From 13ce1062557992cc56feee61e5eb322f6c5d01cf Mon Sep 17 00:00:00 2001 From: Jeanie Decker Date: Thu, 19 Oct 2017 18:58:21 +0000 Subject: [PATCH 1/3] Merged PR 3967: Update explanation of Surface Hub sign-in --- devices/surface-hub/change-history-surface-hub.md | 3 ++- ...etween-surface-hub-and-windows-10-enterprise.md | 14 +++++++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md index 6aeb77daa5..2515c3e821 100644 --- a/devices/surface-hub/change-history-surface-hub.md +++ b/devices/surface-hub/change-history-surface-hub.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: surfacehub author: jdeckerms ms.author: jdecker -ms.date: 10/05/2017 +ms.date: 10/19/2017 ms.localizationpriority: medium --- @@ -21,6 +21,7 @@ This topic lists new and updated topics in the [Surface Hub Admin Guide]( surfac New or changed topic | Description | --- | --- [Install apps on your Microsoft Surface Hub](install-apps-on-surface-hub.md) | Updated instructions to use Windows Team device family +[Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md) | Clarified user sign-in on Surface Hub ## September 2017 diff --git a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md index 60b1ab2d53..8a85487527 100644 --- a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md +++ b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: surfacehub author: isaiahng ms.author: jdecker -ms.date: 06/19/2017 +ms.date: 10/19/2017 ms.localizationpriority: medium --- @@ -30,12 +30,12 @@ Surface Hub doesn't have a lock screen or a screen saver, but it has a similar f *Organization policies that this may affect:*
Settings for lock screen, screen timeout, and screen saver don't apply for Surface Hub. -### User logon +### User sign-in -Surface Hub is designed to be used in communal spaces, such as meeting rooms. Unlike Windows PCs, anyone can walk up and use a Surface Hub without logging on. The system always runs as a local, auto logged-in, low-privilege user. It doesn't support logging in any additional users - including admin users. +Surface Hub is designed to be used in communal spaces, such as meeting rooms. Unlike Windows PCs, anyone can walk up and use a Surface Hub without requiring a user to sign in. To enable this communal functionality, Surface Hub does not support Windows sign-in the same way that Windows 10 Enterprise does (e.g., signing in a user to the OS and using those crednetials throughout the OS). Instead, there is always a local, auto signed-in, low-privilege user signed in to the Surface Hub. It doesn't support signing in any additional users, including admin users (e.g., when an admin signs in, they are not signed in to the OS). + +Users can sign in to a Surface Hub, but they will not be signed in to the OS. For example, when a user signs in to Apps or My Meetings and Files, the users is signed in only to the apps or services, not to the OS. As a result, the signed-in user is able to retrieve their cloud files and personal meetings stored in the cloud, and these credentials are discarded when **End session** is activated. -> [!NOTE] -> Surface Hub supports signing in to Microsoft Edge and other apps. However, these credentials are deleted when users press **End session**. *Organization policies that this may affect:*
Generally, Surface Hub uses lockdown features rather than user access control to enforce security. Policies related to password requirements, interactive logon, user accounts, and access control don't apply for Surface Hub. @@ -114,7 +114,7 @@ These Surface Hub features provide additional security: ### Device settings -Device settings can be configured through the Settings app. The Settings app is customized for Surface Hub, but also contains many familiar settings from Windows 10 Desktop. A User Accounts Control (UAC) prompt appears when opening up the Settings app to verify the admin's credentials, but this does not log in the admin. +Device settings can be configured through the Settings app. The Settings app is customized for Surface Hub, but also contains many familiar settings from Windows 10 Desktop. A User Accounts Control (UAC) prompt appears when opening up the Settings app to verify the admin's credentials, but this does not sign in the admin. *Organization policies that this may affect:*
Employees can use the Surface Hub for meetings, but cannot modify any device settings. In addition to lockdown features, this ensures that employees only use the device for meeting functions. @@ -146,7 +146,7 @@ Surface Hub does not support remote assistance. ### Domain join and Azure Active Directory (Azure AD) join -Surface Hub uses domain join and Azure AD join primarily to provide a directory-backed admin group. Users can't log in with a domain account. For more information, see [Admin group management](admin-group-management-for-surface-hub.md). +Surface Hub uses domain join and Azure AD join primarily to provide a directory-backed admin group. Users can't sign in with a domain account. For more information, see [Admin group management](admin-group-management-for-surface-hub.md). *Organization policies that this may affect:*
Group policies are not applied when a Surface Hub is joined to your domain. Policies related to domain membership don't apply for Surface Hub. From 59025bed04802e10fd211401f57f0100eab85ae7 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 19 Oct 2017 13:12:03 -0700 Subject: [PATCH 2/3] minor fixes --- ...nts-mdm-windows-defender-advanced-threat-protection.md | 2 +- ...essages-windows-defender-advanced-threat-protection.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md index a87b04e519..b9ebce1508 100644 --- a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md @@ -48,7 +48,7 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre b. Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file. - ![Endpoint onboarding](images/atp-mdm-onboarding-package.png) + ![Endpoint onboarding](images/atp-mdm-onboarding-package.png) 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP.onboarding*. diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md index 10a3c85cee..88fd5b5c34 100644 --- a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md +++ b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md @@ -13,7 +13,7 @@ ms.localizationpriority: high ms.date: 09/10/2017 --- -# Troubleshoot onboarding and error messages +# Troubleshoot subscription and portal access issues **Applies to:** @@ -26,10 +26,10 @@ ms.date: 09/10/2017 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-troublshootonboarding-abovefoldlink) -You might need to troubleshoot the Windows Defender ATP onboarding process if you encounter issues. -This page provides detailed steps to troubleshoot onboarding issues that might occur when setting up your Windows Defender ATP service. -If you receive an error message, the Windows Defender ATP portal will provide detailed explanation on what the issue is and relevant links will be supplied. +This page provides detailed steps to troubleshoot issues that might occur when setting up your Windows Defender ATP service. + +If you receive an error message, the Windows Defender ATP portal will provide a detailed explanation on what the issue is and relevant links will be supplied. ## No subscriptions found From 79c94581fe698964824d0556e3412b3b5e67173c Mon Sep 17 00:00:00 2001 From: Iaan D'Souza-Wiltshire Date: Thu, 19 Oct 2017 20:31:45 +0000 Subject: [PATCH 3/3] Changed PS arg for importing EMET converted policy --- .../import-export-exploit-protection-emet-xml.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md b/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md index 91c62efd69..e4969fa310 100644 --- a/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md +++ b/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md @@ -108,7 +108,7 @@ After importing, the settings will be instantly applied and can be reviewed in t 2. Enter the following cmdlet: ```PowerShell - Set-ProcessMitigation -RegistryConfigFilePath filename.xml + Set-ProcessMitigation -PolicyFilePath filename.xml ``` Change `filename` to the location and name of the Exploit protection XML file.