From 9a10606eb20ecb217b72cc849abbbdaa6382512d Mon Sep 17 00:00:00 2001 From: itsrlyAria <82474610+itsrlyAria@users.noreply.github.com> Date: Tue, 24 May 2022 21:43:16 -0700 Subject: [PATCH 01/10] Update wufb-wsus.md Adding an outline of the "Check online for updates" behavior. --- windows/deployment/update/wufb-wsus.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md index e90960de49..6df97965dc 100644 --- a/windows/deployment/update/wufb-wsus.md +++ b/windows/deployment/update/wufb-wsus.md @@ -57,6 +57,8 @@ To help you better understand the scan source policy, see the default scan behav > [!TIP] > The only two relevant policies for where your updates come from are the specify scan source policy and whether or not you have configured a WSUS server. This should simplify the configuration options. +Note - If you have devices configured for WSUS and do not configure the scan source policy for feature updates to come from Windows update or set any Windows Update for Business offering policies, then users who click "Check online for updates" on the Settings page may see the optional upgrade to Windows 11. We recommend configuring the scan source policy or a Windows Update for Business offering policy to prevent such. + ## Configure the scan sources The policy can be configured using the following two methods: From 0f73fa70a7f26603567e55625f4e9d12a7ec9171 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 25 May 2022 14:01:27 +0500 Subject: [PATCH 02/10] Update deployment-service-overview.md --- windows/deployment/update/deployment-service-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md index 7459c71de0..2d8c81fbbc 100644 --- a/windows/deployment/update/deployment-service-overview.md +++ b/windows/deployment/update/deployment-service-overview.md @@ -162,7 +162,7 @@ Following is an example of setting the policy using Microsoft Endpoint Manager: 8. (Optional) To verify that the policy reached the client, check the value of the following registry entry: - **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager \\default\\System\\AllowWUfBCloudProcessing** + **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\System\\AllowWUfBCloudProcessing** ## Best practices Follow these suggestions for the best results with the service. From 9bdc2cd3d09c9c5fd6c7819dfdd36dd5b4180fc9 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Thu, 26 May 2022 11:34:38 +0500 Subject: [PATCH 03/10] Update network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md --- ...security-restrict-ntlm-ntlm-authentication-in-this-domain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md index ccaba0be7d..5b35621c9b 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md @@ -86,7 +86,7 @@ None. Changes to this policy become effective without a restart when saved local ### Group Policy -Setting and deploying this policy using Group Policy takes precedence over the setting on the local device. If the Group Policy is set to **Not Configured**, local settings will apply. +Setting and deploying this policy using Group Policy takes precedence over the setting on the local device. If the Group Policy is set to **Not Configured**, local settings will apply. The policy is applicable to domain controllers only. ### Auditing From 7354093948a73f41a74bd66c63403cc0a8441558 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 26 May 2022 15:31:50 -0700 Subject: [PATCH 04/10] Update network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md --- ...-security-restrict-ntlm-ntlm-authentication-in-this-domain.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md index 5b35621c9b..0c1396e74f 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md @@ -14,7 +14,6 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual -ms.date: 04/19/2017 ms.technology: windows-sec --- From afa7f95d1972a9e4934a66f06e1bc01d77614bcf Mon Sep 17 00:00:00 2001 From: itsrlyAria <82474610+itsrlyAria@users.noreply.github.com> Date: Fri, 27 May 2022 14:42:36 -0700 Subject: [PATCH 05/10] Update windows/deployment/update/wufb-wsus.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/wufb-wsus.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md index 6df97965dc..a93c10f142 100644 --- a/windows/deployment/update/wufb-wsus.md +++ b/windows/deployment/update/wufb-wsus.md @@ -57,7 +57,8 @@ To help you better understand the scan source policy, see the default scan behav > [!TIP] > The only two relevant policies for where your updates come from are the specify scan source policy and whether or not you have configured a WSUS server. This should simplify the configuration options. -Note - If you have devices configured for WSUS and do not configure the scan source policy for feature updates to come from Windows update or set any Windows Update for Business offering policies, then users who click "Check online for updates" on the Settings page may see the optional upgrade to Windows 11. We recommend configuring the scan source policy or a Windows Update for Business offering policy to prevent such. +> [!NOTE] +> If you have devices configured for WSUS and do not configure the scan source policy for feature updates to come from Windows update or set any Windows Update for Business offering policies, then users who select "Check online for updates" on the Settings page may see the optional upgrade to Windows 11. We recommend configuring the scan source policy or a Windows Update for Business offering policy to prevent such. ## Configure the scan sources From 0c2b0bc5fdf4aebcb5860cd202def33ecf676a90 Mon Sep 17 00:00:00 2001 From: Michael Morten Sonne <49366751+michaelmsonne@users.noreply.github.com> Date: Sun, 29 May 2022 15:25:41 +0200 Subject: [PATCH 06/10] Update bitlocker-overview-and-requirements-faq.yml Add Windows 11 --- .../bitlocker/bitlocker-overview-and-requirements-faq.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml index 2b8382dfa8..df962a8ff5 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml +++ b/windows/security/information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml @@ -23,6 +23,7 @@ title: BitLocker Overview and Requirements FAQ summary: | **Applies to** - Windows 10 + - Windows 11 sections: From 0dfd31ea4be36b1ce71afa70eec8609cbd018f09 Mon Sep 17 00:00:00 2001 From: Michael Morten Sonne <49366751+michaelmsonne@users.noreply.github.com> Date: Sun, 29 May 2022 15:28:41 +0200 Subject: [PATCH 07/10] Update bitlocker-overview.md Change titel --- .../information-protection/bitlocker/bitlocker-overview.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md index a5d4bf4e49..41c1be27f1 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md @@ -1,5 +1,5 @@ --- -title: BitLocker (Windows 10) +title: BitLocker description: This topic provides a high-level overview of BitLocker, including a list of system requirements, practical applications, and deprecated features. ms.assetid: 40526fcc-3e0d-4d75-90e0-c7d0615f33b2 ms.author: dansimp @@ -102,4 +102,4 @@ When installing the BitLocker optional component on a server you will also need | [Protect BitLocker from pre-boot attacks](./bitlocker-countermeasures.md)| This detailed guide will help you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 11, Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device’s configuration. | | [Troubleshoot BitLocker](troubleshoot-bitlocker.md) | This guide describes the resources that can help you troubleshoot BitLocker issues, and provides solutions for several common BitLocker issues. | | [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)| This topic for IT pros describes how to protect CSVs and SANs with BitLocker.| -| [Enabling Secure Boot and BitLocker Device Encryption on Windows IoT Core](/windows/iot-core/secure-your-device/SecureBootAndBitLocker) | This topic covers how to use BitLocker with Windows IoT Core | \ No newline at end of file +| [Enabling Secure Boot and BitLocker Device Encryption on Windows IoT Core](/windows/iot-core/secure-your-device/SecureBootAndBitLocker) | This topic covers how to use BitLocker with Windows IoT Core | From 0ddd9c33ab959237b775d9274b6dd4cf480bb8ce Mon Sep 17 00:00:00 2001 From: Priscilla Madrigal <104532333+pmadrigalm@users.noreply.github.com> Date: Thu, 2 Jun 2022 09:52:14 -0700 Subject: [PATCH 08/10] Update quick-assist.md --- windows/client-management/quick-assist.md | 22 +++------------------- 1 file changed, 3 insertions(+), 19 deletions(-) diff --git a/windows/client-management/quick-assist.md b/windows/client-management/quick-assist.md index 9591465cfc..30b7cf1123 100644 --- a/windows/client-management/quick-assist.md +++ b/windows/client-management/quick-assist.md @@ -14,7 +14,7 @@ ms.collection: highpri # Use Quick Assist to help users -Quick Assist is a Windows application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user's device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices. +Quick Assist is a Microsoft Store application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user's device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices. ## Before you begin @@ -42,7 +42,6 @@ Both the helper and sharer must be able to reach these endpoints over port 443: | `*.api.support.microsoft.com` | API access for Quick Assist | | `*.vortex.data.microsoft.com` | Used for diagnostic data | | `*.channelservices.microsoft.com` | Required for chat services within Quick Assist | -| `*.skype.com` | Skype requests may vary based on geography. If connection issues persist, test this endpoint. | | `*.remoteassistanceprodacs.communication.azure.com` | Azure Communication Services (ACS) technology the Quick Assist app uses. | | `*.turn.azure.com` | Protocol used to help endpoint. | | `browser.pipe.aria.microsoft.com` | Required diagnostic data for client and services used by Quick Assist. | @@ -105,23 +104,8 @@ Either the support staff or a user can start a Quick Assist session. ## If Quick Assist is missing -If for some reason a user doesn't have Quick Assist on their system or it's not working properly, try to uninstall and reinstall it. - -### Uninstall Quick Assist - -1. Start the Settings app, and then select **Apps**. -2. Select **Optional features**. -3. In the **Installed features** search bar, type *Quick Assist*. -4. Select **Microsoft Quick Assist**, and then select **Uninstall**. - -### Reinstall Quick Assist - -1. Start the Settings app, and then select **Apps**. -2. Select **Optional features**. -3. Select **Add a feature**. -4. In the new dialog that opens, in the **Add an optional feature** search bar, type *Quick Assist*. -5. Select the check box for **Microsoft Quick Assist**, and then select **Install**. -6. Restart the device. +If for some reason a user doesn't have Quick Assist on their system or it's not working properly, try to uninstall and reinstall it. +[Install Quick Assist] (https://support.microsoft.com/en-us/windows/install-quick-assist-c17479b7-a49d-4d12-938c-dbfb97c88bca). ## Next steps From 4a4014acfe1224eaf44a6f8d723534f2ffa107ea Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Thu, 2 Jun 2022 14:47:41 -0700 Subject: [PATCH 09/10] edit --- windows/client-management/quick-assist.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/quick-assist.md b/windows/client-management/quick-assist.md index 30b7cf1123..22ed2a7af6 100644 --- a/windows/client-management/quick-assist.md +++ b/windows/client-management/quick-assist.md @@ -104,8 +104,7 @@ Either the support staff or a user can start a Quick Assist session. ## If Quick Assist is missing -If for some reason a user doesn't have Quick Assist on their system or it's not working properly, try to uninstall and reinstall it. -[Install Quick Assist] (https://support.microsoft.com/en-us/windows/install-quick-assist-c17479b7-a49d-4d12-938c-dbfb97c88bca). +If for some reason a user doesn't have Quick Assist on their system or it's not working properly, try to uninstall and reinstall it. For more information, see [Install Quick Assist](https://support.microsoft.com/windows/install-quick-assist-c17479b7-a49d-4d12-938c-dbfb97c88bca). ## Next steps From 04a0cfef39c3eda9019afafcbb63f708dfdb050c Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Thu, 2 Jun 2022 15:56:44 -0700 Subject: [PATCH 10/10] editorial revision --- .../deployment/update/deployment-service-overview.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md index 2d8c81fbbc..6aae1788d5 100644 --- a/windows/deployment/update/deployment-service-overview.md +++ b/windows/deployment/update/deployment-service-overview.md @@ -134,14 +134,14 @@ Deployment scheduling controls are always available, but to take advantage of th To enroll devices in Windows Update for Business cloud processing, set the **AllowWUfBCloudProcessing** policy using mobile device management (MDM) policy or Group Policy. -| Policy | Sets registry key under **HKLM\\Software** | -|--------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------| -| GPO for Windows 10, version 1809 or later: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Allow WUfB Cloud Processing** | \\Policies\\Microsoft\\Windows\\DataCollection\\AllowWUfBCloudProcessing | -| MDM for Windows 10, version 1809 or later: ../Vendor/MSFT/ Policy/Config/System/**AllowWUfBCloudProcessing** | \\Microsoft\\PolicyManager\\default\\System\\AllowWUfBCloudProcessing | +| Policy| Sets registry key under `HKLM\Software`| +|--|--| +| GPO for Windows 10, version 1809 or later: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Allow WUfB Cloud Processing** | `\Policies\Microsoft\Windows\DataCollection\AllowWUfBCloudProcessing` | +| MDM for Windows 10, version 1809 or later: ../Vendor/MSFT/ Policy/Config/System/**AllowWUfBCloudProcessing** | `\Microsoft\PolicyManager\current\device\System\AllowWUfBCloudProcessing` | Following is an example of setting the policy using Microsoft Endpoint Manager: -1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). +1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/). 2. Select **Devices** > **Configuration profiles** > **Create profile**. @@ -162,7 +162,7 @@ Following is an example of setting the policy using Microsoft Endpoint Manager: 8. (Optional) To verify that the policy reached the client, check the value of the following registry entry: - **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\System\\AllowWUfBCloudProcessing** + `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\System\AllowWUfBCloudProcessing` ## Best practices Follow these suggestions for the best results with the service.