From 8a8f371c2ffa48942f536625891b018c0baf7fb2 Mon Sep 17 00:00:00 2001 From: Subhash Sharma <101168840+subshar@users.noreply.github.com> Date: Wed, 18 Jan 2023 20:43:10 +0530 Subject: [PATCH 1/2] Replace 'without Intune' with 'using Intune' The text should say "disable WHfB enrollment using Intune". Steps for how to disable without Intune are in the next section. --- .../hello-for-business/hello-aad-join-cloud-only-deploy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md index 004083bb85..1fa69a9a0e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md +++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md @@ -47,7 +47,7 @@ We recommend that you disable or manage Windows Hello for Business provisioning ### Disable Windows Hello for Business using Intune Enrollment policy -The following method explains how to disable Windows Hello for Business enrollment without Intune. +The following method explains how to disable Windows Hello for Business enrollment using Intune. 1. Sign into the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 2. Go to **Devices** > **Enrollment** > **Enroll devices** > **Windows enrollment** > **Windows Hello for Business**. The Windows Hello for Business pane opens. From 1832c140314553c9f6339ed3760c8a7e1f3081fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jose=20Sebasti=C3=A1n=20Can=C3=B3s?= Date: Wed, 25 Jan 2023 11:25:35 +0100 Subject: [PATCH 2/2] Update event-4670.md --- .../security/threat-protection/auditing/event-4670.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md index 9509f490e5..f20653ded7 100644 --- a/windows/security/threat-protection/auditing/event-4670.md +++ b/windows/security/threat-protection/auditing/event-4670.md @@ -235,14 +235,14 @@ Example: D:(A;;FA;;;WD) | "GR" | GENERIC READ | "SD" | Delete | | "GW" | GENERIC WRITE | "WD" | Modify Permissions | | "GX" | GENERIC EXECUTE | "WO" | Modify Owner | -| File access rights | "RP" | Read All Properties | +| File access rights | | "RP" | Read All Properties | | "FA" | FILE ALL ACCESS | "WP" | Write All Properties | | "FR" | FILE GENERIC READ | "CC" | Create All Child Objects | | "FW" | FILE GENERIC WRITE | "DC" | Delete All Child Objects | | "FX" | FILE GENERIC EXECUTE | "LC" | List Contents | -| Registry key access rights | "SW" | All Validated Writes | -| "KA" | "LO" | "LO" | List Object | -| "K" | KEY READ | "DT" | Delete Subtree | +| Registry key access rights | | "SW" | Self Write | +| "KA" | KEY ALL ACCESS | "LO" | List Object | +| "KR" | KEY READ | "DT" | Delete Subtree | | "KW" | KEY WRITE | "CR" | All Extended Rights | | "KX" | KEY EXECUTE | | | @@ -272,4 +272,4 @@ For file system and registry objects, the following recommendations apply. - If you have critical registry objects for which you need to monitor all modifications (especially permissions changes and owner changes), monitor for the specific **Object\\Object Name.** -- If you have high-value computers for which you need to monitor all changes for all or specific objects (for example, file system or registry objects), monitor for all [4670](event-4670.md) events on these computers. For example, you could monitor the **ntds.dit** file on domain controllers. \ No newline at end of file +- If you have high-value computers for which you need to monitor all changes for all or specific objects (for example, file system or registry objects), monitor for all [4670](event-4670.md) events on these computers. For example, you could monitor the **ntds.dit** file on domain controllers.