From 18c614031855dcd6cb5bc30f5f608e7f6eda0ea5 Mon Sep 17 00:00:00 2001 From: greg-lindsay Date: Mon, 22 Mar 2021 16:06:57 -0700 Subject: [PATCH 1/5] remove WUfB section --- .../ltsc/whats-new-windows-10-2019.md | 20 ------------------- 1 file changed, 20 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index a34e99e632..62b6502a5e 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -482,26 +482,6 @@ Previously, the customized taskbar could only be deployed using Group Policy or ## Windows Update -### Windows Update for Business - -Windows Update for Business now provides greater control over updates, with the ability to pause and uninstall problematic updates using Intune. For more information, see [Manage software updates in Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure). - -The pause feature has been changed, and now requires a start date to set up. Users are now able to pause through **Settings > Update & security > Windows Update > Advanced options** in case a policy has not been configured. We have also increased the pause limit on quality updates to 35 days. You can find more information on pause in [Pause Feature Updates](/windows/deployment/update/waas-configure-wufb#pause-feature-updates) and [Pause Quality Updates](/windows/deployment/update/waas-configure-wufb#pause-quality-updates). - - -Windows Update for Business managed devices are now able to defer feature update installation by up to 365 days (it used to be 180 days). In settings, users are able to select their branch readiness level and update deferral periods. See [Configure devices for Current Branch (CB) or Current Branch for Business (CBB)](/windows/deployment/update/waas-configure-wufb#configure-devices-for-current-branch-or-current-branch-for-business), [Configure when devices receive Feature Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-feature-updates) and [Configure when devices receive Quality Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-quality-updates) for details. - -WUfB now has additional controls available to manage Windows Insider Program enrollment through policies. For more information, see [Manage Windows Insider Program flights](https://docs.microsoft.com/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-windows-insider-preview-builds). - -Windows Update for Business now provides greater control over updates, with the ability to pause and uninstall problematic updates using Intune. For more information, see [Manage software updates in Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure). - -The pause feature has been changed, and now requires a start date to set up. Users are now able to pause through **Settings > Update & security > Windows Update > Advanced options** in case a policy has not been configured. We have also increased the pause limit on quality updates to 35 days. You can find more information on pause in [Pause Feature Updates](/windows/deployment/update/waas-configure-wufb#pause-feature-updates) and [Pause Quality Updates](/windows/deployment/update/waas-configure-wufb#pause-quality-updates). - - -Windows Update for Business managed devices are now able to defer feature update installation by up to 365 days (it used to be 180 days). In settings, users are able to select their branch readiness level and update deferral periods. See [Configure devices for Current Branch (CB) or Current Branch for Business (CBB)](/windows/deployment/update/waas-configure-wufb#configure-devices-for-current-branch-or-current-branch-for-business), [Configure when devices receive Feature Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-feature-updates) and [Configure when devices receive Quality Updates](/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-quality-updates) for details. - -WUfB now has additional controls available to manage Windows Insider Program enrollment through policies. For more information, see [Manage Windows Insider Program flights](https://docs.microsoft.com/windows/deployment/update/waas-configure-wufb#configure-when-devices-receive-windows-insider-preview-builds). - ### Windows Insider for Business We recently added the option to download Windows 10 Insider Preview builds using your corporate credentials in Azure Active Directory (AAD). By enrolling devices in AAD, you increase the visibility of feedback submitted by users in your organization – especially on features that support your specific business needs. For details, see [Windows Insider Program for Business](/windows/deployment/update/waas-windows-insider-for-business). From bafb4f7768a638f21e88f5e6d68101f2d006ab11 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 22 Mar 2021 17:02:59 -0700 Subject: [PATCH 2/5] Update hello-feature-remote-desktop.md --- .../hello-for-business/hello-feature-remote-desktop.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index 73e443551f..cbf8bb250e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -57,7 +57,8 @@ Windows Hello for Business emulates a smart card for application compatibility. Users appreciate convenience of biometrics and administrators value the security however, you may experience compatibility issues with your applications and Windows Hello for Business certificates. You can relax knowing a Group Policy setting and a [MDM URI](https://docs.microsoft.com/windows/client-management/mdm/passportforwork-csp) exist to help you revert to the previous behavior for those users who need it. -![WHFB Certificate GP Setting](images/rdpbio/rdpbiopolicysetting.png) +> [!div class="mx-imgBorder"] +> ![WHFB Certificate GP Setting](images/rdpbio/rdpbiopolicysetting.png) > [!IMPORTANT] > The remote desktop with biometric feature does not work with [Dual Enrollment](hello-feature-dual-enrollment.md) feature or scenarios where the user provides alternative credentials. Microsoft continues to investigate supporting the feature. From c07a32ac715b49f6abd33017bee88b444570adfb Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 22 Mar 2021 17:07:43 -0700 Subject: [PATCH 3/5] Simple addition of space to get a new version I'm trying to figure out why two bulleted lists are rendered as paragraphs --- .../microsoft-defender-atp/enable-attack-surface-reduction.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index ae6ac815b2..53a5005894 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -21,6 +21,7 @@ ms.technology: mde [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] **Applies to:** + - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2154037) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) From a289fa978bb6de567d84045afaa75517005a0b93 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 22 Mar 2021 17:18:51 -0700 Subject: [PATCH 4/5] Changed "quotes" to "quotation marks" --- .../microsoft-defender-atp/enable-attack-surface-reduction.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index 53a5005894..17bf1a2a70 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -147,8 +147,8 @@ Example: 5. To exclude files and folders from ASR rules, select the **Exclude files and paths from Attack surface reduction rules** setting and set the option to **Enabled**. Select **Show** and enter each file or folder in the **Value name** column. Enter **0** in the **Value** column for each item. -> [!WARNING] -> Do not use quotes as they are not supported for either the **Value name** column or the **Value** column. + > [!WARNING] + > Do not use quotation marks, because they are not supported for either the **Value name** column or the **Value** column. ## PowerShell From 967dd02dc782f12c1dc44f4db3eda8702bed89ee Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 22 Mar 2021 17:51:23 -0700 Subject: [PATCH 5/5] Fix broken bulleted lists This fixes bulleted lists that were broken by commit https://github.com/MicrosoftDocs/windows-docs-pr/pull/4952/commits/778e34c1d7ff525f4d27ba38197ea2b6d43ef83e in PR https://github.com/MicrosoftDocs/windows-itpro-docs/pull/9353 --- .../enable-attack-surface-reduction.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md index ef3ef1edff..df36f96ede 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md @@ -97,10 +97,10 @@ The following is a sample for reference, using [GUID values for ASR rules](attac The values to enable (Block), disable, warn, or enable in audit mode are: - • 0 : Disable (Disable the ASR rule) - • 1 : Block (Enable the ASR rule) - • 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled) - • 6 : Warn (Enable the ASR rule but allow the end-user to bypass the block) +- 0 : Disable (Disable the ASR rule) +- 1 : Block (Enable the ASR rule) +- 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled) +- 6 : Warn (Enable the ASR rule but allow the end-user to bypass the block) Use the [./Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionOnlyExclusions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender#defender-attacksurfacereductiononlyexclusions) configuration service provider (CSP) to add exclusions. @@ -143,10 +143,10 @@ Example: Select **Show...** and enter the rule ID in the **Value name** column and your chosen state in the **Value** column as follows: - • 0 : Disable (Disable the ASR rule) - • 1 : Block (Enable the ASR rule) - • 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled) - • 6 : Warn (Enable the ASR rule but allow the end-user to bypass the block) + - 0 : Disable (Disable the ASR rule) + - 1 : Block (Enable the ASR rule) + - 2 : Audit (Evaluate how the ASR rule would impact your organization if enabled) + - 6 : Warn (Enable the ASR rule but allow the end-user to bypass the block) ![Group policy setting showing a blank attack surface reduction rule ID and value of 1](../images/asr-rules-gp.png)