From 4f8eaabbd71970f37e631a964a11549face01ea6 Mon Sep 17 00:00:00 2001 From: rikot Date: Thu, 2 Feb 2017 13:48:57 -0500 Subject: [PATCH 1/5] Update manage-windows-updates-for-surface-hub.md --- devices/surface-hub/manage-windows-updates-for-surface-hub.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/devices/surface-hub/manage-windows-updates-for-surface-hub.md b/devices/surface-hub/manage-windows-updates-for-surface-hub.md index 35787fbff1..e1e0574390 100644 --- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md +++ b/devices/surface-hub/manage-windows-updates-for-surface-hub.md @@ -90,6 +90,7 @@ Once you've determined deployment rings for your Surface Hubs, configure update - To defer quality updates, set an appropriate [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays) policy for each ring. > [!NOTE] + > If you encounter issues during the update rollout, you can pause updates using [Update/PauseFeatureUpdates](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) and [Update/PauseQualityUpdates](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates). @@ -106,6 +107,7 @@ You can connect Surface Hub to your Windows Server Update Services (WSUS) server To connect Surface Hub to a WSUS server using MDM, set an appropriate [Update/UpdateServiceUrl](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) policy. **If you use a proxy server or other method to block URLs** + If you use a method other than WSUS to block specific URLs and prevent updates, you will need to add the following Windows update trusted site URLs to the “allow list”: - http(s)://*.update.microsoft.com - http://download.windowsupdate.com From 4fb86ef0967caf665ceb36ee7bcffcbed36e306f Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Thu, 2 Feb 2017 14:55:33 -0800 Subject: [PATCH 2/5] sync --- devices/surface-hub/manage-windows-updates-for-surface-hub.md | 1 - 1 file changed, 1 deletion(-) diff --git a/devices/surface-hub/manage-windows-updates-for-surface-hub.md b/devices/surface-hub/manage-windows-updates-for-surface-hub.md index 8cd7c3a9fa..d8661c166c 100644 --- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md +++ b/devices/surface-hub/manage-windows-updates-for-surface-hub.md @@ -90,7 +90,6 @@ Once you've determined deployment rings for your Surface Hubs, configure update - To defer quality updates, set an appropriate [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays) policy for each ring. > [!NOTE] - > If you encounter issues during the update rollout, you can pause updates using [Update/PauseFeatureUpdates](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) and [Update/PauseQualityUpdates](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates). From a1b4cef484bd08b7b9aa34f8bad236086c911ebd Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 2 Feb 2017 15:40:23 -0800 Subject: [PATCH 3/5] bug 118 --- windows/deploy/usmt-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deploy/usmt-overview.md b/windows/deploy/usmt-overview.md index 9f6a18384a..9dca476f1c 100644 --- a/windows/deploy/usmt-overview.md +++ b/windows/deploy/usmt-overview.md @@ -35,7 +35,7 @@ USMT provides the following benefits to businesses that are deploying Windows op - Increases employee satisfaction with the migration experience. ## Limitations -USMT is intended for administrators who are performing large-scale automated deployments. If you are only migrating the user states of a few computers, you can use [Windows Easy Transfer](https://go.microsoft.com/fwlink/p/?LinkId=140248). +USMT is intended for administrators who are performing large-scale automated deployments. If you are only migrating the user states of a few computers, you can use [PCmover Express](http://go.microsoft.com/fwlink/?linkid=620915). PCmover Express is a tool created by Microsoft's partner, Laplink. There are some scenarios in which the use of USMT is not recommended. These include: From 621a8df6f338a941e610f454e0f0d5a09606fb5d Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 2 Feb 2017 16:33:26 -0800 Subject: [PATCH 4/5] moving link to baseline to the top of the article --- ...dows-operating-system-components-to-microsoft-services.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index c7c8415926..83ba743e69 100644 --- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -25,8 +25,9 @@ If you want to minimize connections from Windows to Microsoft services, or confi You can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience. -We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com. +To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](../keep-secure/windows-security-baselines.md) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. Applying this baseline is equivalent to applying the Windows 10 steps covered in this article. +We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com. ## What's new in Windows 10, version 1607 and Windows Server 2016 @@ -1359,5 +1360,3 @@ You can turn off automatic updates by doing one of the following. This is not re - **5**. Turn off automatic updates. To learn more, see [Device update management](http://msdn.microsoft.com/library/windows/hardware/dn957432.aspx) and [Configure Automatic Updates by using Group Policy](http://technet.microsoft.com/library/cc720539.aspx). - -To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](../keep-secure/windows-security-baselines.md) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying. From 20f539c21c638cef902061adc7f8f6e5d112a0c9 Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Thu, 2 Feb 2017 21:18:51 -0800 Subject: [PATCH 5/5] Added missing backticks --- ...deploy-catalog-files-to-support-code-integrity-policies.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/keep-secure/deploy-catalog-files-to-support-code-integrity-policies.md b/windows/keep-secure/deploy-catalog-files-to-support-code-integrity-policies.md index ba8e5d4999..898731c8d2 100644 --- a/windows/keep-secure/deploy-catalog-files-to-support-code-integrity-policies.md +++ b/windows/keep-secure/deploy-catalog-files-to-support-code-integrity-policies.md @@ -124,8 +124,6 @@ To sign the existing catalog file, copy each of the following commands into an e After the catalog file is signed, add the signing certificate to a code integrity policy, as described in the following steps. - - 1. If you have not already verified the catalog file digital signature, right-click the catalog file, and then click **Properties**. On the **Digital Signatures** tab, verify that your signing certificate exists with the algorithm you expect. 2. If you already have an XML policy file that you want to add the signing certificate to, skip to the next step. Otherwise, use [New-CIPolicy](https://technet.microsoft.com/library/mt634473.aspx) to create a code integrity policy that you will later merge into another policy (not deploy as-is). This example creates a policy called **CatalogSignatureOnly.xml** in the location **C:\\PolicyFolder**: @@ -134,7 +132,7 @@ After the catalog file is signed, add the signing certificate to a code integrit > **Note**  Include the **-UserPEs** parameter to ensure that the policy includes user mode code integrity. -3. Use [Add-SignerRule](https://technet.microsoft.com/library/mt634479.aspx) to add the signing certificate to the code integrity policy, filling in the correct path and filenames for ** and **: +3. Use [Add-SignerRule](https://technet.microsoft.com/library/mt634479.aspx) to add the signing certificate to the code integrity policy, filling in the correct path and filenames for `` and ``: ` Add-SignerRule -FilePath -CertificatePath -User `