lSdzSg`{ zg8Pc&2rLrJCLc((=p0UOG62-TQsGGr7n=ce@ax>F*O!}6_|eRzWQyN7kl2)N2)?il zS|Ychp9B}l_LJ^VI?))a%L^_x&nr;=P#`8zea5PR5F3ns-~4*{q#3mJFlqgw(zLva zAq33K%0{^OjgsOmjia7i+&VQ$NWA0DK!WVG{F5bPjkCFX@-YmR>TyNVz=2N5@6Z>K+ujmd;0LU$<_8oz-3Sh z&&i*b84GP&Db|7%Evap_2iMsXeWRf(QO9mUIo0h#2m3HEk+Smk^V{Osx=RxStP9?L zhM7|p_(g@7cl`FRzvpS4f&RS{PV1=ENQ2{^FC8s`R&J?TOJSyU@3g> zRz^G60~O^PF7hU_8$w?8m$@)k%-ogdEFqV3hw;{;0IE#q(iVY?t6(p#{m@D!$a+QG zdzq5pAkzv&%d3l}c_?28Lx|`GCz!Y;2camksU_5GlRDUE>t#G%edm{-;m-Pr_Hjph zI*_`8eJw?Y054`~79ZFlvQ^mv3*_Uc`Ymi=Rrzd+3Kcs4CC4U~WT$DqH1J=iS7;4|avR z2JYBV%(Z0_7QkKW1p7Ak04g5=hq6^`@qhOUZUpq;brKh4zj=7JCaYuwoZC@+=+|II zNL(o&odndE$ReI*PkmQ!#l8s#01`JmYoc5Ct~=FUS)K=XGu(S+UonVV$w`PJMyFdnc?J1 z9ATXAdi6`rMp>;oeZV|+-f}J7PjQzo@>ahLTW@Z2oab|vjUKg!@w2B%9)}Jx8)_V} zyEfhqy?m08crEFWl!gkb=sM3g?UN2Z#+xYTi^CMaeR`bRvd9!97>yfgSG^Bki17q! z*?xF}vsUpoG~PMEWwVZEnxLO~g0onxF3ULz@5@2^GbvxkHDNmjUTm3~8KTLbuaTGI zP;0(GNjuiyb;@7Y-*rDnj!-EoqzEq$nhr7Wo4y9i=iZBM>g)F!?PtHfrG!fHR3D)A z7=A5N3lJROAO>V1-7ecgz8uP*b6sCoXFVe@d4Ex9N?g&SUuW=|`(a|>aD=b(;8j@I zEtNRm=b_?f{w|nth8cnVU1#a>CS%_hV=Xr(O-9*r^ouVB@u%qW@D#k{Z@ zt*A3}`1YaG*d;0FL!gp^ajt*S?sD4tZ z6l3Kzs~(CS&!WKgurHW4f1J}-&MLH$_ToasztV;|F~kndh{@id1GQ`KL$&~b!x-wE zv64U{{1sY}j&vxhB-F(|>5JNULx}ZzTO0~s#beaXMw~C8rV4Q!gXlY8uZg74GFv#% zTBf$9?qLk87$+oj8+7k9)p6#>b!aia5xy1UZR}^G}U) z`q9`d)jI#&=DtLNC7k(lI>4z^d$KsK;8QEV${m!Y^EdrHCPyl+pBG?s%}F0Tpqg~u z4;Jb=db&7mS-{lEyRKjQ)8+>}+aOk@?@3ThXypMX_($6rqQPr^QhD@MN9HbD6mCqP zNpgvo-#61N@|3DDCdTUj@5vA3gP+?i{8`I?U9j@6E93tZm;SHSY<~*Y;6^~7lqE>s ziP>`T2L&scwRVEP+#*O-`+wxsft>A1Xdu2v0X=(C!MgdzYl~g_5Xht*NN!8h>>XeO z7#PyWZ}H($JG0-Uan68Qt8+{ms61TgiH1Z)_@6#74O~N$wRVCMwv?zO7X#E=*VYDX z7OF5S9L>BGKYKh5$G_?gwqK!0N;?yu8ZQDCMYa2N9<*OumT8MU}B#q6;7vBUaaSxft{Wot_d z0w_Q(j@%lmo@{Dr3N(pZnUBtBj%j~O?VEd1N@zOamAslDHhXpSN4r`e#7Qr`m%W$S zZo%1S50sSl6ozInBG^EAzd6S5&I*Uhfr(Ygiv|ndv@K^zhBgw>dj6Dqmo{@Lp5yMyXT<_=R1HRSV{1lCwn9-w|?R)*{eciqVu&hWr5mjC@Y6@dZ@yicA`x@$g=FL;tq2zU8oiRrwH z7rzq+_xSQ_pMHsQqcNuu!WjeoRR=o7?Ir(+LtygH0ey+S{WZL5DF|%9qQ>OA@BD6P z;|OYsWx!E6Y3Zy0H&FXl79*456pu4PFV>=`EFUBo#1~K$miLWzIxG38G!%?tgpY}| zs;&RX2P&0^&r=2NScX@-mp!WtK_G)J-mV=jjqWR2n9at*n}u>=m8Mi$Myh=$e)vYr zTJ!u&2P;x*rJ@4VyOlwpPvP4_hf=2(y88vo_0wP4loy?N~4^RAfX)0qWzoEf>FXLZAM1? zaQqR1U=wXdLt?v|7Y8&C7jHAbf;O0#s3_3bc^N#@V_g%X68dC>Fq?=U#7jZu1c%56 zhJtRt`#^|y3v%=^PRU0b5glv^29meML%8#eSG37Hws+l#WZDs6V0X>?@&%ROcJ8bN zV&}hHNQ3U3ao-g*i#R$Y(vo-6UM1$E;*{~3x*yF|Pyz4fR=u@}1Cmw8idsvdtP#3~ z%%&03?Z|j^=%j?4QVJgHogeZ-`N4ajW${E4cR?NDR$C+HwzgVm7o!Rs$eQMB+9xnP zD&PN{U3d12f2xGXX`0cC{k*2WZ|fQLPn@{G{vQGye`^6yHskE)IJ5S$7W5V4|ek8U{D(hpvZ4j-%c!-FIuqcs6r^;$%#`%UA*OX>?2|sqW12vcc z`PMLov>hGdoNqZgbav@DXzS8X6PEcN13LXH0=;nswnKF*qGiLy0(VM}e}|QO05ZQ_ zl3@q|ZkIsm+uj9r4CtIz-6lD;rEpQOn$ z^rOjhOFW=Azlxh*a0j$tU=O{tMTuRE|GrMZ%YH|;k@4) z8ZdxvHPUT$kSJd?h-m^4vzyK2UEeGHdHAubbJXN72zJ%nKCJ+d9&#->*w z96YaeKMoLi=umQ2?f%E|cdBvhttU)gI(HpMv-?NT4*;%zJ9x`M9fKM}cWJ_31fRW` z&XWB6QP&lL$ocA&(nucF4f)tBH0ihKfO0i;a&G@EU1#U}5fw%rXxhczz=y%l$keEb zl*gv87r&N89&AC9Tr(nLF(Jm!$!aFQkB~t2@pz=kpoolC`pnhn(-^Fy2m&K#<5kB` zjmI?D4cKb!X|B4w(dQbkZl0A4I(4AOOQdGKFApUkO=BJR=jAf$yE@*SOrjqE8Z7d1 z^IuWFlCC3o?E1VqWg`|{pxXZwHQr^2eJH8&!NSh~<}4E$Bc4yg4`y@RMu>o87h(5< zSEingoGT9KL?sdk@J2gH+w|)ZTRyYKTB_%>Q9VYyX50_nEE4rV*L;|lkpCTvyT&RP_Is`1>*f+Y?%gf>M^t_$~u z3#?z>;0wJzgo*pNM93*^FgZ(wd?}s}s@%w?fvZl+V~5mBKAl{!h*#h-jPJ3vPyRl6 z3;KEQZykb~KwI(YJZx??W>WR!&Q!N=wf=}?94RTVvFTus1TBg2wH7~iiuir>d7QyN zo*OWM>h0T2^9HVcXTY~?ZVujaO9ki@+~u^7HnGWY{5}3Hm#uxxl`f0&LiUoxO})(0 zwhv0hK;7aWz3x!L)!ye5L>C7%zB14~{4ayBIWd~`p8K8?(5~=DNbfO?mpjVNMR2$Q z#gqT|>s!%(o|GY1j16FG9KSU7|H0N?0s(n*^Q6RLD!X75atQQZ{kLG`jJZH>e%+b= z&)~~{0$|MbG23~?7t&I7k`oR82{3NI8*~2#nK}VsvJB|L(e0Fy$R0qzz)jQtcUk$% z0gYxnT}IYvEjOVTM1BpcA!CRK`qrvC?xgZwjAL!?CQ@tDp3G4NG>tVpLY#P)gu8)O z-eS^VLirSsNpR&m(bkA}Sg;ZU(iDHgPWm6%c`w=*d@Te}Zb9+NbO3fbzaq3%j^Oq< zZsh|)$u~O0aF-R%%d2Ad7nhhG-7k5EFq4`Gz)nKAbI(LmMuA~q9C;^Z-*1p|KsbDU zc)0N9hwJCnliuASLlws(qhA#LoT=>Xaph{<^f6mi*gv@M(pB}@o~m;=;+SSnO-d*Y z_Hm)TXg`hv-Y}>(lUFPSw6;K4*0UFt%0sjVD{KFW&}EoYyh%ql*BWI*G(}7hO$~b} zREj_E;iF|7U(L{#vQra#GW=&s0pv-S3OaS87kvw=>v&4e#~cE;RNy9xcBe)lQFmMB z4z#*a`uV-m%lWjYrrwkxU)@5&VaVI;2W%S!Vt4K{;vi&wJ9Znr;+?M>j)JA0n6 z5uKq#`cP-3Tfy-`>$#tFpS@eLuik7&3<4S2lAN6+;4ZMNQ(QnQmGoJ(wYG39PfCh$ zN&!?>>J4lyEy&W)tm01EoKHCLj1DaNHlg zT%wq?Vj2ik3Krw1!rdk9Z2O5-sPY!Ge;VT>B$7uNPx6~N-|Bc|N7@lrwi=hz4`aXqpd5H?$?*j9|=zW)|?OzNGxjydrt(#>=@dltT1H9+d ziC4$Lk><8_Ye@bet5?CqYHZd_(GN$eRnw%HiTA9*3=)is-e8--$z{a(x@OfWSy@SQ zE9~!ajpEmw1r+LUReesjqMrCKfGV-v?5QEwU1nz}kQWD7Nvwm_P^9DNKkVhdX@#u`#QX;? z03v;-4)XpB{az-;A)3512Ufr4{?kJUy8$U8$Zy`}gT??+Z_jhBy;(dFFgYM*ELqGZ z1X~F|wNJZKByG-{$O^Q_a-ZxlV{=^l++$yB);pIj9MJNN{1TNXepHL^fQpV>LOBqw>0rHd}Rnyx4OC!v-xQOzyPDQ zS+WxzM&JY#f+MKw_|eb|NHWlzQDY1lX{>W#RdJ*T*Cbh_{L}CKW++WAwBry`xb+(? z@9P(y5`NB|5>T`ec;Rk)O}V=a_8{Yqgqm%@1MNA-ky|4O5jd%sY`+n#t}l-N2fn@Z zqrleh<2P;pS94z;59QwXKXpzy+MGz6a9S*-6v~pVBTHp3OqL;p5+=)7vehYxNR-AJ zQi{pQQW)EjeJ6%OB!)4HFtX45KG&3*&T~J{`Q7*Z{GQ+QPcO}K&2@d3&-b&uKkv6$ zq?8U{TAf$2HlN+|V^6C+D0EYc#?7%Di@RhzHXa_n<9YWXE!e^s*0nPNwW z-edtaf@X!@D}5`|ea<$?vSnPc{@XiuZMr|jwv^Oz(fG|Gg@w~C^<0Iz=y+5_@^tx1 zT`zB*{?P-{Mhgvwy|Pn-;;Cz!3=Do6_E$OZ`uGQZx}t1y)^0z_yMO}17Oq&I?c7v|FHb@#+4$!=GrdQ1rbyC zJBJBixC@e^sxJg77x}Q;!EPFoA5w(g)ymoNTf>fH3vCDqRJqppiDNy>Tw<+NA71a! zBG)cF-R#I;WKc-yX|#DT?6^U(+|6*GTe041%Bs2FuLdaw&*J7{TI5apgpTuFx6oV| zrT|Xin=k&=&A1@VH7bKJQ$_5q3>A~el3Li~GKLLGPa#<47sME8+6KsaTvuOE^lVjq z>M0_eyVfZ!pT~d0?DJWdh>q?=61U7jbItByiVWMO`+7#^M#q{G3K%w(Zx;K;6GmqR z5z?fblbFWZEKOD08eY|uYKo*D-CMb*%dtn+cOy}J^4Fftv4KwegT^IA8KM)Zd0=I- zgTTrhm@s+p7~jjb^8!pUil6g|z)WDGs&MGQN2eX_ar~c7)>~}fDj0q;2-CpH@BjQ7 zkL!zI<={Bhbt=3u3{^rMACn$J*}^{7m$FFRu`=fV)f+jDF7{}}MP>>K1|Kwjs&zrI zQc`IhMLWkpg%EVK+U_U>NLQV$e&?(ZP}3Qp>>_UQ!?eJ_3Zv03ea7sY8Dh9pnd&(G z_&(Jz`M!hB9n)E5$9X1;R6LTD8;dfdPPVM;s|a!^GL&oZZ{ZA7s|CYD$pJi^~uG-t%H#YkNGe{eo zpYackj`9Dr(b+8}+l53+8?W2deX_D9+3)?3%yvcuJ7o}|Myqc9HrlLTz5SKCnvD_O zhZ-M}8wY-+p3ag19VHTh;ndpC_U7bsYHaNp>YKf-_P81;iBj+V%Enhl>cN(h&eZM9bWp%yw2_>8iSZ^Y3a$?tA zBg}-cavFW>DT~K%T~^13m|4hMbt}D9S{;9}+g?Isn|Z03hIeM=_D=7*+iZ_O>@5~4 zmh)=pWjf)V4I6FZawar)80<;n)3-I3_3$k(%lq)lCanV|#hxP$2AI;CYV|gkD!!dT zId{0UpP9T|e{?90Ze_i0JO138m?5?u72usQQc$Ao50&68cGH1X37zv{V7YR`!`II* zbKfT!hijWZ*HiuYy_M+61D!^YpL}%E1y?a9l|^_>=BDlY7#HvSd7JkOm!xc+lS(G+ zM@t@=oSrc9O5?M(7OrOI(+L%(NkSgw_fpx}_hSbJ&GF&#NyncM%YCok5k3F>+9vK) z;_GWC&Z|zZvChq6A7|$*oDF*mrlX}hqi2c|bhbqEw~X$`6TJu9Po5UOc<~hS;$H95%tp8 z?AWR_vBO!U90!*jPo)*!D>!wJOh)Wmg*JZxR_@ zN&eFAY(3))iy+nCJi|5 zn|^a9pt>VTPmDeG{Hq<9ALg%YAH&szo63zHxHpip>4zwsV1XM3a-WE&YBm-GI1MSJ%wW;`3i|1d3e&|7kT`p^1b zMq+<_-TkFMr@e(R{>Mb?->iin%NGNt7@#N&`elEL{~)k1>tjR#IDio9h(R21NZx`6 ze26ZyIoUu9fkYO8EnwnzL(%{xy7uem{@Y46|2LimI0V3nn0lR&{p?xdU(zX%v*_Yl zoB)Vc6eGHH+WehGiTduPg2O~Q5m?*4CtG1A|K*C#-|S5x+b==Kv$J)d9?b6TXFt>R zFjiTxD!Pi<3kZp%@`pwpD-jB_Z==70EF@e+QfV?01A>j1idy=E>F1lD-*Uxj?R&b0 zWLmQ&$_Y?aM<-pp9L=9*1Br$r(EhXver{%4Rp4Cb*Au6eseQDQ@ej3gNb0ImWT0v6 zn$zCsC;#eAx}f<3Qchr2&jO|<9rjzE=~O%0*O7g;-~hx5{uMI-m~VjlC+Ydta{sp8MeJ|%fWj{sXqfi^&&7^1%Y zVJ8u;wzeiDd;D;|5gWC+n1?WoAMX2~O3Cl&Wf8~#9Horjw5E7^IXQqm#|9j89G!+kN&c|7DhUJW#ON1A&Xiuc?w`G2!w{-1bn`~ zvOV2j;*tMY6#bhm^y4s76KGqbQqyI&b{eeQIpS~-DQk>m{}fJX(EY6F*1^Wg5X!0!;g$&RIB4!vHJ~mI6I!#Lh{R618PWQ1+9$pJ5)^1o$IXYBy z%zuSqQhE0CK3cQSvp-w~#ps_O6{|XKb{!GR2{Mtzgvwpo^rKf8+2P|)HG~qQqO}jP zE>%oU@@m}H)=Sl)+au*0ukQ(ZNfv6CI9aoJ_^wf3eegCl3*bqjQC+-5oLUaav90P% zXoBwbQ|z}pRXN-9xfe2mqtOGEZykVLPq$)hCxC7kdm@b zEe&K6+e$YK=~*YYXN*$4Un2A(9-1(|QpWksrJG-T= zrtbZ65D+#i>R}jN{w`;0scID4+mlMkU5YxqHREGfgwW`7ObC)s=$SC&!~D9u9zA+l z7oS)UncK;)vt#Avg?ld9H)I?#*X1Zv*6+_EW~*Os>(QhVp^e~V-;z&vBm+wh{f^$r-%Jn+`e^d^SCsw4|WNf zv*2|-o*q+6@E&Q@x%Dh~4~yH&?W_aBC45nZYiBRE^byV?(7{irL|)dz z_|I2{%q-T}Fy_b7fX4DFk8hweiKav;zl}cAY43#1_j=e__f~adtcgfYx*3sTp!K?9 z+aptie-`0J1-jvLE0CLhb!whSqujMAX4+Qd<#=2?OMNo0l_c%5N~^>}XnCD4wP)mH z-BC`%^e2il7Eg}%>>3w+D+$Eipk&at1Pp7o#4M~!cJ12j)2q2!Qcgz>Xi_sZhVRJ% zoh!|Lo&UAvM+A`*%I)>U#6$~iI}jU}9`^}sDO^p_H66p@IuNGZ*RlyI91sFMAT@gd zIVlTDb!Dt=v*4pw5u)@UF~^uE;&vcMU{)oo`su*1C`RIo*oo(E6srQ)>?LSXMDMJY zs$5Zg%G&QT=H4Cu$(rL2-W8Q3K9None;(7R*ITlgiBWrQ`9Ys#HKTC_bryliQ59zQ zFAo*;^%)ZG-`eCxR>&U;2To|3-AYtC0u^-&fNs%Vr8)nQI)zq4(1`G`wETVXPgEif zCL+Med7^$`(tl2*|3s5p4d`vG1~yv*@rBF!xxXgh0XIDksIRnb3QRj~1nw}2Or zV_H{*!4fiEJcIfTVJ%mY0dk@F8QLS-cuO+*C`69Ea&wgz%9`lS3$%BC_7>?cKK|%0 zdC!CSVfLN&_*!L{m-3)YUFF3b^9+I@C+aL>)v5NtlL`1iAYFYjb@$XJrS;7Ixxn7| zQ(@j!4Y4v6GI9Qs97p7lop`&1?Ih>giT9iT5-1DkUBA{Zs|A+;Tmxa>E{C_qH8ger(|fdEY*+^7LWA)KhMRn-<(qJ)sKKf?IOFsx;>BU7}w##rV;^@z7iw1)q5 zT&AmS*^);$kkLUH3GbM`IoV{xNa&~xiI?JAIt707FEYpUc8%kE7n@4p?eUMyy4P~q zONYktiK-#CSQ?(@yC-slL3&79X@__o!|ZJKjezD(FwLqsX2NL&G(hZmp?9~cgI&RDJKmznGU?e z#l$vRuzY3|ej7$qdV|PtLZRPF=lQ!kjfiW}6wHw^W9-Xbrts2fdb?yKcPxnMOgYrM zxYz~3c+GKw_^i668Om#9NM7FgJ~LO`kEy(0iB%CPZ62;- zOxl3MG@zQX*vY+RRZ^H;^kQFk31{t5g8=#8O?P2;csQwt72GP!9QgP<(?sW4q}L!P zM+Bkb{%Oxbz~hGb?AS*-VBk<{ER^6l14Nf&KHs2URQrz$W_X7ckI`|7;Wqu7Lbm4a z%85PQxG2E1HGD6ew2G6zt(auB?(RmJN?}@D*?!}6hrQ5GIfgIPp~6P;)c}sZw-%ebBsREXwt8ahaB4 zBX^_pNsRMQ@5`kLBAK+)tV{%QNg)A1;Q1w{OC;!H0=UR4a#q7>vkVhT+v5YngF*Z@ zsy&;7g?!F;DLA`KRR8XZEhlx>w2Jfy%F9ZU@WTmSSU2X(xWp17a~Z}Fhr=yfv_rZK zzV3X`w)h1(B!N*MK|22H|D~{01b~j+ZqCukj}Z--I@Fn+2*dp$Y3a`pzGzuAjO=8Z zw!K(-$BFzL5pS?)xXIy%D8R)au5btiaHdELvjHe$fYoDlnN^$yj?*tRpAz@(oW{%x zE`FgS5#2eyocX?G(HZ=>-A{-DL}KY1gcx%!!q)ao%8Q6V~WW-lJhiJI@IhHB>a!!j6eQ_n){V( z*aHF2A2MqV4dkXn+g{ct<{CaBLEerpbU5wO9-kYp8z@DY!)Xf{x!o4&kOd_6>$ti4 z26_LMnb3LB@cz}3eD`&obLaPGCkCa9?>u64X;+)g#FZ)w-Mt&csA={)+*d>d}-qIy!ZN z>Z(6iURXv|Y>TMQe>C7oOm8*A1t>>83iHd$p#?+C`J%JZ_}=tspBPX?n-GdqS!S1? z8}s61j-%D|uO^}|!YyLzUQUz#NDO|Pl$cI=%5A>;ycp`pFJy8Z5CwDYA5)b7XnuFE zfPcQAs7~I`b>ul6;`zGJ<*QHDaPD`F7ba+GEwo(4|0biA3ZOUl<)aZZc;n`BBmA1% zzgczv*>X--&fukIw@dhH!M9^r8g?gMwNu!gtJAV*ZO&Aj@-^xh*iMf|5Rbfp?8g7vXaIAaVHJdNlD>xmH8jM{=8l2! zLp@ucCI)R*Iz~Xm?kU+G zlw!1@yQ=6Av`y^ta|b$6S`{Y>NITJh6}PdWbk9mzlUo!83ui$s1$5x%5Q~Xz@Za`Y z*v}ne2xuR0bqFOba-3OGky9`O_i-gLL`vez=30qh=~!~wayO$ZU5vM zn;|=yt{LMas3U+R_cH1TsFNy@qhl*^F}vT~_;gr7x?bbMGE_RquMhyg4|-@;W=YW} z5vMy^RwBjk6AE=OkXD;cDz`ap77|+LT4nde9!tr;Qv`oX-~aT2+rrP1OKn#PiYSzJ zA|f%f)T|U$V95$4p9KEY8d?d?-_Xbljiz@Fa}4hSl3&hzA8lNJs-FXu$cdaWxQ}-T zC4RYlKkYEX@ZHn9e`+A}up~5FJbn7~NiR&Ovtet4^*~KiEku7=*;S{qvYPo8@qVf=Mem zEGd#EmN5%{xPw__fu&WCC7q<97FL+B;qGk@f3Z1S-UE7iy#lwX8rCMi?rKpGr_l|r zz4^t{yK|i4HgPSygVjaDbD}PX(s4LnmyuCxEM}pF7{)S@3bUVUs(NR!;EM89J`rEk zt~4WP_N;8xa3HJTqKDpvb(g=flg0!abr5qx4H48!@VgB+PWx^Q7<`36IbgkhTs zPUyq-&0cxL)fp@;Pjer67?M@w$S@%8b{i_e@lUQxo^HM=Fyt43*O*(?V1%AIWz4wd zAtannLW(u%!gghQN6Mi&26Otf-qL17f~jerPbtoZqu0a9l%f%lD$xVHhjl#FjLwlr z<+5)E#>#zb{fG4BPpIHh?Z|_pDqg=}k9(FmMSW3?AasmCmI)pls z9kwY?5lI5LaN#j|xKYDw4A=o0AXa>FY?HG@h#Zm>x* z2`uP2ZgPMYgs-R=Ror$Sh*=RY{h#{Cc?%qjszDV+`PvP}N&X^42}}re*#$VTj?W_+ zHI`@H#*lQI@1e16zWtS9>U$UpzL5aGXeA%YQ5a??XT37m z6V(B`{J|V^H1B`gmM9FQQ!$Q7y29g6U)Xrf?pYXo_Ns}meDY^oj_r&ri z;%6tCL{*4 zQ1MbDqo-S6EK1~^?u<=L(+dw+Q$p&v?RU6A-XTM1NHH&pPdN+S&81o4aa_cTu{}i|0>6t0dffB{ImbK9+P(wQ-*i*3~h7FimVB zb+0eI?2#e*!w@NlEZvwTz2@s}pL{{%?!Shgz8~+t|HQ_yl5VaIB4&S3?0rQ#awzIo zR-_JG!{_VVfifb4TB>=Q4BjFoP(-|(f54!LE?ec>_(RYcvzkU4_&QW1* zyNjGz=}=tG!|J6mzEnbrlRr)K{j>JW2N$fEBiFd;aNsi_-X`vM_7K8rp^LQBc(DzL zDt6xCgZn$4t_{l*+qLbO6J?*pwyihho0=o4=Ncy-qQlFU?24i}Ch1m-(Z#fvrp9|c zI>wETb?zCzfK@5rk4p98Z*5x_3XDHCZMrY7sH;ZL8m9N74}q*Jc?lUm4q{<&2Wfl?kL-O0h*gw6*JlX)-61#v`NXl!!eY!C6)?~I6=iuK_I zu=m%&T96OP+Mc7};wth>O!Lp)H{L>68CAB$R4&;*HHaVh_&R&y#*J=^$!i+yQEQSa zEH_ie4aqGn>sMW5%Fov<)-?2toalsaUMs73yV2e$a0?>U)NMxG$<@c-xW#M3B;(#@ z>|%=heamla*%0q~N@GfcnyhJc)Pw(dV0pSq;0-x5&)m|7V|to991}+OJ-J3Zarm~9 zpMspmw3Mc_g@eKDh)nk6nr}BhCm*77HV=D;eBEx3$@@Ix{*c_rlE8=Q^rPhhIzl%~ z?8bcS%Udr-91}+uOf;oQiYA;$6PIx2h?pk)5l|}3&>whmD&kI#-%CO@G_rj$3Ib{3 zDI(B4#WJ-?q^NIZm;G;05aZRyWNeG>lJMHu>y>@d+ly)0A5nkTZ|O4rmqsEGdxQq?b(Rel2Q15+>z8jQY3gGZA#s72(dI{xkDD0# z9J1i}phD+U(+r(fU9xD%Xn68*PUFhb=MSC2bXp9L>Rf7eyMW90U*S`4akjT!)?d4@ zApJACK6k`sB~$$N=8w&@pqGN!QMXi}pqjT^B@-i_jvQ8WhwSM;cQBi8Cn!zyu9#rR zsbxM>^k`EV(uL$Q)G6Ik{ZhrJns!TjJ8?1#lbtuEIqqyM3Bcw-vl`1l;%oIVPNg$U zJvSJ#h09QMY?Ws{oAVL-9Egzlw35nWzym7(nA_UnYI8upnjD^s*}{SxtC+6 zNa?kIWxd13SJ}DzR4ciedmqOX#R(tfn|zCJvD% zF7#@x-D2Rx#ZHdw_gwr3@5xkhXQ&=6SnEzXd)wz+@j~dm08#+5)38fPA&wQBW94_|9%^5sOkZ`JZ_0(6tH=^pM z81Q>?NO4-@3AO#^=$8}6!hfFM#Pc-HlbVuN_eP$0ToR4%WeQ(e~?JAlwNl&-+xrq5eeDV$rbWfX}`XJ&sqS#8k|z9YOg~ z(KS6j7+Nv=ep>KC$RA|xrOO*gkt+^L^zGW?o@08UF^aMk5ZGTf07$E*v?8<&QahK< zLS%=?X^Rl*6iJ`g^{=cETDnRbxWT7!YkZIWocq<&gTM{4k`S10fQkt#9EUt5sLiha wlBNWu@Aa_2SOVYhQ8j3L2kFC%mKo+UUfW7L9lzym@B-?%nvN<_<;)-d2bt|aMgRZ+ diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md index ec53302d3c..3dd02f716d 100644 --- a/windows/client-management/mdm/passportforwork-csp.md +++ b/windows/client-management/mdm/passportforwork-csp.md @@ -7,11 +7,14 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 06/26/2017 +ms.date: 07/26/2018 --- # PassportForWork CSP +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work). It allows you to login to Windows using your Active Directory or Azure Active Directory account and replace passwords, smartcards, and virtual smart cards. > [!IMPORTANT] @@ -30,204 +33,243 @@ The following diagram shows the PassportForWork configuration service provider i ![passportforwork diagram](images/provisioning-csp-passportforwork2.png) **PassportForWork** -

Root node for PassportForWork configuration service provider. +Root node for PassportForWork configuration service provider. ***TenantId*** -

A globally unique identifier (GUID), without curly braces ( { , } ), that is used as part of Windows Hello for Business provisioning and management. +A globally unique identifier (GUID), without curly braces ( { , } ), that is used as part of Windows Hello for Business provisioning and management. ***TenantId*/Policies** -

Node for defining the Windows Hello for Business policy settings. +Node for defining the Windows Hello for Business policy settings. ***TenantId*/Policies/UsePassportForWork** -

Boolean value that sets Windows Hello for Business as a method for signing into Windows. +Boolean value that sets Windows Hello for Business as a method for signing into Windows. -

Default value is true. If you set this policy to false, the user cannot provision Windows Hello for Business except on Azure Active Directory joined mobile phones where provisioning is required. +Default value is true. If you set this policy to false, the user cannot provision Windows Hello for Business except on Azure Active Directory joined mobile phones where provisioning is required. -

Supported operations are Add, Get, Delete, and Replace. +Supported operations are Add, Get, Delete, and Replace. ***TenantId*/Policies/RequireSecurityDevice** -

Boolean value that requires a Trusted Platform Module (TPM) for Windows Hello for Business. TPM provides an additional security benefit over software so that data stored in it cannot be used on other devices. +Boolean value that requires a Trusted Platform Module (TPM) for Windows Hello for Business. TPM provides an additional security benefit over software so that data stored in it cannot be used on other devices. -

Default value is false. If you set this policy to true, only devices with a usable TPM can provision Windows Hello for Business. If you set this policy to false, all devices can provision Windows Hello for Business using software even if there is not a usable TPM. If you do not configure this setting, all devices can provision Windows Hello for Business using software if the TPM is non-functional or unavailable. +Default value is false. If you set this policy to true, only devices with a usable TPM can provision Windows Hello for Business. If you set this policy to false, all devices can provision Windows Hello for Business using software even if there is not a usable TPM. If you do not configure this setting, all devices can provision Windows Hello for Business using software if the TPM is non-functional or unavailable. -

Supported operations are Add, Get, Delete, and Replace. +Supported operations are Add, Get, Delete, and Replace. ***TenantId*/Policies/ExcludeSecurityDevices** (only for ./Device/Vendor/MSFT) -

Added in Windows 10, version 1703. Root node for excluded security devices. -

*Not supported on Windows Holographic and Windows Holographic for Business.* +Added in Windows 10, version 1703. Root node for excluded security devices. +*Not supported on Windows Holographic and Windows Holographic for Business.* ***TenantId*/Policies/ExcludeSecurityDevices/TPM12** (only for ./Device/Vendor/MSFT) -

Added in Windows 10, version 1703. Some Trusted Platform Modules (TPMs) are compliant only with the older 1.2 revision of the TPM specification defined by the Trusted Computing Group (TCG). +Added in Windows 10, version 1703. Some Trusted Platform Modules (TPMs) are compliant only with the older 1.2 revision of the TPM specification defined by the Trusted Computing Group (TCG). -

Default value is false. If you enable this policy setting, TPM revision 1.2 modules will be disallowed from being used with Windows Hello for Business. +Default value is false. If you enable this policy setting, TPM revision 1.2 modules will be disallowed from being used with Windows Hello for Business. -

If you disable or do not configure this policy setting, TPM revision 1.2 modules will be allowed to be used with Windows Hello for Business. +If you disable or do not configure this policy setting, TPM revision 1.2 modules will be allowed to be used with Windows Hello for Business. -

Supported operations are Add, Get, Delete, and Replace. +Supported operations are Add, Get, Delete, and Replace. ***TenantId*/Policies/EnablePinRecovery** -

Added in Windows 10, version 1703. Boolean value that enables a user to change their PIN by using the Windows Hello for Business PIN recovery service. +Added in Windows 10, version 1703. Boolean value that enables a user to change their PIN by using the Windows Hello for Business PIN recovery service. This cloud service encrypts a recovery secret, which is stored locally on the client, and can be decrypted only by the cloud service. -

Default value is false. If you enable this policy setting, the PIN recovery secret will be stored on the device and the user can change their PIN if needed. +Default value is false. If you enable this policy setting, the PIN recovery secret will be stored on the device and the user can change their PIN if needed. -

If you disable or do not configure this policy setting, the PIN recovery secret will not be created or stored. If the user's PIN is forgotten, the only way to get a new PIN is by deleting the existing PIN and creating a new one, which will require the user to re-register with any services the old PIN provided access to. +If you disable or do not configure this policy setting, the PIN recovery secret will not be created or stored. If the user's PIN is forgotten, the only way to get a new PIN is by deleting the existing PIN and creating a new one, which will require the user to re-register with any services the old PIN provided access to. -

Supported operations are Add, Get, Delete, and Replace. +Supported operations are Add, Get, Delete, and Replace. ***TenantId*/Policies/UseCertificateForOnPremAuth** (only for ./Device/Vendor/MSFT) -

Boolean value that enables Windows Hello for Business to use certificates to authenticate on-premises resources. +Boolean value that enables Windows Hello for Business to use certificates to authenticate on-premises resources. -

If you enable this policy setting, Windows Hello for Business will wait until the device has received a certificate payload from the mobile device management server before provisioning a PIN. +If you enable this policy setting, Windows Hello for Business will wait until the device has received a certificate payload from the mobile device management server before provisioning a PIN. -

If you disable or do not configure this policy setting, the PIN will be provisioned when the user logs in, without waiting for a certificate payload. +If you disable or do not configure this policy setting, the PIN will be provisioned when the user logs in, without waiting for a certificate payload. -

Supported operations are Add, Get, Delete, and Replace. +Supported operations are Add, Get, Delete, and Replace. ***TenantId*/Policies/PINComplexity** -

Node for defining PIN settings. +Node for defining PIN settings. ***TenantId*/Policies/PINComplexity/MinimumPINLength** -

Integer value that sets the minimum number of characters required for the PIN. Default value is 4. The lowest number you can configure for this policy setting is 4. The largest number you can configure must be less than the number configured in the Maximum PIN length policy setting or the number 127, whichever is the lowest. +Integer value that sets the minimum number of characters required for the PIN. Default value is 4. The lowest number you can configure for this policy setting is 4. The largest number you can configure must be less than the number configured in the Maximum PIN length policy setting or the number 127, whichever is the lowest. -

If you configure this policy setting, the PIN length must be greater than or equal to this number. If you disable or do not configure this policy setting, the PIN length must be greater than or equal to 4. +If you configure this policy setting, the PIN length must be greater than or equal to this number. If you disable or do not configure this policy setting, the PIN length must be greater than or equal to 4. > [!NOTE] > If the conditions specified above for the minimum PIN length are not met, default values will be used for both the maximum and minimum PIN lengths.   -

Value type is int. Supported operations are Add, Get, Delete, and Replace. +Value type is int. Supported operations are Add, Get, Delete, and Replace. ***TenantId*/Policies/PINComplexity/MaximumPINLength** -

Integer value that sets the maximum number of characters allowed for the PIN. Default value is 127. The largest number you can configure for this policy setting is 127. The lowest number you can configure must be larger than the number configured in the Minimum PIN length policy setting or the number 4, whichever is greater. +Integer value that sets the maximum number of characters allowed for the PIN. Default value is 127. The largest number you can configure for this policy setting is 127. The lowest number you can configure must be larger than the number configured in the Minimum PIN length policy setting or the number 4, whichever is greater. -

If you configure this policy setting, the PIN length must be less than or equal to this number. If you disable or do not configure this policy setting, the PIN length must be less than or equal to 127. +If you configure this policy setting, the PIN length must be less than or equal to this number. If you disable or do not configure this policy setting, the PIN length must be less than or equal to 127. > [!NOTE] > If the conditions specified above for the maximum PIN length are not met, default values will be used for both the maximum and minimum PIN lengths.   -

Supported operations are Add, Get, Delete, and Replace. +Supported operations are Add, Get, Delete, and Replace. ***TenantId*/Policies/PINComplexity/UppercaseLetters** -

Integer value that configures the use of uppercase letters in the Windows Hello for Business PIN. +Integer value that configures the use of uppercase letters in the Windows Hello for Business PIN. -

Valid values: +Valid values: - 0 - Allows the use of uppercase letters in PIN. - 1 - Requires the use of at least one uppercase letters in PIN. - 2 - Does not allow the use of uppercase letters in PIN. -

Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply. +Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply. -

Supported operations are Add, Get, Delete, and Replace. +Supported operations are Add, Get, Delete, and Replace. ***TenantId*/Policies/PINComplexity/LowercaseLetters** -

Integer value that configures the use of lowercase letters in the Windows Hello for Business PIN. +Integer value that configures the use of lowercase letters in the Windows Hello for Business PIN. -

Valid values: +Valid values: - 0 - Allows the use of lowercase letters in PIN. - 1 - Requires the use of at least one lowercase letters in PIN. - 2 - Does not allow the use of lowercase letters in PIN. -

Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply. +Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply. -

Supported operations are Add, Get, Delete, and Replace. +Supported operations are Add, Get, Delete, and Replace. ***TenantId*/Policies/PINComplexity/SpecialCharacters** -

Integer value that configures the use of special characters in the Windows Hello for Business PIN. Valid special characters for Windows Hello for Business PIN gestures include: ! " \# $ % & ' ( ) \* + , - . / : ; < = > ? @ \[ \\ \] ^ \_ \` { | } ~ . +Integer value that configures the use of special characters in the Windows Hello for Business PIN. Valid special characters for Windows Hello for Business PIN gestures include: ! " \# $ % & ' ( ) \* + , - . / : ; < = > ? @ \[ \\ \] ^ \_ \` { | } ~ . -

Valid values: +Valid values: - 0 - Allows the use of special characters in PIN. - 1 - Requires the use of at least one special character in PIN. - 2 - Does not allow the use of special characters in PIN. -

Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply. +Default value is 2. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply. -

Supported operations are Add, Get, Delete, and Replace. +Supported operations are Add, Get, Delete, and Replace. ***TenantId*/Policies/PINComplexity/Digits** -

Integer value that configures the use of digits in the Windows Hello for Business PIN. +Integer value that configures the use of digits in the Windows Hello for Business PIN. -

Valid values: +Valid values: - 0 - Allows the use of digits in PIN. - 1 - Requires the use of at least one digit in PIN. - 2 - Does not allow the use of digits in PIN. -

Default value is 1. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply. +Default value is 1. Default PIN complexity behavior is that digits are required and all other character sets are not allowed. If all character sets are allowed but none are explicitly required, then the default PIN complexity behavior will apply. -

Supported operations are Add, Get, Delete, and Replace. +Supported operations are Add, Get, Delete, and Replace. ***TenantId*/Policies/PINComplexity/History** -

Integer value that specifies the number of past PINs that can be associated to a user account that can’t be reused. The largest number you can configure for this policy setting is 50. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then storage of previous PINs is not required. This node was added in Windows 10, version 1511. +Integer value that specifies the number of past PINs that can be associated to a user account that can’t be reused. The largest number you can configure for this policy setting is 50. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then storage of previous PINs is not required. This node was added in Windows 10, version 1511. -

The current PIN of the user is included in the set of PINs associated with the user account. PIN history is not preserved through a PIN reset. +The current PIN of the user is included in the set of PINs associated with the user account. PIN history is not preserved through a PIN reset. -

Default value is 0. +Default value is 0. -

Supported operations are Add, Get, Delete, and Replace. +Supported operations are Add, Get, Delete, and Replace. ***TenantId*/Policies/PINComplexity/Expiration** -

Integer value specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The largest number you can configure for this policy setting is 730. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then the user’s PIN will never expire. This node was added in Windows 10, version 1511. +Integer value specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The largest number you can configure for this policy setting is 730. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then the user’s PIN will never expire. This node was added in Windows 10, version 1511. -

Default is 0. +Default is 0. -

Supported operations are Add, Get, Delete, and Replace. +Supported operations are Add, Get, Delete, and Replace. ***TenantId*/Policies/Remote** (only for ./Device/Vendor/MSFT) -

Interior node for defining remote Windows Hello for Business policies. This node was added in Windows 10, version 1511. -

*Not supported on Windows Holographic and Windows Holographic for Business.* +Interior node for defining remote Windows Hello for Business policies. This node was added in Windows 10, version 1511. +*Not supported on Windows Holographic and Windows Holographic for Business.* ***TenantId*/Policies/Remote/UseRemotePassport** (only for ./Device/Vendor/MSFT) -

Boolean value used to enable or disable the use of remote Windows Hello for Business. Remote Windows Hello for Business provides the ability for a portable, registered device to be usable as a companion device for desktop authentication. Remote Windows Hello for Business requires that the desktop be Azure AD joined and that the companion device has a Windows Hello for Business PIN. This node was added in Windows 10, version 1511. +Boolean value used to enable or disable the use of remote Windows Hello for Business. Remote Windows Hello for Business provides the ability for a portable, registered device to be usable as a companion device for desktop authentication. Remote Windows Hello for Business requires that the desktop be Azure AD joined and that the companion device has a Windows Hello for Business PIN. This node was added in Windows 10, version 1511. -

Default value is false. If you set this policy to true, Remote Windows Hello for Business will be enabled and a portable, registered device can be used as a companion device for desktop authentication. If you set this policy to false, Remote Windows Hello for Business will be disabled. +Default value is false. If you set this policy to true, Remote Windows Hello for Business will be enabled and a portable, registered device can be used as a companion device for desktop authentication. If you set this policy to false, Remote Windows Hello for Business will be disabled. +Supported operations are Add, Get, Delete, and Replace. +*Not supported on Windows Holographic and Windows Holographic for Business.* -

Supported operations are Add, Get, Delete, and Replace. +***TenantId*/Policies/UseHelloCertificatesAsSmartCardCertificates** (only for ./Device/Vendor/MSFT) +Added in Windows 10, next major version. If you enable this policy setting, applications use Windows Hello for Business certificates as smart card certificates. Biometric factors are unavailable when a user is asked to authorize the use of the certificate's private key. This policy setting is designed to allow compatibility with applications that rely exclusively on smart card certificates. -

*Not supported on Windows Holographic and Windows Holographic for Business.* +If you disable or do not configure this policy setting, applications do not use Windows Hello for Business certificates as smart card certificates, and biometric factors are available when a user is asked to authorize the use of the certificate's private key. + +Windows requires a user to lock and unlock their session after changing this setting if the user is currently signed in. + +Value type is bool. Supported operations are Add, Get, Replace, and Delete. **UseBiometrics** -

This node is deprecated. Use **Biometrics/UseBiometrics** node instead. +This node is deprecated. Use **Biometrics/UseBiometrics** node instead. **Biometrics** (only for ./Device/Vendor/MSFT) -

Node for defining biometric settings. This node was added in Windows 10, version 1511. -

*Not supported on Windows Holographic and Windows Holographic for Business.* +Node for defining biometric settings. This node was added in Windows 10, version 1511. +*Not supported on Windows Holographic and Windows Holographic for Business.* **Biometrics/UseBiometrics** (only for ./Device/Vendor/MSFT) -

Boolean value used to enable or disable the use of biometric gestures, such as face and fingerprint, as an alternative to the PIN gesture for Windows Hello for Business. Users must still configure a PIN if they configure biometric gestures to use in case of failures. This node was added in Windows 10, version 1511. +Boolean value used to enable or disable the use of biometric gestures, such as face and fingerprint, as an alternative to the PIN gesture for Windows Hello for Business. Users must still configure a PIN if they configure biometric gestures to use in case of failures. This node was added in Windows 10, version 1511. -

Default value is false. If you set this policy to true, biometric gestures are enabled for use with Windows Hello for Business. If you set this policy to false, biometric gestures are disabled for use with Windows Hello for Business. +Default value is false. If you set this policy to true, biometric gestures are enabled for use with Windows Hello for Business. If you set this policy to false, biometric gestures are disabled for use with Windows Hello for Business. -

Supported operations are Add, Get, Delete, and Replace. +Supported operations are Add, Get, Delete, and Replace. -

*Not supported on Windows Holographic and Windows Holographic for Business.* +*Not supported on Windows Holographic and Windows Holographic for Business.* **Biometrics/FacialFeaturesUseEnhancedAntiSpoofing** (only for ./Device/Vendor/MSFT) -

Boolean value used to enable or disable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication. This node was added in Windows 10, version 1511. +Boolean value used to enable or disable enhanced anti-spoofing for facial feature recognition on Windows Hello face authentication. This node was added in Windows 10, version 1511. -

Default value is false. If you set this policy to false or don't configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication. +Default value is false. If you set this policy to false or don't configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication. -

If you set this policy to true, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. Windows Hello face authentication is disabled on devices that do not support enhanced anti-spoofing. +If you set this policy to true, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. Windows Hello face authentication is disabled on devices that do not support enhanced anti-spoofing. -

Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices. +Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices. -

Supported operations are Add, Get, Delete, and Replace. +Supported operations are Add, Get, Delete, and Replace. -

*Not supported on Windows Holographic and Windows Holographic for Business.* +*Not supported on Windows Holographic and Windows Holographic for Business.* + +**DeviceUnlock** (only for ./Device/Vendor/MSFT) +Added in Windows 10, version 1803. Interior node. + +**DeviceUnlock/GroupA** (only for ./Device/Vendor/MSFT) +Added in Windows 10, version 1803. Contains a list of credential providers by GUID (comma separated) that are the first step of authentication. + +Value type is string. Supported operations are Add, Get, Replace, and Delete. + +**DeviceUnlock/GroupB** (only for ./Device/Vendor/MSFT) +Added in Windows 10, version 1803. Contains a list of credential providers by GUID (comma separated) that are the second step of authentication. + +Value type is string. Supported operations are Add, Get, Replace, and Delete. + +**DeviceUnlock/Plugins** (only for ./Device/Vendor/MSFT) +Added in Windows 10, version 1803. List of plugins (comma separated) that the passive provider monitors to detect user presence. + +Value type is string. Supported operations are Add, Get, Replace, and Delete. + +**DynamicLock** (only for ./Device/Vendor/MSFT) +Added in Windows 10, version 1803. Interior node. + + +**DynamicLock/DynamicLock** (only for ./Device/Vendor/MSFT) +Added in Windows 10, version 1803. Enables the dynamic lock. + +Value type is bool. Supported operations are Add, Get, Replace, and Delete. + +**DynamicLock/Plugins** (only for ./Device/Vendor/MSFT) +Added in Windows 10, version 1803. List of plugins (comma separated) that the passive provider monitors to detect user absence. + +Value type is string. Supported operations are Add, Get, Replace, and Delete. ## Examples -

Here's an example for setting Windows Hello for Business and setting the PIN policies. It also turns on the use of biometrics and TPM. +Here's an example for setting Windows Hello for Business and setting the PIN policies. It also turns on the use of biometrics and TPM. ``` syntax diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md index 63c6b7819f..06eabcf651 100644 --- a/windows/client-management/mdm/passportforwork-ddf.md +++ b/windows/client-management/mdm/passportforwork-ddf.md @@ -7,16 +7,19 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 12/05/2017 +ms.date: 07/26/2017 --- # PassportForWork DDF +> [!WARNING] +> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. + This topic shows the OMA DM device description framework (DDF) for the **PassportForWork** configuration service provider. DDF files are used only with OMA DM provisioning XML. Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download). -The XML below is the current version for this CSP. +The XML below is for Windows 10, next major version. ``` syntax @@ -42,7 +45,7 @@ The XML below is the current version for this CSP. - com.microsoft/1.3/MDM/PassportForWork + com.microsoft/1.5/MDM/PassportForWork @@ -565,58 +568,58 @@ If you disable or do not configure this policy setting, the TPM is still preferr - ExcludeSecurityDevices + ExcludeSecurityDevices + + + + + + + Root node for excluded security devices. + + + + + + + + + + ExcludeSecurityDevices + + + + + + TPM12 - - - - - - Root node for excluded security devices. - - - - - - - - - - ExcludeSecurityDevices - - - - - - TPM12 - - - - - - - - False - Some Trusted Platform Modules (TPMs) are only compliant with the older 1.2 revision of the TPM specification defined by the Trusted Computing Group (TCG). + + + + + + + False + Some Trusted Platform Modules (TPMs) are only compliant with the older 1.2 revision of the TPM specification defined by the Trusted Computing Group (TCG). If you enable this policy setting, TPM revision 1.2 modules will be disallowed from being used with Windows Hello for Business. If you disable or do not configure this policy setting, TPM revision 1.2 modules will be allowed to be used with Windows Hello for Business. - - - - - - - - - - - text/plain - - - - + + + + + + + + + + + text/plain + + + + EnablePinRecovery @@ -657,7 +660,7 @@ If you disable or do not configure this policy setting, the PIN recovery secret False - Windows Hello for Business can use certificates to authenticate to on-premises resources. + Windows Hello for Business can use certificates to authenticate to on-premise resources. If you enable this policy setting, Windows Hello for Business will wait until the device has received a certificate payload from the mobile device management server before provisioning a PIN. @@ -985,6 +988,35 @@ Default value is false. If you enable this setting, a desktop device will allow + + UseHelloCertificatesAsSmartCardCertificates + + + + + + + + False + If you enable this policy setting, applications use Windows Hello for Business certificates as smart card certificates. Biometric factors are unavailable when a user is asked to authorize the use of the certificate's private key. This policy setting is designed to allow compatibility with applications that rely exclusively on smart card certificates. + +If you disable or do not configure this policy setting, applications do not use Windows Hello for Business certificates as smart card certificates, and biometric factors are available when a user is asked to authorize the use of the certificate's private key. + +Windows requires a user to lock and unlock their session after changing this setting if the user is currently signed in. + + + + + + + + + + + text/plain + + + @@ -1083,9 +1115,9 @@ NOTE: Disabling this policy prevents the use of biometric gestures on the device False This setting determines whether enhanced anti-spoofing is required for Windows Hello face authentication. -If you enable or don't configure this setting, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. This disables Windows Hello face authentication on devices that do not support enhanced anti-spoofing. +If you enable this setting, Windows requires all users on managed devices to use enhanced anti-spoofing for Windows Hello face authentication. This disables Windows Hello face authentication on devices that do not support enhanced anti-spoofing. -If you disable this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication. +If you disable or do not configure this setting, Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication. Note that enhanced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices. @@ -1100,19 +1132,176 @@ Note that enhanced anti-spoofing for Windows Hello face authentication is not re text/plain + + + + + + + + + DeviceUnlock + + + + + Device Unlock + + + + + + + + + + + + + + + GroupA + + + + + + + + Contains a list of providers by GUID that are to be considered for the first step of authentication + + + + + + + + + + + text/plain + + + + + GroupB + + + + + + + + Contains a list of providers by GUID that are to be considered for the second step of authentication + + + + + + + + + + + text/plain + + + + + Plugins + + + + + + + + List of plugins that the passive provider monitors to detect user presence + + + + + + + + + + + text/plain + + + + + + DynamicLock + + + + + Dynamic Lock + + + + + + + + + + + + + + + DynamicLock + + + + + + + + False + Enables/Disables Dyanamic Lock + + + + + + + + + + + text/plain + + + + + Plugins + + + + + + + + List of plugins that the passive provider monitors to detect user absence + + + + + + + + + + + text/plain + -``` - -  - -  - - - - - - +``` \ No newline at end of file From a1e2db78c7823bfb0dfaca4660cfec695e9b997c Mon Sep 17 00:00:00 2001 From: "Andrea Bichsel (Aquent LLC)" Date: Thu, 26 Jul 2018 22:31:25 +0000 Subject: [PATCH 13/27] Added period. --- .../scheduled-catch-up-scans-windows-defender-antivirus.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md index f8c0ea7c5e..8e4b44e881 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md @@ -83,8 +83,8 @@ Location | Setting | Description | Default setting (if not configured) ---|---|---|--- Scan | Specify the scan type to use for a scheduled scan | Quick scan Scan | Specify the day of the week to run a scheduled scan | Specify the day (or never) to run a scan. | Never -Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am) | 2 am -Root | Randomize scheduled task times | Randomize the start time of the scan to any interval from 0 to 4 hours, or to any interval plus or minus 30 minutes for non-Windows Defender scans. This can be useful in VM or VDI deployments | Enabled +Scan | Specify the time of day to run a scheduled scan | Specify the number of minutes after midnight (for example, enter **60** for 1 am). | 2 am +Root | Randomize scheduled task times | Randomize the start time of the scan to any interval from 0 to 4 hours, or to any interval plus or minus 30 minutes for non-Windows Defender scans. This can be useful in VM or VDI deployments. | Enabled **Use PowerShell cmdlets to schedule scans:** From e88012605b17c02b16d184fc8fe8bd3f4b074baf Mon Sep 17 00:00:00 2001 From: Laura Newsad Date: Thu, 26 Jul 2018 16:07:10 -0700 Subject: [PATCH 14/27] Update use-set-up-school-pcs-app.md Typo --- education/windows/use-set-up-school-pcs-app.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md index bdf6a298c9..ff0db1d6b4 100644 --- a/education/windows/use-set-up-school-pcs-app.md +++ b/education/windows/use-set-up-school-pcs-app.md @@ -15,7 +15,7 @@ ms.date: 07/11/2018 # Use the Set up School PCs app -IT administrators and technical teachers can use the **Set up School PCs** app to quickly set up Windows 10 PCs for students. The app configures PCs with the apps and features students need, and it removes the ones they don't need. During setup, if licensed in your tenant, the app anrolls each student PC into a mobile device management (MDM) provider, such as Intune for Education. You can then manage all the settings Set up School PCs configures through the MDM. +IT administrators and technical teachers can use the **Set up School PCs** app to quickly set up Windows 10 PCs for students. The app configures PCs with the apps and features students need, and it removes the ones they don't need. During setup, if licensed in your tenant, the app enrolls each student PC into a mobile device management (MDM) provider, such as Intune for Education. You can then manage all the settings Set up School PCs configures through the MDM. Set up School PCs also: * Joins each student PC to your organization's Office 365 and Azure Active Directory tenant. From c967d898e01fadcb38a9e41031ebf5d69ec206c0 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 26 Jul 2018 19:35:34 -0700 Subject: [PATCH 15/27] removed steps --- .../bitlocker/bitlocker-management-for-enterprises.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index 9721dffec5..1e0f1fd1a8 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -21,13 +21,7 @@ Though much Windows BitLocker [documentation](bitlocker-overview.md) has been pu Companies that image their own computers using Microsoft System Center 2012 Configuration Manager SP1 (SCCM) or later can use an existing task sequence to [pre-provision BitLocker](https://technet.microsoft.com/library/hh846237.aspx#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](https://technet.microsoft.com/library/hh846237.aspx#BKMK_EnableBitLocker). This can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use SCCM to pre-set any desired [BitLocker Group Policy](https://technet.microsoft.com/library/ee706521(v=ws.10).aspx). -Enterprises can use [Microsoft BitLocker Administration and Management (MBAM)](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](https://support.microsoft.com/en-us/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201) or they can receive extended support until July 2024. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. When moving to cloud-based management, following these steps could be helpful: - -1. Disable MBAM management and leave MBAM as only a database backup for the recovery key. -2. Join the computers to Azure Active Directory (Azure AD). -3. Use `Manage-bde -protectors -aadbackup` to backup the recovery key to Azure AD. - -BitLocker recovery keys can be managed from Azure AD thereafter. The MBAM database does not need to be migrated. +Enterprises can use [Microsoft BitLocker Administration and Management (MBAM)](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](https://support.microsoft.com/en-us/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201) or they can receive extended support until July 2024. Enterprises that choose to continue managing BitLocker on-premises after MBAM support ends can use the [BitLocker WMI provider class](https://msdn.microsoft.com/library/windows/desktop/aa376483) to create a custom management solution. From 7a52179e90fde6108afdbdf847d0b04348fc926a Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 27 Jul 2018 08:03:30 -0700 Subject: [PATCH 16/27] added back migration steps --- .../bitlocker/bitlocker-management-for-enterprises.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index 1e0f1fd1a8..ce3943134e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -21,7 +21,13 @@ Though much Windows BitLocker [documentation](bitlocker-overview.md) has been pu Companies that image their own computers using Microsoft System Center 2012 Configuration Manager SP1 (SCCM) or later can use an existing task sequence to [pre-provision BitLocker](https://technet.microsoft.com/library/hh846237.aspx#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](https://technet.microsoft.com/library/hh846237.aspx#BKMK_EnableBitLocker). This can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use SCCM to pre-set any desired [BitLocker Group Policy](https://technet.microsoft.com/library/ee706521(v=ws.10).aspx). -Enterprises can use [Microsoft BitLocker Administration and Management (MBAM)](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](https://support.microsoft.com/en-us/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201) or they can receive extended support until July 2024. +Enterprises can use [Microsoft BitLocker Administration and Management (MBAM)](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](https://support.microsoft.com/en-us/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201) or they can receive extended support until July 2024. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. When moving to cloud-based management, following these steps could be helpful: + +1. Disable MBAM management and leave MBAM as only a database backup for the recovery key. +2. Join the computers to Azure Active Directory (Azure AD). +3. Use `Manage-bde -protectors -aadbackup` to backup the recovery key to Azure AD. + +BitLocker recovery keys can be managed from Azure AD thereafter. The MBAM database does not need to be migrated. Enterprises that choose to continue managing BitLocker on-premises after MBAM support ends can use the [BitLocker WMI provider class](https://msdn.microsoft.com/library/windows/desktop/aa376483) to create a custom management solution. From 2d2c3fd8887535fe0997b93b194c12ca769b2d29 Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Fri, 27 Jul 2018 16:18:11 +0000 Subject: [PATCH 17/27] Merged PR 10139: Add new topic for Insider Preview --- devices/hololens/TOC.md | 1 + devices/hololens/change-history-hololens.md | 8 +- devices/hololens/hololens-insider.md | 176 ++++++++++++++++++++ devices/hololens/index.md | 3 +- 4 files changed, 186 insertions(+), 2 deletions(-) create mode 100644 devices/hololens/hololens-insider.md diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index 49d9417151..e1fa685f30 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -1,5 +1,6 @@ # [Microsoft HoloLens](index.md) ## [What's new in Microsoft HoloLens](hololens-whats-new.md) +## [Insider preview for Microsoft HoloLens](hololens-insider.md) ## [HoloLens in the enterprise: requirements and FAQ](hololens-requirements.md) ## [Set up HoloLens](hololens-setup.md) ## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md index 68f9c695ce..95f7f92bed 100644 --- a/devices/hololens/change-history-hololens.md +++ b/devices/hololens/change-history-hololens.md @@ -9,13 +9,19 @@ author: jdeckerms ms.author: jdecker ms.topic: article ms.localizationpriority: medium -ms.date: 06/04/2018 +ms.date: 07/27/2018 --- # Change history for Microsoft HoloLens documentation This topic lists new and updated topics in the [Microsoft HoloLens documentation](index.md). +## July 2018 + +New or changed topic | Description +--- | --- +[Insider preview for Microsoft HoloLens](hololens-insider.md) | New + ## June 2018 New or changed topic | Description diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md new file mode 100644 index 0000000000..05e12d5cce --- /dev/null +++ b/devices/hololens/hololens-insider.md @@ -0,0 +1,176 @@ +--- +title: Insider preview for Microsoft HoloLens (HoloLens) +description: It’s simple to get started with Insider builds and to provide valuable feedback for our next major operating system update for HoloLens. +ms.prod: hololens +ms.sitesec: library +author: jdeckerms +ms.author: jdecker +ms.topic: article +ms.localizationpriority: medium +ms.date: 07/27/2018 +--- + +# Insider preview for Microsoft HoloLens + +Welcome to the latest Insider Preview builds for HoloLens! It’s simple to get started and provide valuable feedback for our next major operating system update for HoloLens. + +>Latest insider version: 10.0.17720.1000 + + +## How do I install the Insider builds? + +On a device running the Windows 10 April 2018 Update, go to **Settings -> Update & Security -> Windows Insider Program** and select **Get started**. Link the account you used to register as a Windows Insider. + +Then, select **Active development of Windows**, choose whether you’d like to receive **Fast** or **Slow** builds, and review the program terms. + +Select **Confirm -> Restart Now** to finish up. After your device has rebooted, go to **Settings -> Update & Security -> Check for updates** to get the latest build. + +## New features for HoloLens + +The latest Insider Preview (RS5) has arrived for all HoloLens customers! This latest flight is packed with improvements that have been introduced since the [last major release of HoloLens software in May 2018](https://docs.microsoft.com/windows/mixed-reality/release-notes). + +### For everyone + + +Feature | Details | Instructions +--- | --- | --- +Stop video capture from the Start or quick actions menu | If you start video capture from the Start menu or quick actions menu, you’ll be able to stop recording from the same place. (Don’t forget, you can always do this with voice commands too.) | To start recording, select **Start > Video**. To stop recording, select **Start > Stop video**. +Project to a Miracast-enabled device | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter | On **Start**, select **Connect**. Select the device you want to project to. +New notifications | View and respond to notification toasts on HoloLens, just like you do on a PC. | You’ll now see notifications from apps that provide them. Gaze to respond to or dismiss them (or if you’re in an immersive experience, use the bloom gesture). +HoloLens overlays (file picker, keyboard, dialogs, etc.) | You’ll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. | When you’re using an immersive app, input text, select a file from the file picker, or interact with dialogs without leaving the app. +Visual feedback overlay UI for volume change | When you use the volume up/down buttons on your HoloLens you’ll see a visual display of the volume level. | Adjust the device volume using the volume up/down buttons located on the right arm of the HoloLens. Use the visual display to track the volume level. +New UI for device boot | A loading indicator was added during the boot process to provide visual feedback that the system is loading. | Reboot your device to see the new loading indicator—it’s between the "Hello" message and the Windows boot logo. +Share UX: Nearby Sharing | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. | Capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge). Select a nearby Windows device to share with. +Share from Microsoft Edge | Share button is now available on Microsoft Edge windows on HoloLens. | In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. + +### For developers + +- Support for Holographic [Camera Capture UI API](https://docs.microsoft.com/windows/uwp/audio-video-camera/capture-photos-and-video-with-cameracaptureui), which will let developers expose a way for users to seamlessly invoke camera or video capture from within their applications. For example, users can now capture and insert photo or video content directly within apps like Word. +- Mixed Reality Capture has been improved to exclude hidden mesh from captures, which means videos captures by apps will no longer contain black corners around the content. + +### For commercial customers + + +Feature | Details | Instructions +--- | --- | --- +Enable post-setup provisioning | Can now apply a runtime provisioning package at any time using **Settings**. | On your PC:

1. Create a provisioning package as described at [Create a provisioning package for HoloLens using the HoloLens wizard](hololens-provisioning.md).
2. Connect the HoloLens device via USB to a PC. HoloLens will show up as a device in File Explorer on the PC.
3. Drag and drop the provisioning package to the Documents folder on the HoloLens.

On your HoloLens:

1. Go to **Settings > Accounts > Access work or school**.
2. In **Related Settings**, select **Add or remove a provisioning package**.
3. On the next page, select **Add a package** to launch the file picker and select your provisioning package.
**Note:** if the folder is empty, make sure you select **This Device** and select **Documents**.
After your package has been applied, it will show in the list of Installed packages. To view package details or to remove the package from the device, select the listed package. +Assigned access with Azure AD groups | Flexibility to use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. | Prepare XML file to configure Assigned Access on PC:

1. In a text editor, open [the provided file AssignedAccessHoloLensConfiguration_AzureADGroup.xml](#xml).
2. Change the group ID to one available in your Azure AD tenant. You can find the group ID of an Azure Active Directory Group by either :
- following the steps at [Azure Active Directory version 2 cmdlets for group management](https://docs.microsoft.com/azure/active-directory/active-directory-accessmanagement-groups-settings-v2-cmdlets),
OR
- in the Azure portal, with the steps at [Manage the settings for a group in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-groups-settings-azure-portal).

**Note:** The sample configures the following apps: Skype, Learning, Feedback Hub, Flow, Camera, and Calibration.

Create provisioning package with WCD:

1. On a PC, follow the steps at [Create a provisioning package for HoloLens using the HoloLens wizard](hololens-provisioning.md) to create a provisioning package.
2. Ensure that you include the license file in **Set up device**.
3. Select **Switch to advanced editor** (bottom left), and **Yes** for warning prompt.
4. Expand the runtime settings selection in the **Available customizations** panel and select **AssignedAccess > MultiAppAssignedAccessSettings**.
5. In the middle panel, you should now see the setting displayed with documentation in the panel below. Browse to the XML you modified for Assigned Access.
6. On the **Export** menu, select **Provisioning package**.
**Warning:** If you encrypt the provisioning package, provisioning the HoloLens device will fail.
7. Select **Next** to specify the output location where you want the provisioning package to go once it's built.
8. Select **Next**, and then select **Build** to start building the package.
9. When the build completes, select **Finish**.

Apply the package to HoloLens:

1. Connect HoloLens via USB to a PC and start the device, but do not continue past the **Fit** page of OOBE (the first page with the blue box). HoloLens will show up as a device in File Explorer on the PC.
2. In File Explorer, drag and drop the provisioning package (.ppkg) onto the device storage.
3. Briefly press and release the **Volume Down** and **Power** buttons simultaneously again while on the fit page.
4. The device will ask you if you trust the package and would like to apply it. Confirm that you trust the package.
5. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with OOBE.

Enable assigned access on HoloLens:

1. After applying the provisioning package, during the **Account Setup** flows in OOBE, select **My work or school owns this** to set up your device with an Azure AD account.
**Note:** This account must not be in the group chosen for Assigned Access.
2. Once you reach the Shell, ensure the Skype app is installed either via your MDM environment or from the Store.
3. After the Skype app is installed, sign out.
4. On the sign-in screen, select the **Other User** option and enter an Azure AD account email address that belongs to the group chosen for Assigned Access. Then enter the password to sign in. You should now see this user with only the apps configured in the Assigned Access profile. +PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**.  | When signing in as **Other User**, the PIN option is now available under **Sign-In options**. +Sign in with Web Cred Provider using password | You can now select the Globe sign-in option to launch web sign-in with your password. Look for additional web sign-in methods coming in the future. | From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password.
**Note:** You can choose to bypass any PIN/Smartcard options when prompted during web sign-in.  +Read device hardware info through MDM so devices can be tracked by serial # | IT administrators can see and track HoloLens by device serial number in their MDM console. | Refer to your MDM documentation for feature availability, and for how to use your MDM console to view HoloLens device serial number. +Set HoloLens device name through MDM (rename) |  IT administrators can see and rename HoloLens devices in their MDM console. | Refer to your MDM documentation for feature availability, and for how to use your MDM console to view and set your HoloLens device name (rename). + +### For international customers + + +Feature | Details | Instructions +--- | --- | --- +Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands. | See below. + +#### Installing the Chinese or Japanese versions of the Insider builds + +In order to switch to the Chinese or Japanese version of HoloLens, you’ll need to download the build for the language on a PC and then install it on your HoloLens using the Windows Device Recovery Tool (WDRT). + +>[!IMPORTANT] +>Installing the Chinese or Japanese builds of HoloLens using WDRT will delete existing data, like personal files and settings, from your HoloLens. + +1. On a retail HoloLens device, [opt in to Insider Preview builds](#get-insider) to prepare your device for the RS5 Preview. +2. On your PC, download and install [the Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379). +3. Download the package for the language you want to your PC: [Simplified Chinese](https://aka.ms/hololenspreviewdownload-ch) or [Japanese](https://aka.ms/hololenspreviewdownload-jp). +4. When the download is finished, select **File Explorer > Downloads**. Right-click the zipped folder you just downloaded, and select **Extract all... > Extract** to unzip it. +5. Connect your HoloLens to your PC using the micro-USB cable it came with. (Even if you've been using other cables to connect your HoloLens, this one works best.)  +6. The tool will automatically detect your HoloLens. Select the Microsoft HoloLens tile. +7. On the next screen, select **Manual package selection** and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the extension “.ffu”.) +8. Select **Install software** and follow the instructions to finish installing. +9. Once the build is installed, HoloLens setup will start automatically. Put on the device and follow the setup directions. + +When you’re done with setup, go to **Settings -> Update & Security -> Windows Insider Program** and check that you’re configured to receive the latest preview builds. The Chinese/Japanese version of HoloLens will be kept up-to-date with the latest preview builds via the Windows Insider Program the same way the English version is. + +## Note for language support + +- You can’t change the system language between English, Japanese, and Chinese using the Settings app. Flashing a new build is the only supported way to change the device system language. +- While you can enter Simplified Chinese / Japanese text using the on-screen Pinyin keyboard, typing in Simplified Chinese / Japanese using a Bluetooth hardware keyboard is not supported at this time. However, on Chinese/Japanese HoloLens, you can continue to use a BT keyboard to type in English (the ~ key on a hardware keyboard toggles the keyboard to type in English). + +## Note for developers + +You are welcome and encouraged to try developing your applications using this build of HoloLens. Check out the [HoloLens Developer Documentation](https://developer.microsoft.com/windows/mixed-reality/development) to get started. Those same instructions work with this latest build of HoloLens. You can use the same builds of Unity and Visual Studio that you're already using for HoloLens development. + +## Provide feedback and report issues + +Please use [the Feedback Hub app](https://docs.microsoft.com/windows/mixed-reality/give-us-feedback) on your HoloLens or Windows 10 PC to provide feedback and report issues. Using Feedback Hub ensures that all necessary diagnostics information is included to help our engineers quickly debug and resolve the problem. Issues with the Chinese and Japanese version of HoloLens should be reported the same way. + +>[!NOTE] +>Be sure to accept the prompt that asks whether you’d like Feedback Hub to access your Documents folder (select **Yes** when prompted). + + +## AssignedAccessHoloLensConfiguration_AzureADGroup.xml + +Copy this sample XML to use for the [**Assigned access with Azure AD groups** feature](#for-commercial-customers). + +```xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ]]> + + + + + + + + + + + + + + +``` + diff --git a/devices/hololens/index.md b/devices/hololens/index.md index 90e76edb5e..786b38a1e3 100644 --- a/devices/hololens/index.md +++ b/devices/hololens/index.md @@ -7,7 +7,7 @@ author: jdeckerms ms.author: jdecker ms.topic: article ms.localizationpriority: medium -ms.date: 05/21/2018 +ms.date: 07/27/2018 --- # Microsoft HoloLens @@ -22,6 +22,7 @@ ms.date: 05/21/2018 | Topic | Description | | --- | --- | | [What's new in Microsoft HoloLens](hololens-whats-new.md) | Discover the new features in the latest update. | +[Insider preview for Microsoft HoloLens](hololens-insider.md) | Learn about new HoloLens features available in the latest Insider Preview build. | [HoloLens in the enterprise: requirements](hololens-requirements.md) | Lists requirements for general use, Wi-Fi, and device management | | [Set up HoloLens](hololens-setup.md) | How to set up HoloLens for the first time | | [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) | How to upgrade your Development Edition HoloLens to Windows Holographic for Business | From b8ec04cd1a8aeca88cf9101df48aecc7e6ab708f Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 27 Jul 2018 10:34:09 -0700 Subject: [PATCH 18/27] removed migration steps --- .../bitlocker-management-for-enterprises.md | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index ce3943134e..eaea53000a 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: brianlic-msft -ms.date: 07/18/2018 +ms.date: 07/27/2018 --- # BitLocker Management for Enterprises @@ -21,15 +21,7 @@ Though much Windows BitLocker [documentation](bitlocker-overview.md) has been pu Companies that image their own computers using Microsoft System Center 2012 Configuration Manager SP1 (SCCM) or later can use an existing task sequence to [pre-provision BitLocker](https://technet.microsoft.com/library/hh846237.aspx#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](https://technet.microsoft.com/library/hh846237.aspx#BKMK_EnableBitLocker). This can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use SCCM to pre-set any desired [BitLocker Group Policy](https://technet.microsoft.com/library/ee706521(v=ws.10).aspx). -Enterprises can use [Microsoft BitLocker Administration and Management (MBAM)](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](https://support.microsoft.com/en-us/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201) or they can receive extended support until July 2024. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. When moving to cloud-based management, following these steps could be helpful: - -1. Disable MBAM management and leave MBAM as only a database backup for the recovery key. -2. Join the computers to Azure Active Directory (Azure AD). -3. Use `Manage-bde -protectors -aadbackup` to backup the recovery key to Azure AD. - -BitLocker recovery keys can be managed from Azure AD thereafter. The MBAM database does not need to be migrated. - -Enterprises that choose to continue managing BitLocker on-premises after MBAM support ends can use the [BitLocker WMI provider class](https://msdn.microsoft.com/library/windows/desktop/aa376483) to create a custom management solution. +Enterprises can use [Microsoft BitLocker Administration and Management (MBAM)](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](https://support.microsoft.com/en-us/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201) or they can receive extended support until July 2024. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. ## Managing devices joined to Azure Active Directory From da7fbba7f144ae6781376ef4337aa242649af2c1 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 27 Jul 2018 10:43:46 -0700 Subject: [PATCH 19/27] added link to PS examples --- .../bitlocker/bitlocker-management-for-enterprises.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index eaea53000a..691e7ec1de 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -21,11 +21,11 @@ Though much Windows BitLocker [documentation](bitlocker-overview.md) has been pu Companies that image their own computers using Microsoft System Center 2012 Configuration Manager SP1 (SCCM) or later can use an existing task sequence to [pre-provision BitLocker](https://technet.microsoft.com/library/hh846237.aspx#BKMK_PreProvisionBitLocker) encryption while in Windows Preinstallation Environment (WinPE) and can then [enable protection](https://technet.microsoft.com/library/hh846237.aspx#BKMK_EnableBitLocker). This can help ensure that computers are encrypted from the start, even before users receive them. As part of the imaging process, a company could also decide to use SCCM to pre-set any desired [BitLocker Group Policy](https://technet.microsoft.com/library/ee706521(v=ws.10).aspx). -Enterprises can use [Microsoft BitLocker Administration and Management (MBAM)](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](https://support.microsoft.com/en-us/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201) or they can receive extended support until July 2024. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. +Enterprises can use [Microsoft BitLocker Administration and Management (MBAM)](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/) to manage client computers with BitLocker that are domain-joined on-premises until [mainstream support ends in July 2019](https://support.microsoft.com/en-us/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%202.5%20Service%20Pack%201) or they can receive extended support until July 2024. Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. Refer to the [PowerShell examples](#powershell-examples) to see how to store recovery keys in Azure Active Directory (Azure AD). ## Managing devices joined to Azure Active Directory -Devices joined to Azure Active Directory (Azure AD) are managed using Mobile Device Management (MDM) policy from an MDM solution such as [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). BitLocker Device Encryption status can be queried from managed machines via the [Policy Configuration Settings Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider), which reports on whether BitLocker Device Encryption is enabled on the device. Compliance with BitLocker Device Encryption policy can be a requirement for [Conditional Access](https://www.microsoft.com/cloud-platform/conditional-access) to services like Exchange Online and SharePoint Online. +Devices joined to Azure AD are managed using Mobile Device Management (MDM) policy from an MDM solution such as [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). BitLocker Device Encryption status can be queried from managed machines via the [Policy Configuration Settings Provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider), which reports on whether BitLocker Device Encryption is enabled on the device. Compliance with BitLocker Device Encryption policy can be a requirement for [Conditional Access](https://www.microsoft.com/cloud-platform/conditional-access) to services like Exchange Online and SharePoint Online. Starting with Windows 10 version 1703 (also known as the Windows Creators Update), the enablement of BitLocker can be triggered over MDM either by the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider) or the [BitLocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp). The BitLocker CSP adds policy options that go beyond ensuring that encryption has occurred, and is available on computers that run Windows 10 Business or Enterprise editions and on Windows Phones. From cd752e58d346cada2b517b0b2f6b09194758803f Mon Sep 17 00:00:00 2001 From: sccmentor Date: Fri, 27 Jul 2018 21:39:55 +0100 Subject: [PATCH 20/27] Update mbam-25-supported-configurations.md --- mdop/mbam-v25/mbam-25-supported-configurations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/mbam-v25/mbam-25-supported-configurations.md b/mdop/mbam-v25/mbam-25-supported-configurations.md index 4eb36ebf32..db4b4232a6 100644 --- a/mdop/mbam-v25/mbam-25-supported-configurations.md +++ b/mdop/mbam-v25/mbam-25-supported-configurations.md @@ -365,7 +365,7 @@ https://www.microsoft.com/en-us/download/details.aspx?id=54967< **Note** -In order to support SQL 2016 you must install the March 2017 Servicing Release for MDOP https://www.microsoft.com/en-us/download/details.aspx?id=54967 . In general stay current by always using the most recent servicing update as it also includes all bugfixes and new features. +In order to support SQL 2016 you must install the March 2017 Servicing Release for MDOP https://www.microsoft.com/en-us/download/details.aspx?id=54967 and to support SQL 2017 you must install the July 2018 Servicing Release for MDOP https://www.microsoft.com/en-us/download/details.aspx?id=57157. In general stay current by always using the most recent servicing update as it also includes all bugfixes and new features.   ### SQL Server processor, RAM, and disk space requirements – Stand-alone topology From 0c5e05b531fa67c9dfeeb75d589dc97918523132 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Fri, 27 Jul 2018 21:19:27 +0000 Subject: [PATCH 21/27] Merged PR 10154: Added descriptions to Antispyware nodes in DeviceStatus CSP --- windows/client-management/mdm/devicestatus-csp.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index 89a798ab13..a20317c21f 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 03/12/2018 +ms.date: 07/26/2018 --- # DeviceStatus CSP @@ -178,11 +178,24 @@ Supported operation is Get. **DeviceStatus/Antispyware/SignatureStatus** Added in Windows, version 1607. Integer that specifies the status of the antispyware signature. +Valid values: + +- 0 - The security software reports that it is not the most recent version. +- 1 - The security software reports that it is the most recent version. +- 2 - Not applicable. This is returned for devices like the phone that do not have an antivirus (where the API doesn’t exist.) + Supported operation is Get. **DeviceStatus/Antispyware/Status** Added in Windows, version 1607. Integer that specifies the status of the antispyware. +Valid values: + +- 0 - The status of the security provider category is good and does not need user attention. +- 1 - The status of the security provider category is not monitored by Windows Security Center (WSC). +- 2 - The status of the security provider category is poor and the computer may be at risk. +- 3 - The security provider category is in snooze state. Snooze indicates that WSC is not actively protecting the computer. + Supported operation is Get. **DeviceStatus/Firewall** From beb20690c2e3339893afda55f290801abb921c3e Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Fri, 27 Jul 2018 21:33:18 +0000 Subject: [PATCH 22/27] Merged PR 10166: Experience - added new policies in Policy CSP --- .../policy-configuration-service-provider.md | 8 + .../mdm/policy-csp-experience.md | 158 ++++++++++++++++++ 2 files changed, 166 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 6ff4d2dc96..e95aba3fb5 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1246,6 +1246,12 @@ The following diagram shows the Policy configuration service provider in tree fo

Experience/DoNotShowFeedbackNotifications
+
+ Experience/DoNotSyncBrowserSetting +
+
+ Experience/PreventUsersFromTurningOnBrowserSyncing +
### ExploitGuard policies @@ -4319,6 +4325,8 @@ The following diagram shows the Policy configuration service provider in tree fo - [Experience/AllowWindowsTips](./policy-csp-experience.md#experience-allowwindowstips) - [Experience/ConfigureWindowsSpotlightOnLockScreen](./policy-csp-experience.md#experience-configurewindowsspotlightonlockscreen) - [Experience/DoNotShowFeedbackNotifications](./policy-csp-experience.md#experience-donotshowfeedbacknotifications) +- [Experience/DoNotSyncBrowserSetting](./policy-csp-experience.md#experience-donotsyncbrowsersetting) +- [Experience/PreventUsersFromTurningOnBrowserSyncing](./policy-csp-experience.md#experience-preventusersfromturningonbrowsersyncing) - [ExploitGuard/ExploitProtectionSettings](./policy-csp-exploitguard.md#exploitguard-exploitprotectionsettings) - [FileExplorer/TurnOffDataExecutionPreventionForExplorer](./policy-csp-fileexplorer.md#fileexplorer-turnoffdataexecutionpreventionforexplorer) - [FileExplorer/TurnOffHeapTerminationOnCorruption](./policy-csp-fileexplorer.md#fileexplorer-turnoffheapterminationoncorruption) diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md index f2dec99193..a0a6355c06 100644 --- a/windows/client-management/mdm/policy-csp-experience.md +++ b/windows/client-management/mdm/policy-csp-experience.md @@ -90,6 +90,12 @@ ms.date: 07/13/2018
Experience/DoNotShowFeedbackNotifications
+
+ Experience/DoNotSyncBrowserSetting +
+
+ Experience/PreventUsersFromTurningOnBrowserSyncing +
@@ -1390,6 +1396,158 @@ The following list shows the supported values: +<<<<<<< HEAD +
+ + +**Experience/DoNotSyncBrowserSetting** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcross markcross markcheck mark5check mark5
+ + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +By default, the "browser" group syncs automatically between user’s devices and allowing users to choose to make changes. The "browser" group uses the **Sync your Settings** option in Settings to sync information like history and favorites. Enabling this policy prevents the "browser" group from using the **Sync your Settings** option. If you want syncing turned off by default but not disabled, select the Allow users to turn "browser" syncing option. + +Related policy: PreventUsersFromTurningOnBrowserSyncing. + +Value type is integer. Supported values: + +- 0 (default) - Allowed/turned on. The "browser" group syncs automatically between user’s devices and lets users to make changes. +- 2 - Prevented/turned off. The "browser" group does not use the **Sync your Settings** option. + + + +ADMX Info: +- GP English name: *Do not sync browser settings* +- GP name: *DisableWebBrowserSettingSync* +- GP path: *Windows Components/Sync your settings* +- GP ADMX file name: *SettingSync.admx* + + + + + + + + + + + + + +
+ + +**Experience/PreventUsersFromTurningOnBrowserSyncing** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobile Enterprise
cross markcross markcross markcheck mark5check mark5
+ + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +By default, the "browser" group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the "browser" group from syncing and prevent users from turning on the Sync your Settings toggle in Settings. If you want syncing turned off by default but not disabled, select the Allow users to turn "browser" syncing option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy. + +Related policy: DoNotSyncBrowserSetting + +Value type is integer. Supported values: + +- 0 - Allowed/turned on. Users can sync the browser settings. +- 1 (default) - Prevented/turned off. + +This policy only works with the Experience/DoNotSyncBrowserSetting policy, and for this policy to work correctly, you must set Experience/DoNotSynBrowserSettings to 2 (enabled). By default, when you set this policy and the Experience/DoNotSyncBrowserSetting policy to 0 (disabled or not configured), the browser settings sync automatically. However, with this policy, you can prevent the syncing of browser settings and prevent users from turning on the Sync your Settings option. Additionally, you can prevent syncing the browser settings but give users a choice to turn on syncing. + +If you want to prevent syncing of browser settings and prevent users from turning it on: +1. Set Experience/DoNotSyncBrowserSetting to 2 (enabled). +1. Set this policy (Experience/PreventUsersFromTurningOnBrowserSyncing) to 1 (enabled or not configured). + +If you want to prevent syncing of browser settings but give users a choice to turn on syncing: +1. Set Experience/DoNotSyncBrowserSetting to 2 (enabled). +1. Set this policy (Experience/PreventUsersFromTurningOnBrowserSyncing) to 0 (disabled). + + + +ADMX Info: +- GP English name: *Do not sync browser settings* +- GP name: *DisableWebBrowserSettingSync* +- GP element: *CheckBox_UserOverride* +- GP path: *Windows Components/Sync your settings* +- GP ADMX file name: *SettingSync.admx* + + + + + + + + + +**Validation procedure:** + +Microsoft Edge on your PC: +1. Select More > Settings. +1. See if the setting is enabled or disabled based on your setting. + + + +======= +>>>>>>> 785954ffa54220bce4c3bdaef580253b43197a5a
Footnote: From 4d9bbf21125121c875e0818913e02232f6874333 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Fri, 27 Jul 2018 23:21:44 +0000 Subject: [PATCH 23/27] Merged PR 10168: Updated the MDM change history table Change history table --- ...ew-in-windows-mdm-enrollment-management.md | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 80cdf791b0..c92f8d40fc 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -10,7 +10,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 07/23/2018 +ms.date: 07/27/2018 --- # What's new in MDM enrollment and management @@ -1638,32 +1638,36 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware +[PassportForWork CSP](passportforwork-csp.md) +

Added new settings in Windows 10, next major version.

+ + [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) -

Added NonRemovable setting under AppManagement node.

+

Added NonRemovable setting under AppManagement node in Windows 10, next major version.

[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md) -

Added new configuration service provider.

+

Added new configuration service provider in Windows 10, next major version.

[WindowsLicensing CSP](windowslicensing-csp.md) -

Added S mode settings and SyncML examples.

+

Added S mode settings and SyncML examples in Windows 10, next major version.

[SUPL CSP](supl-csp.md) -

Added 3 new certificate nodes.

+

Added 3 new certificate nodes in Windows 10, next major version.

[Defender CSP](defender-csp.md) -

Added a new node Health/ProductStatus.

+

Added a new node Health/ProductStatus in Windows 10, next major version.

[BitLocker CSP](bitlocker-csp.md) -

Added a new node AllowStandardUserEncryption.

+

Added a new node AllowStandardUserEncryption in Windows 10, next major version.

[DevDetail CSP](devdetail-csp.md) -

Added a new node SMBIOSSerialNumber.

+

Added a new node SMBIOSSerialNumber in Windows 10, next major version.

[Policy CSP](policy-configuration-service-provider.md) From 5736a9c89be1e2613a432492970309472a24a4e4 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Fri, 27 Jul 2018 23:22:08 +0000 Subject: [PATCH 24/27] Merged PR 10155: Add RemoteFind to list of CSPs supported in Windows Holographic --- .../mdm/configuration-service-provider-reference.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 441c14e310..cd6b862e43 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: MariciaAlforque -ms.date: 04/24/2018 +ms.date: 07/27/2018 --- # Configuration service provider reference @@ -2660,6 +2660,7 @@ The following list shows the configuration service providers supported in Window | [NodeCache CSP](nodecache-csp.md) | ![check mark](images/checkmark.png) | ![check mark](images/checkmark.png) | [PassportForWork CSP](passportforwork-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | | [Policy CSP](policy-configuration-service-provider.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | +| [RemoteFind CSP](remotefind-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)4 | | [RemoteWipe CSP](remotewipe-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png)4 | | [RootCATrustedCertificates CSP](rootcacertificates-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | | [Update CSP](update-csp.md) | ![cross mark](images/crossmark.png) | ![check mark](images/checkmark.png) | From 12390e6c133048ec019bce4234ed831571cb2740 Mon Sep 17 00:00:00 2001 From: Ed Gallagher Date: Sat, 28 Jul 2018 19:28:05 -0500 Subject: [PATCH 25/27] Fix broken link Link to TPM Cmdlets in Windows PowerShell is broken. Changed the link to what I believe is the correct page. --- .../hardware-protection/tpm/change-the-tpm-owner-password.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/hardware-protection/tpm/change-the-tpm-owner-password.md b/windows/security/hardware-protection/tpm/change-the-tpm-owner-password.md index 85fc58c11a..7731079b80 100644 --- a/windows/security/hardware-protection/tpm/change-the-tpm-owner-password.md +++ b/windows/security/hardware-protection/tpm/change-the-tpm-owner-password.md @@ -45,7 +45,7 @@ To change to a new TPM owner password, in TPM.msc, click **Change Owner Password ## Use the TPM cmdlets -You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj603116.aspx). +You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/en-us/powershell/module/trustedplatformmodule). ## Related topics From 5d80200b40e5c3f2a03c48cd1dab9d9b531f9d6c Mon Sep 17 00:00:00 2001 From: Menno Stevens Date: Sun, 29 Jul 2018 17:00:08 +0200 Subject: [PATCH 26/27] Update surface-dock-updater.md (initial docs update for 2.22.139.0) Actual update details still t.b.d. Just reflecting in docs that the download link now offers version 2.22.139.0 --- devices/surface/surface-dock-updater.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/devices/surface/surface-dock-updater.md b/devices/surface/surface-dock-updater.md index 227433e7b2..6141054da4 100644 --- a/devices/surface/surface-dock-updater.md +++ b/devices/surface/surface-dock-updater.md @@ -117,6 +117,12 @@ Microsoft periodically updates Surface Dock Updater. To learn more about the app >[!Note] >Each update to Surface Dock firmware is included in a new version of Surface Dock Updater. To update a Surface Dock to the latest firmware, you must use the latest version of Surface Dock Updater. +### Version 2.22.139.0 +*Release Date: 26 July 2018* + +This version of Surface Dock Updater adds support for the following: +t.b.d. + ### Version 2.12.136.0 *Release Date: 29 January 2018* From 4dd04bde84d9c9e0e6e28b54c70e7073573f606f Mon Sep 17 00:00:00 2001 From: Ed Gallagher Date: Sun, 29 Jul 2018 20:23:40 -0500 Subject: [PATCH 27/27] Clarification Clarified the requirement of TMP 2.0 for Device Health Attestation to resolve question raised by user Thomas Redmer --- .../hardware-protection/tpm/trusted-platform-module-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/hardware-protection/tpm/trusted-platform-module-overview.md b/windows/security/hardware-protection/tpm/trusted-platform-module-overview.md index 829d773086..43699df08e 100644 --- a/windows/security/hardware-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/hardware-protection/tpm/trusted-platform-module-overview.md @@ -68,7 +68,7 @@ Some things that you can check on the device are: - Is SecureBoot supported and enabled? > [!NOTE] -> The device must be running Windows 10 and it must support at least TPM 2.0. +> The device must be running Windows 10 and it must support at least TPM 2.0 in order to utilize Device Health Attestation. ## Supported versions