From a8f9f997dd095e1a436188f23f824ef5230ab896 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Tue, 8 Nov 2022 20:26:58 +0530 Subject: [PATCH 01/59] Update servicing-stack-updates.md Added a related article - Windows server OS SSU catalog per issue#https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10905 --- windows/deployment/update/servicing-stack-updates.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index b1549aa4b9..531f6367f1 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -59,3 +59,8 @@ Typically, the improvements are reliability and performance improvements that do ## Simplifying on-premises deployment of servicing stack updates With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update will include the latest servicing stack updates, to provide a single cumulative update payload to both Windows Server Update Services (WSUS) and Microsoft Catalog. If you use an endpoint management tool backed by WSUS, such as Configuration Manager, you will only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update will be available on Windows 10, version 2004 and later starting with the 2021 2C release, KB4601382. + +## Related Articles + +[Microsoft Servicing Stack Updates catalog for windows server operating system](https://www.catalog.update.microsoft.com/Search.aspx?q=Servicing%20Stack%20Update) + From dd0a605ff3fbcc20ab63b53a9d5cb3cdc6872d27 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Tue, 8 Nov 2022 21:39:44 +0530 Subject: [PATCH 02/59] Update windows/deployment/update/servicing-stack-updates.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/update/servicing-stack-updates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index 531f6367f1..53152d4e87 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -62,5 +62,5 @@ With the Windows Update experience, servicing stack updates and cumulative updat ## Related Articles -[Microsoft Servicing Stack Updates catalog for windows server operating system](https://www.catalog.update.microsoft.com/Search.aspx?q=Servicing%20Stack%20Update) +[Microsoft Servicing Stack Updates Catalog for Windows Server](https://www.catalog.update.microsoft.com/Search.aspx?q=Servicing%20Stack%20Update) From 6d8371aad95ff97e8f5dbe2399912e7caf44421f Mon Sep 17 00:00:00 2001 From: Dario Woitasen <33589238+dariomws@users.noreply.github.com> Date: Thu, 10 Nov 2022 22:10:28 +0100 Subject: [PATCH 03/59] Update wdsc-customize-contact-information.md --- .../wdsc-customize-contact-information.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md index a4d1b860ad..644c84414e 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information.md @@ -43,8 +43,6 @@ You must have Windows 10, version 1709 or later. The ADMX/ADML template files fo There are two stages to using the contact card and customized notifications. First, you have to enable the contact card or custom notifications (or both), and then you must specify at least a name for your organization and one piece of contact information. -This can only be done in Group Policy. - 1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**. 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. @@ -55,6 +53,9 @@ This can only be done in Group Policy. 1. To enable the contact card, open the **Configure customized contact information** setting and set it to **Enabled**. Click **OK**. + > [!NOTE] + > This can only be done in Group Policy. + 2. To enable the customized notifications, open the **Configure customized notifications** setting and set it to **Enabled**. Click **OK**. 5. After you've enabled the contact card or the customized notifications (or both), you must configure the **Specify contact company name** to **Enabled**. Enter your company or organization's name in the field in the **Options** section. Click **OK**. @@ -66,5 +67,7 @@ This can only be done in Group Policy. 7. Select **OK** after you configure each setting to save your changes. ->[!IMPORTANT] ->You must specify the contact company name and at least one contact method - email, phone number, or website URL. If you do not specify the contact name and a contact method the customization will not apply, the contact card will not show, and notifications will not be customized. +To enable the customized notifications and add the contact information in Intune, see [Manage device security with endpoint security policies in Microsoft Intune](/mem/intune/protect/endpoint-security-policy) and [Settings for the Windows Security experience profile in Microsoft Intune](/mem/intune/protect/antivirus-security-experience-windows-settings). + +> [!IMPORTANT] +> You must specify the contact company name and at least one contact method - email, phone number, or website URL. If you do not specify the contact name and a contact method the customization will not apply, the contact card will not show, and notifications will not be customized. From 926c1470ee83e89890cfb858e672944a50a2cfe7 Mon Sep 17 00:00:00 2001 From: Dario Woitasen <33589238+dariomws@users.noreply.github.com> Date: Mon, 14 Nov 2022 10:02:33 +0100 Subject: [PATCH 04/59] Update use-windows-event-forwarding-to-assist-in-intrusion-detection.md --- ...t-forwarding-to-assist-in-intrusion-detection.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index d48d5da38b..a28ab4ca3e 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -397,6 +397,17 @@ The following GPO snippet performs the following tasks: ![configure event channels.](images/capi-gpo.png) +The following table also contains the six actions to configure in the GPO: + +| Program/Script | Arguments | +|------------------------------------|----------------------------------------------------------------------------------------------------------| +| %SystemRoot%\System32\wevtutil.exe | sl Microsoft-Windows-CAPI2/Operational /e:true | +| %SystemRoot%\System32\wevtutil.exe | sl Microsoft-Windows-CAPI2/Operational /ms:102432768 | +| %SystemRoot%\System32\wevtutil.exe | sl "Microsoft-Windows-AppLocker/EXE and DLL" /ms:102432768 | +| %SystemRoot%\System32\wevtutil.exe | sl Microsoft-Windows-CAPI2/Operational /ca:"O:BAG:SYD:(A;;0x7;;;BA)(A;;0x2;;;AU)(A;;0x1;;;S-1-5-32-573)" | +| %SystemRoot%\System32\wevtutil.exe | sl "Microsoft-Windows-DriverFrameworks-UserMode/Operational" /e:true | +| %SystemRoot%\System32\wevtutil.exe | sl "Microsoft-Windows-DriverFrameworks-UserMode/Operational" /ms:52432896 | + ## Appendix D - Minimum GPO for WEF Client configuration Here are the minimum steps for WEF to operate: @@ -655,4 +666,4 @@ You can get more info with the following links: - [Event Queries and Event XML](/previous-versions/bb399427(v=vs.90)) - [Event Query Schema](/windows/win32/wes/queryschema-schema) - [Windows Event Collector](/windows/win32/wec/windows-event-collector) -- [4625(F): An account failed to log on](./auditing/event-4625.md) \ No newline at end of file +- [4625(F): An account failed to log on](./auditing/event-4625.md) From 878812525e2e058920f3e58ecdebb909087e5559 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 18 Nov 2022 17:50:51 +0530 Subject: [PATCH 05/59] added windows 11 added windows 11 to this article --- .../security-policy-settings/account-policies.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/account-policies.md b/windows/security/threat-protection/security-policy-settings/account-policies.md index ba2d477909..8d3cbc340d 100644 --- a/windows/security/threat-protection/security-policy-settings/account-policies.md +++ b/windows/security/threat-protection/security-policy-settings/account-policies.md @@ -21,6 +21,7 @@ ms.technology: itpro-security # Account Policies **Applies to** +- Windows 11 - Windows 10 An overview of account policies in Windows and provides links to policy descriptions. From 68b63b26a609464981e75e353da2a47456708375 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 18 Nov 2022 17:52:08 +0530 Subject: [PATCH 06/59] added windows 11 added windows 11 to this article --- .../security-policy-settings/password-policy.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/password-policy.md b/windows/security/threat-protection/security-policy-settings/password-policy.md index 7ecb04ce32..05a4e8abfe 100644 --- a/windows/security/threat-protection/security-policy-settings/password-policy.md +++ b/windows/security/threat-protection/security-policy-settings/password-policy.md @@ -23,6 +23,7 @@ ms.technology: itpro-security # Password Policy **Applies to** +- Windows 11 - Windows 10 An overview of password policies for Windows and links to information for each policy setting. From 022cbeaaea2e150011d5ddfc211525af879af567 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 18 Nov 2022 17:53:26 +0530 Subject: [PATCH 07/59] added windows 11 added windows 11 to this article --- .../security-policy-settings/enforce-password-history.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/enforce-password-history.md b/windows/security/threat-protection/security-policy-settings/enforce-password-history.md index 4bb6c855cc..ea44c5fc56 100644 --- a/windows/security/threat-protection/security-policy-settings/enforce-password-history.md +++ b/windows/security/threat-protection/security-policy-settings/enforce-password-history.md @@ -21,6 +21,7 @@ ms.technology: itpro-security # Enforce password history **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Enforce password history** security policy setting. From 2e2221a9f3871aac65c485f7f749a0a4daabc3ca Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 18 Nov 2022 17:54:34 +0530 Subject: [PATCH 08/59] added windows 11 added windows 11 to this article --- .../security-policy-settings/maximum-password-age.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md index c0b7aae124..db96bc95de 100644 --- a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md @@ -21,6 +21,7 @@ ms.technology: itpro-security # Maximum password age **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Maximum password age** security policy setting. From 1504c4c1bc4bd86385245807b3ca0436b85c3ee0 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 18 Nov 2022 17:55:36 +0530 Subject: [PATCH 09/59] added windows 11 added windows 11 to this article --- .../security-policy-settings/minimum-password-age.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md index f6ce6b41e1..2683c0cbf9 100644 --- a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md +++ b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md @@ -18,6 +18,7 @@ ms.technology: itpro-security # Minimum password age **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, policy management, and security considerations for the **Minimum password age** security policy setting. @@ -89,4 +90,4 @@ If you set a password for a user but want that user to change the password when ## Related topics -- [Password Policy](password-policy.md) \ No newline at end of file +- [Password Policy](password-policy.md) From ec830936ee5cf96c697992fb991864148d092ad0 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 18 Nov 2022 17:56:50 +0530 Subject: [PATCH 10/59] added windows 11 added windows 11 to this article --- .../security-policy-settings/minimum-password-length.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md index 14a19ec3af..61170f8f54 100644 --- a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md +++ b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md @@ -23,6 +23,7 @@ ms.technology: itpro-security # Minimum password length **Applies to** +- Windows 11 - Windows 10 This article describes the recommended practices, location, values, policy management, and security considerations for the **Minimum password length** security policy setting. From 937597b380c002c6ec521eb0e4b3c480467c4f80 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 18 Nov 2022 17:57:54 +0530 Subject: [PATCH 11/59] added windows 11 added windows 11 to this article --- .../password-must-meet-complexity-requirements.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md index 3781352906..0608e32e81 100644 --- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md +++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md @@ -22,6 +22,7 @@ ms.technology: itpro-security # Password must meet complexity requirements **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, and security considerations for the **Password must meet complexity requirements** security policy setting. From d45daf6c18761d13f1de5bec8708d1f2d93d035b Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 18 Nov 2022 17:59:01 +0530 Subject: [PATCH 12/59] added windows 11 added windows 11 to this article --- .../store-passwords-using-reversible-encryption.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md index 7e2d99c5ca..51f69e849e 100644 --- a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md +++ b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md @@ -21,6 +21,7 @@ ms.technology: itpro-security # Store passwords using reversible encryption **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, and security considerations for the **Store passwords using reversible encryption** security policy setting. From 905d5f8e0623ad88bf8af12e80d8eee38364349d Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 18 Nov 2022 18:00:14 +0530 Subject: [PATCH 13/59] added windows 11 added windows 11 to this article --- .../security-policy-settings/account-lockout-policy.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md index a53b0258c1..bc5e2d96ce 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md @@ -21,6 +21,7 @@ ms.technology: itpro-security # Account Lockout Policy **Applies to** +- Windows 11 - Windows 10 Describes the Account Lockout Policy settings and links to information about each policy setting. From 8ec70f2cbe745173407dfaa3f2840cedd3a86f11 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 18 Nov 2022 18:01:07 +0530 Subject: [PATCH 14/59] added windows 11 added windows 11 to this article --- .../security-policy-settings/account-lockout-duration.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md index 559a82704b..bbbad9fba3 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md @@ -23,6 +23,7 @@ ms.technology: itpro-security # Account lockout duration **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, and security considerations for the **Account lockout duration** security policy setting. From 5ca873262b28bacffc4ef01f2376e8a8594a11ad Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 18 Nov 2022 18:02:02 +0530 Subject: [PATCH 15/59] added windows 11 added windows 11 to this article --- .../security-policy-settings/account-lockout-threshold.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md index 0b41931636..1032bd39b6 100644 --- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md +++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md @@ -23,6 +23,7 @@ ms.technology: itpro-security # Account lockout threshold **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, and security considerations for the **Account lockout threshold** security policy setting. From eddee1bfa47e807d8baef5c268c43ef2087a29ca Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 18 Nov 2022 18:03:05 +0530 Subject: [PATCH 16/59] added windows 11 added windows 11 to this article --- .../reset-account-lockout-counter-after.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md index 900b66a6fe..dc385a80e1 100644 --- a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md +++ b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md @@ -21,6 +21,7 @@ ms.technology: itpro-security # Reset account lockout counter after **Applies to** +- Windows 11 - Windows 10 Describes the best practices, location, values, and security considerations for the **Reset account lockout counter after** security policy setting. @@ -77,4 +78,4 @@ If you don't configure this policy setting or if the value is configured to an i ## Related topics -- [Account Lockout Policy](account-lockout-policy.md) \ No newline at end of file +- [Account Lockout Policy](account-lockout-policy.md) From f0abcd176333926b6b90111c6091b9ffad26bf84 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 18 Nov 2022 18:16:49 +0530 Subject: [PATCH 17/59] added windows 11 added windows 11 to this article --- .../threat-protection/security-policy-settings/audit-policy.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/audit-policy.md b/windows/security/threat-protection/security-policy-settings/audit-policy.md index 9f1e6cd0c6..0553dc3df2 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-policy.md +++ b/windows/security/threat-protection/security-policy-settings/audit-policy.md @@ -21,6 +21,7 @@ ms.technology: itpro-security # Audit Policy **Applies to** +- Windows 11 - Windows 10 Provides information about basic audit policies that are available in Windows and links to information about each setting. From edced08cedeff4208a57df54539fb4fc0d3ed3e7 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 18 Nov 2022 18:19:54 +0530 Subject: [PATCH 18/59] added windows 11 added windows 11 to this article --- .../secpol-advanced-security-audit-policy-settings.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md index a620908a28..5b2eced41d 100644 --- a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md @@ -21,6 +21,7 @@ ms.technology: itpro-security # Advanced security audit policy settings for Windows 10 **Applies to** +- Windows 11 - Windows 10 Provides information about the advanced security audit policy settings that are available in Windows and the audit events that they generate. From b9a7912833a512f695f3fdb4edf1aa4995646b8a Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 18 Nov 2022 19:23:25 +0530 Subject: [PATCH 19/59] added windows server 2022 as per user report #11029 so i added **Windows Server 2022** after verifying below official article **https://learn.microsoft.com/windows-server/get-started/whats-new-in-windows-server-2022** --- .../tpm/trusted-platform-module-overview.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index 06be1d344b..c8ebe170ac 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -20,8 +20,9 @@ ms.technology: itpro-security **Applies to** - Windows 11 - Windows 10 -- Windows Server 2016 +- Windows Server 2022 - Windows Server 2019 +- Windows Server 2016 This topic for the IT professional describes the Trusted Platform Module (TPM) and how Windows uses it for access control and authentication. @@ -78,10 +79,10 @@ Some things that you can check on the device are: ## Supported versions for device health attestation -| TPM version | Windows 11 | Windows 10 | Windows Server 2016 | Windows Server 2019 | -|-------------|-------------|-------------|---------------------|---------------------| -| TPM 1.2 | | >= ver 1607 | >= ver 1607 | Yes | -| TPM 2.0 | Yes | Yes | Yes | Yes | +| TPM version | Windows 11 | Windows 10 | Windows Server 2022 | Windows Server 2019 | Windows Server 2016 | +|-------------|-------------|-------------|---------------------|---------------------|---------------------| +| TPM 1.2 | | >= ver 1607 | | | >= ver 1607 | +| TPM **2.0** | **Yes** | **Yes** | **Yes** | **Yes** | **Yes** | ## Related topics From 427ddaea334fc09703f0faa657186fb88ea4795d Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Mon, 21 Nov 2022 09:12:00 +0530 Subject: [PATCH 20/59] Update windows/security/information-protection/tpm/trusted-platform-module-overview.md Accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../tpm/trusted-platform-module-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index c8ebe170ac..9c25f71d16 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -82,7 +82,7 @@ Some things that you can check on the device are: | TPM version | Windows 11 | Windows 10 | Windows Server 2022 | Windows Server 2019 | Windows Server 2016 | |-------------|-------------|-------------|---------------------|---------------------|---------------------| | TPM 1.2 | | >= ver 1607 | | | >= ver 1607 | -| TPM **2.0** | **Yes** | **Yes** | **Yes** | **Yes** | **Yes** | +| TPM 2.0 | **Yes** | **Yes** | **Yes** | **Yes** | **Yes** | ## Related topics From 85adbbf1d386724387a5d98356bde23886598d37 Mon Sep 17 00:00:00 2001 From: Raffy <48763181+ErrorRaffyline0@users.noreply.github.com> Date: Wed, 23 Nov 2022 00:36:03 +0100 Subject: [PATCH 21/59] Related topics fix Basic settings are related to advanced settings of the same category --- .../auditing/basic-security-audit-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md index bbc3b39ae8..977eb2065d 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md @@ -39,6 +39,6 @@ Basic security audit policy settings are found under Computer Configuration\\Win ## Related topics -- [Basic security audit policy settings](basic-security-audit-policy-settings.md) +- [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) From f4d70bc8188b1951041913664297112a73a993d1 Mon Sep 17 00:00:00 2001 From: Raffy <48763181+ErrorRaffyline0@users.noreply.github.com> Date: Wed, 23 Nov 2022 00:42:22 +0100 Subject: [PATCH 22/59] Add related topic Basic security settings added as related to advanced --- .../auditing/advanced-security-audit-policy-settings.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index 54ddd26b54..64098b1b13 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -172,4 +172,8 @@ Resource SACLs are also useful for diagnostic scenarios. For example, administra This category includes the following subcategories: - [File System (Global Object Access Auditing)](file-system-global-object-access-auditing.md) -- [Registry (Global Object Access Auditing)](registry-global-object-access-auditing.md) \ No newline at end of file +- [Registry (Global Object Access Auditing)](registry-global-object-access-auditing.md) + +## Related topics + +- [Basic security audit policy settings](basic-security-audit-policy-settings.md) From e8ea481ff25df14cd50700dd7de1868880a52df0 Mon Sep 17 00:00:00 2001 From: Jeremiah Cox <17728431+out0xb2@users.noreply.github.com> Date: Fri, 25 Nov 2022 06:39:51 -0800 Subject: [PATCH 23/59] s/dumb/dump/g Crash dump with a "p", not dumb with a "b" --- .../personal-data-encryption/overview-pde.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/personal-data-encryption/overview-pde.md b/windows/security/information-protection/personal-data-encryption/overview-pde.md index bfb7153548..1ed17da0c8 100644 --- a/windows/security/information-protection/personal-data-encryption/overview-pde.md +++ b/windows/security/information-protection/personal-data-encryption/overview-pde.md @@ -45,9 +45,9 @@ ms.date: 09/22/2022 - [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security) - Provides additional security when authenticating with Windows Hello for Business via biometrics or PIN - [Kernel and user mode crash dumps disabled](/windows/client-management/mdm/policy-csp-memorydump) - - Crash dumps can potentially cause the keys used by PDE decrypt files to be exposed. For greatest security, disable kernel and user mode crash dumps. For information on disabling crash dumbs via Intune, see [Disable crash dumps](configure-pde-in-intune.md#disable-crash-dumps). + - Crash dumps can potentially cause the keys used by PDE decrypt files to be exposed. For greatest security, disable kernel and user mode crash dumps. For information on disabling crash dumps via Intune, see [Disable crash dumps](configure-pde-in-intune.md#disable-crash-dumps). - [Hibernation disabled](/windows/client-management/mdm/policy-csp-power#power-allowhibernate) - - Hibernation files can potentially cause the keys used by PDE to decrypt files to be exposed. For greatest security, disable hibernation. For information on disabling crash dumbs via Intune, see [Disable hibernation](configure-pde-in-intune.md#disable-hibernation). + - Hibernation files can potentially cause the keys used by PDE to decrypt files to be exposed. For greatest security, disable hibernation. For information on disabling crash dumps via Intune, see [Disable hibernation](configure-pde-in-intune.md#disable-hibernation). ## PDE protection levels From d4f3e9203bcf4379c246a47098feddad23e0d29d Mon Sep 17 00:00:00 2001 From: Andy Rivas <45184653+andyrivMSFT@users.noreply.github.com> Date: Tue, 29 Nov 2022 18:35:02 -0800 Subject: [PATCH 24/59] Update mcc-isp-faq.yml Adding clarification around OS requirements. --- windows/deployment/do/mcc-isp-faq.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/windows/deployment/do/mcc-isp-faq.yml b/windows/deployment/do/mcc-isp-faq.yml index 19f6da7226..74c8351979 100644 --- a/windows/deployment/do/mcc-isp-faq.yml +++ b/windows/deployment/do/mcc-isp-faq.yml @@ -33,12 +33,18 @@ sections: - question: What are the prerequisites and hardware requirements? answer: | - Azure subscription - - Hardware to host Microsoft Connected Cache: + - Hardware to host Microsoft Connected Cache + - Ubuntu 20.04 LTS on a physical server or VM of your choice. + + > [!NOTE] + > The Microsoft Connected Cache is deployed and managed using Azure IoT Edge and Ubuntu 20.04 is an [Azure IoT Edge Tier 1 operating system](https://learn.microsoft.com/en-us/azure/iot-edge/support?view=iotedge-2020-11#tier-1). Additionally, the Microsoft Connected Cache module is optimized for Ubuntu 20.04 LTS. + + The following are recommended hardware configurations: [!INCLUDE [Microsoft Connected Cache Prerequisites](includes/mcc-prerequisites.md)] - We have one customer who is able to achieve 40-Gbps egress rate using the following hardware specification: + We have one customer who is able to achieve mid-30s Gbps egress rate using the following hardware specification: - Dell PowerEdge R330 - 2 x Intel(R) Xeon(R) CPU E5-2630 v3 @ 2.40 GHz, total 32 core - 48 GB, Micron Technology 18ASF1G72PDZ-2G1A1, Speed: 2133 MT/s From ba43f0b6c75c98354b5148da580acd754aa7d3ba Mon Sep 17 00:00:00 2001 From: Jason <38218303+JasonRBeer@users.noreply.github.com> Date: Thu, 1 Dec 2022 09:13:43 -0600 Subject: [PATCH 25/59] Addresses -> address Fixed typo --- windows/security/zero-trust-windows-device-health.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md index 84ff0bde52..fd911f02b5 100644 --- a/windows/security/zero-trust-windows-device-health.md +++ b/windows/security/zero-trust-windows-device-health.md @@ -13,7 +13,7 @@ ms.technology: itpro-security --- # Zero Trust and Windows device health -Organizations need a security model that more effectively adapts to the complexity of the modern work environment. IT admins need to embrace the hybrid workplace, while protecting people, devices, apps, and data wherever they’re located. Implementing a Zero Trust model for security helps addresses today's complex environments. +Organizations need a security model that more effectively adapts to the complexity of the modern work environment. IT admins need to embrace the hybrid workplace, while protecting people, devices, apps, and data wherever they’re located. Implementing a Zero Trust model for security helps address today's complex environments. The [Zero Trust](https://www.microsoft.com/security/business/zero-trust) principles are: From 0cfc6b409506f14aec357da00b451fda69b6f64c Mon Sep 17 00:00:00 2001 From: Narkis Engler <41025789+narkissit@users.noreply.github.com> Date: Fri, 2 Dec 2022 15:00:54 -0800 Subject: [PATCH 26/59] Update waas-delivery-optimization-reference.md Update min build for "DO Cache Host Source" policy, it was incorrectly set as 1809, should be 2004 --- windows/deployment/do/waas-delivery-optimization-reference.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/waas-delivery-optimization-reference.md b/windows/deployment/do/waas-delivery-optimization-reference.md index 22dff75ed5..ff80d5f043 100644 --- a/windows/deployment/do/waas-delivery-optimization-reference.md +++ b/windows/deployment/do/waas-delivery-optimization-reference.md @@ -64,7 +64,7 @@ In MDM, the same settings are under **.Vendor/MSFT/Policy/Config/DeliveryOptimiz | [Delay foreground download cache server fallback (in secs)](#delay-foreground-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackForeground | 1903 | | [Delay background download cache server fallback (in secs)](#delay-background-download-cache-server-fallback-in-secs) | DelayCacheServerFallbackBackground | 1903 | | [Cache Server Hostname](#cache-server-hostname) | DOCacheHost | 1809 | -| [Cache Server Hostname Source](#cache-server-hostname-source) | DOCacheHostSource | 1809 | +| [Cache Server Hostname Source](#cache-server-hostname-source) | DOCacheHostSource | 2004 | | [Maximum Foreground Download Bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs) | DOMaxForegroundDownloadBandwidth | 2004 | | [Maximum Background Download Bandwidth (in KB/s)](#maximum-background-download-bandwidth-in-kbs) | DOMaxBackgroundDownloadBandwidth | 2004 | From e149c6257ea466a8fafc79a9015d90f1331ff88c Mon Sep 17 00:00:00 2001 From: Rafal Sosnowski <51166236+rafals2@users.noreply.github.com> Date: Fri, 2 Dec 2022 15:09:31 -0800 Subject: [PATCH 27/59] Update bitlocker-management-for-enterprises.md --- .../bitlocker/bitlocker-management-for-enterprises.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index e3bea9928b..3acad9a900 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -37,6 +37,12 @@ Starting with Windows 10 version 1703, the enablement of BitLocker can be trigge For hardware that is compliant with Modern Standby and HSTI, when using either of these features, [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) is automatically turned on whenever the user joins a device to Azure AD. Azure AD provides a portal where recovery keys are also backed up, so users can retrieve their own recovery key for self-service, if necessary. For older devices that aren't yet encrypted, beginning with Windows 10 version 1703, admins can use the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp/) to trigger encryption and store the recovery key in Azure AD. This process and feature is applicable to Azure Hybrid AD as well. +Note: +Managing BitLocker except for enabling and disabling it requires one of the following licenses to be assigned to your users: +-Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) +-Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5) + + ## Managing workplace-joined PCs and phones For Windows PCs and Windows Phones that are enrolled using **Connect to work or school account**, BitLocker Device Encryption is managed over MDM, the same as devices joined to Azure AD. From ef8c7eeb4230f5677ed1f70a8aade8ad6476f429 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Mon, 5 Dec 2022 13:44:54 +0530 Subject: [PATCH 28/59] Update administer-security-policy-settings.md Changed the URL to Microsoft security baselines blog fixes#https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10332 --- .../administer-security-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md index bc2b937927..4303604e8b 100644 --- a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md @@ -95,7 +95,7 @@ The Security Compliance Manager is a downloadable tool that helps you plan, depl **To administer security policies by using the Security Compliance Manager** -1. Download the most recent version. You can find out more info on the [Microsoft Security Guidance](/archive/blogs/secguide/) blog. +1. Download the most recent version. You can find out more info on the [Microsoft Security Baselines](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines) blog. 1. Read the relevant security baseline documentation that is included in this tool. 1. Download and import the relevant security baselines. The installation process steps you through baseline selection. 1. Open the Help and follow instructions how to customize, compare, or merge your security baselines before deploying those baselines. From 13eb0d0edb6873cee74ff7f5203c9df32b333b91 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Mon, 5 Dec 2022 17:05:13 +0530 Subject: [PATCH 29/59] Update windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../administer-security-policy-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md index 4303604e8b..781556ab7a 100644 --- a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md @@ -95,7 +95,7 @@ The Security Compliance Manager is a downloadable tool that helps you plan, depl **To administer security policies by using the Security Compliance Manager** -1. Download the most recent version. You can find out more info on the [Microsoft Security Baselines](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines) blog. +1. Download the most recent version. You can find more info on the [Microsoft Security Baselines](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines) blog. 1. Read the relevant security baseline documentation that is included in this tool. 1. Download and import the relevant security baselines. The installation process steps you through baseline selection. 1. Open the Help and follow instructions how to customize, compare, or merge your security baselines before deploying those baselines. From f468194f655c7aa181b72c11ae48d13911e3e8f0 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 7 Dec 2022 18:34:31 +0530 Subject: [PATCH 30/59] Update usmt-scanstate-syntax.md Updated /listfiles: as an incompatible switch to be used with genconfig. fixes#https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10576 --- windows/deployment/usmt/usmt-scanstate-syntax.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md index e8fd16c69f..14b65a281f 100644 --- a/windows/deployment/usmt/usmt-scanstate-syntax.md +++ b/windows/deployment/usmt/usmt-scanstate-syntax.md @@ -203,6 +203,7 @@ The following table indicates which command-line options aren't compatible with |**/encrypt**|Required*|X|X|| |**/keyfile**|N/A||X|| |**/l**||||| +|**/listfiles**|||X|| |**/progress**|||X|| |**/r**|||X|| |**/w**|||X|| From 5500255fa6a39c9a75df72295137aac826ff3230 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 7 Dec 2022 20:25:18 +0530 Subject: [PATCH 31/59] Update servicing-stack-updates.md Updated per author --- windows/deployment/update/servicing-stack-updates.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index 53152d4e87..6060da4f88 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -21,6 +21,7 @@ ms.technology: itpro-updates - Windows 10 - Windows 11 +- Windows Server ## What is a servicing stack update? Servicing stack updates provide fixes to the servicing stack, the component that installs Windows updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month. @@ -60,7 +61,4 @@ Typically, the improvements are reliability and performance improvements that do With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update will include the latest servicing stack updates, to provide a single cumulative update payload to both Windows Server Update Services (WSUS) and Microsoft Catalog. If you use an endpoint management tool backed by WSUS, such as Configuration Manager, you will only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update will be available on Windows 10, version 2004 and later starting with the 2021 2C release, KB4601382. -## Related Articles - -[Microsoft Servicing Stack Updates Catalog for Windows Server](https://www.catalog.update.microsoft.com/Search.aspx?q=Servicing%20Stack%20Update) From 91de098a4c2aa8ea391b965a852b74c6c2be9816 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 7 Dec 2022 20:34:23 +0530 Subject: [PATCH 32/59] Update event-5140.md Updated the document per author's guidance on table Fixes#https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10657 --- windows/security/threat-protection/auditing/event-5140.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md index 5d72bf2c8c..70aa2bbbdb 100644 --- a/windows/security/threat-protection/auditing/event-5140.md +++ b/windows/security/threat-protection/auditing/event-5140.md @@ -132,7 +132,7 @@ This event generates once per session, when first access attempt was made. **Access Request Information:** -- **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See “Table 13. File access codes.” for different hexadecimal values for access rights. Has always “**0x1**” value for this event. +- **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) for different hexadecimal values for access rights. It always has “**0x1**” value for this event. - **Accesses** \[Type = UnicodeString\]: the list of access rights that were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. Has always “**ReadData (or ListDirectory)**” value for this event. From 77a10e1d3d824e7783ac7155a61ac05cee78e0ed Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 7 Dec 2022 20:36:58 +0530 Subject: [PATCH 33/59] Update event-4661.md Updated per author's recommendation. --- windows/security/threat-protection/auditing/event-4661.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md index bf8b9b0543..d651a58146 100644 --- a/windows/security/threat-protection/auditing/event-4661.md +++ b/windows/security/threat-protection/auditing/event-4661.md @@ -163,9 +163,9 @@ This event generates only if Success auditing is enabled for the [Audit Handle M > **Note**  **GUID** is an acronym for 'Globally Unique Identifier'. It is a 128-bit integer number used to identify resources, activities or instances. -- **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. See “Table 13. File access codes.” for more information about file access rights. For information about SAM object access right use or other informational resources. +- **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about SAM object access right use or other informational resources. -- **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. See “Table 13. File access codes.” for more information about file access rights. For information about SAM object access right use or other informational resources. +- **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about SAM object access right use or other informational resources. - **Privileges Used for Access Check** \[Type = UnicodeString\]: the list of user privileges which were used during the operation, for example, SeBackupPrivilege. This parameter might not be captured in the event, and in that case appears as “-”. See full list of user privileges in the table below: @@ -217,4 +217,4 @@ For 4661(S, F): A handle to an object was requested. > **Important**  For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md). -- You can get almost the same information from “[4662](event-4662.md): An operation was performed on an object.” There are no additional recommendations for this event in this document. \ No newline at end of file +- You can get almost the same information from “[4662](event-4662.md): An operation was performed on an object.” There are no additional recommendations for this event in this document. From df8bbc4d3cd0842f381d115c847bbc6be8891643 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 7 Dec 2022 20:38:40 +0530 Subject: [PATCH 34/59] Update event-4691.md updated per authors recommendation --- windows/security/threat-protection/auditing/event-4691.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md index 140889746d..716abaaa34 100644 --- a/windows/security/threat-protection/auditing/event-4691.md +++ b/windows/security/threat-protection/auditing/event-4691.md @@ -125,12 +125,12 @@ These events are generated for [ALPC Ports](/windows/win32/etw/alpc) access requ **Access Request Information:** -- **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. “Table 13. File access codes.” contains information about the most common access rights for file system objects. For information about ALPC ports access rights, use or other informational resources. +- **Accesses** \[Type = UnicodeString\]: the list of access rights which were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) contains information about the most common access rights for file system objects. For information about ALPC ports access rights, use or other informational resources. -- **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. See “Table 13. File access codes.” for more information about file access rights. For information about ALPC ports access rights, use or other informational resources. +- **Access Mask** \[Type = HexInt32\]: hexadecimal mask for the operation that was requested or performed. For more information about file access rights, see [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes). For information about ALPC ports access rights, use or other informational resources. ## Security Monitoring Recommendations For 4691(S): Indirect access to an object was requested. -- Typically this event has little to no security relevance and is hard to parse or analyze. There is no recommendation for this event, unless you know exactly what you need to monitor with ALPC Ports. \ No newline at end of file +- Typically this event has little to no security relevance and is hard to parse or analyze. There is no recommendation for this event, unless you know exactly what you need to monitor with ALPC Ports. From 2ec0032bbadbc2967f8875b12aad88f4e1a03b2e Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 7 Dec 2022 20:40:29 +0530 Subject: [PATCH 35/59] Update event-5145.md Updated the document per authors recommendation. --- windows/security/threat-protection/auditing/event-5145.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md index 8f47f2b4d1..5c736eaa3d 100644 --- a/windows/security/threat-protection/auditing/event-5145.md +++ b/windows/security/threat-protection/auditing/event-5145.md @@ -134,7 +134,7 @@ This event generates every time network share object (file or folder) was access **Access Request Information:** -- **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See “Table 13. File access codes.” for different hexadecimal values for access rights. +- **Access Mask** \[Type = HexInt32\]: the sum of hexadecimal values of requested access rights. See [Table of file access codes](/windows/security/threat-protection/auditing/event-5145#table-of-file-access-codes) for different hexadecimal values for access rights. - **Accesses** \[Type = UnicodeString\]: the list of access rights that were requested by **Subject\\Security ID**. These access rights depend on **Object Type**. @@ -318,4 +318,4 @@ For 5145(S, F): A network share object was checked to see whether client can be - WRITE\_DAC - - WRITE\_OWNER \ No newline at end of file + - WRITE\_OWNER From 5ad8c9e6c05cfef8de51296429124b231e89c7de Mon Sep 17 00:00:00 2001 From: "beedell.rokejulianlockhart" Date: Wed, 7 Dec 2022 19:32:33 +0000 Subject: [PATCH 36/59] Corrected capitalization. "-online" to "-Online". --- .../install-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md index b4fb01a3c6..222fad81b1 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md @@ -81,7 +81,7 @@ Application Guard functionality is turned off by default. However, you can quick 3. Type the following command: ``` - Enable-WindowsOptionalFeature -online -FeatureName Windows-Defender-ApplicationGuard + Enable-WindowsOptionalFeature -Online -FeatureName Windows-Defender-ApplicationGuard ``` 4. Restart the device. From 606053160139620d67d1323f5673587d9718fc67 Mon Sep 17 00:00:00 2001 From: Rowan Lea Date: Tue, 13 Dec 2022 13:35:22 +0000 Subject: [PATCH 37/59] Fixed simple spelling mistake It's small but it's in the page description and the first line of text. --- .../azure-active-directory-integration-with-mdm.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/azure-active-directory-integration-with-mdm.md b/windows/client-management/azure-active-directory-integration-with-mdm.md index e1d6f4d069..f2c906993c 100644 --- a/windows/client-management/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/azure-active-directory-integration-with-mdm.md @@ -1,6 +1,6 @@ --- title: Azure Active Directory integration with MDM -description: Azure Active Directory is the world largest enterprise cloud identity management service. +description: Azure Active Directory is the world's largest enterprise cloud identity management service. ms.reviewer: manager: aaroncz ms.author: vinpa @@ -14,7 +14,7 @@ ms.date: 12/31/2017 # Azure Active Directory integration with MDM -Azure Active Directory is the world largest enterprise cloud identity management service. It’s used by organizations to access Office 365 and business applications from Microsoft and third-party software as a service (SaaS) vendors. Many of the rich Windows 10 experiences for organizational users (such as store access or OS state roaming) use Azure AD as the underlying identity infrastructure. Windows integrates with Azure AD, allowing devices to be registered in Azure AD and enrolled into MDM in an integrated flow. +Azure Active Directory is the world's largest enterprise cloud identity management service. It’s used by organizations to access Office 365 and business applications from Microsoft and third-party software as a service (SaaS) vendors. Many of the rich Windows 10 experiences for organizational users (such as store access or OS state roaming) use Azure AD as the underlying identity infrastructure. Windows integrates with Azure AD, allowing devices to be registered in Azure AD and enrolled into MDM in an integrated flow. Once a device is enrolled in MDM, the MDM: From 1de72609a949e75df4acdf1543527f131d109da1 Mon Sep 17 00:00:00 2001 From: ruimurakami-MSFT <84647422+rui0122@users.noreply.github.com> Date: Mon, 19 Dec 2022 08:50:57 -0500 Subject: [PATCH 38/59] Modify for convenience PIN Adding "However" which is easier to follow explanation. --- .../identity-protection/hello-for-business/hello-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index f4456c7110..a215926020 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -91,7 +91,7 @@ sections: - question: Can I use a convenience PIN with Azure Active Directory? answer: | - It's currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. Convenience PIN isn't supported for Azure Active Directory user accounts (synchronized identities included). It's only supported for on-premises Domain Joined users and local account users. + It's currently possible to set a convenience PIN on Azure Active Directory Joined or Hybrid Active Directory Joined devices. However, convenience PIN isn't supported for Azure Active Directory user accounts (synchronized identities included). It's only supported for on-premises Domain Joined users and local account users. - question: Can I use an external Windows Hello compatible camera when my computer has a built-in Windows Hello compatible camera? answer: | From 30c8e8b1060673392e4c6c0f4fee2ba04f767d69 Mon Sep 17 00:00:00 2001 From: Ben Watt <13239035+wattbt@users.noreply.github.com> Date: Wed, 21 Dec 2022 14:45:25 +0000 Subject: [PATCH 39/59] Clarification of Settings Catalog options We currently list both a method of configuring this with Settings Catalog, and with a Custom profile. Arguably the custom profile should just go these days, but in any case the Settings Catalog entry was incomplete and needed clarification on the Telemetry options, as we did not state recommended settings. Those settings are also not required, but recommended, so I have moved them as such. I've also added brief wording to clarify that you need not do a Settings Catalog AND a custom profile, as this has been misunderstood before. --- .../update/wufb-reports-configuration-intune.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md index 2d9a417660..fd664caf03 100644 --- a/windows/deployment/update/wufb-reports-configuration-intune.md +++ b/windows/deployment/update/wufb-reports-configuration-intune.md @@ -27,7 +27,7 @@ This article is targeted at configuring devices enrolled to [Microsoft Intune](/ ## Create a configuration profile -Create a configuration profile that will set the required policies for Windows Update for Business reports. There are two profile types that can be used to create a configuration profile for Windows Update for Business reports: +Create a configuration profile that will set the required policies for Windows Update for Business reports. There are two profile types that can be used to create a configuration profile for Windows Update for Business reports (select one): - The [settings catalog](#settings-catalog) - [Template](#custom-oma-uri-based-profile) for a custom OMA URI-based profile @@ -45,11 +45,15 @@ Create a configuration profile that will set the required policies for Windows U - **Value**: Basic (*Basic is the minimum value, but it can be safely set to a higher value*) - **Setting**: Allow Update Compliance Processing - **Value**: Enabled - - **Setting**: Configure Telemetry Opt In Change Notification 1. (*Recommended, but not required*) Allow device name to be sent in Windows Diagnostic Data. If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports: + - **Setting**: Configure Telemetry Opt In Settings Ux + - **Value**: Enabled (*By enabling this setting you are disabling the ability for a user to potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports*) + - **Setting**: Configure Telemetry Opt In Change Notification + - **Value**: Enabled (*By enabling this setting you are disabling notifications of telemetry changes*) - **Setting**: Allow device name to be sent in Windows diagnostic data - **Value**: Allowed + 1. Continue through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll. 1. Review the settings and then select **Create**. From 1ea7fa8a50dc180e4c2a8978d3904ba8a82eb72c Mon Sep 17 00:00:00 2001 From: Ben Watt <13239035+wattbt@users.noreply.github.com> Date: Wed, 21 Dec 2022 14:54:42 +0000 Subject: [PATCH 40/59] Update wufb-reports-configuration-intune.md --- .../deployment/update/wufb-reports-configuration-intune.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md index fd664caf03..503f0890f4 100644 --- a/windows/deployment/update/wufb-reports-configuration-intune.md +++ b/windows/deployment/update/wufb-reports-configuration-intune.md @@ -45,15 +45,14 @@ Create a configuration profile that will set the required policies for Windows U - **Value**: Basic (*Basic is the minimum value, but it can be safely set to a higher value*) - **Setting**: Allow Update Compliance Processing - **Value**: Enabled - 1. (*Recommended, but not required*) Allow device name to be sent in Windows Diagnostic Data. If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports: + 1. (*Recommended, but not required*): - **Setting**: Configure Telemetry Opt In Settings Ux - **Value**: Enabled (*By enabling this setting you are disabling the ability for a user to potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports*) - **Setting**: Configure Telemetry Opt In Change Notification - **Value**: Enabled (*By enabling this setting you are disabling notifications of telemetry changes*) - - **Setting**: Allow device name to be sent in Windows diagnostic data + - **Setting**: Allow device name to be sent in Windows diagnostic data (*If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports) - **Value**: Allowed - 1. Continue through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll. 1. Review the settings and then select **Create**. From a78392268c9de20d53e36478c20ec9458c5bf89f Mon Sep 17 00:00:00 2001 From: Ben Watt <13239035+wattbt@users.noreply.github.com> Date: Wed, 21 Dec 2022 16:24:07 +0000 Subject: [PATCH 41/59] Update wufb-reports-configuration-intune.md --- .../deployment/update/wufb-reports-configuration-intune.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md index 503f0890f4..0507737391 100644 --- a/windows/deployment/update/wufb-reports-configuration-intune.md +++ b/windows/deployment/update/wufb-reports-configuration-intune.md @@ -47,9 +47,9 @@ Create a configuration profile that will set the required policies for Windows U - **Value**: Enabled 1. (*Recommended, but not required*): - **Setting**: Configure Telemetry Opt In Settings Ux - - **Value**: Enabled (*By enabling this setting you are disabling the ability for a user to potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports*) + - **Value**: Disabled (*By turning this setting on you are disabling the ability for a user to potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports*) - **Setting**: Configure Telemetry Opt In Change Notification - - **Value**: Enabled (*By enabling this setting you are disabling notifications of telemetry changes*) + - **Value**: Disabled (*By turning this setting on you are disabling notifications of telemetry changes*) - **Setting**: Allow device name to be sent in Windows diagnostic data (*If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports) - **Value**: Allowed From c92916c5b158fb18ff104641eb909173ba122456 Mon Sep 17 00:00:00 2001 From: Ben Watt <13239035+wattbt@users.noreply.github.com> Date: Wed, 21 Dec 2022 16:25:10 +0000 Subject: [PATCH 42/59] Update wufb-reports-configuration-intune.md --- windows/deployment/update/wufb-reports-configuration-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md index 0507737391..fe024f687a 100644 --- a/windows/deployment/update/wufb-reports-configuration-intune.md +++ b/windows/deployment/update/wufb-reports-configuration-intune.md @@ -50,7 +50,7 @@ Create a configuration profile that will set the required policies for Windows U - **Value**: Disabled (*By turning this setting on you are disabling the ability for a user to potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports*) - **Setting**: Configure Telemetry Opt In Change Notification - **Value**: Disabled (*By turning this setting on you are disabling notifications of telemetry changes*) - - **Setting**: Allow device name to be sent in Windows diagnostic data (*If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports) + - **Setting**: Allow device name to be sent in Windows diagnostic data (*If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports*) - **Value**: Allowed 1. Continue through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll. From 3d195622f368b5670e907d5df12f0153bc59fa64 Mon Sep 17 00:00:00 2001 From: Ben Watt <13239035+wattbt@users.noreply.github.com> Date: Wed, 21 Dec 2022 16:26:01 +0000 Subject: [PATCH 43/59] Update wufb-reports-configuration-intune.md --- windows/deployment/update/wufb-reports-configuration-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md index fe024f687a..f6e00ead05 100644 --- a/windows/deployment/update/wufb-reports-configuration-intune.md +++ b/windows/deployment/update/wufb-reports-configuration-intune.md @@ -45,7 +45,7 @@ Create a configuration profile that will set the required policies for Windows U - **Value**: Basic (*Basic is the minimum value, but it can be safely set to a higher value*) - **Setting**: Allow Update Compliance Processing - **Value**: Enabled - 1. (*Recommended, but not required*): + 1. Recommended settings, but not required: - **Setting**: Configure Telemetry Opt In Settings Ux - **Value**: Disabled (*By turning this setting on you are disabling the ability for a user to potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports*) - **Setting**: Configure Telemetry Opt In Change Notification From a9050de2c2f9da84261fbc45e08b13328e2763f7 Mon Sep 17 00:00:00 2001 From: Tarun Maganur <104856032+Tarun-Edu@users.noreply.github.com> Date: Wed, 21 Dec 2022 12:17:45 -0800 Subject: [PATCH 44/59] Update windows-11-se-overview.md --- education/windows/windows-11-se-overview.md | 130 ++++++++++---------- 1 file changed, 65 insertions(+), 65 deletions(-) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index efb6644b18..f3a1dee970 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -79,71 +79,71 @@ The following table lists all the applications included in Windows 11 SE and the The following applications can also run on Windows 11 SE, and can be deployed using Intune for Education. For more information, see [Configure applications with Microsoft Intune][EDUWIN-1] -| Application | Supported version | App Type | Vendor | -|-----------------------------------------|-------------------|----------|------------------------------| -| 3d builder | 15.2.10821.1070 | Win32 | Microsoft | -|Absolute Software Endpoint Agent | 7.20.0.1 | Win32 | Absolute Software Corporation| -| AirSecure | 8.0.0 | Win32 | AIR | -| Alertus Desktop | 5.4.44.0 | Win32 | Alertus technologies | -| Brave Browser | 106.0.5249.65 | Win32 | Brave | -| Bulb Digital Portfolio | 0.0.7.0 | Store | Bulb | -| CA Secure Browser | 14.0.0 | Win32 | Cambium Development | -| Cisco Umbrella | 3.0.110.0 | Win32 | Cisco | -| CKAuthenticator | 3.6+ | Win32 | Content Keeper | -| Class Policy | 114.0.0 | Win32 | Class Policy | -| Classroom.cloud | 1.40.0004 | Win32 | NetSupport | -| CoGat Secure Browser | 11.0.0.19 | Win32 | Riverside Insights | -| Dragon Professional Individual | 15.00.100 | Win32 | Nuance Communications | -| DRC INSIGHT Online Assessments | 12.0.0.0 | Store | Data recognition Corporation | -| Duo from Cisco | 2.25.0 | Win32 | Cisco | -| e-Speaking Voice and Speech recognition | 4.4.0.8 | Win32 | e-speaking | -| Epson iProjection | 3.31 | Win32 | Epson | -| eTests | 4.0.25 | Win32 | CASAS | -| FortiClient | 7.2.0.4034+ | Win32 | Fortinet | -| Free NaturalReader | 16.1.2 | Win32 | Natural Soft | -| Ghotit Real Writer & Reader | 10.14.2.3 | Win32 | Ghotit Ltd | -| GoGuardian | 1.4.4 | Win32 | GoGuardian | -| Google Chrome | 102.0.5005.115 | Win32 | Google | -| Illuminate Lockdown Browser | 2.0.5 | Win32 | Illuminate Education | -| Immunet | 7.5.0.20795 | Win32 | Immunet | -| Impero Backdrop Client | 4.4.86 | Win32 | Impero Software | -| Inspiration 10 | 10.11 | Win32 | TechEdology Ltd | -| JAWS for Windows | 2022.2112.24 | Win32 | Freedom Scientific | -| Kite Student Portal | 9.0.0.0 | Win32 | Dynamic Learning Maps | -| Kortext | 2.3.433.0 | Store | Kortext | -| Kurzweil 3000 Assistive Learning | 20.13.0000 | Win32 | Kurzweil Educational Systems | -| LanSchool Classic | 9.1.0.46 | Win32 | Stoneware, Inc. | -| LanSchool Air | 2.0.13312 | Win32 | Stoneware, Inc. | -| Lightspeed Smart Agent | 1.9.1 | Win32 | Lightspeed Systems | -| MetaMoJi ClassRoom | 3.12.4.0 | Store | MetaMoJi Corporation | -| Microsoft Connect | 10.0.22000.1 | Store | Microsoft | -| Mozilla Firefox | 99.0.1 | Win32 | Mozilla | -| NAPLAN | 2.5.0 | Win32 | NAP | -| Netref Student | 22.2.0 | Win32 | NetRef | -| NetSupport Manager | 12.01.0014 | Win32 | NetSupport | -| NetSupport Notify | 5.10.1.215 | Win32 | NetSupport | -| NetSupport School | 14.00.0011 | Win32 | NetSupport | -| NextUp Talker | 1.0.49 | Win32 | NextUp Technologies | -| NonVisual Desktop Access | 2021.3.1 | Win32 | NV Access | -| NWEA Secure Testing Browser | 5.4.356.0 | Win32 | NWEA | -| PaperCut | 22.0.6 | Win32 | PaperCut Software International Pty Ltd | -| Pearson TestNav | 1.10.2.0 | Store | Pearson | -| Questar Secure Browser | 4.8.3.376 | Win32 | Questar, Inc | -| ReadAndWriteForWindows | 12.0.60.0 | Win32 | Texthelp Ltd. | -| Remote Desktop client (MSRDC) | 1.2.3213.0 | Win32 | Microsoft | -| Remote Help | 3.8.0.12 | Win32 | Microsoft | -| Respondus Lockdown Browser | 2.0.9.00 | Win32 | Respondus | -| Safe Exam Browser | 3.3.2.413 | Win32 | Safe Exam Browser | -| Senso.Cloud | 2021.11.15.0 | Win32 | Senso.Cloud | -| Smoothwall Monitor | 2.8.0 | Win32 | Smoothwall Ltd -| SuperNova Magnifier & Screen Reader | 21.02 | Win32 | Dolphin Computer Access | -| SuperNova Magnifier & Speech | 21.02 | Win32 | Dolphin Computer Access | -| VitalSourceBookShelf | 10.2.26.0 | Win32 | VitalSource Technologies Inc | -| Winbird | 19 | Win32 | Winbird Co., Ltd. | -| WordQ | 5.4.23 | Win32 | Mathetmots | -| Zoom | 5.9.1 (2581) | Win32 | Zoom | -| ZoomText Fusion | 2022.2109.10 | Win32 | Freedom Scientific | -| ZoomText Magnifier/Reader | 2022.2109.25 | Win32 | Freedom Scientific | +| Application | Supported version | App Type | Vendor | +|-------------------------------------------|-------------------|----------|--------------------------------| +| `3d builder` | 18.0.1931.0 | Win32 | `Microsoft` | +| `Absolute Software Endpoint Agent` | 7.20.0.1 | Win32 | `Absolute Software Corporation`| +| `AirSecure` | 8.0.0 | Win32 | `AIR` | +| `Alertus Desktop` | 5.4.48.0 | Win32 | `Alertus technologies` | +| `Brave Browser` | 106.0.5249.119 | Win32 | `Brave` | +| `Bulb Digital Portfolio` | 0.0.7.0 | `Store` | `Bulb` | +| `CA Secure Browser` | 14.0.0 | Win32 | `Cambium Development` | +| `Cisco Umbrella` | 3.0.110.0 | Win32 | `Cisco` | +| `CKAuthenticator` | 3.6+ | Win32 | `Content Keeper` | +| `Class Policy` | 114.0.0 | Win32 | `Class Policy` | +| `Classroom.cloud` | 1.40.0004 | Win32 | `NetSupport` | +| `CoGat Secure Browser` | 11.0.0.19 | Win32 | `Riverside Insights` | +| `Dragon Professional Individual` | 15.00.100 | Win32 | `Nuance Communications` | +| `DRC INSIGHT Online Assessments` | 12.0.0.0 | `Store` | 'Data recognition Corporation` | +| `Duo from Cisco` | 3.0.0 | Win32 | `Cisco` | +| `e-Speaking Voice and Speech recognition` | 4.4.0.8 | Win32 | `e-speaking` | +| `Epson iProjection` | 3.31 | Win32 | `Epson` | +| `eTests` | 4.0.25 | Win32 | `CASAS` | +| `FortiClient` | 7.2.0.4034+ | Win32 | `Fortinet` | +| `Free NaturalReader` | 16.1.2 | Win32 | `Natural Soft` | +| `Ghotit Real Writer & Reader` | 10.14.2.3 | Win32 | `Ghotit Ltd` | +| `GoGuardian` | 1.4.4 | Win32 | `GoGuardian` | +| `Google Chrome` | 102.0.5005.115 | Win32 | `Google` | +| `Illuminate Lockdown Browser` | 2.0.5 | Win32 | `Illuminate Education` | +| `Immunet` | 7.5.8.21178 | Win32 | `Immunet` | +| `Impero Backdrop Client` | 4.4.86 | Win32 | `Impero Software` | +| `Inspiration 10` | 10.11 | Win32 | `TechEdology Ltd` | +| `JAWS for Windows` | 2022.2112.24 | Win32 | `Freedom Scientific` | +| `Kite Student Portal` | 9.0.0.0 | Win32 | `Dynamic Learning Maps` | +| `Kortext` | 2.3.433.0 | `Store` | `Kortext` | +| `Kurzweil 3000 Assistive Learning` | 20.13.0000 | Win32 | `Kurzweil Educational Systems` | +| `LanSchool Classic` | 9.1.0.46 | Win32 | `Stoneware, Inc.` | +| `LanSchool Air` | 2.0.13312 | Win32 | `Stoneware, Inc.` | +| `Lightspeed Smart Agent` | 1.9.1 | Win32 | `Lightspeed Systems` | +| `MetaMoJi ClassRoom` | 3.12.4.0 | `Store` | `MetaMoJi Corporation` | +| `Microsoft Connect` | 10.0.22000.1 | `Store` | `Microsoft` | +| `Mozilla Firefox` | 105.0.0 | Win32 | `Mozilla` | +| `NAPLAN` | 2.5.0 | Win32 | `NAP` | +| `Netref Student` | 22.2.0 | Win32 | `NetRef` | +| `NetSupport Manager` | 12.01.0014 | Win32 | `NetSupport` | +| `NetSupport Notify` | 5.10.1.215 | Win32 | `NetSupport` | +| `NetSupport School` | 14.00.0012 | Win32 | `NetSupport` | +| `NextUp Talker` | 1.0.49 | Win32 | `NextUp Technologies` | +| `NonVisual Desktop Access` | 2021.3.1 | Win32 | `NV Access` | +| `NWEA Secure Testing Browser` | 5.4.356.0 | Win32 | `NWEA` | +| `PaperCut` | 22.0.6 | Win32 | `PaperCut Software International Pty Ltd` | +| `Pearson TestNav` | 1.10.2.0 | `Store` | `Pearson` | +| `Questar Secure Browser` | 5.0.1.456 | Win32 | `Questar, Inc` | +| `ReadAndWriteForWindows` | 12.0.74 | Win32 | `Texthelp Ltd.` | +| `Remote Desktop client (MSRDC)` | 1.2.3213.0 | Win32 | `Microsoft` | +| `Remote Help` | 4.0.1.13 | Win32 | `Microsoft` | +| `Respondus Lockdown Browser` | 2.0.9.03 | Win32 | `Respondus` | +| `Safe Exam Browser` | 3.3.2.413 | Win32 | `Safe Exam Browser` | +| `Senso.Cloud` | 2021.11.15.0 | Win32 | `Senso.Cloud` | +| `Smoothwall Monitor` | 2.8.0 | Win32 | `Smoothwall Ltd` | +| `SuperNova Magnifier & Screen Reader` | 21.02 | Win32 | `Dolphin Computer Access` | +| `SuperNova Magnifier & Speech` | 21.02 | Win32 | `Dolphin Computer Access` | +| `VitalSourceBookShelf` | 10.2.26.0 | Win32 | `VitalSource Technologies Inc` | +| `Winbird` | 19 | Win32 | `Winbird Co., Ltd.` | +| `WordQ` | 5.4.23 | Win32 | `Mathetmots` | +| `Zoom` | 5.12.8 (10232) | Win32 | `Zoom` | +| `ZoomText Fusion` | 2022.2109.10 | Win32 | `Freedom Scientific` | +| `ZoomText Magnifier/Reader` | 2022.2109.25 | Win32 | `Freedom Scientific` | ## Add your own applications From c3834a1287b201e2bfe7596efd3fb5ccb2ac7dd1 Mon Sep 17 00:00:00 2001 From: Tarun Maganur <104856032+Tarun-Edu@users.noreply.github.com> Date: Wed, 21 Dec 2022 12:45:27 -0800 Subject: [PATCH 45/59] Update windows-11-se-overview.md --- education/windows/windows-11-se-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index f3a1dee970..6efaeab285 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -80,7 +80,7 @@ The following table lists all the applications included in Windows 11 SE and the The following applications can also run on Windows 11 SE, and can be deployed using Intune for Education. For more information, see [Configure applications with Microsoft Intune][EDUWIN-1] | Application | Supported version | App Type | Vendor | -|-------------------------------------------|-------------------|----------|--------------------------------| +|-----------------------------------------|-------------------|----------|------------------------------| | `3d builder` | 18.0.1931.0 | Win32 | `Microsoft` | | `Absolute Software Endpoint Agent` | 7.20.0.1 | Win32 | `Absolute Software Corporation`| | `AirSecure` | 8.0.0 | Win32 | `AIR` | From b6a2f357aba1105755e14d79a3b9869086a09e32 Mon Sep 17 00:00:00 2001 From: Tarun Maganur <104856032+Tarun-Edu@users.noreply.github.com> Date: Wed, 21 Dec 2022 12:47:16 -0800 Subject: [PATCH 46/59] Update windows-11-se-overview.md --- education/windows/windows-11-se-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index 6efaeab285..f12a68449e 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -79,7 +79,7 @@ The following table lists all the applications included in Windows 11 SE and the The following applications can also run on Windows 11 SE, and can be deployed using Intune for Education. For more information, see [Configure applications with Microsoft Intune][EDUWIN-1] -| Application | Supported version | App Type | Vendor | +| Application | Supported version | App Type | Vendor | |-----------------------------------------|-------------------|----------|------------------------------| | `3d builder` | 18.0.1931.0 | Win32 | `Microsoft` | | `Absolute Software Endpoint Agent` | 7.20.0.1 | Win32 | `Absolute Software Corporation`| From 47fd00ca609024e84223014bad0d823ff53fc646 Mon Sep 17 00:00:00 2001 From: Tarun Maganur <104856032+Tarun-Edu@users.noreply.github.com> Date: Wed, 21 Dec 2022 12:47:55 -0800 Subject: [PATCH 47/59] Update windows-11-se-overview.md --- education/windows/windows-11-se-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index f12a68449e..fe1763a6af 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -79,7 +79,7 @@ The following table lists all the applications included in Windows 11 SE and the The following applications can also run on Windows 11 SE, and can be deployed using Intune for Education. For more information, see [Configure applications with Microsoft Intune][EDUWIN-1] -| Application | Supported version | App Type | Vendor | +| Application | Supported version | App Type | Vendor | |-----------------------------------------|-------------------|----------|------------------------------| | `3d builder` | 18.0.1931.0 | Win32 | `Microsoft` | | `Absolute Software Endpoint Agent` | 7.20.0.1 | Win32 | `Absolute Software Corporation`| From 0c09c063c3b6588424c2cc50d0d4bf05eb3d5a54 Mon Sep 17 00:00:00 2001 From: Tarun Maganur <104856032+Tarun-Edu@users.noreply.github.com> Date: Wed, 21 Dec 2022 13:01:54 -0800 Subject: [PATCH 48/59] Update windows-11-se-overview.md --- education/windows/windows-11-se-overview.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index fe1763a6af..3a53c1a7c3 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -137,9 +137,9 @@ The following applications can also run on Windows 11 SE, and can be deployed us | `Senso.Cloud` | 2021.11.15.0 | Win32 | `Senso.Cloud` | | `Smoothwall Monitor` | 2.8.0 | Win32 | `Smoothwall Ltd` | | `SuperNova Magnifier & Screen Reader` | 21.02 | Win32 | `Dolphin Computer Access` | -| `SuperNova Magnifier & Speech` | 21.02 | Win32 | `Dolphin Computer Access` | -| `VitalSourceBookShelf` | 10.2.26.0 | Win32 | `VitalSource Technologies Inc` | -| `Winbird` | 19 | Win32 | `Winbird Co., Ltd.` | +| `SuperNova Magnifier & Speech` | 21.02 | Win32 | `Dolphin Computer Access` | +| `VitalSourceBookShelf` | 10.2.26.0 | Win32 | `VitalSource Technologies Inc` | +| `Winbird` | 19 | Win32 | `Winbird Co., Ltd.` | | `WordQ` | 5.4.23 | Win32 | `Mathetmots` | | `Zoom` | 5.12.8 (10232) | Win32 | `Zoom` | | `ZoomText Fusion` | 2022.2109.10 | Win32 | `Freedom Scientific` | From 90bd11ff0870502df29b6b5dbe2c02de57def883 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 21 Dec 2022 16:09:32 -0500 Subject: [PATCH 49/59] Update windows-11-se-overview.md --- education/windows/windows-11-se-overview.md | 128 ++++++++++---------- 1 file changed, 64 insertions(+), 64 deletions(-) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index 3a53c1a7c3..bac848962f 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -79,71 +79,71 @@ The following table lists all the applications included in Windows 11 SE and the The following applications can also run on Windows 11 SE, and can be deployed using Intune for Education. For more information, see [Configure applications with Microsoft Intune][EDUWIN-1] -| Application | Supported version | App Type | Vendor | -|-----------------------------------------|-------------------|----------|------------------------------| -| `3d builder` | 18.0.1931.0 | Win32 | `Microsoft` | -| `Absolute Software Endpoint Agent` | 7.20.0.1 | Win32 | `Absolute Software Corporation`| -| `AirSecure` | 8.0.0 | Win32 | `AIR` | -| `Alertus Desktop` | 5.4.48.0 | Win32 | `Alertus technologies` | -| `Brave Browser` | 106.0.5249.119 | Win32 | `Brave` | -| `Bulb Digital Portfolio` | 0.0.7.0 | `Store` | `Bulb` | -| `CA Secure Browser` | 14.0.0 | Win32 | `Cambium Development` | -| `Cisco Umbrella` | 3.0.110.0 | Win32 | `Cisco` | -| `CKAuthenticator` | 3.6+ | Win32 | `Content Keeper` | -| `Class Policy` | 114.0.0 | Win32 | `Class Policy` | -| `Classroom.cloud` | 1.40.0004 | Win32 | `NetSupport` | -| `CoGat Secure Browser` | 11.0.0.19 | Win32 | `Riverside Insights` | -| `Dragon Professional Individual` | 15.00.100 | Win32 | `Nuance Communications` | -| `DRC INSIGHT Online Assessments` | 12.0.0.0 | `Store` | 'Data recognition Corporation` | -| `Duo from Cisco` | 3.0.0 | Win32 | `Cisco` | -| `e-Speaking Voice and Speech recognition` | 4.4.0.8 | Win32 | `e-speaking` | -| `Epson iProjection` | 3.31 | Win32 | `Epson` | -| `eTests` | 4.0.25 | Win32 | `CASAS` | -| `FortiClient` | 7.2.0.4034+ | Win32 | `Fortinet` | -| `Free NaturalReader` | 16.1.2 | Win32 | `Natural Soft` | -| `Ghotit Real Writer & Reader` | 10.14.2.3 | Win32 | `Ghotit Ltd` | -| `GoGuardian` | 1.4.4 | Win32 | `GoGuardian` | -| `Google Chrome` | 102.0.5005.115 | Win32 | `Google` | -| `Illuminate Lockdown Browser` | 2.0.5 | Win32 | `Illuminate Education` | -| `Immunet` | 7.5.8.21178 | Win32 | `Immunet` | -| `Impero Backdrop Client` | 4.4.86 | Win32 | `Impero Software` | -| `Inspiration 10` | 10.11 | Win32 | `TechEdology Ltd` | -| `JAWS for Windows` | 2022.2112.24 | Win32 | `Freedom Scientific` | -| `Kite Student Portal` | 9.0.0.0 | Win32 | `Dynamic Learning Maps` | -| `Kortext` | 2.3.433.0 | `Store` | `Kortext` | -| `Kurzweil 3000 Assistive Learning` | 20.13.0000 | Win32 | `Kurzweil Educational Systems` | -| `LanSchool Classic` | 9.1.0.46 | Win32 | `Stoneware, Inc.` | -| `LanSchool Air` | 2.0.13312 | Win32 | `Stoneware, Inc.` | -| `Lightspeed Smart Agent` | 1.9.1 | Win32 | `Lightspeed Systems` | -| `MetaMoJi ClassRoom` | 3.12.4.0 | `Store` | `MetaMoJi Corporation` | -| `Microsoft Connect` | 10.0.22000.1 | `Store` | `Microsoft` | -| `Mozilla Firefox` | 105.0.0 | Win32 | `Mozilla` | -| `NAPLAN` | 2.5.0 | Win32 | `NAP` | -| `Netref Student` | 22.2.0 | Win32 | `NetRef` | -| `NetSupport Manager` | 12.01.0014 | Win32 | `NetSupport` | -| `NetSupport Notify` | 5.10.1.215 | Win32 | `NetSupport` | -| `NetSupport School` | 14.00.0012 | Win32 | `NetSupport` | -| `NextUp Talker` | 1.0.49 | Win32 | `NextUp Technologies` | -| `NonVisual Desktop Access` | 2021.3.1 | Win32 | `NV Access` | -| `NWEA Secure Testing Browser` | 5.4.356.0 | Win32 | `NWEA` | +| Application | Supported version | App Type | Vendor | +|-------------------------------------------|-------------------|----------|-------------------------------------------| +| `3d builder` | `18.0.1931.0` | Win32 | `Microsoft` | +| `Absolute Software Endpoint Agent` | 7.20.0.1 | Win32 | `Absolute Software Corporation` | +| `AirSecure` | 8.0.0 | Win32 | `AIR` | +| `Alertus Desktop` | 5.4.48.0 | Win32 | `Alertus technologies` | +| `Brave Browser` | 106.0.5249.119 | Win32 | `Brave` | +| `Bulb Digital Portfolio` | 0.0.7.0 | `Store` | `Bulb` | +| `CA Secure Browser` | 14.0.0 | Win32 | `Cambium Development` | +| `Cisco Umbrella` | 3.0.110.0 | Win32 | `Cisco` | +| `CKAuthenticator` | 3.6+ | Win32 | `Content Keeper` | +| `Class Policy` | 114.0.0 | Win32 | `Class Policy` | +| `Classroom.cloud` | 1.40.0004 | Win32 | `NetSupport` | +| `CoGat Secure Browser` | 11.0.0.19 | Win32 | `Riverside Insights` | +| `Dragon Professional Individual` | 15.00.100 | Win32 | `Nuance Communications` | +| `DRC INSIGHT Online Assessments` | 12.0.0.0 | `Store` | 'Data recognition Corporation` | +| `Duo from Cisco` | 3.0.0 | Win32 | `Cisco` | +| `e-Speaking Voice and Speech recognition` | 4.4.0.8 | Win32 | `e-speaking` | +| `Epson iProjection` | 3.31 | Win32 | `Epson` | +| `eTests` | 4.0.25 | Win32 | `CASAS` | +| `FortiClient` | 7.2.0.4034+ | Win32 | `Fortinet` | +| `Free NaturalReader` | 16.1.2 | Win32 | `Natural Soft` | +| `Ghotit Real Writer & Reader` | 10.14.2.3 | Win32 | `Ghotit Ltd` | +| `GoGuardian` | 1.4.4 | Win32 | `GoGuardian` | +| `Google Chrome` | 102.0.5005.115 | Win32 | `Google` | +| `Illuminate Lockdown Browser` | 2.0.5 | Win32 | `Illuminate Education` | +| `Immunet` | 7.5.8.21178 | Win32 | `Immunet` | +| `Impero Backdrop Client` | 4.4.86 | Win32 | `Impero Software` | +| `Inspiration 10` | 10.11 | Win32 | `TechEdology Ltd` | +| `JAWS for Windows` | 2022.2112.24 | Win32 | `Freedom Scientific` | +| `Kite Student Portal` | 9.0.0.0 | Win32 | `Dynamic Learning Maps` | +| `Kortext` | 2.3.433.0 | `Store` | `Kortext` | +| `Kurzweil 3000 Assistive Learning` | 20.13.0000 | Win32 | `Kurzweil Educational Systems` | +| `LanSchool Classic` | 9.1.0.46 | Win32 | `Stoneware, Inc.` | +| `LanSchool Air` | 2.0.13312 | Win32 | `Stoneware, Inc.` | +| `Lightspeed Smart Agent` | 1.9.1 | Win32 | `Lightspeed Systems` | +| `MetaMoJi ClassRoom` | 3.12.4.0 | `Store` | `MetaMoJi Corporation` | +| `Microsoft Connect` | 10.0.22000.1 | `Store` | `Microsoft` | +| `Mozilla Firefox` | 105.0.0 | Win32 | `Mozilla` | +| `NAPLAN` | 2.5.0 | Win32 | `NAP` | +| `Netref Student` | 22.2.0 | Win32 | `NetRef` | +| `NetSupport Manager` | 12.01.0014 | Win32 | `NetSupport` | +| `NetSupport Notify` | 5.10.1.215 | Win32 | `NetSupport` | +| `NetSupport School` | 14.00.0012 | Win32 | `NetSupport` | +| `NextUp Talker` | 1.0.49 | Win32 | `NextUp Technologies` | +| `NonVisual Desktop Access` | 2021.3.1 | Win32 | `NV Access` | +| `NWEA Secure Testing Browser` | 5.4.356.0 | Win32 | `NWEA` | | `PaperCut` | 22.0.6 | Win32 | `PaperCut Software International Pty Ltd` | -| `Pearson TestNav` | 1.10.2.0 | `Store` | `Pearson` | -| `Questar Secure Browser` | 5.0.1.456 | Win32 | `Questar, Inc` | -| `ReadAndWriteForWindows` | 12.0.74 | Win32 | `Texthelp Ltd.` | -| `Remote Desktop client (MSRDC)` | 1.2.3213.0 | Win32 | `Microsoft` | -| `Remote Help` | 4.0.1.13 | Win32 | `Microsoft` | -| `Respondus Lockdown Browser` | 2.0.9.03 | Win32 | `Respondus` | -| `Safe Exam Browser` | 3.3.2.413 | Win32 | `Safe Exam Browser` | -| `Senso.Cloud` | 2021.11.15.0 | Win32 | `Senso.Cloud` | -| `Smoothwall Monitor` | 2.8.0 | Win32 | `Smoothwall Ltd` | -| `SuperNova Magnifier & Screen Reader` | 21.02 | Win32 | `Dolphin Computer Access` | -| `SuperNova Magnifier & Speech` | 21.02 | Win32 | `Dolphin Computer Access` | -| `VitalSourceBookShelf` | 10.2.26.0 | Win32 | `VitalSource Technologies Inc` | -| `Winbird` | 19 | Win32 | `Winbird Co., Ltd.` | -| `WordQ` | 5.4.23 | Win32 | `Mathetmots` | -| `Zoom` | 5.12.8 (10232) | Win32 | `Zoom` | -| `ZoomText Fusion` | 2022.2109.10 | Win32 | `Freedom Scientific` | -| `ZoomText Magnifier/Reader` | 2022.2109.25 | Win32 | `Freedom Scientific` | +| `Pearson TestNav` | 1.10.2.0 | `Store` | `Pearson` | +| `Questar Secure Browser` | 5.0.1.456 | Win32 | `Questar, Inc` | +| `ReadAndWriteForWindows` | 12.0.74 | Win32 | `Texthelp Ltd.` | +| `Remote Desktop client (MSRDC)` | 1.2.3213.0 | Win32 | `Microsoft` | +| `Remote Help` | 4.0.1.13 | Win32 | `Microsoft` | +| `Respondus Lockdown Browser` | 2.0.9.03 | Win32 | `Respondus` | +| `Safe Exam Browser` | 3.3.2.413 | Win32 | `Safe Exam Browser` | +| `Senso.Cloud` | 2021.11.15.0 | Win32 | `Senso.Cloud` | +| `Smoothwall Monitor` | 2.8.0 | Win32 | `Smoothwall Ltd` | +| `SuperNova Magnifier & Screen Reader` | 21.02 | Win32 | `Dolphin Computer Access` | +| `SuperNova Magnifier & Speech` | 21.02 | Win32 | `Dolphin Computer Access` | +| `VitalSourceBookShelf` | 10.2.26.0 | Win32 | `VitalSource Technologies Inc` | +| `Winbird` | 19 | Win32 | `Winbird Co., Ltd.` | +| `WordQ` | 5.4.23 | Win32 | `Mathetmots` | +| `Zoom` | 5.12.8 (10232) | Win32 | `Zoom` | +| `ZoomText Fusion` | 2022.2109.10 | Win32 | `Freedom Scientific` | +| `ZoomText Magnifier/Reader` | 2022.2109.25 | Win32 | `Freedom Scientific` | ## Add your own applications From 948ecabac7ec192ab52cf606d675c47ffe6800d0 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 21 Dec 2022 16:15:11 -0500 Subject: [PATCH 50/59] Update windows-11-se-overview.md --- education/windows/windows-11-se-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md index bac848962f..41a3aec43a 100644 --- a/education/windows/windows-11-se-overview.md +++ b/education/windows/windows-11-se-overview.md @@ -94,7 +94,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us | `Classroom.cloud` | 1.40.0004 | Win32 | `NetSupport` | | `CoGat Secure Browser` | 11.0.0.19 | Win32 | `Riverside Insights` | | `Dragon Professional Individual` | 15.00.100 | Win32 | `Nuance Communications` | -| `DRC INSIGHT Online Assessments` | 12.0.0.0 | `Store` | 'Data recognition Corporation` | +| `DRC INSIGHT Online Assessments` | 12.0.0.0 | `Store` | `Data recognition Corporation` | | `Duo from Cisco` | 3.0.0 | Win32 | `Cisco` | | `e-Speaking Voice and Speech recognition` | 4.4.0.8 | Win32 | `e-speaking` | | `Epson iProjection` | 3.31 | Win32 | `Epson` | From 99992caaa905bdcc3b4beffe02706a578601bd29 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Thu, 22 Dec 2022 13:51:36 -0800 Subject: [PATCH 51/59] revise --- .../tpm/trusted-platform-module-overview.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index 9c25f71d16..1c694b1729 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -75,15 +75,14 @@ Some things that you can check on the device are: - Is SecureBoot supported and enabled? > [!NOTE] -> Windows 11, Windows 10, Windows Server 2016, and Windows Server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows version 1607 (RS1). TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected. +> Windows 11, Windows 10, Windows Server 2016, and Windows Server 2019 support Device Health Attestation with TPM 2.0. Support for TPM 1.2 was added beginning with Windows 10, version 1607. TPM 2.0 requires UEFI firmware. A computer with legacy BIOS and TPM 2.0 won't work as expected. ## Supported versions for device health attestation | TPM version | Windows 11 | Windows 10 | Windows Server 2022 | Windows Server 2019 | Windows Server 2016 | |-------------|-------------|-------------|---------------------|---------------------|---------------------| -| TPM 1.2 | | >= ver 1607 | | | >= ver 1607 | -| TPM 2.0 | **Yes** | **Yes** | **Yes** | **Yes** | **Yes** | - +| TPM 1.2 | | >= ver 1607 | | Yes | >= ver 1607 | +| TPM 2.0 | **Yes** | **Yes** | **Yes** | **Yes** | **Yes** | ## Related topics From 3e18ff60e706f7fa98e6205a156a06f2b3ec60d0 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Thu, 22 Dec 2022 14:00:44 -0800 Subject: [PATCH 52/59] fix link Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/do/mcc-isp-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-isp-faq.yml b/windows/deployment/do/mcc-isp-faq.yml index 74c8351979..30982a78c1 100644 --- a/windows/deployment/do/mcc-isp-faq.yml +++ b/windows/deployment/do/mcc-isp-faq.yml @@ -37,7 +37,7 @@ sections: - Ubuntu 20.04 LTS on a physical server or VM of your choice. > [!NOTE] - > The Microsoft Connected Cache is deployed and managed using Azure IoT Edge and Ubuntu 20.04 is an [Azure IoT Edge Tier 1 operating system](https://learn.microsoft.com/en-us/azure/iot-edge/support?view=iotedge-2020-11#tier-1). Additionally, the Microsoft Connected Cache module is optimized for Ubuntu 20.04 LTS. + > The Microsoft Connected Cache is deployed and managed using Azure IoT Edge and Ubuntu 20.04 is an [Azure IoT Edge Tier 1 operating system](/azure/iot-edge/support?view=iotedge-2020-11#tier-1). Additionally, the Microsoft Connected Cache module is optimized for Ubuntu 20.04 LTS. The following are recommended hardware configurations: From dfa3662f265e9d40fc6df0c0b395e2d917d9f150 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Thu, 22 Dec 2022 18:00:50 -0800 Subject: [PATCH 53/59] Update windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../bitlocker/bitlocker-management-for-enterprises.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index 3acad9a900..5c994ae869 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -37,11 +37,10 @@ Starting with Windows 10 version 1703, the enablement of BitLocker can be trigge For hardware that is compliant with Modern Standby and HSTI, when using either of these features, [BitLocker Device Encryption](bitlocker-device-encryption-overview-windows-10.md#bitlocker-device-encryption) is automatically turned on whenever the user joins a device to Azure AD. Azure AD provides a portal where recovery keys are also backed up, so users can retrieve their own recovery key for self-service, if necessary. For older devices that aren't yet encrypted, beginning with Windows 10 version 1703, admins can use the [BitLocker CSP](/windows/client-management/mdm/bitlocker-csp/) to trigger encryption and store the recovery key in Azure AD. This process and feature is applicable to Azure Hybrid AD as well. -Note: -Managing BitLocker except for enabling and disabling it requires one of the following licenses to be assigned to your users: --Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) --Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5) - +> [!NOTE] +> To manage Bitlocker, except to enable and disable it, one of the following licenses must be assigned to your users: +> - Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, and E5). +> - Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 and A5). ## Managing workplace-joined PCs and phones From 5d16d00140a06cd64fc9ab1fdce27b2c08cf71e6 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Thu, 22 Dec 2022 20:12:23 -0800 Subject: [PATCH 54/59] reword --- .../deployment/update/wufb-reports-configuration-intune.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/wufb-reports-configuration-intune.md b/windows/deployment/update/wufb-reports-configuration-intune.md index f6e00ead05..5f07d75c3e 100644 --- a/windows/deployment/update/wufb-reports-configuration-intune.md +++ b/windows/deployment/update/wufb-reports-configuration-intune.md @@ -8,7 +8,7 @@ author: mestew ms.author: mstewart ms.localizationpriority: medium ms.topic: article -ms.date: 12/05/2022 +ms.date: 12/22/2022 ms.technology: itpro-updates --- @@ -49,7 +49,7 @@ Create a configuration profile that will set the required policies for Windows U - **Setting**: Configure Telemetry Opt In Settings Ux - **Value**: Disabled (*By turning this setting on you are disabling the ability for a user to potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports*) - **Setting**: Configure Telemetry Opt In Change Notification - - **Value**: Disabled (*By turning this setting on you are disabling notifications of telemetry changes*) + - **Value**: Disabled (*By turning this setting on you are disabling notifications of diagnostic data changes*) - **Setting**: Allow device name to be sent in Windows diagnostic data (*If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports*) - **Value**: Allowed From dc17776e592b0d2bbe4531dfe4766f9e5cadc97d Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Thu, 22 Dec 2022 22:07:37 -0800 Subject: [PATCH 55/59] add powershell code block --- .../windows-sandbox/windows-sandbox-overview.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md index cbbc3389e5..3987f694a9 100644 --- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md +++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md @@ -49,7 +49,7 @@ Windows Sandbox has the following properties: - If you're using a virtual machine, run the following PowerShell command to enable nested virtualization: ```powershell - Set-VMProcessor -VMName \ -ExposeVirtualizationExtensions $true + Set-VMProcessor -VMName -ExposeVirtualizationExtensions $true ``` 3. Use the search bar on the task bar and type **Turn Windows Features on or off** to access the Windows Optional Features tool. Select **Windows Sandbox** and then **OK**. Restart the computer if you're prompted. @@ -57,7 +57,11 @@ Windows Sandbox has the following properties: If the **Windows Sandbox** option is unavailable, your computer doesn't meet the requirements to run Windows Sandbox. If you think this analysis is incorrect, review the prerequisite list and steps 1 and 2. > [!NOTE] - > To enable Sandbox using PowerShell, open PowerShell as Administrator and run **Enable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -All -Online**. + > To enable Sandbox using PowerShell, open PowerShell as Administrator and run the following command: + > + > ```powershell + > Enable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -All -Online + > ``` 4. Locate and select **Windows Sandbox** on the Start menu to run it for the first time. From 0980646e28931b160181627235af499c655271cd Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Thu, 22 Dec 2022 22:27:25 -0800 Subject: [PATCH 56/59] fix registry path --- windows/configuration/kiosk-single-app.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md index 1fe629ddd5..3724425208 100644 --- a/windows/configuration/kiosk-single-app.md +++ b/windows/configuration/kiosk-single-app.md @@ -337,7 +337,7 @@ To exit the assigned access (kiosk) app, press **Ctrl + Alt + Del**, and then si If you press **Ctrl + Alt + Del** and do not sign in to another account, after a set time, assigned access will resume. The default time is 30 seconds, but you can change that in the following registry key: -`HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI` +`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI` To change the default time for assigned access to resume, add *IdleTimeOut* (DWORD) and enter the value data as milliseconds in hexadecimal. From 8eaaabdcc9be9b42178060d7ed3992cd3df687f9 Mon Sep 17 00:00:00 2001 From: Office Content Publishing <34616516+officedocspr@users.noreply.github.com> Date: Sat, 24 Dec 2022 23:31:23 -0800 Subject: [PATCH 57/59] Uploaded file: education-content-updates.md - 2022-12-24 23:31:23.1583 --- education/includes/education-content-updates.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md index ca2950ff0a..1b6cd93ec5 100644 --- a/education/includes/education-content-updates.md +++ b/education/includes/education-content-updates.md @@ -2,6 +2,14 @@ +## Week of December 19, 2022 + + +| Published On |Topic title | Change | +|------|------------|--------| +| 12/22/2022 | [Windows 11 SE Overview](/education/windows/windows-11-se-overview) | modified | + + ## Week of December 12, 2022 From 3e080a5bbf9465c62cd7b400c4835137a3de3dbb Mon Sep 17 00:00:00 2001 From: Jeff Borsecnik <36546697+jborsecnik@users.noreply.github.com> Date: Tue, 27 Dec 2022 08:59:53 -0800 Subject: [PATCH 58/59] Update event-4661.md --- windows/security/threat-protection/auditing/event-4661.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md index a49b9f501e..6cc68892c8 100644 --- a/windows/security/threat-protection/auditing/event-4661.md +++ b/windows/security/threat-protection/auditing/event-4661.md @@ -158,7 +158,7 @@ This event generates only if Success auditing is enabled for the [Audit Handle M **Access Request Information:** -- **Transaction ID** \[Type = GUID\]: unique GUID of the transaction. This field can help you correlate this event with other events that might contain the same the **Transaction ID**, such as “[4660](event-4660.md)(S): An object was deleted.” +- **Transaction ID** \[Type = GUID\]: unique GUID of the transaction. This field can help you correlate this event with other events that might contain the same **Transaction ID**, such as “[4660](event-4660.md)(S): An object was deleted.” This parameter might not be captured in the event, and in that case appears as “{00000000-0000-0000-0000-000000000000}”. From 80325a556b3096e528f6d4d0a9c51e3ff465887a Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 28 Dec 2022 08:55:03 -0500 Subject: [PATCH 59/59] updated feature description --- .../hello-for-business/hello-faq.yml | 16 ++++++++-------- .../hello-for-business/hello-overview.md | 4 ++-- .../whats-new-windows-10-version-1809.md | 7 +++++-- 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 97b2ab5354..7110c8ac4c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -1,7 +1,7 @@ ### YamlMime:FAQ metadata: title: Windows Hello for Business Frequently Asked Questions (FAQ) - description: Use these frequently asked questions (FAQ) to learn important details about Windows Hello for Business. + description: Use these frequently asked questions (FAQ) to learn important details about Windows Hello for Business. keywords: identity, PIN, biometric, Hello, passport ms.prod: windows-client ms.technology: itpro-security @@ -29,16 +29,16 @@ sections: - question: What is Windows Hello for Business cloud Kerberos trust? answer: | - Windows Hello for Business cloud Kerberos trust is a new trust model that is currently in preview. This trust model will enable Windows Hello for Business deployment using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD-joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). cloud Kerberos trust is the preferred deployment model if you do not need to support certificate authentication scenarios. For more information, see [Hybrid cloud Kerberos trust Deployment (Preview)](/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust). + Windows Hello for Business *cloud Kerberos trust* is a **trust model** that enables Windows Hello for Business deployment using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD-joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). Cloud Kerberos trust is the preferred deployment model if you do not need to support certificate authentication scenarios. For more information, see [cloud Kerberos trust deployment](/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust). - question: What about virtual smart cards? answer: | - Windows Hello for Business is the modern, two-factor credential for Windows 10. Microsoft will be deprecating virtual smart cards in the future, but no date is set at this time. Customers using Windows 10 and virtual smart cards should move to Windows Hello for Business. Microsoft will publish the date early to ensure customers have adequate lead time to move to Windows Hello for Business. Microsoft recommends that new Windows 10 deployments use Windows Hello for Business. Virtual smart cards remain supported for Windows 7 and Windows 8. + Windows Hello for Business is the modern, two-factor credential for Windows. Microsoft will be deprecating virtual smart cards in the future, but no date is set at this time. Customers using virtual smart cards should move to Windows Hello for Business. Microsoft will publish the date early to ensure customers have adequate lead time to move to Windows Hello for Business. Microsoft recommends that new Windows deployments use Windows Hello for Business. - question: What about convenience PIN? answer: | - Microsoft is committed to its vision of a world without passwords. We recognize the *convenience* provided by convenience PIN, but it stills uses a password for authentication. Microsoft recommends that customers using Windows 10 and convenience PINs should move to Windows Hello for Business. New Windows 10 deployments should deploy Windows Hello for Business and not convenience PINs. Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business. + While *convenience PIN* provides a convenient way to sign in to Windows, it stills uses a password for authentication. Customers using *convenience PINs* should move to **Windows Hello for Business**. New Windows deployments should deploy Windows Hello for Business and not convenience PINs. Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business. - question: Can I use Windows Hello for Business key trust and RDP? answer: | @@ -63,7 +63,7 @@ sections: - question: How can a PIN be more secure than a password? answer: | - When using Windows Hello for Business, the PIN isn't a symmetric key, whereas the password is a symmetric key. With passwords, there's a server that has some representation of the password. With Windows Hello for Business, the PIN is user-provided entropy used to load the private key in the Trusted Platform Module (TPM). The server doesn't have a copy of the PIN. For that matter, the Windows client doesn't have a copy of the current PIN either. The user must provide the entropy, the TPM-protected key, and the TPM that generated that key in order to successfully access the private key. + When using Windows Hello for Business, the PIN isn't a symmetric key, whereas the password is a symmetric key. With passwords, there's a server that has some representation of the password. With Windows Hello for Business, the PIN is user-provided entropy used to load the private key in the Trusted Platform Module (TPM). The server doesn't have a copy of the PIN. For that matter, the Windows client doesn't have a copy of the current PIN either. The user must provide the entropy, the TPM-protected key, and the TPM that generated that key in order to successfully access the private key. The statement "PIN is stronger than Password" is not directed at the strength of the entropy used by the PIN. It's about the difference between providing entropy versus continuing the use of a symmetric key (the password). The TPM has anti-hammering features that thwart brute-force PIN attacks (an attacker's continuous attempt to try all combination of PINs). Some organizations may worry about shoulder surfing. For those organizations, rather than increase the complexity of the PIN, implement the [Multifactor Unlock](feature-multifactor-unlock.md) feature. - question: What's a container? @@ -169,7 +169,7 @@ sections: - question: Where is Windows Hello biometrics data stored? answer: | - When you enroll in Windows Hello, a representation of your face called an enrollment profile is created more information can be found on [Windows Hello face authentication](/windows-hardware/design/device-experiences/windows-hello-face-authentication). This enrollment profile biometrics data is device specific, is stored locally on the device, and does not leave the device or roam with the user. Some external fingerprint sensors store biometric data on the fingerprint module itself rather than on Windows device. Even in this case, the biometrics data is stored locally on those modules, is device specific, doesn't roam, never leaves the module, and is never sent to Microsoft cloud or external server. For more details, see [Windows Hello biometrics in the enterprise](/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise#where-is-windows-hello-data-stored). + When you enroll in Windows Hello, a representation of your face called an enrollment profile is created more information can be found on [Windows Hello face authentication](/windows-hardware/design/device-experiences/windows-hello-face-authentication). This enrollment profile biometrics data is device specific, is stored locally on the device, and does not leave the device or roam with the user. Some external fingerprint sensors store biometric data on the fingerprint module itself rather than on Windows device. Even in this case, the biometrics data is stored locally on those modules, is device specific, doesn't roam, never leaves the module, and is never sent to Microsoft cloud or external server. For more details, see [Windows Hello biometrics in the enterprise](/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise#where-is-windows-hello-data-stored). - question: What is the format used to store Windows Hello biometrics data on the device? answer: | @@ -233,9 +233,9 @@ sections: - question: How does PIN caching work with Windows Hello for Business? answer: | - Windows Hello for Business provides a PIN caching user experience by using a ticketing system. Rather than caching a PIN, processes cache a ticket they can use to request private key operations. Azure AD and Active Directory sign-in keys are cached under lock. This means the keys remain available for use without prompting, as long as the user is interactively signed-in. Microsoft Account sign-in keys are transactional keys, which means the user is always prompted when accessing the key. + Windows Hello for Business provides a PIN caching user experience by using a ticketing system. Rather than caching a PIN, processes cache a ticket they can use to request private key operations. Azure AD and Active Directory sign-in keys are cached under lock. This means the keys remain available for use without prompting, as long as the user is interactively signed-in. Microsoft Account sign-in keys are transactional keys, which means the user is always prompted when accessing the key. - Beginning with Windows 10, version 1709, Windows Hello for Business used as a smart card (smart card emulation that is enabled by default) provides the same user experience of default smart card PIN caching. Each process requesting a private key operation will prompt the user for the PIN on first use. Subsequent private key operations won't prompt the user for the PIN. + Beginning with Windows 10, version 1709, Windows Hello for Business used as a smart card (smart card emulation that is enabled by default) provides the same user experience of default smart card PIN caching. Each process requesting a private key operation will prompt the user for the PIN on first use. Subsequent private key operations won't prompt the user for the PIN. The smart card emulation feature of Windows Hello for Business verifies the PIN and then discards the PIN in exchange for a ticket. The process doesn't receive the PIN, but rather the ticket that grants them private key operations. Windows 10 doesn't provide any Group Policy settings to adjust this caching. diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index 50d6d7f166..48c16385f3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -45,9 +45,9 @@ Windows stores biometric data that is used to implement Windows Hello securely o ## The difference between Windows Hello and Windows Hello for Business -- Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it's set up, but can use a password hash depending on an individual's account type. This configuration is referred to as Windows Hello convenience PIN and it's not backed by asymmetric (public/private key) or certificate-based authentication. +- Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it's set up, but can use a password hash depending on an individual's account type. This configuration is referred to as *Windows Hello convenience PIN* and it's not backed by asymmetric (public/private key) or certificate-based authentication. -- **Windows Hello for Business**, which is configured by group policy or mobile device management (MDM) policy, always uses key-based or certificate-based authentication. This behavior makes it more secure than **Windows Hello convenience PIN**. +- *Windows Hello for Business*, which is configured by group policy or mobile device management (MDM) policy, always uses key-based or certificate-based authentication. This behavior makes it more secure than *Windows Hello convenience PIN*. ## Benefits of Windows Hello diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md index 17928723f6..776e3fd5fe 100644 --- a/windows/whats-new/whats-new-windows-10-version-1809.md +++ b/windows/whats-new/whats-new-windows-10-version-1809.md @@ -286,9 +286,12 @@ One of the things we’ve heard from you is that it’s hard to know when you’ ## Remote Desktop with Biometrics -Azure Active Directory and Active Directory users using Windows Hello for Business can use biometrics to authenticate to a remote desktop session. +Windows Hello for Business supports using a certificate deployed to a Windows Hello for Business container as a supplied credential to establish a remote desktop connection to a server or another device. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol. +Users using earlier versions of Windows 10 could authenticate to a remote desktop using Windows Hello for Business but were limited to using their PIN as their authentication gesture. Windows 10, version 1809 introduces the ability for users to authenticate to a remote desktop session using their Windows Hello for Business biometric gesture. -To get started, sign into your device using Windows Hello for Business. Bring up **Remote Desktop Connection** (mstsc.exe), type the name of the computer you want to connect to, and click **Connect**. Windows remembers that you signed using Windows Hello for Business, and automatically selects Windows Hello for Business to authenticate you to your RDP session. You can also click **More choices** to choose alternate credentials. Windows uses facial recognition to authenticate the RDP session to the Windows Server 2016 Hyper-V server. You can continue to use Windows Hello for Business in the remote session, but you must use your PIN. +Azure Active Directory and Active Directory users using Windows Hello for Business in a certificate trust model, can use biometrics to authenticate to a remote desktop session. + +To get started, sign into your device using Windows Hello for Business. Bring up **Remote Desktop Connection** (mstsc.exe), type the name of the device you want to connect to, and select **Connect**. Windows remembers that you signed using Windows Hello for Business, and automatically selects Windows Hello for Business to authenticate you to your RDP session. You can also select **More choices** to choose alternate credentials. Windows uses biometrics to authenticate the RDP session to the Windows device. You can continue to use Windows Hello for Business in the remote session, but in the remote session you must use the PIN. See the following example: