From 931d5be5a65a7fbcb72d4c60a47169e82f46a617 Mon Sep 17 00:00:00 2001 From: Saurabh Koshta Date: Tue, 29 Jun 2021 11:51:33 -0500 Subject: [PATCH 1/8] Update bitlocker-csp.md https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5707 greg-lindsay commented on Dec 18, 2019 @lXbalanque I understand the issue :) I've confirmed that the MDM stack (Intune profile settings) currently supports only used space encryption. You can probably see that by going through all the settings that you've shown above. There is no available choice for "encrypt entire drive" or "full encryption" even though there are a lot of other settings. --- windows/client-management/mdm/bitlocker-csp.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index f19bba4d59..e9bd144485 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -172,6 +172,10 @@ If you want to disable this policy, use the following SyncML: ``` + +> [!NOTE] +> Currently only used space encryption is supported when using this CSP. + **EncryptionMethodByDriveType** @@ -1405,4 +1409,4 @@ The following example is provided to show proper format and should not be taken ``` - \ No newline at end of file + From 64bd2ba149bd2ea66a52a83cecf73dfe73ed1d92 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 29 Jun 2021 13:29:24 -0700 Subject: [PATCH 2/8] udpate tree --- windows/client-management/mdm/euiccs-csp.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md index 9ce12f6be8..97ae6b939f 100644 --- a/windows/client-management/mdm/euiccs-csp.md +++ b/windows/client-management/mdm/euiccs-csp.md @@ -25,6 +25,10 @@ eUICCs --------IsActive --------PPR1Allowed --------PPR1AlreadySet +--------DownloadServers +------------ServerName +----------------DiscoveryState +----------------AutoEnable --------Profiles ------------ICCID ----------------ServerName From 4ff59a54710e1006b8474d21a7b9fc2885be990a Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Tue, 29 Jun 2021 13:31:11 -0700 Subject: [PATCH 3/8] formatting --- windows/whats-new/windows-11-requirements.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md index 368dd33786..c6338640b5 100644 --- a/windows/whats-new/windows-11-requirements.md +++ b/windows/whats-new/windows-11-requirements.md @@ -38,7 +38,9 @@ To install or upgrade to Windows 11, devices must meet the following minimum har - Internet connection: Internet connectivity is necessary to perform updates, and to download and use some features. - Windows 11 Home edition requires an Internet connection and a Microsoft Account to complete device setup on first use. -\* There might be additional requirements over time for updates, and to enable specific features within the operating system. For more information, see [Keeping Windows 11 up-to-date](https://www.microsoft.com/windows/windows-11-specifications). Also see [Update on Windows 11 minimum system requirements](https://blogs.windows.com/windows-insider/2021/06/28/update-on-windows-11-minimum-system-requirements/). +\* There might be additional requirements over time for updates, and to enable specific features within the operating system. For more information, see [Keeping Windows 11 up-to-date](https://www.microsoft.com/windows/windows-11-specifications). + +Also see [Update on Windows 11 minimum system requirements](https://blogs.windows.com/windows-insider/2021/06/28/update-on-windows-11-minimum-system-requirements/). For information about tools to evaluate readiness, see [Determine eligibility](windows-11-plan.md#determine-eligibility). From 4b4f05d4f15dde1f5cae5e6c1db484e294da31b2 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 29 Jun 2021 13:58:01 -0700 Subject: [PATCH 4/8] Acrolinx "Multi-factor" --- windows/deployment/windows-10-subscription-activation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index dfb7ea6b10..f2dbfeb5b5 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -103,9 +103,9 @@ For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 E If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade benefits for Windows Cloud Subscriptions in CSP](https://www.microsoft.com/en-us/microsoft-365/blog/2017/01/19/new-windows-10-upgrade-benefits-windows-cloud-subscriptions-csp/) -#### Multi-factor authentication +#### Multifactor authentication -An issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription. +An issue has been identified with Hybrid Azure AD joined devices that have enabled [multifactor authentication](/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription. To resolve this issue: From 17bdc36489d8f7199805cd308bb83c89acaf83fa Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 29 Jun 2021 13:59:33 -0700 Subject: [PATCH 5/8] Corrected note markup, spacing, punctuation --- windows/deployment/windows-10-subscription-activation.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index f2dbfeb5b5..af4d82ad1b 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -226,7 +226,8 @@ When you have the required Azure AD subscription, group-based licensing is the p If you are running Windows 10, version 1803 or later, Subscription Activation will automatically pull the firmware-embedded Windows 10 activation key and activate the underlying Pro License. The license will then step-up to Windows 10 Enterprise using Subscription Activation. This automatically migrates your devices from KMS or MAK activated Enterprise to Subscription activated Enterprise. -Caution: Firmware-embedded Windows 10 activation happens automatically only when we go through OOBE(Out Of Box Experience) +> [!CAUTION] +> Firmware-embedded Windows 10 activation happens automatically only when we go through OOBE (Out Of Box Experience). If you are using Windows 10, version 1607, 1703, or 1709 and have already deployed Windows 10 Enterprise, but you want to move away from depending on KMS servers and MAK keys for Windows client machines, you can seamlessly transition as long as the computer has been activated with a firmware-embedded Windows 10 Pro product key. From 52aa9452f44e2eeb52338308e1ac2a3f3de9161f Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 29 Jun 2021 17:16:49 -0700 Subject: [PATCH 6/8] Acrolinx: 16 instances of "Bitlocker" --- .../client-management/mdm/bitlocker-csp.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index e9bd144485..e3f6b2bd85 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -180,7 +180,7 @@ If you want to disable this policy, use the following SyncML: **EncryptionMethodByDriveType** -Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the Bitlocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)". +Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the BitLocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)". @@ -208,7 +208,7 @@ ADMX Info:
  • GP English name: Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)
  • GP name: EncryptionMethodWithXts_Name
    • -
  • GP path: Windows Components/Bitlocker Drive Encryption
    • +
  • GP path: Windows Components/BitLocker Drive Encryption
  • GP ADMX file name: VolumeEncryption.admx
@@ -264,7 +264,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. **SystemDrivesRequireStartupAuthentication** -This setting is a direct mapping to the Bitlocker Group Policy "Require additional authentication at startup". +This setting is a direct mapping to the BitLocker Group Policy "Require additional authentication at startup".
@@ -293,7 +293,7 @@ ADMX Info:
  • GP English name: Require additional authentication at startup
  • GP name: ConfigureAdvancedStartup_Name
    • -
  • GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
    • +
  • GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
  • GP ADMX file name: VolumeEncryption.admx
@@ -372,7 +372,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. **SystemDrivesMinimumPINLength** -This setting is a direct mapping to the Bitlocker Group Policy "Configure minimum PIN length for startup". +This setting is a direct mapping to the BitLocker Group Policy "Configure minimum PIN length for startup".
@@ -401,7 +401,7 @@ ADMX Info:
  • GP English name:Configure minimum PIN length for startup
  • GP name: MinimumPINLength_Name
    • -
  • GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
    • +
  • GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
  • GP ADMX file name: VolumeEncryption.admx
@@ -448,7 +448,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. **SystemDrivesRecoveryMessage** -This setting is a direct mapping to the Bitlocker Group Policy "Configure pre-boot recovery message and URL" +This setting is a direct mapping to the BitLocker Group Policy "Configure pre-boot recovery message and URL" (PrebootRecoveryInfo_Name). @@ -478,7 +478,7 @@ ADMX Info:
  • GP English name: Configure pre-boot recovery message and URL
  • GP name: PrebootRecoveryInfo_Name
    • -
  • GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
    • +
  • GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
  • GP ADMX file name: VolumeEncryption.admx
@@ -538,7 +538,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. **SystemDrivesRecoveryOptions** -This setting is a direct mapping to the Bitlocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name). +This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name).
@@ -567,7 +567,7 @@ ADMX Info:
  • GP English name: Choose how BitLocker-protected operating system drives can be recovered
  • GP name: OSRecoveryUsage_Name
    • -
  • GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
    • +
  • GP path: Windows Components/BitLocker Drive Encryption/Operating System Drives
  • GP ADMX file name: VolumeEncryption.admx
@@ -635,7 +635,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. **FixedDrivesRecoveryOptions** -This setting is a direct mapping to the Bitlocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" (). +This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" ().
@@ -664,7 +664,7 @@ ADMX Info:
  • GP English name: Choose how BitLocker-protected fixed drives can be recovered
  • GP name: FDVRecoveryUsage_Name
    • -
  • GP path: Windows Components/Bitlocker Drive Encryption/Fixed Drives
    • +
  • GP path: Windows Components/BitLocker Drive Encryption/Fixed Drives
  • GP ADMX file name: VolumeEncryption.admx
@@ -741,7 +741,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. **FixedDrivesRequireEncryption** -This setting is a direct mapping to the Bitlocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name). +This setting is a direct mapping to the BitLocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name).
@@ -770,7 +770,7 @@ ADMX Info:
  • GP English name: Deny write access to fixed drives not protected by BitLocker
  • GP name: FDVDenyWriteAccess_Name
    • -
  • GP path: Windows Components/Bitlocker Drive Encryption/Fixed Drives
    • +
  • GP path: Windows Components/BitLocker Drive Encryption/Fixed Drives
  • GP ADMX file name: VolumeEncryption.admx
@@ -810,7 +810,7 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete. **RemovableDrivesRequireEncryption** -This setting is a direct mapping to the Bitlocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name). +This setting is a direct mapping to the BitLocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name).
@@ -839,7 +839,7 @@ ADMX Info:
  • GP English name: Deny write access to removable drives not protected by BitLocker
  • GP name: RDVDenyWriteAccess_Name
    • -
  • GP path: Windows Components/Bitlocker Drive Encryption/Removeable Drives
    • +
  • GP path: Windows Components/BitLocker Drive Encryption/Removeable Drives
  • GP ADMX file name: VolumeEncryption.admx
From 6d8c5dd4bba6e9bf65ad57fd1ab0eb1fbef97b9c Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Tue, 29 Jun 2021 23:16:30 -0700 Subject: [PATCH 7/8] title --- windows/whats-new/windows-11-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md index c6338640b5..6f7a2364b6 100644 --- a/windows/whats-new/windows-11-requirements.md +++ b/windows/whats-new/windows-11-requirements.md @@ -38,7 +38,7 @@ To install or upgrade to Windows 11, devices must meet the following minimum har - Internet connection: Internet connectivity is necessary to perform updates, and to download and use some features. - Windows 11 Home edition requires an Internet connection and a Microsoft Account to complete device setup on first use. -\* There might be additional requirements over time for updates, and to enable specific features within the operating system. For more information, see [Keeping Windows 11 up-to-date](https://www.microsoft.com/windows/windows-11-specifications). +\* There might be additional requirements over time for updates, and to enable specific features within the operating system. For more information, see [Windows 11 specifications](https://www.microsoft.com/windows/windows-11-specifications). Also see [Update on Windows 11 minimum system requirements](https://blogs.windows.com/windows-insider/2021/06/28/update-on-windows-11-minimum-system-requirements/). From 10aad7f0a310d68776dcfa95b9a4f9f490d8d854 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Tue, 29 Jun 2021 23:20:49 -0700 Subject: [PATCH 8/8] fix title --- windows/whats-new/windows-11-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md index 6f7a2364b6..aa0532e98d 100644 --- a/windows/whats-new/windows-11-requirements.md +++ b/windows/whats-new/windows-11-requirements.md @@ -19,7 +19,7 @@ ms.custom: seo-marvel-apr2020 **Applies to** -- Windows 11 +- Windows 11 This article lists the system requirements for Windows 11. Windows 11 is also supported on a virtual machine (VM).