diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md index b6520a1322..7e5b56e47f 100644 --- a/devices/hololens/TOC.md +++ b/devices/hololens/TOC.md @@ -5,7 +5,7 @@ ## [Get your HoloLens 2 ready to use](hololens2-setup.md) ## [Set up your HoloLens 2](hololens2-start.md) ## [HoloLens 2 fit and comfort FAQ](hololens2-fit-comfort-faq.md) -## [Frequently asked questions about cleaning HoloLens 2 devices](hololens2-maintenance.md) +## [HoloLens 2 cleaning FAQ](hololens2-maintenance.md) ## [Supported languages for HoloLens 2](hololens2-language-support.md) ## [Getting around HoloLens 2](hololens2-basic-usage.md) diff --git a/devices/hololens/hololens2-hardware.md b/devices/hololens/hololens2-hardware.md index f774eda6d6..6b8175e59d 100644 --- a/devices/hololens/hololens2-hardware.md +++ b/devices/hololens/hololens2-hardware.md @@ -135,26 +135,6 @@ In order to maintain/advance Internal Battery Charge Percentage while the device HoloLens 2 has been tested and conforms to the basic impact protection requirements of ANSI Z87.1, CSA Z94.3 and EN 166. -## Care and cleaning - -Handle your HoloLens carefully. Use the headband to lift and carry the HoloLens 2. - -As you would for eyeglasses or protective eye-wear, try to keep the HoloLens visor free of dust and fingerprints. When possible, avoid touching the visor. Repeated cleaning could damage the visor, so keep your device clean! - -Don't use any cleaners or solvents on your HoloLens, and don't submerge it in water or apply water directly to it. - -To clean the visor, remove any dust by using a camel or goat hair lens brush or a bulb-style lens blower. Lightly moisten the microfiber cloth with a small amount of distilled water, then use it to wipe the visor gently in a circular motion. - -Clean the rest of the device, including the headband and device arms, with a lint-free microfiber cloth moistened with mild soap and water. Let your HoloLens dry completely before reuse. - -![Image that shows how to clean the visor](images/hololens-cleaning-visor.png) - -### Replace the brow pad - -The brow pad is magnetically attached to the device. To detach it, pull gently away. To replace it, snap it back into place. - -![Remove or replace the brow pad](images/hololens2-remove-browpad.png) - ## Next step > [!div class="nextstepaction"] diff --git a/devices/hololens/hololens2-maintenance.md b/devices/hololens/hololens2-maintenance.md index 845e36cba1..88617eea68 100644 --- a/devices/hololens/hololens2-maintenance.md +++ b/devices/hololens/hololens2-maintenance.md @@ -1,5 +1,5 @@ --- -title: HoloLens 2 device care and cleaning FAQ +title: HoloLens 2 cleaning FAQ description: author: Teresa-Motiv ms.author: v-tea @@ -17,7 +17,7 @@ appliesto: - HoloLens 2 --- -# Frequently asked questions about cleaning HoloLens 2 devices +# HoloLens 2 cleaning FAQ > [!IMPORTANT] > Microsoft cannot make a determination of the effectiveness of any given disinfectant product in fighting pathogens such as COVID-19. Please refer to your local public health authority's guidance about how to stay safe from potential infection. diff --git a/devices/surface/enroll-and-configure-surface-devices-with-semm.md b/devices/surface/enroll-and-configure-surface-devices-with-semm.md index fd8f4626e5..56282326a4 100644 --- a/devices/surface/enroll-and-configure-surface-devices-with-semm.md +++ b/devices/surface/enroll-and-configure-surface-devices-with-semm.md @@ -57,8 +57,10 @@ To create a Surface UEFI configuration package, follow these steps: 6. Click **Password Protection** to add a password to Surface UEFI. This password will be required whenever you boot to UEFI. If this password is not entered, only the **PC information**, **About**, **Enterprise management**, and **Exit** pages will be displayed. This step is optional. 7. When you are prompted, enter and confirm your chosen password for Surface UEFI, and then click **OK**. If you want to clear an existing Surface UEFI password, leave the password field blank. 8. If you do not want the Surface UEFI package to apply to a particular device, on the **Choose which Surface type you want to target** page, click the slider beneath the corresponding Surface Book or Surface Pro 4 image so that it is in the **Off** position. (As shown in Figure 3.) + > [!NOTE] + > You must select a device as none are selected by default. - ![Choose devices for package compatibility](images/surface-semm-enroll-fig3.png "Choose devices for package compatibility") + ![Choose devices for package compatibility](images/surface-semm-enroll-fig3.jpg "Choose devices for package compatibility") *Figure 3. Choose the devices for package compatibility* diff --git a/devices/surface/images/surface-semm-enroll-fig3.jpg b/devices/surface/images/surface-semm-enroll-fig3.jpg new file mode 100644 index 0000000000..bdbc3dfd4f Binary files /dev/null and b/devices/surface/images/surface-semm-enroll-fig3.jpg differ diff --git a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md index 42c6d6f42f..21616dc89e 100644 --- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md +++ b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md @@ -382,56 +382,11 @@ To configure Surface UEFI settings or permissions for Surface UEFI settings, you The computer where ShowSettingsOptions.ps1 is run must have Microsoft Surface UEFI Manager installed, but the script does not require a Surface device. -The following tables show the available settings for Surface Pro 4 and later including Surface Pro 7, Surface Book, Surface Laptop 3, and Surface Go. +The best way to view the most current Setting names and IDs for devices is to use the ConfigureSEMM.ps1 script or the ConfigureSEMM - .ps1 from the SEMM_Powershell.zip in [Surface Tools for IT Downloads](https://www.microsoft.com/download/details.aspx?id=46703). -*Table 1. Surface UEFI settings for Surface Pro 4* +Setting names and IDs for all devices can be seen in the ConfigureSEMM.ps1 script. -| Setting ID | Setting Name | Description | Default Setting | -| --- | --- | --- | --- | -|501| Password | UEFI System Password | | -|200| Secure Boot Keys | Secure Boot signing keys to enable for EFI applications | MsPlus3rdParty | -|300| Trusted Platform Module (TPM) | TPM device enabled or disabled | Enabled | -|301| Docking USB Port | Docking USB Port enabled or disabled | Enabled | -|302| Front Camera | Front Camera enabled or disabled | Enabled | -|303| Bluetooth | Bluetooth radio enabled or disabled | Enabled | -|304| Rear Camera | Rear Camera enabled or disabled | Enabled | -|305| IR Camera | InfraRed Camera enabled or disabled | Enabled | -|308| Wi-Fi and Bluetooth | Wi-Fi and Bluetooth enabled or disabled | Enabled | -|310| Type Cover | Surface Type Cover connector | Enabled | -|320| On-board Audio | On-board audio enabled or disabled | Enabled | -|330| Micro SD Card | Micro SD Card enabled or disabled | Enabled | -|370| USB Port 1 | Side USB Port (1) | UsbPortEnabled | -|400| IPv6 for PXE Boot | Enable IPv6 PXE boot before IPv4 PXE boot |Disabled | -|401| Alternate Boot | Alternate Boot allows users to override the boot order by holding the volume down button when powering up the device | Enabled | -|402| Boot Order Lock | Boot Order variable lock enabled or disabled | Disabled | -|403| USB Boot | Enable booting from USB devices | Enabled | -|500| TPM clear EFI protocol | Enable EFI protocol for invoking TPM clear | Disabled | -|600| Security | UEFI Security Page Display enabled or disabled | Enabled | -|601| Devices | UEFI Devices Page Display enabled or disabled | Enabled | -|602| Boot | UEFI Boot Manager Page Display enabled or disabled | Enabled | - -*Table 2. Surface UEFI settings for Surface Book* - -| Setting ID | Setting Name | Description | Default Setting | -| --- | --- | --- | --- | -| 501 | Password | UEFI System Password | | -| 200 | Secure Boot Keys | Secure Boot signing keys to enable for EFI applications | MsPlus3rdParty | -| 300 | Trusted Platform Module (TPM) | TPM device enabled or disabled | Enabled | -| 301 | Docking USB Port | Docking USB Port enabled or disabled | Enabled | -| 302 | Front Camera | Front Camera enabled or disabled | Enabled | -| 303 | Bluetooth | Bluetooth radio enabled or disabled | Enabled | -| 304 | Rear Camera | Rear Camera enabled or disabled | Enabled | -| 305 | IR Camera | InfraRed Camera enabled or disabled | Enabled | -| 308 | Wi-Fi and Bluetooth | Wi-Fi and Bluetooth enabled or disabled | Enabled | -| 320 | On-board Audio | On-board audio enabled or disabled | Enabled | -| 400 | IPv6 for PXE Boot Enable | IPv6 PXE boot before IPv4 PXE boot | Disabled | -| 401 | Alternate Boot | Alternate Boot allows users to override the boot order by holding the volume down button when powering up the device | Enabled | -| 402 | Boot Order Lock | Boot Order variable lock enabled or disabled | Disabled | -| 403 | USB Boot | Enable booting from USB devices | Enabled | -| 500 | TPM clear EFI protocol | Enable EFI protocol for invoking TPM clear | Disabled | -| 600 | Security | UEFI Security Page Display enabled or disabled | Enabled | -| 601 | Devices | UEFI Devices Page Display enabled or disabled | Enabled | -| 602 | Boot | UEFI Boot Manager Page Display enabled or disabled | Enabled | +Setting names and IDs for specific devices can be seen in the ConfigureSEMM - .ps1 scripts. For example, setting names and IDs for Surface Pro X can be found in the ConfigureSEMM – ProX.ps1 script. ## Deploy SEMM Configuration Manager scripts diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 918937a2b4..2048fbf29b 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1417,11 +1417,15 @@ To turn off Inking & Typing data collection: - In the UI go to **Settings -> Privacy -> Diagnostics & Feedback -> Improve inking and typing** and turn it to **Off** - -or- + -OR- **Disable** the Group Policy: **Computer Configuration > Administrative Templates > Windows Components > Text Input > Improve inking and typing recognition** - -or- + -and- + + **Disable** the Group Policy: **User Configuration > Administrative Templates > Control Panel > Regional and Language Options > Handwriting personalization > Turn off automatic learning** + + -OR- - Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_CURRENT_USER\Software\Microsoft\InputPersonalization** to a **value of 1 (one)** diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 06efa1c47e..41e116ecca 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -38,6 +38,7 @@ #### [Attack surface reduction evaluation](microsoft-defender-atp/evaluate-attack-surface-reduction.md) #### [Attack surface reduction configuration settings](microsoft-defender-atp/configure-attack-surface-reduction.md) #### [Attack surface reduction FAQ](microsoft-defender-atp/attack-surface-reduction-faq.md) +#### [Attack surface reduction rules in Windows 10 Enterprise E3](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3) #### [Attack surface reduction controls]() ##### [Attack surface reduction rules](microsoft-defender-atp/attack-surface-reduction.md) @@ -413,7 +414,7 @@ ##### [Manage portal access using RBAC](microsoft-defender-atp/rbac.md) ###### [Create and manage roles](microsoft-defender-atp/user-roles.md) ###### [Create and manage machine groups](microsoft-defender-atp/machine-groups.md) -####### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md) +###### [Create and manage machine tags](microsoft-defender-atp/machine-tags.md) #### [APIs]() ##### [Enable SIEM integration](microsoft-defender-atp/enable-siem-integration.md) diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md index ad211f1718..5e75ce5325 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md +++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md @@ -92,7 +92,7 @@ This section describes how an attacker might exploit a feature or its configurat ### Vulnerability -Accounts that have the **Deny log on as a batch job** user right could be used to schedule jobs that could consume excessive computer resources and cause a denial-of-service condition. +Accounts that have the **Log on as a batch job** user right could be used to schedule jobs that could consume excessive computer resources and cause a denial-of-service condition. ### Countermeasure diff --git a/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md index 884d11011b..bfca4b0430 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/why-use-microsoft-antivirus.md @@ -38,7 +38,7 @@ Although you can use a non-Microsoft antivirus solution with Microsoft Defender |4|Details about blocked malware |More details and actions for blocked malware are available with Windows Defender Antivirus and Microsoft Defender ATP. [Understand malware & other threats](../intelligence/understanding-malware.md).| |5|Network protection |Your organization's security team can protect your network by blocking specific URLs and IP addresses. [Protect your network](../microsoft-defender-atp/network-protection.md).| |6|File blocking |Your organization's security team can block specific files. [Stop and quarantine files in your network](../microsoft-defender-atp/respond-file-alerts.md#stop-and-quarantine-files-in-your-network).| -|7|Attack Surface Reduction |Your organization's security team can reduce your vulnerabilities (attack surfaces), offering attackers fewer ways to perform attacks. Attack surface reduction uses cloud protection for a number of rules. [Reduce attack surfaces with attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction).| +|7|Attack Surface Reduction |Your organization's security team can reduce your vulnerabilities (attack surfaces), giving attackers fewer ways to perform attacks. Attack surface reduction uses cloud protection for a number of rules. [Reduce attack surfaces with attack surface reduction rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-attack-surface-reduction).| |8|Auditing events |Auditing event signals are available in [endpoint detection and response capabilities](../microsoft-defender-atp/overview-endpoint-detection-response.md). (These signals are not available with non-Microsoft antivirus solutions.) | |9|Geographic data |Compliant with ISO 270001 and data retention, geographic data is provided according to your organization's selected geographic sovereignty. See [Compliance offerings: ISO/IEC 27001:2013 Information Security Management Standards](https://docs.microsoft.com/microsoft-365/compliance/offering-iso-27001). | |10|File recovery via OneDrive |If you are using Windows Defender Antivirus together with [Office 365](https://docs.microsoft.com/Office365/Enterprise), and your device is attacked by ransomware, your files are protected and recoverable. [OneDrive Files Restore and Windows Defender take ransomware protection one step further](https://techcommunity.microsoft.com/t5/Microsoft-OneDrive-Blog/OneDrive-Files-Restore-and-Windows-Defender-takes-ransomware/ba-p/188001).|