Merged PR 11084: merge from master

2025-06-20 21:03:42 +00:00 · 2018-09-04 22:17:49 +00:00
parent 214b6daa0a b15db3692c
commit 403d0cff8e
9 changed files with 23 additions and 19 deletions
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 07/16/2018
+ms.date: 08/31/2018
 ---

 # BitLocker CSP
@ -257,7 +257,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 <p style="margin-left: 20px">On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.</p>

 > [!Note]  
-> In Windows 10, version 1709, you can use a minimum PIN of 4 digits. SystemDrivesMinimumPINLength policy must be set to allow PINs shorter than 6 digits.
+> In Windows 10, version 1703 release B, you can use a minimum PIN of 4 digits. SystemDrivesMinimumPINLength policy must be set to allow PINs shorter than 6 digits.

 <p style="margin-left: 20px">If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.</p>

@ -347,7 +347,7 @@ The following diagram shows the BitLocker configuration service provider in tree
 <p style="margin-left: 20px">This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits.</p>

 > [!Note]  
-> In Windows 10, version 1709, you can use a minimum PIN length of 4 digits. 
+> In Windows 10, version 1703 release B, you can use a minimum PIN length of 4 digits. 
 >
 >In TPM 2.0 if minimum PIN length is set below 6 digits, Windows will attempt to update the TPM lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. This does not apply to TPM 1.2.

--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: brianlic-msft
-ms.date: 05/18/2018
+ms.date: 09/04/2018
 ---

 # Manage Windows Defender Credential Guard
@ -98,7 +98,7 @@ If you enable Windows Defender Credential Guard by using Group Policy, the steps
 You can also enable Windows Defender Credential Guard by using the [Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).

 ```
-DG_Readiness_Tool_v3.2.ps1 -Enable -AutoReboot
+DG_Readiness_Tool_v3.5.ps1 -Enable -AutoReboot
 ```

 ### Review Windows Defender Credential Guard performance
@ -118,7 +118,7 @@ You can view System Information to check that Windows Defender Credential Guard
 You can also check that Windows Defender Credential Guard is running by using the [Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).

 ```
-DG_Readiness_Tool_v3.2.ps1 -Ready
+DG_Readiness_Tool_v3.5.ps1 -Ready
 ```

 > [!NOTE]
@ -186,7 +186,7 @@ For more info on virtualization-based security and Windows Defender Device Guard
 You can also disable Windows Defender Credential Guard by using the [Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).

 ```
-DG_Readiness_Tool_v3.2.ps1 -Disable -AutoReboot
+DG_Readiness_Tool_v3.5.ps1 -Disable -AutoReboot
 ```

 #### Disable Windows Defender Credential Guard for a virtual machine
--- a/windows/security/information-protection/tpm/tpm-fundamentals.md
+++ b/windows/security/information-protection/tpm/tpm-fundamentals.md
@ -68,7 +68,7 @@ The TPM can be used to protect certificates and RSA keys. The TPM key storage pr

 ## TPM Cmdlets

-You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](https://technet.microsoft.com/library/jj603116.aspx).
+You can manage the TPM using Windows PowerShell. For details, see [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/en-us/powershell/module/trustedplatformmodule/).

 ## Physical presence interface

@ -144,6 +144,6 @@ The Windows TPM-based smart card, which is a virtual smart card, can be configur
 ## Related topics

 - [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)
- [TPM Cmdlets in Windows PowerShell](https://technet.microsoft.com/library/jj603116.aspx)
+- [TPM Cmdlets in Windows PowerShell](https://docs.microsoft.com/en-us/powershell/module/trustedplatformmodule/)
 - [TPM WMI providers](https://msdn.microsoft.com/library/aa376476.aspx)
- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](https://technet.microsoft.com/itpro/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-tpmconfigurations)
+- [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](https://technet.microsoft.com/itpro/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies#bkmk-tpmconfigurations)
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: medium
 author: jsuther1974
-ms.date: 08/16/2018
+ms.date: 08/31/2018
 ---

 # Microsoft recommended block rules
@ -137,6 +137,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
  <Deny ID="ID_DENY_WMIC" FriendlyName="wmic.exe" FileName="wmic.exe" MinimumFileVersion="65535.65535.65535.65535"/>
  <Deny ID="ID_DENY_MWFC" FriendlyName="Microsoft.Workflow.Compiler.exe" FileName="Microsoft.Workflow.Compiler.exe" MinimumFileVersion="65535.65535.65535.65535" /> 
  <Deny ID="ID_DENY_WFC" FriendlyName="WFC.exe" FileName="wfc.exe" MinimumFileVersion="65535.65535.65535.65535" />   
+  <Deny ID="ID_DENY_KILL" FriendlyName="kill.exe" FileName="kill.exe" MinimumFileVersion="65535.65535.65535.65535" />   
  <Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6"/> 
  <Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF"/> 
  <Deny ID="ID_DENY_D_3" FriendlyName="Powershell 3" Hash="148972F670E18790D62D753E01ED8D22B351A57E45544D88ACE380FEDAF24A40"/> 
@ -705,7 +706,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
  <Deny ID="ID_DENY_D_604" FriendlyName="PowerShellShell 604" Hash="B38E1198F82E7C2B3123984C017417F2A48BDFF5B6DBAD20B2438D7B65F6E39F"/>
  <Deny ID="ID_DENY_D_605" FriendlyName="PowerShellShell 605" Hash="DE16A6B93178B6C6FC33FBF3E9A86CFF070DA6D3"/>
  <Deny ID="ID_DENY_D_606" FriendlyName="PowerShellShell 606" Hash="A3EF9A95D1E859958DEBE44C033B4562EBB9B4C6E32005CA5C07B2E07A42E2BE"/>
-  
+
  <!-- pubprn.vbs
  --> 
  <!-- rs2 x86fre
@ -838,6 +839,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
  <FileRuleRef RuleID="ID_DENY_LXRUN"/> 
  <FileRuleRef RuleID="ID_DENY_PWRSHLCUSTOMHOST"/> 
  <FileRuleRef RuleID="ID_DENY_TEXTTRANSFORM"/> 
+  <FileRuleRef RuleID="ID_DENY_KILL"/> 
  <FileRuleRef RuleID="ID_DENY_WMIC"/>
  <FileRuleRef RuleID="ID_DENY_MWFC" /> 
  <FileRuleRef RuleID="ID_DENY_WFC" />   
@ -1455,7 +1457,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
  <CiSigners /> 
  <HvciOptions>0</HvciOptions> 
  </SiPolicy>
-  
+
  ```
 <br />

--- a/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
@ -21,7 +21,7 @@ ms.date: 08/08/2018
 - Windows Server, version 1803
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)

-
+[!include[Prerelease information](prerelease.md)]

 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configserver-abovefoldlink)