From d7f6d7a4ea5a87d31f1815b441d9d796f6e17304 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Sat, 19 Sep 2020 22:03:15 +0500
Subject: [PATCH 01/10] Minor Changes
As suggested by the user, I made a few changes to reflect the document more clear and easy to understand.
Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/7965
---
.../client-management/connect-to-remote-aadj-pc.md | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index 9478b21555..c52da5bf32 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -22,13 +22,10 @@ ms.topic: article
- Windows 10
-From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup).
+From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session.](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics)
-> [!TIP]
-> Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session.](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics)
-
## Set up
- Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported.
@@ -42,7 +39,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
- 3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users to connect to the PC, you must allow remote connections for the local **Authenticated Users** group. Click **Select Users**.
+ 3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Click **Select Users -> Add** and enter the name of the user or group.
> [!NOTE]
> You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once, and then running the following PowerShell cmdlet:
@@ -55,12 +52,13 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
> Otherwise this command throws the below error. For example:
> - for cloud only user: "There is no such global user or group : *name*"
> - for synced user: "There is no such global user or group : *name*"
- >
+
+ > [!NOTE]
> In Windows 10, version 1709, the user does not have to sign in to the remote device first.
>
> In Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
-
- 4. Enter **Authenticated Users**, then click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
+
+ 4. Click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
> [!TIP]
> When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
From cbda416a4b9ecbaea84e38c832775c9ad5529102 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Sun, 20 Sep 2020 14:06:02 +0500
Subject: [PATCH 02/10] Update
windows/client-management/connect-to-remote-aadj-pc.md
Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
windows/client-management/connect-to-remote-aadj-pc.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index c52da5bf32..841c9b406a 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -22,7 +22,7 @@ ms.topic: article
- Windows 10
-From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session.](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics)
+From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics).
@@ -97,4 +97,3 @@ In organizations using only Azure AD, you can connect from an Azure AD-joined PC
## Related topics
[How to use Remote Desktop](https://support.microsoft.com/instantanswers/ff521c86-2803-4bc0-a5da-7df445788eb9/how-to-use-remote-desktop)
-
From 7da8a4741a778ed2f1379b15584e349929eb8366 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Mon, 21 Sep 2020 12:41:18 +0300
Subject: [PATCH 03/10] update description for 0xC000006E
https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8219
---
windows/security/threat-protection/auditing/event-4625.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md
index 84cf52d450..db30fb97c9 100644
--- a/windows/security/threat-protection/auditing/event-4625.md
+++ b/windows/security/threat-protection/auditing/event-4625.md
@@ -166,7 +166,7 @@ This event generates on domain controllers, member servers, and workstations.
| 0xC0000064 | User logon with misspelled or bad user account |
| 0xC000006A | User logon with misspelled or bad password |
| 0XC000006D | This is either due to a bad username or authentication information |
- | 0XC000006E | Unknown user name or bad password. |
+ | 0XC000006E | Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions). |
| 0xC000006F | User logon outside authorized hours |
| 0xC0000070 | User logon from unauthorized workstation |
| 0xC0000071 | User logon with expired password |
From d8dc90cb6442a7a21576ff517a783900e9b0048c Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Fri, 25 Sep 2020 10:02:27 +0300
Subject: [PATCH 04/10] reduced whitespace at the end of the sentence
as advised by illfated
---
windows/security/threat-protection/auditing/event-4625.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md
index db30fb97c9..3135c231da 100644
--- a/windows/security/threat-protection/auditing/event-4625.md
+++ b/windows/security/threat-protection/auditing/event-4625.md
@@ -166,7 +166,7 @@ This event generates on domain controllers, member servers, and workstations.
| 0xC0000064 | User logon with misspelled or bad user account |
| 0xC000006A | User logon with misspelled or bad password |
| 0XC000006D | This is either due to a bad username or authentication information |
- | 0XC000006E | Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions). |
+ | 0XC000006E | Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions). |
| 0xC000006F | User logon outside authorized hours |
| 0xC0000070 | User logon from unauthorized workstation |
| 0xC0000071 | User logon with expired password |
From acf5a8c0f98dcc7b5547d3b828150aa918546a04 Mon Sep 17 00:00:00 2001
From: Jan Bakker <38911727+BakkerJan@users.noreply.github.com>
Date: Sat, 3 Oct 2020 07:33:34 +0200
Subject: [PATCH 05/10] Obsolete info
Curly braces are not needed when adding the template ID to the policy.
---
.../create-wip-policy-using-intune-azure.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index d27fae3822..ce622e48fd 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -593,7 +593,7 @@ After you've decided where your protected apps can access enterprise data on you
**Use Azure RMS for WIP.** Determines whether WIP uses [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management) to apply EFS encryption to files that are copied from Windows 10 to USB or other removable drives so they can be securely shared amongst employees. In other words, WIP uses Azure Rights Management "machinery" to apply EFS encryption to files when they are copied to removable drives. You must already have Azure Rights Management set up. The EFS file encryption key is protected by the RMS template’s license. Only users with permission to that template will be able to read it from the removable drive. WIP can also integrate with Azure RMS by using the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings in the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp).
-- **On.** Protects files that are copied to a removable drive. You can enter a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn’t actually apply Azure Information Protection to the files. Curly braces {} are required around the RMS Template ID, but they are removed after you save the policy.
+- **On.** Protects files that are copied to a removable drive. You can enter a TemplateID GUID to specify who can access the Azure Rights Management protected files, and for how long. The RMS template is only applied to the files on removable media, and is only used for access control—it doesn’t actually apply Azure Information Protection to the files.
If you don’t specify an [RMS template](https://docs.microsoft.com/information-protection/deploy-use/configure-custom-templates), it’s a regular EFS file using a default RMS template that all users can access.
From dc0aa7b9d167b84a02613643a9b5b249dd22cb29 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Tue, 6 Oct 2020 12:05:51 +0300
Subject: [PATCH 06/10] add info about Microsoft To Do
https://github.com/MicrosoftDocs/windows-itpro-docs/issues/6376
---
.../enlightened-microsoft-apps-and-wip.md | 3 +++
1 file changed, 3 insertions(+)
diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
index a099742145..ebe3c59220 100644
--- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
@@ -73,6 +73,8 @@ Microsoft has made a concerted effort to enlighten several of our more popular a
- Microsoft Remote Desktop
+- Microsoft To Do
+
> [!NOTE]
> Microsoft Visio, Microsoft Office Access, Microsoft Project, and Microsoft Publisher are not enlightened apps and need to be exempted from WIP policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioning.
@@ -113,6 +115,7 @@ You can add any or all of the enlightened Microsoft apps to your allowed apps li
| Microsoft Paint | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** mspaint.exe
**App Type:** Desktop app |
| Microsoft Remote Desktop | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** mstsc.exe
**App Type:** Desktop app |
| Microsoft MAPI Repair Tool | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Binary Name:** fixmapi.exe
**App Type:** Desktop app |
+| Microsoft To Do | **Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Todos
**App Type:** Store app |
>[!NOTE]
>Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Editing Windows IT professional documentation](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
From 47105415335759d6733c35c5fb7ccf59d02adf72 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Mon, 12 Oct 2020 17:24:35 +0500
Subject: [PATCH 07/10] Update advanced-security-audit-policy-settings.md
---
.../auditing/advanced-security-audit-policy-settings.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
index 1ce7884399..e98cdad388 100644
--- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
@@ -42,7 +42,7 @@ Configuring policy settings in this category can help you document attempts to a
- [Audit Credential Validation](audit-credential-validation.md)
- [Audit Kerberos Authentication Service](audit-kerberos-authentication-service.md)
- [Audit Kerberos Service Ticket Operations](audit-kerberos-service-ticket-operations.md)
-- [Audit Other Logon/Logoff Events](audit-other-logonlogoff-events.md)
+- [Audit Other Account Logon Events](audit-other-account-logon-events.md)
## Account Management
From 588c91b6f130cd8b03529a487bda21ff8ba17f6f Mon Sep 17 00:00:00 2001
From: Gary Moore
Date: Wed, 14 Oct 2020 14:29:28 -0700
Subject: [PATCH 08/10] Applied `> [!NOTE]` style
---
.../auditing/advanced-security-audit-policy-settings.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
index e98cdad388..2893cf7ece 100644
--- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
@@ -150,8 +150,8 @@ Auditors will be able to prove that every resource in the system is protected by
Resource SACLs are also useful for diagnostic scenarios. For example, setting the Global Object Access Auditing policy to log all the activity for a specific user and enabling the policy to track "Access denied" events for the file system or registry can help administrators quickly identify which object in a system is denying a user access.
-> **Note:** If a file or folder SACL and a Global Object Access Auditing policy setting (or a single registry setting SACL and a Global Object Access Auditing policy setting) are configured on a computer, the effective SACL is derived from combining the file or folder SACL and the Global Object
-Access Auditing policy. This means that an audit event is generated if an activity matches the file or folder SACL or the Global Object Access Auditing policy.
+> [!NOTE]
+> If a file or folder SACL and a Global Object Access Auditing policy setting (or a single registry setting SACL and a Global Object Access Auditing policy setting) are configured on a computer, the effective SACL is derived from combining the file or folder SACL and the Global Object Access Auditing policy. This means that an audit event is generated if an activity matches the file or folder SACL or the Global Object Access Auditing policy.
This category includes the following subcategories:
- [File System (Global Object Access Auditing)](file-system-global-object-access-auditing.md)
From 4e01073df96705926830e446a7d3396094aa1dd2 Mon Sep 17 00:00:00 2001
From: Gary Moore
Date: Wed, 14 Oct 2020 14:36:06 -0700
Subject: [PATCH 09/10] Corrected indentation
---
.../connect-to-remote-aadj-pc.md | 42 ++++++++++---------
1 file changed, 22 insertions(+), 20 deletions(-)
diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index 57910e9730..f25c37dce5 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -34,37 +34,39 @@ From its release, Windows 10 has supported remote connections to PCs joined to A
Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC you are using to connect to the remote PC.
- On the PC you want to connect to:
+
1. Open system properties for the remote PC.
+
2. Enable **Allow remote connections to this computer** and select **Allow connections only from computers running Remote Desktop with Network Level Authentication**.
- 
+ 
3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Click **Select Users -> Add** and enter the name of the user or group.
- > [!NOTE]
- > You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once, and then running the following PowerShell cmdlet:
- > ```PowerShell
- > net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
- > ```
- > where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD.
- >
- > This command only works for AADJ device users already added to any of the local groups (administrators).
- > Otherwise this command throws the below error. For example:
- > - for cloud only user: "There is no such global user or group : *name*"
- > - for synced user: "There is no such global user or group : *name*"
+ > [!NOTE]
+ > You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once, and then running the following PowerShell cmdlet:
+ > ```powershell
+ > net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
+ > ```
+ > where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD.
+ >
+ > This command only works for AADJ device users already added to any of the local groups (administrators).
+ > Otherwise this command throws the below error. For example:
+ > - for cloud only user: "There is no such global user or group : *name*"
+ > - for synced user: "There is no such global user or group : *name*"
- > [!NOTE]
- > In Windows 10, version 1709, the user does not have to sign in to the remote device first.
- >
- > In Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
+ > [!NOTE]
+ > In Windows 10, version 1709, the user does not have to sign in to the remote device first.
+ >
+ > In Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
4. Click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
- > [!TIP]
- > When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
+ > [!TIP]
+ > When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
-> [!Note]
-> If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in the [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).
+ > [!Note]
+ > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in the [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).
## Supported configurations
From 2fda913e66fc8e68a0b76fa7694f35f0bc847c6e Mon Sep 17 00:00:00 2001
From: Gary Moore
Date: Wed, 14 Oct 2020 14:39:48 -0700
Subject: [PATCH 10/10] Removed unnecessary bold
Table headings are bold by default. Adding bold ( or **) results in fonts with non-standard weights.
---
windows/security/threat-protection/auditing/event-4625.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md
index 3135c231da..220876b84a 100644
--- a/windows/security/threat-protection/auditing/event-4625.md
+++ b/windows/security/threat-protection/auditing/event-4625.md
@@ -284,7 +284,7 @@ For 4625(F): An account failed to log on.
- Monitor for all events with the fields and values in the following table:
- | **Field** | Value to monitor for |
+ | Field | Value to monitor for |
|----------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0XC000005E – “There are currently no logon servers available to service the logon request.”
This is typically not a security issue but it can be an infrastructure or availability issue. |
| **Failure Information\\Status** or
**Failure Information\\Sub Status** | 0xC0000064 – “User logon with misspelled or bad user account”.
Especially if you get a number of these in a row, it can be a sign of user enumeration attack. |