From e8b352ef686b7df8c6af773b737a1d71d691df9f Mon Sep 17 00:00:00 2001 From: kevincol Date: Fri, 4 Oct 2019 17:57:38 -0700 Subject: [PATCH 01/93] Update hololens-calibration.md --- devices/hololens/hololens-calibration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens-calibration.md b/devices/hololens/hololens-calibration.md index 1296d0f4bd..a593ff68d5 100644 --- a/devices/hololens/hololens-calibration.md +++ b/devices/hololens/hololens-calibration.md @@ -97,7 +97,7 @@ You can also disable the calibration prompt by following these steps: 1. Turn off **When a new person uses this HoloLens, automatically ask to run eye calibration**. > [!IMPORTANT] -> Please understand that this setting may adversely affect hologram rendering quality and comfort. +> Please understand that this setting may adversely affect hologram rendering quality and comfort. If there is an immersive application that is using eye tracking, for instance text scrolling, then that feature will no longer work. ### HoloLens 2 eye-tracking technology From 8c3735fb936d3299c212fa5934f15e7a88bb830e Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Tue, 15 Oct 2019 09:48:32 -0700 Subject: [PATCH 02/93] Update hololens-calibration.md minor edits and including Teresa's change --- devices/hololens/hololens-calibration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens-calibration.md b/devices/hololens/hololens-calibration.md index a593ff68d5..f867bf325c 100644 --- a/devices/hololens/hololens-calibration.md +++ b/devices/hololens/hololens-calibration.md @@ -97,7 +97,7 @@ You can also disable the calibration prompt by following these steps: 1. Turn off **When a new person uses this HoloLens, automatically ask to run eye calibration**. > [!IMPORTANT] -> Please understand that this setting may adversely affect hologram rendering quality and comfort. If there is an immersive application that is using eye tracking, for instance text scrolling, then that feature will no longer work. +> This setting may adversely affect hologram rendering quality and comfort. When you turn off this setting, features that depend on eye tracking (such as text scrolling) no longer work in immersive applications. ### HoloLens 2 eye-tracking technology From 68ec900e076f8601cc17d6ee323bfefb68306471 Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Mon, 11 Nov 2019 14:37:15 -0800 Subject: [PATCH 03/93] Update hololens2-language-support.md Removed es-MX from support list and corrected some formatting issues. --- devices/hololens/hololens2-language-support.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index 760880135d..e38fbd5569 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -17,7 +17,7 @@ appliesto: # Supported languages for HoloLens 2 -HoloLens 2 supports the following languages. This support includes voice commands and dictation features. +HoloLens 2 supports the following languages, including voice commands and dictation features. - Chinese Simplified (China) - English (Australia) @@ -29,17 +29,17 @@ HoloLens 2 supports the following languages. This support includes voice command - German (Germany) - Italian (Italy) - Japanese (Japan) -- Spanish (Mexico) - Spanish (Spain) -Windows Mixed Reality is also available in the following languages. However, this support does not include speech commands or dictation features. +HoloLens 2 is also available in the following languages. However, this support does not include speech commands or dictation features. - Chinese Traditional (Taiwan and Hong Kong) - Dutch (Netherlands) - Korean (Korea) -- Changing language or keyboard > [!NOTE] > Your speech and dictation language depends on the Windows display language. > +# Changing language or keyboard + To change the Windows display language, region, or keyboard settings, use the start gesture to open the **Start** menu, and then select **Settings** > **Time and Language** > **Language**. From 835c65f895bbcdb08cb374e635f5e2647d9215f6 Mon Sep 17 00:00:00 2001 From: DanPandre <54847950+DanPandre@users.noreply.github.com> Date: Tue, 12 Nov 2019 10:01:40 -0500 Subject: [PATCH 04/93] Clarify impacts of Intune auto-enrollment --- devices/surface-hub/surface-hub-2s-manage-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/surface-hub-2s-manage-intune.md b/devices/surface-hub/surface-hub-2s-manage-intune.md index e71d37def0..dc071e3753 100644 --- a/devices/surface-hub/surface-hub-2s-manage-intune.md +++ b/devices/surface-hub/surface-hub-2s-manage-intune.md @@ -28,7 +28,7 @@ Surface Hub 2S allows IT administrators to manage settings and policies using a ### Auto registration — Azure Active Directory Affiliated -When affiliating Surface Hub 2S with a tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune. For more information, refer to [Intune enrollment methods for Windows devices](https://docs.microsoft.com/intune/enrollment/windows-enrollment-methods). +During the initial setup process, when choosing to affiliate with an Azure AD tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune. For more information, refer to [Intune enrollment methods for Windows devices](https://docs.microsoft.com/intune/enrollment/windows-enrollment-methods). Azure AD affiliation and Intune auto enrollment is required for the Surface Hub to be a "compliant device" in Intune. ## Windows 10 Team Edition settings From e457ad0cfa1648e21b0ec57f196693c04ba8e1b3 Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Tue, 12 Nov 2019 12:48:54 -0800 Subject: [PATCH 05/93] Update hololens2-language-support.md Added more verbose instructions for changing language settings and what is impacted by the language settings. --- .../hololens/hololens2-language-support.md | 27 +++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index e38fbd5569..091c9dd907 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -17,7 +17,7 @@ appliesto: # Supported languages for HoloLens 2 -HoloLens 2 supports the following languages, including voice commands and dictation features. +HoloLens 2 supports the following languages, including voice commands and dictation features, keyboard layouts, and OCR recognition within apps. - Chinese Simplified (China) - English (Australia) @@ -42,4 +42,27 @@ HoloLens 2 is also available in the following languages. However, this support d > # Changing language or keyboard -To change the Windows display language, region, or keyboard settings, use the start gesture to open the **Start** menu, and then select **Settings** > **Time and Language** > **Language**. +HoloLens is configured for a language and region during set up. You can change the configuration under the “Time & language” section of Settings app. + +## To change the Windows display language + +1. Go to **Start** menu, and then select **Settings** > **Time and Language** > **Language**. +2. Choose a language from the **Windows display language** menu. + +If the supported language you’re looking for is not in the menu, use the **Add a language button** in the **Preferred languages** section on the page to search for and add the language, then check in the **Windows display language menu** again. + +Changing Windows display language will: + +- Change the UI text language for Windows and apps (for apps that support localization). +- Change the supported speech language for speech features in Windows and apps. +- Add the default keyboard layout for the language. + +## To change the keyboard layout + +To add or remove a keyboard layout, go to **Start menu** > **Settings** > **Time & language** > **Keyboard**. + +When there is more than one keyboard layout added, you can switch between different keyboard layouts using the Layout key in the lower right corner of the on-screen keyboard. + +> [!NOTE] +> While you can use the on-screen keyboard to enter text that requires Input Method Editor (IME) such as Chinese, using a Bluetooth hardware keyboard with IME is not currently supported. When a on-screen keyboard layout uses IME, you can continue to use a Bluetooth keyboard to type in English. To toggle a hardware keyboard to type in English, press the ~ key. +> From 42cf908bdd60cb05a92587fc38239adf285a8666 Mon Sep 17 00:00:00 2001 From: DanPandre <54847950+DanPandre@users.noreply.github.com> Date: Wed, 13 Nov 2019 09:25:49 -0500 Subject: [PATCH 06/93] Made language closer to original --- devices/surface-hub/surface-hub-2s-manage-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface-hub/surface-hub-2s-manage-intune.md b/devices/surface-hub/surface-hub-2s-manage-intune.md index dc071e3753..d17fc2dfb1 100644 --- a/devices/surface-hub/surface-hub-2s-manage-intune.md +++ b/devices/surface-hub/surface-hub-2s-manage-intune.md @@ -28,7 +28,7 @@ Surface Hub 2S allows IT administrators to manage settings and policies using a ### Auto registration — Azure Active Directory Affiliated -During the initial setup process, when choosing to affiliate with an Azure AD tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune. For more information, refer to [Intune enrollment methods for Windows devices](https://docs.microsoft.com/intune/enrollment/windows-enrollment-methods). Azure AD affiliation and Intune auto enrollment is required for the Surface Hub to be a "compliant device" in Intune. +During the initial setup process, when affiliating a Surface Hub with an Azure AD tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune. For more information, refer to [Intune enrollment methods for Windows devices](https://docs.microsoft.com/intune/enrollment/windows-enrollment-methods). Azure AD affiliation and Intune auto enrollment is required for the Surface Hub to be a "compliant device" in Intune. ## Windows 10 Team Edition settings From f874619783a0bba271b202a3750ce387d2f2c4b5 Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Wed, 13 Nov 2019 17:42:49 -0800 Subject: [PATCH 07/93] Update devices/hololens/hololens2-language-support.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- devices/hololens/hololens2-language-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index 091c9dd907..c58b778d48 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -46,7 +46,7 @@ HoloLens is configured for a language and region during set up. You can change t ## To change the Windows display language -1. Go to **Start** menu, and then select **Settings** > **Time and Language** > **Language**. +1. Go to the **Start** menu, and then select **Settings** > **Time and Language** > **Language**. 2. Choose a language from the **Windows display language** menu. If the supported language you’re looking for is not in the menu, use the **Add a language button** in the **Preferred languages** section on the page to search for and add the language, then check in the **Windows display language menu** again. From 2b0342a8dbcf19323c382a124d152dc41fb791ff Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Wed, 13 Nov 2019 17:43:10 -0800 Subject: [PATCH 08/93] Update devices/hololens/hololens2-language-support.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- devices/hololens/hololens2-language-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index c58b778d48..9e916ea3a5 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -51,7 +51,7 @@ HoloLens is configured for a language and region during set up. You can change t If the supported language you’re looking for is not in the menu, use the **Add a language button** in the **Preferred languages** section on the page to search for and add the language, then check in the **Windows display language menu** again. -Changing Windows display language will: +Changing the Windows display language will: - Change the UI text language for Windows and apps (for apps that support localization). - Change the supported speech language for speech features in Windows and apps. From 869852022d4750d3a9c7d328c231041f3d4af0f2 Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Wed, 13 Nov 2019 17:43:27 -0800 Subject: [PATCH 09/93] Update devices/hololens/hololens2-language-support.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- devices/hololens/hololens2-language-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index 9e916ea3a5..2aad87d133 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -61,7 +61,7 @@ Changing the Windows display language will: To add or remove a keyboard layout, go to **Start menu** > **Settings** > **Time & language** > **Keyboard**. -When there is more than one keyboard layout added, you can switch between different keyboard layouts using the Layout key in the lower right corner of the on-screen keyboard. +When there is more than one keyboard layout added, you can switch between different keyboard layouts using the **Layout** key in the lower right corner of the on-screen keyboard. > [!NOTE] > While you can use the on-screen keyboard to enter text that requires Input Method Editor (IME) such as Chinese, using a Bluetooth hardware keyboard with IME is not currently supported. When a on-screen keyboard layout uses IME, you can continue to use a Bluetooth keyboard to type in English. To toggle a hardware keyboard to type in English, press the ~ key. From ff03f853808631fe17940678a2b436649e7fa6e2 Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Wed, 13 Nov 2019 17:43:42 -0800 Subject: [PATCH 10/93] Update devices/hololens/hololens2-language-support.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- devices/hololens/hololens2-language-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index 2aad87d133..d2b5cacedc 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -64,5 +64,5 @@ To add or remove a keyboard layout, go to **Start menu** > **Settings** > **Time When there is more than one keyboard layout added, you can switch between different keyboard layouts using the **Layout** key in the lower right corner of the on-screen keyboard. > [!NOTE] -> While you can use the on-screen keyboard to enter text that requires Input Method Editor (IME) such as Chinese, using a Bluetooth hardware keyboard with IME is not currently supported. When a on-screen keyboard layout uses IME, you can continue to use a Bluetooth keyboard to type in English. To toggle a hardware keyboard to type in English, press the ~ key. +> While you can use the on-screen keyboard to enter text that requires Input Method Editor (IME) such as Chinese, using a Bluetooth hardware keyboard with IME is not currently supported. When a on-screen keyboard layout uses IME, you can continue to use a Bluetooth keyboard to type in English. To toggle a hardware keyboard to type in English, press the **~** key. > From 60933c03e48c458057e07f1a1544ba2d05568d1f Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Mon, 2 Dec 2019 13:55:41 -0800 Subject: [PATCH 11/93] Update devices/hololens/hololens2-language-support.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- devices/hololens/hololens2-language-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index d2b5cacedc..e3b6892dee 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -49,7 +49,7 @@ HoloLens is configured for a language and region during set up. You can change t 1. Go to the **Start** menu, and then select **Settings** > **Time and Language** > **Language**. 2. Choose a language from the **Windows display language** menu. -If the supported language you’re looking for is not in the menu, use the **Add a language button** in the **Preferred languages** section on the page to search for and add the language, then check in the **Windows display language menu** again. +If the supported language you’re looking for is not in the menu, use the **Add a language** button in the **Preferred languages** section on the page to search for and add the language, then check in the **Windows display language menu** again. Changing the Windows display language will: From b19905714ec134edbfa6e08c016702720bc4adea Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Mon, 2 Dec 2019 15:53:40 -0800 Subject: [PATCH 12/93] Update hololens2-language-support.md Responding to Teresa's feedback --- .../hololens/hololens2-language-support.md | 29 +++++++++++-------- 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md index e3b6892dee..d139119708 100644 --- a/devices/hololens/hololens2-language-support.md +++ b/devices/hololens/hololens2-language-support.md @@ -42,27 +42,32 @@ HoloLens 2 is also available in the following languages. However, this support d > # Changing language or keyboard -HoloLens is configured for a language and region during set up. You can change the configuration under the “Time & language” section of Settings app. +The setup process configures your HoloLens for a region and language. You can change this configuration by using the **Time & language** section of **Settings**. ## To change the Windows display language -1. Go to the **Start** menu, and then select **Settings** > **Time and Language** > **Language**. -2. Choose a language from the **Windows display language** menu. +1. Go to the **Start** menu, and then select **Settings** > **Time and language** > **Language**. +2. Select **Windows display language**, and then select a language. -If the supported language you’re looking for is not in the menu, use the **Add a language** button in the **Preferred languages** section on the page to search for and add the language, then check in the **Windows display language menu** again. +If the supported language you’re looking for is not in the menu, follow these steps: -Changing the Windows display language will: +1. Under **Preferred languages** select **Add a language**. +2. Search for and add the language. +3. Select the **Windows display language** menu again and choose the language you added. -- Change the UI text language for Windows and apps (for apps that support localization). -- Change the supported speech language for speech features in Windows and apps. -- Add the default keyboard layout for the language. +The Windows display language affects the following settings for Windows and for apps that support localization: + +- The user interface text language. +- The speech language. +- The default layout of the on-screen keyboard. ## To change the keyboard layout -To add or remove a keyboard layout, go to **Start menu** > **Settings** > **Time & language** > **Keyboard**. +To add or remove a keyboard layout, open the **Start** menu and then select **Settings** > **Time & language** > **Keyboard**. -When there is more than one keyboard layout added, you can switch between different keyboard layouts using the **Layout** key in the lower right corner of the on-screen keyboard. +If your HoloLens has more than one keyboard layout, use the **Layout** key to switch between them. The **Layout** key is in the lower right corner of the on-screen keyboard. > [!NOTE] -> While you can use the on-screen keyboard to enter text that requires Input Method Editor (IME) such as Chinese, using a Bluetooth hardware keyboard with IME is not currently supported. When a on-screen keyboard layout uses IME, you can continue to use a Bluetooth keyboard to type in English. To toggle a hardware keyboard to type in English, press the **~** key. -> +> The on-screen keyboard can use Input Method Editor (IME) to enter characters in languages such as Chinese. However, HoloLens does not support external Bluetooth keyboards that use IME. +> +> While you use IME with the on-screen keyboard, you can continue to use a Bluetooth keyboard to type in English. To switch between keyboards, press ~. From 26b785174460fe100b5a1d5a6c21585c4232ddc2 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 4 Dec 2019 14:27:15 -0600 Subject: [PATCH 13/93] New Note added from #5469 --- .../threat-protection/microsoft-defender-atp/live-response.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 151cc9a4d1..1493afdbfe 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -50,6 +50,10 @@ You'll need to enable the live response capability in the [Advanced features set >[!WARNING] >Allowing the use of unsigned scripts may increase your exposure to threats. + + > [!ÏMPORTNAT] + > The current implementation of the Live Response within Defender ATP the option "Upload file to library" button function is not available to those with only delegated permissions via DATP/RBAC roles. + Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. - **Ensure that you have the appropriate permissions**
From 42cc42f33a6ef5c5b13e5d1562b6ff8600f2a4f9 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 4 Dec 2019 12:54:03 -0800 Subject: [PATCH 14/93] Update live-response.md --- .../threat-protection/microsoft-defender-atp/live-response.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 1493afdbfe..afa98aa766 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -51,7 +51,7 @@ You'll need to enable the live response capability in the [Advanced features set >Allowing the use of unsigned scripts may increase your exposure to threats. - > [!ÏMPORTNAT] + > [!ÏMPORTANT] > The current implementation of the Live Response within Defender ATP the option "Upload file to library" button function is not available to those with only delegated permissions via DATP/RBAC roles. Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. From a271cb85322b4eae59e96fd33cd68d5e3d8b3f82 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 4 Dec 2019 15:30:16 -0600 Subject: [PATCH 15/93] Suggestion taken --- .../threat-protection/microsoft-defender-atp/live-response.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 1493afdbfe..3c64fbaaa4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -52,7 +52,7 @@ You'll need to enable the live response capability in the [Advanced features set > [!ÏMPORTNAT] - > The current implementation of the Live Response within Defender ATP the option "Upload file to library" button function is not available to those with only delegated permissions via DATP/RBAC roles. + > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. From b0566d36e499f118cd7a71e85598c26cea5b9fbe Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Wed, 4 Dec 2019 15:33:11 -0600 Subject: [PATCH 16/93] Suggestion taken --- .../threat-protection/microsoft-defender-atp/live-response.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index afa98aa766..2c8fd39528 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -52,7 +52,7 @@ You'll need to enable the live response capability in the [Advanced features set > [!ÏMPORTANT] - > The current implementation of the Live Response within Defender ATP the option "Upload file to library" button function is not available to those with only delegated permissions via DATP/RBAC roles. + > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. From 28b3ebaddf6cdc56fa11c932a9233cac2e174d1a Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Thu, 5 Dec 2019 10:31:52 -0600 Subject: [PATCH 17/93] Update windows/security/threat-protection/microsoft-defender-atp/live-response.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../threat-protection/microsoft-defender-atp/live-response.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 2c8fd39528..0b762a0b99 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -51,7 +51,7 @@ You'll need to enable the live response capability in the [Advanced features set >Allowing the use of unsigned scripts may increase your exposure to threats. - > [!ÏMPORTANT] + > [!IMPORTANT] > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. @@ -254,4 +254,3 @@ Each command is tracked with full details such as: - From 4bad6d069f5f0bdcc27e54b5b11ddfbf53ff804a Mon Sep 17 00:00:00 2001 From: Todd Lyon <19413953+tmlyon@users.noreply.github.com> Date: Tue, 10 Dec 2019 16:55:32 -0800 Subject: [PATCH 18/93] Update hololens-cortana.md Updated phrasing for follow and microphone button to resolve some localization issues with the voice commands. --- devices/hololens/hololens-cortana.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md index 0729485e7d..d7ca664169 100644 --- a/devices/hololens/hololens-cortana.md +++ b/devices/hololens/hololens-cortana.md @@ -56,7 +56,7 @@ To use these commands, gaze at a 3D object, hologram, or app window. | "Face me" | Turn it to face you | | "Move this" | Move it (follow your gaze) | | "Close" | Close it | -| "Follow" / "Stop following" | Make it follow you as you move around | +| "Follow me" / "Stop following" | Make it follow you as you move around | ### See it, say it @@ -64,7 +64,7 @@ Many buttons and other elements on HoloLens also respond to your voice—for exa ### Dictation mode -Tired of typing? Switch to dictation mode any time that the holographic keyboard is active. To get started, select the microphone icon or say "Start dictating." To stop dictating, select **Done** or say "Stop dictating." To delete what you just dictated, say "Delete that." +Tired of typing? Switch to dictation mode any time that the holographic keyboard is active. To get started, select the microphone button or say "Start dictating." To stop dictating, select the button again or say "Stop dictating." To delete what you just dictated, say "Delete that." > [!NOTE] > To use dictation mode, you have to have an internet connection. From 1fd9c5a9cd785ff6314c71a848dcd1c11a37d1be Mon Sep 17 00:00:00 2001 From: Deland-Han Date: Wed, 11 Dec 2019 11:25:46 +0800 Subject: [PATCH 19/93] finish --- devices/surface-hub/TOC.md | 2 ++ devices/surface-hub/index.md | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md index c0de52de12..59d2d76a0d 100644 --- a/devices/surface-hub/TOC.md +++ b/devices/surface-hub/TOC.md @@ -7,6 +7,7 @@ ### [Surface Hub 2S tech specs](surface-hub-2s-techspecs.md) ### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md) ### [Adjust Surface Hub 2S brightness, volume, and input](surface-hub-2s-onscreen-display.md) +### [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d) ## Plan ### [Surface Hub 2S Site Readiness Guide](surface-hub-2s-site-readiness-guide.md) @@ -58,6 +59,7 @@ ### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md) ### [Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md) ### [Technical information for 84” Microsoft Surface Hub](surface-hub-technical-84.md) +### [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d) ## Plan ### [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md) diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md index e4fa9986f3..f60588a000 100644 --- a/devices/surface-hub/index.md +++ b/devices/surface-hub/index.md @@ -30,7 +30,6 @@ Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platfor

Behind the design: Surface Hub 2S

What's new in Surface Hub 2S

Operating system essentials

-

Enable Microsoft Whiteboard on Surface Hub

From 217842d6912a4782bad64c8ea444e4f70c9a1370 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 11 Dec 2019 14:58:07 +0530 Subject: [PATCH 20/93] removed the word as meeting as per the user report #5646 . I removed the following word which written two times as meeting --- windows/security/threat-protection/fips-140-validation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md index 32bbf69dc2..c91f55f5cf 100644 --- a/windows/security/threat-protection/fips-140-validation.md +++ b/windows/security/threat-protection/fips-140-validation.md @@ -57,7 +57,7 @@ The cadence for starting module validation aligns with the feature updates of Wi ### What is the difference between “FIPS 140 validated” and “FIPS 140 compliant”? -“FIPS 140 validated” means that the cryptographic module, or a product that embeds the module, has been validated (“certified”) by the CMVP as meeting as meeting the FIPS 140-2 requirements. “FIPS 140 compliant” is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality. +“FIPS 140 validated” means that the cryptographic module, or a product that embeds the module, has been validated (“certified”) by the CMVP as meeting the FIPS 140-2 requirements. “FIPS 140 compliant” is an industry term for IT products that rely on FIPS 140 validated products for cryptographic functionality. ### I need to know if a Windows service or application is FIPS 140-2 validated. @@ -7191,4 +7191,4 @@ Version 6.3.9600

\[[SP 800-57](http://csrc.nist.gov/publications/pubssps.html#800-57-part1)\] - Recommendation for Key Management – Part 1: General (Revised) -\[[SP 800-131A](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)\] - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths \ No newline at end of file +\[[SP 800-131A](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)\] - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths From 0792939c1918f90a1305030c2ddc279dd3fb9f96 Mon Sep 17 00:00:00 2001 From: Deland-Han Date: Wed, 11 Dec 2019 17:39:09 +0800 Subject: [PATCH 21/93] finish --- mdop/mbam-v25/deploy-mbam.md | 3 ++- mdop/mbam-v25/troubleshooting-mbam-installation.md | 3 ++- windows/client-management/introduction-page-file.md | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/mdop/mbam-v25/deploy-mbam.md b/mdop/mbam-v25/deploy-mbam.md index eefee88047..a921105176 100644 --- a/mdop/mbam-v25/deploy-mbam.md +++ b/mdop/mbam-v25/deploy-mbam.md @@ -1,13 +1,14 @@ --- title: Deploying MBAM 2.5 in a stand-alone configuration description: Introducing how to deploy MBAM 2.5 in a stand-alone configuration. -author: delhan +author: Deland-Han ms.reviewer: dcscontentpm manager: dansimp ms.author: delhan ms.sitesec: library ms.prod: w10 ms.date: 09/16/2019 +manager: dcscontentpm --- # Deploying MBAM 2.5 in a standalone configuration diff --git a/mdop/mbam-v25/troubleshooting-mbam-installation.md b/mdop/mbam-v25/troubleshooting-mbam-installation.md index d58974a50e..b38d7b7818 100644 --- a/mdop/mbam-v25/troubleshooting-mbam-installation.md +++ b/mdop/mbam-v25/troubleshooting-mbam-installation.md @@ -1,13 +1,14 @@ --- title: Troubleshooting MBAM 2.5 installation problems description: Introducing how to troubleshoot MBAM 2.5 installation problems. -author: delhan +author: Deland-Han ms.reviewer: dcscontentpm manager: dansimp ms.author: delhan ms.sitesec: library ms.prod: w10 ms.date: 09/16/2019 +manager: dcscontentpm --- # Troubleshooting MBAM 2.5 installation problems diff --git a/windows/client-management/introduction-page-file.md b/windows/client-management/introduction-page-file.md index 662ae5f90e..cee81bcd72 100644 --- a/windows/client-management/introduction-page-file.md +++ b/windows/client-management/introduction-page-file.md @@ -8,7 +8,7 @@ author: Deland-Han ms.localizationpriority: medium ms.author: delhan ms.reviewer: greglin -manager: willchen +manager: dcscontentpm --- # Introduction to page files From 214d87b5d68c42773ad84014057f52fce49c8ccc Mon Sep 17 00:00:00 2001 From: Jean-Robert Jean-Simon Date: Wed, 11 Dec 2019 11:57:56 +0100 Subject: [PATCH 22/93] Add a note about OEM Authorization and Delegated Admin Permissions (DAP) It is just a clarification for several customers who are afraid about Delegated Admin Permissions (DAP) could be part of the OEM Authorization. --- windows/deployment/windows-autopilot/registration-auth.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/registration-auth.md b/windows/deployment/windows-autopilot/registration-auth.md index 9ae9105cbd..3c6dfece7c 100644 --- a/windows/deployment/windows-autopilot/registration-auth.md +++ b/windows/deployment/windows-autopilot/registration-auth.md @@ -9,7 +9,8 @@ ms.mktglfcycl: deploy ms.localizationpriority: medium ms.sitesec: library ms.pagetype: deploy -audience: itpro author: greg-lindsay +audience: itpro +author: greg-lindsay ms.author: greglin ms.collection: M365-modern-desktop ms.topic: article @@ -75,6 +76,8 @@ Each OEM has a unique link to provide to their respective customers, which the O 4. The OEM can use the Validate Device Submission Data API to verify the consent has completed. This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, it’s a best practice recommendation for OEM partners to run the API check to confirm they’ve received customer consent before attempting to register devices, thus avoiding errors in the registration process. + NOTE: During the OEM authorization registration process, no delegated admin permissions are granted to the OEM. + ## Summary At this stage of the process, Microsoft is no longer involved; the consent exchange happens directly between the OEM and the customer. And, it all happens instantaneously - as quickly as buttons are clicked. From d5b401f302f2edbe9cb258153c542cb822ab0039 Mon Sep 17 00:00:00 2001 From: Jean-Robert Jean-Simon Date: Wed, 11 Dec 2019 12:28:22 +0100 Subject: [PATCH 23/93] Add a Q&A for Delegated Admin Permissions for OEM It is just a clarification for several customers who are afraid about Delegated Admin Permissions (DAP) could be part of the OEM Authorization. --- windows/deployment/windows-autopilot/autopilot-faq.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/windows-autopilot/autopilot-faq.md b/windows/deployment/windows-autopilot/autopilot-faq.md index b527168e97..94f7002df9 100644 --- a/windows/deployment/windows-autopilot/autopilot-faq.md +++ b/windows/deployment/windows-autopilot/autopilot-faq.md @@ -38,6 +38,7 @@ A [glossary](#glossary) of abbreviations used in this topic is provided at the e | How can I test the Windows Autopilot CSV file in the Partner Center? | Only CSP Partners have access to the Partner Center portal. If you are a CSP, you can create a Sales agent user account which has access to “Devices” for testing the file. This can be done today in the Partner Center.

Go [here](https://msdn.microsoft.com/partner-center/create-user-accounts-and-set-permissions) for more information. | | Must I become a Cloud Solution Provider (CSP) to participate in Windows Autopilot? | Top volume OEMs do not, as they can use the OEM Direct API. All others who choose to use MPC to register devices must become CSPs in order to access MPC. | | Do the different CSP levels have all the same capabilities when it comes to Windows Autopilot? | For purposes of Windows Autopilot, there are three different types of CSPs, each with different levels of authority an access:

1. Direct CSP: Gets direct authorization from the customer to register devices.

2. Indirect CSP Provider: Gets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer. Indirect CSP Providers register devices through Microsoft Partner Center.

3. Indirect CSP Reseller: Gets direct authorization from the customer to register devices. At the same time, their indirect CSP Provider partner also gets authorization, which mean that either the Indirect Provider or the Indirect Reseller can register devices for the customer. However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs. | +| Does the OEM authorization grant Delegated Admin Permissions (DAP) on the customer tenant? | No. The OEM authorization gives only the capability to register devices. | ## Manufacturing From d7feac8adc09688f0f7b5108fc9b9999e1f5facc Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 11 Dec 2019 20:24:12 +0530 Subject: [PATCH 24/93] Renamed Enteprise to Enterprise as per user report #5654. i renamed Enteprise to Enterprise --- windows/client-management/mdm/device-update-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md index 13a78b2032..414a9c8515 100644 --- a/windows/client-management/mdm/device-update-management.md +++ b/windows/client-management/mdm/device-update-management.md @@ -635,7 +635,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise > [!Important] -> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Enterprise. +> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enterprise and IoT Enterprise.

Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet. From 98ee57c44dab201112e3a93f7e76c7b7e09b7491 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Wed, 11 Dec 2019 20:10:13 +0500 Subject: [PATCH 25/93] Content Update Added a source of information to point users to use custom settings for Windows 10 devices in Intune. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4482 --- ...dows-defender-application-control-policies-using-intune.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 8a2a80de85..8319156a40 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -27,7 +27,7 @@ ms.date: 05/17/2018 - Windows 10 - Windows Server 2016 -You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. +You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can configure Endpoint protection profile for WDAC or a custom profile with an OMA-URI. You can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. 1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. @@ -41,3 +41,5 @@ You can use Microsoft Intune to configure Windows Defender Application Control ( - **Trust apps with good reputation**: Select **Enable** to allow reputable apps as defined by the Intelligent Security Graph to run in addition to Windows components and Store apps. ![Configure WDAC](images/wdac-intune-wdac-settings.png) + +To add a custom profile with an OMA-URI see, [Use custom settings for Windows 10 devices in Intune](https://docs.microsoft.com/en-us/intune/configuration/custom-settings-windows-10). From c0f9b313e3c707e029293d33b65c786f17858d75 Mon Sep 17 00:00:00 2001 From: Brandon Bray <40039061+BrandonBray@users.noreply.github.com> Date: Wed, 11 Dec 2019 12:08:32 -0800 Subject: [PATCH 26/93] Add image color and brightness troubleshooting Adding specific recommendations for improving image quality with HoloLens 2. --- devices/hololens/hololens2-fit-comfort-faq.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/devices/hololens/hololens2-fit-comfort-faq.md b/devices/hololens/hololens2-fit-comfort-faq.md index 397d61bb67..cbd71f9405 100644 --- a/devices/hololens/hololens2-fit-comfort-faq.md +++ b/devices/hololens/hololens2-fit-comfort-faq.md @@ -43,6 +43,15 @@ Try adjusting the position of your device visor so the holographic frame matches - **If you need to look up to see holograms**. First, shift the back of the headband a bit higher on your head. Then use one hand to hold the headband in place and the other to gently rotate the visor so you have a good view of the holographic frame. - **If you need to look down to see holograms**. First, shift the back of the headband a bit lower on your head. Then place your thumbs under the device arms and your index fingers on top of the headband, and gently squeeze with your thumbs to rotate the visor so you have a good view of the holographic frame. +## Hologram image color or brightness does not look right + +For HoloLens 2, take the following steps to improve the quality of holograms presented in displays: + +- **Increase brightness of the display.** Holograms look best when the display is at its brightest level. +- **Bring visor closer to your eyes.** Swing the visor down to the closest position to your eyes. +- **Shift visor down.** Try moving the brow pad on your forehead down, which will result in the visor moving down closer to your nose. +- **Run eye calibration.** The display uses your IPD and eye gaze to optimize images on the display. If you don't run eye calibration, the image quality may be made worse. + ## The device slides down when I'm using it, or I need to make the headband too tight to keep it secure The overhead strap can help keep your HoloLens secure on your head, particularly if you're moving around a lot. The strap may also let you loosen the headband a bit. [Learn how to use it](hololens2-setup.md#adjust-fit). From b9f6d287451fbceaca63bc997928e594773b2d74 Mon Sep 17 00:00:00 2001 From: Brandon Bray <40039061+BrandonBray@users.noreply.github.com> Date: Wed, 11 Dec 2019 13:02:31 -0800 Subject: [PATCH 27/93] Editing improvement --- devices/hololens/hololens2-fit-comfort-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-fit-comfort-faq.md b/devices/hololens/hololens2-fit-comfort-faq.md index cbd71f9405..e97e03f502 100644 --- a/devices/hololens/hololens2-fit-comfort-faq.md +++ b/devices/hololens/hololens2-fit-comfort-faq.md @@ -45,7 +45,7 @@ Try adjusting the position of your device visor so the holographic frame matches ## Hologram image color or brightness does not look right -For HoloLens 2, take the following steps to improve the quality of holograms presented in displays: +For HoloLens 2, take the following steps to ensure the highest visual quality of holograms presented in displays: - **Increase brightness of the display.** Holograms look best when the display is at its brightest level. - **Bring visor closer to your eyes.** Swing the visor down to the closest position to your eyes. From 1a133a1a2437f0cafb7bbd2b4d45bc8a506b8242 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 12 Dec 2019 08:39:16 +0530 Subject: [PATCH 28/93] replaced Enteprise to Enterprise as per user report #5655. and the good intelligent report from @illfated. I replaced Enteprise to Enterprise. --- windows/client-management/mdm/policy-csp-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index d096ead06d..9d98a92f10 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -4248,7 +4248,7 @@ ADMX Info: > [!IMPORTANT] -> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile. +> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enterprise and IoT Mobile. Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet. From 8af9106bc647342f2a7bed557830baa2e6edb434 Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Thu, 12 Dec 2019 16:59:44 -0800 Subject: [PATCH 29/93] Minor build version for Nov Update Added the minor version number so that users can know what build they have. Without this they don't know if they are before or after the required build. As well as link to calibration. @scooley --- devices/hololens/hololens2-basic-usage.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/devices/hololens/hololens2-basic-usage.md b/devices/hololens/hololens2-basic-usage.md index 1a9ec375af..fadbb7a4bc 100644 --- a/devices/hololens/hololens2-basic-usage.md +++ b/devices/hololens/hololens2-basic-usage.md @@ -105,8 +105,8 @@ To **close** the Start menu, do the Start gesture when the Start menu is open. > [!IMPORTANT] > For the one-handed Start gesture to work: > -> 1. You must update to the November 2019 update (build 18363) or later. -> 1. Your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not calibrated on the device. +> 1. You must update to the November 2019 update (build 18363.1039) or later. +> 1. Your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not [calibrated](https://docs.microsoft.com/en-us/hololens/hololens-calibration#calibrating-your-hololens-2) on the device. You can also perform the Start gesture with only one hand. To do this, hold out your hand with your palm facing you and look at the **Start icon** on your inner wrist. **While keeping your eye on the icon**, pinch your thumb and index finger together. From 1dc00ca8cbeeab7c1806db0d7c481c502b566b08 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Fri, 13 Dec 2019 09:43:40 +0500 Subject: [PATCH 30/93] Update policy-csp-appruntime.md --- windows/client-management/mdm/policy-csp-appruntime.md | 9 --------- 1 file changed, 9 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md index fce0c40f17..7c7efc8c73 100644 --- a/windows/client-management/mdm/policy-csp-appruntime.md +++ b/windows/client-management/mdm/policy-csp-appruntime.md @@ -99,14 +99,5 @@ ADMX Info:

-Footnotes: - -- 1 - Added in Windows 10, version 1607. -- 2 - Added in Windows 10, version 1703. -- 3 - Added in Windows 10, version 1709. -- 4 - Added in Windows 10, version 1803. -- 5 - Added in Windows 10, version 1809. -- 6 - Added in Windows 10, version 1903. - From d704472f3687bb81e742b07091b303d71423aea4 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Fri, 13 Dec 2019 12:26:17 +0500 Subject: [PATCH 31/93] Update windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- ...indows-defender-application-control-policies-using-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index 8319156a40..d5c25facfc 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -27,7 +27,7 @@ ms.date: 05/17/2018 - Windows 10 - Windows Server 2016 -You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can configure Endpoint protection profile for WDAC or a custom profile with an OMA-URI. You can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. +You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can configure the Endpoint protection profile for WDAC or a custom profile with an OMA-URI. You can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. 1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. From 23b8259680295f8a15a3e0ad112a057e65098aa8 Mon Sep 17 00:00:00 2001 From: Jean-Robert Jean-Simon Date: Fri, 13 Dec 2019 10:43:07 +0100 Subject: [PATCH 32/93] Update windows/deployment/windows-autopilot/autopilot-faq.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/deployment/windows-autopilot/autopilot-faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/autopilot-faq.md b/windows/deployment/windows-autopilot/autopilot-faq.md index 94f7002df9..756dbef593 100644 --- a/windows/deployment/windows-autopilot/autopilot-faq.md +++ b/windows/deployment/windows-autopilot/autopilot-faq.md @@ -38,7 +38,7 @@ A [glossary](#glossary) of abbreviations used in this topic is provided at the e | How can I test the Windows Autopilot CSV file in the Partner Center? | Only CSP Partners have access to the Partner Center portal. If you are a CSP, you can create a Sales agent user account which has access to “Devices” for testing the file. This can be done today in the Partner Center.

Go [here](https://msdn.microsoft.com/partner-center/create-user-accounts-and-set-permissions) for more information. | | Must I become a Cloud Solution Provider (CSP) to participate in Windows Autopilot? | Top volume OEMs do not, as they can use the OEM Direct API. All others who choose to use MPC to register devices must become CSPs in order to access MPC. | | Do the different CSP levels have all the same capabilities when it comes to Windows Autopilot? | For purposes of Windows Autopilot, there are three different types of CSPs, each with different levels of authority an access:

1. Direct CSP: Gets direct authorization from the customer to register devices.

2. Indirect CSP Provider: Gets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer. Indirect CSP Providers register devices through Microsoft Partner Center.

3. Indirect CSP Reseller: Gets direct authorization from the customer to register devices. At the same time, their indirect CSP Provider partner also gets authorization, which mean that either the Indirect Provider or the Indirect Reseller can register devices for the customer. However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs. | -| Does the OEM authorization grant Delegated Admin Permissions (DAP) on the customer tenant? | No. The OEM authorization gives only the capability to register devices. | +| Does the OEM authorization grant Delegated Admin Permissions (DAP) on the customer tenant? | No. The OEM authorization only gives the capability to register devices. | ## Manufacturing From 64b86852b525d2500a32c6495de329a9bdb7a901 Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Fri, 13 Dec 2019 10:51:41 -0800 Subject: [PATCH 33/93] Release notes link changes to HoloLens section Link for HoloLens release notes was pointing to Mixed Reality docs instead of HoloLens. Redirected. @scooley --- devices/hololens/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/index.md b/devices/hololens/index.md index 6725da5e81..98835e4ce5 100644 --- a/devices/hololens/index.md +++ b/devices/hololens/index.md @@ -55,4 +55,4 @@ appliesto: ## Related resources * [Documentation for Holographic app development](https://developer.microsoft.com/windows/mixed-reality/development) -* [HoloLens release notes](https://developer.microsoft.com/windows/mixed-reality/release_notes) +* [HoloLens release notes](https://docs.microsoft.com/hololens/hololens-release-notes) From 9088f05210fe0f65fd2f196c28297dcbc0a2cf81 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Fri, 13 Dec 2019 14:45:57 -0800 Subject: [PATCH 34/93] Update surface-pro-arm-app-management.md --- .../surface/surface-pro-arm-app-management.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md index 3e867c8f49..5ccc5468b3 100644 --- a/devices/surface/surface-pro-arm-app-management.md +++ b/devices/surface/surface-pro-arm-app-management.md @@ -62,18 +62,19 @@ Some third-party antivirus software cannot be installed on a Windows 10 PC runni ## Servicing Surface Pro X -Outside of personal devices that rely on Windows Update, servicing devices in most corporate environments requires downloading and managing the deployment of .MSI files to update target devices. Refer to the following documentation, which will be updated later to include guidance for servicing Surface Pro X: +Surface Pro X supports Windows 10, version 1903 and later. As an ARM-based device, it has specific requirements for maintaining the latest drivers and firmware. -- [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). +Surface Pro X was designed to use Windows Update to simplify the process of keeping drivers and firmware up to date for both home users and small business users. Use the default settings to receive Automatic updates. To verify: -> [!NOTE] -> Surface Pro X supports Windows 10, version 1903 and later. +1. Go to **Start** > **Settings > Update & Security > Windows Update** > **Advanced Options.** +2. Under **Choose how updates are installed,** select **Automatic (recommended)**. -### Windows Server Update Services -Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X. - -For more information, refer to the [Microsoft Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/sum/get-started/configure-classifications-and-products). +### Recommendations for commercial customers +- Use Windows Update or Windows Update for Business for maintaining the latest drivers and firmware. For more information, see [Deploy Updates using Windows Update for Business](https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb). +- If your procedures require using a Windows Installer .msi file contact [Surface for Business support](https://support.microsoft.com/help/4037645). +- For more information about deploying and managing updates on Surface devices, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). +- Note that Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X. ## Running apps on Surface Pro X From fbbf64fb2409ace606116bfba1c147532ad9c6ab Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 14 Dec 2019 05:14:30 +0500 Subject: [PATCH 35/93] information update As a request, the required information has been updated in the doc. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5261 --- .../mdm/bulk-enrollment-using-windows-provisioning-tool.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md index d17799b5a8..93525461af 100644 --- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md +++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md @@ -36,8 +36,7 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro > - Bulk-join is not supported in Azure Active Directory Join. > - Bulk enrollment does not work in Intune standalone environment. > - Bulk enrollment works in System Center Configuration Manager (SCCM) + Intune hybrid environment where the ppkg is generated from the SCCM console. - - +> - To change bulk enrollment settings, login to **AAD** then **Devices** and then click **Device Settings**. Change the number under **Maximum number of devices per user**. ## What you need From fc38997abb47008adc8084687c6decfdba596d14 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Fri, 13 Dec 2019 21:19:07 -0600 Subject: [PATCH 36/93] Moved note --- .../microsoft-defender-atp/live-response.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 2c8fd39528..e55674234c 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -50,10 +50,6 @@ You'll need to enable the live response capability in the [Advanced features set >[!WARNING] >Allowing the use of unsigned scripts may increase your exposure to threats. - - > [!ÏMPORTANT] - > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. - Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. - **Ensure that you have the appropriate permissions**
@@ -61,6 +57,9 @@ You'll need to enable the live response capability in the [Advanced features set Depending on the role that's been granted to you, you can run basic or advanced live response commands. Users permission are controlled by RBAC custom role. + > [!IMPORTANT] + > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. + ## Live response dashboard overview When you initiate a live response session on a machine, a dashboard opens. The dashboard provides information about the session such as: From 98f5095e45b56eccc466f807ef1306aa1c175aa2 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Fri, 13 Dec 2019 21:44:41 -0600 Subject: [PATCH 37/93] Update --- .../microsoft-defender-atp/live-response.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 0b762a0b99..3003c707b4 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -50,15 +50,14 @@ You'll need to enable the live response capability in the [Advanced features set >[!WARNING] >Allowing the use of unsigned scripts may increase your exposure to threats. - - > [!IMPORTANT] - > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. - Running unsigned scripts is generally not recommended as it can increase your exposure to threats. If you must use them however, you'll need to enable the setting in the [Advanced features settings](advanced-features.md) page. - **Ensure that you have the appropriate permissions**
Only users who have been provisioned with the appropriate permissions can initiate a session. For more information on role assignments see, [Create and manage roles](user-roles.md). + > [!IMPORTANT] + > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. + Depending on the role that's been granted to you, you can run basic or advanced live response commands. Users permission are controlled by RBAC custom role. ## Live response dashboard overview From a3dc2db13293718a05e0b838c928d2733d608c96 Mon Sep 17 00:00:00 2001 From: illfated Date: Sat, 14 Dec 2019 20:28:51 +0100 Subject: [PATCH 38/93] Deploy WDAC/Intune: update intro description As discussed in issue ticket #4482 (Custom WDAC policy in Intune), it would be useful to add a detail on implementing a custom WDAC policy in Intune. Without this detail, the implication is that you can ONLY use the Endpoint Protection template to configure WDAC in Intune. Thank you to Air-Git for following up on this topic and the content. Proposed change: - add details missed in the previous PR #5659 (Content Update) issue ticket closure or reference: Ref. #4482 (already closed) --- ...indows-defender-application-control-policies-using-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md index d5c25facfc..0b5a8c1c75 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md +++ b/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md @@ -27,7 +27,7 @@ ms.date: 05/17/2018 - Windows 10 - Windows Server 2016 -You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can configure the Endpoint protection profile for WDAC or a custom profile with an OMA-URI. You can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. +You can use Microsoft Intune to configure Windows Defender Application Control (WDAC). You can either configure an Endpoint Protection profile for WDAC, or create a custom profile with an OMA-URI setting. Using an Endpoint Protection profile, you can configure Windows 10 client computers to only run Windows components and Microsoft Store apps, or let them also run reputable apps defined by the Intelligent Security Graph. 1. Open the Microsoft Intune portal and click **Device configuration** > **Profiles** > **Create profile**. From fc4c9e8950221df28d98c157a289b5a8f5e24caa Mon Sep 17 00:00:00 2001 From: jcjveraa <3942301+jcjveraa@users.noreply.github.com> Date: Mon, 16 Dec 2019 09:11:50 +0100 Subject: [PATCH 39/93] Typo fix Cloud clipboard helps users copy content between devices. It also manages the clipboard histroy -> history so that you can paste your old copied data. You can access it by using **Windows+V**. Set up Cloud clipboard: --- windows/whats-new/whats-new-windows-10-version-1809.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md index d5b5e148ca..e5ab713e82 100644 --- a/windows/whats-new/whats-new-windows-10-version-1809.md +++ b/windows/whats-new/whats-new-windows-10-version-1809.md @@ -162,7 +162,7 @@ Onboard supported versions of Windows machines so that they can send sensor data ## Cloud Clipboard -Cloud clipboard helps users copy content between devices. It also manages the clipboard histroy so that you can paste your old copied data. You can access it by using **Windows+V**. Set up Cloud clipboard: +Cloud clipboard helps users copy content between devices. It also manages the clipboard history so that you can paste your old copied data. You can access it by using **Windows+V**. Set up Cloud clipboard: 1. Go to **Windows Settings** and select **Systems**. 2. On the left menu, click on **Clipboard**. From 813cb6a18290ecf4101211763d16fc5bbc810476 Mon Sep 17 00:00:00 2001 From: amorrowbellarmine <46689625+amorrowbellarmine@users.noreply.github.com> Date: Mon, 16 Dec 2019 11:27:10 -0500 Subject: [PATCH 40/93] Corrected AUMID for the Kiosk Browser The AUMID shown in this guide is incorrect. Per the instructions found at https://docs.microsoft.com/en-us/windows/configuration/find-the-application-user-model-id-of-an-installed-app, the AUMID should be the "packagefamilyname"+"!"+"package.applications.application.id". In the case of the Kiosk Bowser, the AUMID is "Microsoft.KioskBrowser_8wekyb3d8bbwe!App". Failure to include the "!App" will result in an error when the kiosk account tries to load the app. --- windows/configuration/setup-digital-signage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/setup-digital-signage.md b/windows/configuration/setup-digital-signage.md index e902d0cfe2..7741d3ba98 100644 --- a/windows/configuration/setup-digital-signage.md +++ b/windows/configuration/setup-digital-signage.md @@ -58,7 +58,7 @@ This procedure explains how to configure digital signage using Kiosk Browser on - Enter a user name and password, and toggle **Auto sign-in** to **Yes**. - Under **Configure the kiosk mode app**, enter the user name for the account that you're creating. - For **App type**, select **Universal Windows App**. - - In **Enter the AUMID for the app**, enter `Microsoft.KioskBrowser_8wekyb3d8bbwe`. + - In **Enter the AUMID for the app**, enter `Microsoft.KioskBrowser_8wekyb3d8bbwe!App`. 11. In the bottom left corner of Windows Configuration Designer, select **Switch to advanced editor**. 12. Go to **Runtime settings** > **Policies** > **KioskBrowser**. Let's assume that the URL for your digital signage content is contoso.com/menu. - In **BlockedUrlExceptions**, enter `https://www.contoso.com/menu`. From 5e168b9e7f2ff9bd22d686fefc48b6a91def62f9 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 16 Dec 2019 23:52:09 +0500 Subject: [PATCH 41/93] Update windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../mdm/bulk-enrollment-using-windows-provisioning-tool.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md index 93525461af..c5b559cf50 100644 --- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md +++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md @@ -36,7 +36,7 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro > - Bulk-join is not supported in Azure Active Directory Join. > - Bulk enrollment does not work in Intune standalone environment. > - Bulk enrollment works in System Center Configuration Manager (SCCM) + Intune hybrid environment where the ppkg is generated from the SCCM console. -> - To change bulk enrollment settings, login to **AAD** then **Devices** and then click **Device Settings**. Change the number under **Maximum number of devices per user**. +> - To change bulk enrollment settings, login to **AAD**, then **Devices**, and then click **Device Settings**. Change the number under **Maximum number of devices per user**. ## What you need @@ -168,4 +168,3 @@ Here are links to step-by-step provisioning topics in Technet. - From 38df0e98d07b9639fdddb02107c63cde187f790f Mon Sep 17 00:00:00 2001 From: Manuel Hauch Date: Mon, 16 Dec 2019 20:21:23 +0100 Subject: [PATCH 42/93] Misnamed automation level The protection level is called "No automated response" in the UI, not "Not protected". --- .../microsoft-defender-atp/automated-investigations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 28d3920de1..a4990b44f7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -68,7 +68,7 @@ You can configure the following levels of automation: |Automation level | Description| |---|---| -|Not protected | Machines do not get any automated investigations run on them. | +|No automated response | Machines do not get any automated investigations run on them. | |Semi - require approval for any remediation | This is the default automation level.

An approval is needed for any remediation action. | |Semi - require approval for non-temp folders remediation | An approval is required on files or executables that are not in temporary folders.

Files or executables in temporary folders, such as the user's download folder or the user's temp folder, will automatically be remediated if needed.| |Semi - require approval for core folders remediation | An approval is required on files or executables that are in the operating system directories such as Windows folder and Program files folder.

Files or executables in all other folders will automatically be remediated if needed.| From a79f1eba424566d14791299610472c7733b01967 Mon Sep 17 00:00:00 2001 From: coffeemade <39417823+coffeemade@users.noreply.github.com> Date: Tue, 17 Dec 2019 10:21:18 -0500 Subject: [PATCH 43/93] Update on-premises-deployment-surface-hub-device-accounts.md [!IMPORTANT] ActiveSync Virtual Directory Basic Authentication is required to be enabled as the Surface Hub is unable to authenticate using other authentication methods. [PS] C:\windows\system32>Get-ActiveSyncVirtualDirectory | fl name,BasicAuthEnabled Name : Microsoft-Server-ActiveSync (Default Web Site) BasicAuthEnabled : True --- .../on-premises-deployment-surface-hub-device-accounts.md | 1 + 1 file changed, 1 insertion(+) diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md index d3fdb628ab..7f3793ed3f 100644 --- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md +++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md @@ -49,6 +49,7 @@ If you have a single-forest on-premises deployment with Microsoft Exchange 2013 ```PowerShell New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force) ``` +[!IMPORTANT] ActiveSync Virtual Directory Basic Authentication is required to be enabled as the Surface Hub is unable to authenticate using other authentication methods. 3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy. From b6aceb7f4e44f96c9e28e0b00b1f1ab73ca1ee19 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Tue, 17 Dec 2019 18:10:31 -0800 Subject: [PATCH 44/93] added content --- .../volume-activation/vamt-known-issues.md | 95 ++++++++++++++----- 1 file changed, 70 insertions(+), 25 deletions(-) diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 70933d12f6..3a4c34773b 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -1,25 +1,70 @@ ---- -title: VAMT Known Issues (Windows 10) -description: VAMT Known Issues -ms.assetid: 8992f1f3-830a-4ce7-a248-f3a6377ab77f -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: activation -audience: itpro author: greg-lindsay -ms.date: 04/25/2017 -ms.topic: article ---- - -# VAMT Known Issues - -The following list contains the current known issues with the Volume Activation Management Tool (VAMT) 3.0. -- The VAMT Windows Management Infrastructure (WMI) remote operations may take longer to execute if the target computer is in a sleep or standby state. -- Recovery of Non-Genuine computers is a two-step process. VAMT can be used to install a new product key and activate the computer. However, the computer itself must visit the [Windows Genuine Advantage](https://go.microsoft.com/fwlink/p/?linkid=182914) Web site to revalidate the computer's Genuine status. Upon successfully completing this step, the computer will be restored to full functionality. For more information on recovering Non-Genuine Windows computers, go to [Windows Volume Activation](https://go.microsoft.com/fwlink/p/?linkid=184668). -- When opening a Computer Information List (.cil file) saved in a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information. -- The remaining activation count can only be retrieved for MAKs. -  -  +--- +title: VAMT known issues (Windows 10) +description: VAMT known issues +ms.assetid: 8992f1f3-830a-4ce7-a248-f3a6377ab77f +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: activation +audience: itpro +author: greg-lindsay +ms.date: 12/17/2019 +ms.topic: article +ms.custom: +- CI 111496 +- CSSTroubleshooting +--- + +# VAMT known issues + +The following list (and the section that follows) contains the current known issues with the Volume Activation Management Tool (VAMT) 3.0. + +- The VAMT Windows Management Infrastructure (WMI) remote operations may take longer to execute if the target computer is in a sleep or standby state. +- Recovery of Non-Genuine computers is a two-step process. VAMT can be used to install a new product key and activate the computer. However, the computer itself must visit the [Windows Genuine Advantage](https://go.microsoft.com/fwlink/p/?linkid=182914) Web site to revalidate the computer's Genuine status. Upon successfully completing this step, the computer will be restored to full functionality. For more information on recovering Non-Genuine Windows computers, go to [Windows Volume Activation](https://go.microsoft.com/fwlink/p/?linkid=184668). +- When opening a Computer Information List (.cil file) saved in a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information. +- The remaining activation count can only be retrieved for MAKs. +  +## Can't add CSVLKs for Windows 10 activation to VAMT 3.1 + +When you try to add a Windows 10 Key Management Service (KMS) Host key (CSVLK) or a Windows Server 2012 R2 for Windows 10 CSVLK into Volume Activation Management Tool (VAMT) 3.1 (version 10.0.10240.0), you receive the following error message: + +> The specified product key is invalid, or is unsupported by this version of VAMT. An update to support additional products may be available online. + +![](./111496-1.png) + +This issue occurs because VAMT 3.1 does not contain the correct pkconfig files to recognize this kind of key. + +### Workaround + +To work around this issue, use one of the following methods. + +**Method 1** + +Do not add the CSVLK to the VAMT 3.1 tool. Instead, use the **slmgr.vbs /ipk \<*CSVLK*>** command-line tool to install a CSVLK on a KMS host (where \<*CSVLK*> represents the specific key that you want to install). For more information about using the slmgr.vbs tool, see [Slmgr.vbs options for obtaining volume activation information](https://docs.microsoft.com/windows-server/get-started/activation-slmgr-vbs-options). + +**Method 2** + +On the KMS host computer, follow these steps: + +1. Download the hotfix from [July 2016 update rollup for Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/3172614/). + +1. In Windows Explorer, right-click **485392_intl_x64_zip**, and then extract the hotfix to **C:\KB3058168**. + +1. Open a Command Prompt window, and extract the contents of the update by running the following command: + + ```cmd + expand c:\KB3058168\Windows8.1-KB3058168-x64.msu -f:* C:\KB3058168\ + ``` + +1. Extract the contents of Windows8.1-KB3058168-x64.cab by running the following command: + + ```cmd + expand c:\KB3058168\Windows8.1-KB3058168-x64.cab -f:pkeyconfig-csvlk.xrm-ms c:\KB3058168 + ``` + +1. In the "C:\KB3058168\x86_microsoft-windows-s..nent-sku-csvlk-pack_31bf3856ad364e35_6.3.9600.17815_none_bd26b4f34d049716\" folder, copy the **pkeyconfig-csvlk.xrm-ms** file. Paste this file to the "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT3\pkconfig" folder. + +1. Restart VAMT. From 3712d5eea92d37c03ac677bad59986b56d825aa4 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 18 Dec 2019 15:42:20 +0500 Subject: [PATCH 45/93] Update recommended-network-definitions-for-wip.md --- .../recommended-network-definitions-for-wip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md index b11eab1f7d..c3e7e88640 100644 --- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md @@ -35,7 +35,7 @@ This table includes the recommended URLs to add to your Enterprise Cloud Resourc |-----------------------------|---------------------------------------------------------------------| |Office 365 for Business |
  • contoso.sharepoint.com
  • contoso-my.sharepoint.com
  • contoso-files.sharepoint.com
  • tasks.office.com
  • protection.office.com
  • meet.lync.com
  • teams.microsoft.com
| |Yammer |
  • www.yammer.com
  • yammer.com
  • persona.yammer.com
| -|Outlook Web Access (OWA) |attachments.office.net | +|Outlook Web Access (OWA) |
  • outlook.office.com
  • outlook.office365.com
  • attachments.office.net
| |Microsoft Dynamics |contoso.crm.dynamics.com | |Visual Studio Online |contoso.visualstudio.com | |Power BI |contoso.powerbi.com | From afe5b13e0eec9466f8a57cf8af5b8ac726f78a9e Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 18 Dec 2019 08:36:03 -0500 Subject: [PATCH 46/93] Added Central Store Consideration for GPOs For anyone using Central Store, added information for where to deploy the GPO templates in this setup. --- .../microsoft-defender-atp/configure-endpoints-gp.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md index a5cb971e01..367c0685a8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md @@ -80,6 +80,13 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa b. Copy _AtpConfiguration.adml_ into _C:\\Windows\\PolicyDefinitions\\en-US_ + If you are using a [Central Store for Group Policy Administrative Templates](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra), copy the following files from the + configuration package: + + a. Copy _AtpConfiguration.admx_ into _\\\\\\\SysVol\\\\\Policies\\PolicyDefinitions_ + + b. Copy _AtpConfiguration.adml_ into _\\\\\\\SysVol\\\\\Policies\\PolicyDefinitions\\en-US_ + 2. Open the [Group Policy Management Console](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11), right-click the GPO you want to configure and click **Edit**. 3. In the **Group Policy Management Editor**, go to **Computer configuration**. From 12befda4f5b299867f5436921b2495aac103e633 Mon Sep 17 00:00:00 2001 From: cchapin2020 <49560354+cchapin2020@users.noreply.github.com> Date: Wed, 18 Dec 2019 10:57:02 -0500 Subject: [PATCH 47/93] Edit table of default values Edited table of default settings based on Windows Server 2016 domain defaults. The right on a domain controller is set in the local security policy and is not defined in the Default Domain Controller policy. --- .../allow-log-on-through-remote-desktop-services.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md index 4725c3e9ba..d1dd82ef56 100644 --- a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md +++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md @@ -52,7 +52,8 @@ The following table lists the actual and effective default policy values. Defaul | Server type or GPO | Default value | | - | - | | Default Domain Policy | Not Defined | -| Default Domain Controller Policy | Administrators | +| Default Domain Controller Policy | Not Defined | +| Domain Controller Local Security Policy | Administrators | | Stand-Alone Server Default Settings | Administrators
Remote Desktop Users | | Domain Controller Effective Default Settings | Administrators | | Member Server Effective Default Settings | Administrators
Remote Desktop Users | From d02139df5fce91e8ea531fb31c74876bbd3d417c Mon Sep 17 00:00:00 2001 From: tx5westmt <45113913+tx5westmt@users.noreply.github.com> Date: Wed, 18 Dec 2019 11:36:29 -0600 Subject: [PATCH 48/93] Grammar/Punctuation Corrections Minor grammar/punctuation updates. --- .../hello-for-business/feature-multifactor-unlock.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md index 3da855c332..4ddcb35964 100644 --- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md +++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md @@ -31,7 +31,7 @@ ms.reviewer: Windows, today, natively only supports the use of a single credential (password, PIN, fingerprint, face, etc.) for unlocking a device. Therefore, if any of those credentials are compromised (shoulder surfed), an attacker could gain access to the system. -Windows 10 offers Multi-factor device unlock by extending Windows Hello with trusted signals, administrators can configure Windows 10 to request a combination of factors and trusted signals to unlock their devices. +Windows 10 offers Multi-factor device unlock by extending Windows Hello with trusted signals. Administrators can configure Windows 10 to request a combination of factors and trusted signals to unlock their devices. Which organizations can take advantage of Multi-factor unlock? Those who: * Have expressed that PINs alone do not meet their security needs. @@ -101,7 +101,7 @@ Each rule element has a **signal** element. All signal elements have a **type** | type| "wifi" (Windows 10, version 1803) #### Bluetooth -You define the bluetooth signal with additional attribute in the signal element. The bluetooth configuration does not use any other elements. You can end the signal element with short ending tag "\/>". +You define the bluetooth signal with additional attributes in the signal element. The bluetooth configuration does not use any other elements. You can end the signal element with short ending tag "\/>". |Attribute|Value|Required| |---------|-----|--------| @@ -117,7 +117,7 @@ Example: ``` -The **classofDevice** attribute defaults Phones and uses the values from the following table +The **classofDevice** attribute defaults to Phone and uses the values from the following table: |Description|Value| |:-------------|:-------:| @@ -138,7 +138,7 @@ The **rssiMin** attribute value signal indicates the strength needed for the dev RSSI measurements are relative and lower as the bluetooth signals between the two paired devices reduces. Therefore a measurement of 0 is stronger than -10, which is stronger than -60, which is an indicator the devices are moving further apart from each other. >[!IMPORTANT] ->Microsoft recommends using the default values for this policy settings. Measurements are relative, based on the varying conditions of each environment. Therefore, the same values may produce different results. Test policy settings in each environment prior to broadly deploying the setting. Use the rssiMIN and rssiMaxDelta values from the XML file created by the Group Policy Management Editor or remove both attributes to use the default values. +>Microsoft recommends using the default values for this policy setting. Measurements are relative, based on the varying conditions of each environment. Therefore, the same values may produce different results. Test policy settings in each environment prior to broadly deploying the setting. Use the rssiMIN and rssiMaxDelta values from the XML file created by the Group Policy Management Editor or remove both attributes to use the default values. #### IP Configuration You define IP configuration signals using one or more ipConfiguration elements. Each element has a string value. IpConfiguration elements do not have attributes or nested elements. @@ -198,7 +198,7 @@ The IPv6 DNS server represented in Internet standard hexadecimal encoding. An IP 21DA:00D3:0000:2F3B:02AA:00FF:FE28:9C5A%2 ``` ##### dnsSuffix -The fully qualified domain name of your organizations internal DNS suffix where any part of the fully qualified domain name in this setting exists in the computer's primary DNS suffix. The **signal** element may contain one or more **dnsSuffix** elements.
+The fully qualified domain name of your organization's internal DNS suffix where any part of the fully qualified domain name in this setting exists in the computer's primary DNS suffix. The **signal** element may contain one or more **dnsSuffix** elements.
**Example** ``` corp.contoso.com From d2da2e934f152e35cf6159228b0924355224de6e Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Wed, 18 Dec 2019 12:24:49 -0800 Subject: [PATCH 49/93] Update surface-pro-arm-app-management.md --- devices/surface/surface-pro-arm-app-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md index 5ccc5468b3..fee3cc0671 100644 --- a/devices/surface/surface-pro-arm-app-management.md +++ b/devices/surface/surface-pro-arm-app-management.md @@ -72,7 +72,7 @@ Surface Pro X was designed to use Windows Update to simplify the process of keep ### Recommendations for commercial customers - Use Windows Update or Windows Update for Business for maintaining the latest drivers and firmware. For more information, see [Deploy Updates using Windows Update for Business](https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb). -- If your procedures require using a Windows Installer .msi file contact [Surface for Business support](https://support.microsoft.com/help/4037645). +- If your procedures require using a Windows Installer .msi file, contact [Surface for Business support](https://support.microsoft.com/help/4037645). - For more information about deploying and managing updates on Surface devices, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). - Note that Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X. From 8fec7b6ff02ecbdf175516c768de116b9267bb4b Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Wed, 18 Dec 2019 14:04:34 -0800 Subject: [PATCH 50/93] Adding Flashing mode to Recovery docs Added flashing mode to recovery docs to provide quick instructions to people. Debate about adding Recovery mode has been raised, as such this is not being added to public docs at this time. @scooley --- devices/hololens/hololens-recovery.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/devices/hololens/hololens-recovery.md b/devices/hololens/hololens-recovery.md index 42c5c64363..b2e0d48bc7 100644 --- a/devices/hololens/hololens-recovery.md +++ b/devices/hololens/hololens-recovery.md @@ -106,6 +106,14 @@ The Advanced Recovery Companion is a new app in Microsoft Store restore the oper 5. On the **Device info** page, select **Install software** to install the default package. (If you have a Full Flash Update (FFU) image that you want to install instead, select **Manual package selection**.) 6. Software installation will begin. Do not use the device or disconnect the cable during installation. When you see the **Installation finished** page, you can disconnect and use your device. +>[!TIP] +>In the event that a HoloLens 2 gets into a state where Advanced Recovery Companion cannot recognize the device, and it does not boot, try forcing the device into Flashing Mode and recovering it with Advanced Recovery Companion: + +1. Connect the HoloLens 2 to a PC with Advanced Recovery Companion installed. +1. Press and hold the **Volume Up and Power buttons** until the device reboots. Release the Power button, but continue to hold the Volume Up button until the third LED is lit. It will the the only lit LED. + 1. The device should be visible in **Device Manager** as a **Microsoft HoloLens Recovery** device: +1. Launch Advanced Recovery Companion, and follow the on-screen prompts to reflash the OS to the HoloLens 2. + ### HoloLens (1st gen) If necessary, you can install a completely new operating system on your HoloLens (1st gen) with the Windows Device Recovery Tool. From 599b8e27ae35e3d9869fe5a1d5bbb87576634bf4 Mon Sep 17 00:00:00 2001 From: John Kaiser <35939694+CoveMiner@users.noreply.github.com> Date: Wed, 18 Dec 2019 14:28:28 -0800 Subject: [PATCH 51/93] Update surface-pro-arm-app-management.md --- devices/surface/surface-pro-arm-app-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md index fee3cc0671..26e145c547 100644 --- a/devices/surface/surface-pro-arm-app-management.md +++ b/devices/surface/surface-pro-arm-app-management.md @@ -71,7 +71,7 @@ Surface Pro X was designed to use Windows Update to simplify the process of keep ### Recommendations for commercial customers -- Use Windows Update or Windows Update for Business for maintaining the latest drivers and firmware. For more information, see [Deploy Updates using Windows Update for Business](https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb). +- Use Windows Update or Windows Update for Business for maintaining the latest drivers and firmware. For more information, see [Deploy Updates using Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb). - If your procedures require using a Windows Installer .msi file, contact [Surface for Business support](https://support.microsoft.com/help/4037645). - For more information about deploying and managing updates on Surface devices, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md). - Note that Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X. From 33635c9386aed5ee5b831be081e4650232473a8a Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Thu, 19 Dec 2019 17:37:56 +0200 Subject: [PATCH 52/93] Remove false information about winHTTP https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2230 --- windows/deployment/upgrade/upgrade-readiness-data-sharing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/upgrade/upgrade-readiness-data-sharing.md b/windows/deployment/upgrade/upgrade-readiness-data-sharing.md index af934eec08..58e8a9e6c2 100644 --- a/windows/deployment/upgrade/upgrade-readiness-data-sharing.md +++ b/windows/deployment/upgrade/upgrade-readiness-data-sharing.md @@ -33,7 +33,7 @@ In order to use the direct connection scenario, set the parameter **ClientProxy= ### Connection through the WinHTTP proxy -This is the first and most simple proxy scenario. The WinHTTP stack was designed for use in services and does not support proxy autodetection, PAC scripts or authentication. +This is the first and most simple proxy scenario. In order to set the WinHTTP proxy system-wide on your computers, you need to - Use the command netsh winhttp set proxy \:\ From dbc99ea38edc57df9629ae4ed8cc7734da41eabc Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Thu, 19 Dec 2019 23:34:12 +0500 Subject: [PATCH 53/93] Updated information for Office 2003 Added information for office 2003 and earlier file formats to be avoided to open when sent as an attachment. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4425 --- .../threat-protection/intelligence/prevent-malware-infection.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md index 3659eaeffb..884759126a 100644 --- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -85,6 +85,8 @@ To further ensure that data is protected from malware as well as other threats: * Do not use untrusted devices to log on to email, social media, and corporate accounts. +* Do not downlaod or run old Binary / Office 2003 and ealier file formats like .doc, .ppt, .xls. These file formats allow macros to be included. This can be a security risk. + ## Software solutions Microsoft provides comprehensive security capabilities that help protect against threats. We recommend: From c44e9548febe4f4ba37fcad4ae08b9a0eb3d77fc Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 19 Dec 2019 10:53:39 -0800 Subject: [PATCH 54/93] Added image, edits --- .../images/vamt-known-issue-message.png | Bin 0 -> 20311 bytes .../volume-activation/vamt-known-issues.md | 18 ++++++++++-------- 2 files changed, 10 insertions(+), 8 deletions(-) create mode 100644 windows/deployment/volume-activation/images/vamt-known-issue-message.png diff --git a/windows/deployment/volume-activation/images/vamt-known-issue-message.png b/windows/deployment/volume-activation/images/vamt-known-issue-message.png new file mode 100644 index 0000000000000000000000000000000000000000..5ce1a31e1f4b0792108b50765c0bae4001467549 GIT binary patch literal 20311 zcmeFZcT|(z_a};iAV^bQK|rL~rAZeMVnhLzq9VOSg$M!xDWL}h1XQX80ck;$4xvX{ z5b1;xr4t|^oe+?cKpM=0@B6(ozxjRd%$>FFoj+#Xwa9wHInU|)?6ddhe0E;lHPYkZ z65(QDVd1%@f8#z2%Rv#~bK)>NkRt7IQx_`nH^vPDlnr29^`Z;Nja`1IJ3I1HDX5pq$eecbYa=}Q_ zY)Rdf1@<(ZF!FO8E4%gE2Hxo=i5sr=x6+;qalVC~d9}uSc(l9TjT<*k)(Qe}-`)B# z7ir?ND&nJpa^jP)Wqr({s^Vm{Y^FjvV!xuVr0_`LWuc4%BCnf?%ud$m;Rm=LErI{oe82YI);mV>ud8!>WHQc|x^^NEm91`k*p z#gxlA8!`kWM8(K)S&oAhJjZAYn1%z+v=Wm7SKB+>0f=(1I$aj@HXW)Y~ z27$$JEf2vZJ4OE%;Iag&8Zi&keb;(CmIf05dhB`{eEP9}^k*MUc3`RT{{tz=58oH| zYg}E@`yG0j{lWS?@JKc|?*t^X#2gFT&ps25JODg8U$V!-Q>%diOYuVOar-ZvU=L%z z!l0lVO%`LQnFgVX#^(^nhU6&V`FF2 zKd@kmmT>wOW`Dh{nGaNy8!rwr8cF6q!7p(r&3qyZdEm%vaYgPIv7OHk9Jv1tsO+#v zDN;YdkFnk!eNl*0R7%F~zrM?Igq`)^=jWRR*8IvW51Srdd;ZrmJ9zXux5#;P!O~Lk zvV%fO&t2=>z=DNt*5@VtI|t6JZQ4;Vl(bRX_qm@a)Ppm+giYs`nfBEbnty>|aCscZ zY5&Z=b%c63GK)`<`*~zYTlfS|C+cC>j z4%4nKtbD(-%Mcf+tZS?CFP3j%ioZD$wB&!=^^LpE z$r>dR<&L;m)lsNGTD_bJ@&tT1RCdDO=DNt@R2it3BrrJLWlfQ17XtLWXuF0w)j_B;T!Tw{Uper3N22^y zac)v#AD4?L#WBh*qwh_LVu!!V*m|=xUvc4rDgMW_igDdEN$A~7_xR)jwL)ob{mnzC zxF}}GMQKPKaSuxhY9;WXWTJsI}^$vf*tA zp4iE-sM)l9;|`hkQpv_|iI3cm6(>vFw;t9WW^1q&xb__{?#mvSDfEJND~Guk)wRVX zJi7Jr6nhVWL5r2&YzVixe{yz0DSGDH0U37oU6yiCkgE6 z82B;#uAfpaa+<71ohq@Mv_l1nSvWd?PwSZH@!j^g%bJwF6@Dd1k;OX_sD6d-?YBU! zo#`1&FG#vOAVm>Wossc=Zj(lWQ)QOq!ZXaXMM2lW&DQ4bAsR=H4pEbm99qzz-Yu(OC4sMwa5hx1qA>sMgZE1%ySy)P+DF?G0=zjAf)4VxGe6p5;ydo(x zOAp!&i?lh_^OGkel*Ri<82jgkpBDx%&*(YXhPBlz_L(cQAYJ&C|FskU{q6#avB;d@ zKAdo{x6loYV|jik{QugiETs=GOI+i+f~q|PW@QnKK~K^@`yINh0VK3uKgAcu{_REc zbC!!!^~-{6JS-NM|ED|orik+7J?kVwet<~?me0IVdaotEfNBEzxrggnRq-uYBCXBN zv0J+JG?P;92SS-<7W zWdBdeg600!P^+Z5>Ff6MNm-w+v+vf&`GB((E_C>iO0(aPN&IKPXDh{?w;uUN(a4k| z-#|>CU5|`qdp-6%bDD!+>|nR|9`b0d)uYpM!H3`YE8!bhjvcGmnB0+@j`Pp}zZmX!Dgq z-a(i^)Cigr>ucC?0t5VVT zaeGY3IoeWv_ayoWZMtSi{eGo?o5#GF-KQ*yxlVood8d$zO$_>KMZC@0Pmn zNiT-_y2n&ts2Staa-Mw+^!BNsmPfPo%OAY7PGutnl?~?9+{S;o7IlJl*W=+3tY; zpfuzo^K;;4*A91_o;c#g%jgyegVy}7>43#YfhN&BCk@|&XWaKF?pUtRKdVGllSCDH zc78YWiG}RZ38#N02hNlD{+sG|cUC##?@l?1ssgoNdVBk<)6Rir_Yn^9pyw~`S4A6X zw*MMVaC@^j0nZ+12A)axo%9Hcd~hbQ#BvXQ-X^(?vFh6>jo4#u-ysC9Y27%f6S9l- z4gY5fBjcj9BJuWh;@XUF3Qi+9usyySrs0&FAend@clkgwuV7B-8irm1*a%Enskkx} z#$Wp%QHA!eU!JKEyS9RR^gWXEq~W8}H-wcjTVLc8C3P;@BKnJ=Ux5nPqBj@%T;>YP zK8**1Th_Pcl-Af5PV=4y42T#pKBc%+j|nzDfhz`!rL0k6s$({Tiw#T)emNs>^#{25 z1$X|l!CLF|=a0f7o~E(=WogbBLCV0ga=kcNT z38m9BY&-&rpTCdCn3%-5JDpPd8+0vm7Vfn!%zN)^0u30oV9qK#H|O$ktg(ggMltw1y8FQLY} zj=gC=FzaoiWBs|tz|v92*N6W#skHXy82o;pY}ra(7w_OA4TzZRC zP*O69?+qBs7ito?R+fFPFc9mye?XGZCI&lC?50FZK$_gRfLnoLZK_F17jwczU@^>iEuj~ zlGvbUZ?z&bAgCdLh#0;~knmtrXagkS1o!PZEKrPw!+~@IvCA<*$0RhQ4?8uDJEqOTP1|9_LF}q^j5GS4S3V zJhQ+Df#v&H;=Hr->EE`9p|J!##6@eakf2;0$a1E{&++s&AK2Dk*fDolE4{IRo5f zbEVnQ7@|20x9xlw@b*~Vy&AtyjkYr;R|@6FMopS6#E%!rVRmklTcdjzQ0Gn8qsm6E z_xc;2R*@a5H#&<)iACdVv4tp%6{IHtEA`f*WUq@o{o&trbyg+W=D6)ldytn4Q3XoI zlX-HrPT?9sJ5Q=A(GMnQkAqET2qnw;&{Rh_?n)Wdiu~kM=g`&sYNLhFY(eGO>Q`5{ z)k*I{y?*fI`FEjrGfU;~Go(DKbw1oyy?K;}m&o_s={tf;%Be zXv3U=+RO~oMvbpog38(%6Gh?&6Y=K;(MCRn!j^q}A{!EUjNmp9qhDj+_4vkiT6pUB zbo26;B)gw{FS_Jk-qua1=ciAXj15~G;=V2y6gq=v7C?LIfT6+i(BSK4uO@lTwk1K) zGDr69feioo6f0mb>OwM3Y1*YGq^r+rlV5vSiH+2li)ld&G+MeGg3WxNx-!8}ow21m z@Jw^P?dm0QK-8MvNURsvt?@?2=9Hf}=X6plpz<_$hHey^^dlmQJJ@T^yW+XbDVym&_X2zV z$l}}y%;LkAL~cM(IaVGj3@1o>%Q$twLLYw{G*_)JD6&=Al6+FBf%e&5b;IQ&N0?hn@KLU|+6FBASuBbD5q+TH4C zPhcD@=N@*eI2@kf5>a&e5T1WrLz(*Am0gcH+@SQey~}kR43Rf?lSgIOzWz0o!nX*k zUT|wp@8zJ;5=BD9QiH6gA5Ik~9pbV@vmJ4HR5S7Ed;=8_Ekl`Fq$F##)?wm-dXb(6 z>61ee_y_ZMdBz5hvxKALcm;iGV)|R3Pkhx1!4G*Odrty&eOjq3BFbhHE4I%o8UHn^ z@kDdfrGMx#b>134URa_xhF)>UO(OGU*}HR^8a$@ZuX=>)%dcIqz#%1}o;SbSfvhtB zYR!aqqQ1Q-NdQW`5ND*hj4T@AE@YlAEz49(IDi&8x!Lsd)VMuVRhGj$*4oi5UnNfs z))%OIJ&F}w6nrxaQMXmy72JhCT7NyO`7Q&md7sZ*6%e!Bi@;*JdY^M@!BppSm?=3E z!J3Uf?*&d(z({oTfLz00Z^x)ADG>O0ia9C{Ju(<9@4>~+?pTtgA3sFCOd zne6F<@TrqBzYd6E`7Ls|?S$WnzjSZ=7jggzp%P9qW?RJqduD$D4Km7!aV~?I>U()s zg34QR6J88FIFg;1<&;V7uPK-ThWLdYdd{l})`JizNOJ@!uz zHKwC7&~0g_Aa4VhU9|yhcf04mQyc$O4k$n5E-iJa_}%2fK%5nBN599-E(c|2;I3|W zmHQIfD8TvL9TC9dXJI*9?lP=P9-e~<&>!7Za|*gzXDLgRHL;Gv6EsGPpL~S_JBUT$ z4C`;Q8Sq8_;QsDrc?-B1fJ8fVTjO?m+=IgbphDn3f?59#=kjkC3(4G5TF-1~<`Ur; z?736nFGMJa`-sd65guTKIqmk(e0*p92ah@7lf)JaqAQV?j3FpW3NmXi#ZS}eYEj9u ztVyb4w6w_i>i2s{kw5rZ_B?n-1I}~=6`QR|hqc8WcV6mBTz)K|+!b<8`x)^CG8E{Z zf+23itKD&MU>Tv|v|>?qV}jA>UJ@3$>-a0sd34?~j2*yIs?ppcfhFc9CWV8>A?spQ zk2~4nvo8U&`w`AkOm)LiIcIR_-5=;~#a>uBZuMSauADi6+Pm<;y_FY^5mYX6Prs^| z9nf!`*bB@q0RO~T9*WI&CM;isPe%w99M=pUJgKbhf1~I3@?~9Ch{5B6~ijWKj_tmkvYSsf9vJu$_l58_ynAEuP_cC`W~WuYKr4`P zVf2Ht{;qt#BBTo%m_-JVDUa!uAe=>&b7Jk>2Ww|hl@5lrdxNRGkX7TxfvWPLjx)Y< ztXXqyH%BwiI`>cC9W9NkUTseOkT==I5eDTeTFF0~%FBUmBUpfV@r^^YD7E~vr!~!H zyo@A&?TjoTCDAua>NmO`E8S)SX8nUq=87Y^Sb*ASAnH&vkH6qWMG`lnW=df$Rv|Cw zvaHi@4VRzg83bCutbPt^tM*ob9uvP@^=VEnuv36eyc~gQiYa3N>#uO4Zd3j%V^I%u z-^9d3#c(8HZZ;+Mu2#)|TcI~y)?A5ZSLXK+y7gL5EzKpQW$2FoN~D5m!{e^nqh(kh z4X2=arOY3FPKP}Yo&HPN0rPBiTpiwdHi?bcN!rY6yePWz+WHdp+l9?yYuP6f14#uv zjKt*wg>i|}Nfw*+H1WKlLiWjT0Y=P8l31Z@XO5wNLqN!D*n9fCG1io|&gdd4hZtVp z5M1W!y|-DL?sNMY&Rl^}csyA1HT6f~DIToQCc~b8b%7xmo1Z&I2okH?BVupTE{(AJ zVgh4a?P0LxJ1!ZPjaRiNiDNZ3MM5rKPm63#Eg3e&%Pz}An)>l8ZA}Q>7LTfauuj+u zuv^lOq|SS4nDTwQsO3&s?eW{2d~J}u0Q2=M^c^&PxNcS_;LF%q6nykp)w;01SaRb>Y5g7wegd3lAh zI$mQUrs1vMu=6W=c_80p82~qzi_w!m?KkObjVSG%DOU1yl(@zt`y!Ond-0erlN>qQ z(>sU!5sPBvUd@!K*>E+wL^bn!Nl~|TZ<$>+@rV{V!ZuXVc28)a#M9Qr@*-9{h%XUJ zsohmATDq1_CO1RxcwbY0(BnQHQW3iXA2kXLuELn)Qtqnmu#FwF!j$p2iJ5{NS7~8Y zah4?*qr$nzumtK4dk6f0*~KH|FU1YPD^+S@B(;hnbdUmyY7;v!jEgGsDhM```1SZ+ zSX)y#$KVn9dZeBI+;MW7sQVU=$b3Phf+a4&QEpbc=zDg&wg{k)wpRz|%57GJW1k^+ z;6FHd#CvJvo6gNyX!w*r9mfv8r+Rqh{cxP-#GDA0H=jocDn6;n3Jsava(H?!M2s7)K9G7GcG)(MX+sGk+&|B+KV={DQlMX8uD7+ z?(%-#ft9mroU|RjL@e%LzvyT?8kb)&77QcYCi!R;4>^Lr`2GkWSH3^A4T2aCFAS2m zXs*94_Pn)W=zHv!E7H1ARawd6R+#A%FX%NR94Qd)DJq7_6t^xR`6u+aYv_J4g!S-{ zpx@fMwIL@4^YH#<}0?zn`J#q_0Jh5AT{2yrsFZHzFTCq!Woa zbh^<~61&hOwRSka&y4a^c@m|aiTF0T^&rpH!+&ofaCvh(a5J;^BAv)MM}Du>w|)_B zqI!ad0E#Zm3`e|rc_ngpyOD8+ya#%AO-$YMhFHiJyNXJcl@@h2c2xY5P<|@kp6)^< z2Wllh+8qIgj9#IsP|weZn~8^9EmW1qvg-XrK6;Or+Tf17`uie5?#*8NZt=Uj9g9Mj z8F6p08rk>Qza6PKaQQ*?%kG1%5kgNwrS4J&4223N7uHZcLeOimi9GXC%L|bh;F?Ws zZv(Wq@C$Gm@kd)u_idr5XVg3y4(e29ofHEdA}S%-WQKaB9$CNK8|?io(d zTbuzqhB(kyzHZUxB#h2%@XyBtc&y9z9VgsSFTh}ma!UesnpgKR8wT=G6u0KX5px*; zYC%oB+;~uQfdpKOw$%8qH53l)*-olbD`~mny#*%msIIU!E4YMcG}LwI(ai62`z|_y zJnD-@H3a`|+8z|D^Cmjr5*{6l zwJ!>b~8 zGCEF3hm2z_WI}b?o(N}StuK!H$(gI2arM6Bv~@)IZJI;WXIsK91r3;F3Ry10C8mU( zHnjm5dLn1FmMB*R!>hsxi0!3v;M9ZcdFC+;YA)=_y}nS>WHXUa`r{Q+60ZzCO>vDx zsOa2(zj6k!(!Gy#^2{$s#*otaMCM1i0ShvtGr{`ozVZKjRk8*w$E81#P*z_7&R%kk zyc++|5@Aw*wid@0K7=d0WSq z&Lu(#M`j@MX1z$IjY_B-`0$a5jxx4PU#Kh?n| zRuY=+ik^*h%t8(1IKO@tZzb!rX z1TXz8JHYZxco-@9;^58K36lKE8Y;=~N56^JMY(M?08dwL=A<&4rp0G2;e+7j6!Us* zt8tBvaTnPj+BI!s>)lRBk(ZSlXou*B??+!S5aTGnFKRjT9{Q1%4!>?L(p#7v*g*9p zHjh&dyD7O3hq4An`{$&)iBe8!P1yL}Dht*Te}M0D8arR;>h5#jjOjR*m(=w;cQZI| z*?aqoh8=q#^RZ=xL2=(N1UJh&>{kw+CbpOdk~&|PhUx}BxHIc&Nf^Ds3C(Q*<+KBO zpu#DRgOa6jN~L&c*07@gH%$7dI_bE2oc5dv&O`R9$xTOj+CJT$#P4-z;pI54+C971#{As6W zH=9!yl7>0bH{@p*HOiBPUlb`Wpk}|1>CX**8TJS_3PP%3p{Q_kr4<+rR-LN@4XqVp zz{}OkO8YB~@6QjoqloU!A9)8-Ox(?H+EowpU5G^tp~P7pzCE#xd~`jMK?v4zJ_i6i z5Y*(i8SeYL-y94zv7_W2;z)>O`%wJ!;Bkxdl%z@qS)MhA8ls?7-V@0zO1!!3^LzN! zRwxc=L=^=-eMETF!}}nlQtsmNFdxh1TQOd^!-t|DJhJ}|-0;*pgnwklgl5Qbe2i=| zD0z}h-g@ZpL7H8r;;qu%QL;bw5GRblCCC$wl*0!~(C^^o;$cdaVs+_0mb#W`wZ;~_ zQ6=AtpwZvjHBd#Qxp`c@^-0?DTkD|^5UfB^oudH0smc~_LI`Gge(SMKxULCO|ETIY zIj3ZBe!a{o<`JvX++uQC(>chwkP!uWc@CXMZLK^(_{+htvl=@i&|VEgR+}H%jlEN< zsg!A2JqV;mVHMOPG_5f@4 z?!}9jsy;kVO-vFJ%I{SN9t>yiJ|z5bX2#`8nvCv8I)Dxb9TvffQ;!g8HfEG0!P)L0 zK-KVpSw$|RqiGQ@TTdyEQGo5d^EX%_{0D~6Xa5ht!v8#L!(I32A0&nI@A7S5GHV|I zSd5I*N{yW%Ip9y~39(EXgPq*1L@*x?q4hhHwM+K3)VIS_I^MUy5fhS5tF-Bvdc9Ar zhm86N`ao0{4F) zW=QPUe@*cZ(E9&wmdZZIp>iysJo)62&plcy6?lW*JUi8i)X4%P8kF@%1V(=%@;$ll z%UYDW9kX=1ir{mf5^dat$awHE4pLx`cTcs|Y&$Y?Zb2zv-K$^LH(!=O^M&IP@db6h ztC=s59`|ACy}YF-9SEKeGf;dZf6da>KB^fD(H@VeZdr$n$8Sq;m!sYd$lIQo^9L2! z6Nj7C`{U;O7AKV6C~}@R3zcy+Ug%Ib+=IqR>cyEfmOb+}*f}1H6SW^F$Yi^Q{7)*< zX3ies3KzI$O`D_5 z=2ZVjflqcJrcazEBaO;iYyI)v!5w>r6Z%NAL9{XfwpM*dW8N@_R~C)m*qZ^+RlC=C<2R4KyLN#74~o zU1sNQYJAVkhyrTsA-yC=46|1R720RGSJ;&FDR}ngvrN~1KIIZzdd#wIO~7}uv)Iz2 zL&R+t@&@ho;8R%W%&z$nS2s9YT{kPk_?~(IkE;HWQ4WH7wr zs@G#x*lDw&2O%aYhIy`XST$06DRF1+pGhxSYZw#fMGQ%6@5~yW+C!$@NnKG4QFqrE zU|*1zlr)3%`@F!_^OwQ#X?>9+iiSiQl;RE4goj@zV(Wt!NTqX>dYodUDiPoE0o}W& zo=!0A&w_E4Q4clwC>QtVVw_U16Fcii6u4yFPgIs%K6fp7Z=s_$xZ_we99x^SH@l}^ zMj^ZR+ekWXk)HWl9rJ;I8UNpoE(l@xLY)8XSy~_nGjUVV0b|M8{!&+{j4&y|TssvGaR-VYkf(X04Bx>=(eOAPM` zPQ>rj(hP-c^cMTs#n?B>Y5o0Kn9liS@aa@@%n#T&t*6|y(Tq%m!9iEAkHG8Trhj&L zL&&bTYVHs_n(r53Y@O)5=)3k4_Hsv|7+n)bC@CoM13_=}9STX6C9au68oe6UwPXi{ zpk?HS=;J z+}j!aukD>lbpyi7@`#gR?cd~-UQ`o&CdZS1Bg^<>R;OfTqM@MqxcViR%#i3et}Lr+ zCuH1c>BQ*GhRX^IYGNDF$m+pqZNTq%2}a%UWlU@p>vCj$Sr>5d9kpz zukRqo(zlv?-zFC!o2We5k$-a||NRmCL;c*gBz9G)Lnm}YgF^n6Q-1G9#AeyTzN}iC|$!|kNgPNay{s-3|sbOUog3~OXyQ$-Lse| zn2r!7izmAH?^0q(+L8S4#FV=-{YXEzTmKaLT>n(BA(OcrohW}J#CQ4xA3joUMMqT7 zT9Yn|=BI1QA-E;wm;<@5A-9;7Rt@go!y*~Vg^XWW)R3DV_lY4+cQkUB6w~+EOLK|j zfxSeW>qTY*d3>zT*%}lrv+T1d-k(2jYVNR-DOrtoIBGi#(_1|MN-WJM1tF3n&%RbT z)ko7HTDS2&%nOkfi8s`(zxwl3!+|=8C;O;;ZtM@rF#6t6XY1y&(y{)vlS_EM|xFcQY{PVAZ-Q{ zw=_XrIozf0!s}jnn2BBbkIJ~q7I+DskdQ!+oA!NVXJ=>fnL|A42ciXxA)~*I{fLH0 zLIOg2pevE77HVo7xjR7(?w_MsiaHkgsFQx9rCUdmX#BJhUnRsyltUAAsa`{ATy+2&G4C^koncCT z?O&}e3*k4;(OF239}b?7H?zi5vg)fT#uPP%$;u=}QG{Nw-k_dDsnp_I8D~zu ze`N`XwD!)h5q>Deyy21Ub?gyCa$B{6tN&tn2mi<68>yt8FXNDEL#;9pc`W=nf00M{-7Q5$eiJtVWvgk%CI(|u22Y?>~M82 zSlgE^MMyL1G5%G9;KwfZCEpWgMbD9id2S6+Am>-T`#XtB9k1j@&ey%Ciwmx5(Bz*h za=tFBg^t(OB>T+ry<240A#Kt7 zO9&H@#)T9=bG5N_4%l{G&+Z6{q_GkZr`5JxVB#Tx!#P-x+i*39SB6DGc_;-w+`H$nI0b zDGQV}%09tAi^(Y~YM&4gG2-(W6_KN8aX}mOhA(_*(jn}O&!+i(U>@J097`f+L(Yzz z4;ZQ$I{!Yc}J# zy+=78brbSJl=w48YqT=Rx}>O>?2q$lq?6)pb0I@9cB%oqHRRfUnB5Uz0bsiU32$F9 z0t(ZDC@_KW;EJVp<#-9*@q#`*w~?m_eHMf}J?eH?Szw!Y~ElKw~^miLX1#XVS+BUWcm4pHb(W3{SA zOzi7VMTD}$Mfjk&ttHfAjpPnd(94BsCMyuYx3EKU|LC^de6pdhX|w(Az_8zHEew?; zI{!1HdI5}QuA)IcTG#OiYzn?+avnI?cwv1I-uvI>!_P&$tN8?h;LJBU5L$;7FRRXT zvpBs#zWGZVCw*9CA{65mdzH;fTL%CRLjT)To#0oQ!3R$W{%`Wc{&#wP|9@LRw8OtY z(fG!k1E`SqIP|X5=Tl`I8?_fZP3`CNVgnJISYRjx1T_+1SV}CFdh_ z#>o{@63}3`H1P3!(FV!c-~D#6|91mW){p@dD@$;bePo(aV_Buray-=-VqpKTrF^|hqm)<^t)Tiav$Hb~1i0gLS!6v&n_ zDITt4#+G-N^fi3>Ri)%t*DC&y^wb?uOppr+F{&Y_SZhVloDBp=3TTR0#M4E!+>8KG zSLw9dmDp*r@=h%Qx)hi5rU=2E#Aq(l9M_!w)cCp|()k>9JFLaM$#C``DK=3-uha5B*9} z-avbq6M44OWIaw1OKV*b)JRT%ZFw&Hx4@D(UyPA78N)r!E!Vu)8Wzw#LIXjrzN;z=oY^JhF72_|vE zlpd&dXc)o(I)s;9c-!+nr&+$Z$go=he|jsb>~NW+hE(CvE^9hxX4XC2cR)EJHitB} zX&_cc8dV)sPofq3d!{zkB;xi>j|4+(M3;kIQ3J(0b(q=3?=ikF9F|A;sKswb&_-LV zSx0^sv4c;$VDrS;d)8V5AI&(dSf5|5q}x0%v^ERTZ4P1oR;69KL=(xpwW!8FpVf7> zds*9Fl2}LowPyWnY*MHYMy_S0KOQ_@t4Eq zKMRk%0P#p)D+TW__XbjO*-^z|N=AmGbiV0)CU5cidDbr%u^a}z2(P*>w|DQC-E4ewf6~k&>{?Ylo-oMRL5F(c|8Ce-qZ(kA zs{vavCX_9o8r5{oQwuJ$3_S(xNV+f#NTt|FhYj-8>xuu$Edn z-y)BG`1d+Oh4oS-&%aeJQjZn?(7uul{_wEQd4d0LI88~O`!D?Zg=33NvJ1F~z$HwT zx=m=1TjhiAkwz=@qN3upY5IGR94O}fozj6ulW9RoYl~bh9 ztoS~9+%uXs`_A~m;gk@7QocObZ5nHV^J8k$#XnPvtnTbbWv-+Fgi}o)g9gf&%Mx(C zBv`Z2B^|B*BSvQXT_)phNmeFu&=WYD4q=>u5##v)PUKi$nZ zrVP;S)tLs+pGXB271NfNyFokCQ8fGo3Tu`d4!9d;+$c`z%KWk8?t64U6tymoEp{O@ z#16Fln?^+WZoZBL9A7UH$KFNu%z&Uo+NO-FO_S1oL}GeB8;}3M^wv^8FcDY1Bq5Jr z;a9PbK-rRbwf*5F7mECRNG<5jR%6uEPQ9*bA_2FvzrJ4t&qN5>;o>zq(7Nvq@lc0e zF^t;8_jcN)j9$F)wCoKcw(yD23fg>!^WmVL#(CP93w?kmWYQ$bX0vC?=MOdQJyNpK zm)s?dTC6+zU+EN!+nOTfX|CpBk>aWw`19L^eTj`(Z>W2&{e4bOjsCHwl@wA|MlwwpaU(9Z@R3g@w;6Df@pt`PMZwLz7nzo1DrStVav#&n-zNYW)=KbyH1 z+kWa-MY)oWL&cJ8ykhH0OnsV;TUw{VIVR-mY+JSMJY#7&?{Cse@=#_;KM3Z5W6~}o zk!3@aoM36#$dhPFMEs*C-uU2jySlmLl;E2;PO=V{*cM{eW8L%cZgqwe09(%)2+vr? z&{zAR+k}ut+T=DS*JouUEAhGHZMOst@LXZ>#-h$oq$GKyk^7SQh1n$V+}=KC!n1s0 zzVr=2`^|##nX{cb=iVmI>VbnP6`A>&yIZ-mf({IVK42fOmBWnR+lfE)>>aIe^3d`g zGwJT=FVB7mc>n_AN{U6l^Wr{wGZ`fgeoL<2D8UpBW7m%ZT-+2oQVgOtl4yo zNZbDgXi8*18G`B?2wUQU(ixqOk#uFJ6FrS^DZZdC^qtu~3h=d>Q)E8t?yXz%E+wAg z`oSk|_-y3oX58oCJ&Dtl)27b8vl{JX_!rXT8$kDlR}Lr2O8MGk@6H;R+|#@cwO@O2 zQs+jCc9$(jjr00cIN$OSwqx4Cj2UsFf?1m_Rn2f#O=))8SU7&px5S_$A(~Y&vhNPg z$=(F_yD?OXFXHw{g0$!{)!DAdmCtOvw;q(w{L0da68z>~(74LXucc(|6DK6$q|7ea zqSpHOXyyrk>uKVas^5_S0CKt4zPAGmp5k^ZPC>=pt}8OW!e<_KG~PPrd+Lls$B67q zz(SaAYUv|Ps1)g4sifw4%}cj#%Z+x#MQ@<$_ho#Xu@JKBD5e;^l`X!c$>w>y8KWg- zU&@%4pDByMDr#dbWbM&03vZ=01e9Cu;+(idY2wz{x9?Uyf4(sKsOF2*Z4Q9a`D;8e zNTSc7Ln*;CLTB|LET)Q@Fke8HSPtg0T+KG`~c%o ztb#S_-WcpXe;BYy!vohEwwF0Tb5y;}wIm?)XQni!T~Q8uMb^GLX726TGY^A)H*qX) zH|`Ii|f&TDUUjQnXC&ipId_YC<&>)+!!l);6|H`aQ2*FC(s{r zcJ7+jkD_8gjA_1!BO;%~ly7Ldz5rrOuI{&|++}V(=c_n-;I97@9na93kB>5%FCWlx zd#B$4Jc6m#D-Jk*W~pS`!6=m2pB}p1#wDOCx^$59K#)d>gne<1>EkHwnzuj`MjSlZ z;;J#hi-(su`1hl)Q4FcPpf7`LJXEg28kiK?VAeTOOtE{An|fY12H*+kYC4>NE~LKy zEAr*b8T-X}U7IU&0Pko0L2%j~3`~l!@!tB9qFidBaBxRL;R%5Bd%dd{uLejun=(ghXv(Cb;WE1 z@|JTCC1N3d-BaD&{U`=^!M*T0Lf#eQXry>WYi zD@zgJr-&b-8t^3wbBcIyioAN?d;B`|<;yGDTpKB;E-4*T{&h_G*u`||7hQn$9`x6& zlGcMKXPjEjI-R+%VSYGKQtH>vg$~DnyzVPOI6nieN<`h58x>~{@Oq8Ibfvy{{fDk* zbBbsVWSoy)I=`JKh8MpdKlniu^q(7zyXrKM(+2ytj~)7&lDfl z>qjrFJb&BpA%w4`XnQu}SCzoy7`qE^;8+sRdGP5sKWnb%0XnT+53Jp<18sW)`BB=e zQ`+6|>#kjALb+Jrz`Fpu>R$UNRwa-Bg8yYMmnLzqyD-e?iEK=_;lJ&FD=C&y(8>bN z<_3Z!px-(^R2_V2saNt$A9;bb>#%#$$bX*hv|(wHfU!pS{RlQhbW0s{1E(`>EjdSe z|Ec%hgk0IbS&EOyM}%5{fTfk5-+a@_(&S0cX6~GDtfwvUQlyFFIkeGX;Pg$l`+H2& z;cdSXk#F>uY$PA-i)^+;=2Dg-@EZei|7rZXVY)W|c~t*HX*$I6yfqY%Q*C0bV)Enh zyO})F;O5(2fQ0QvY7;%C({}!F>6iBX!T;W5d-o@+^Z$8PrJeR5^^Dd2oqPe4we5Pfi;SGC$}G_FXg3#kC1 zYut{4Z5|}I@0vgx_{M|(cy$Qj8!ZY+e_oz<`JImSaR4q0p26&PcCP@w5Wvf~d4Ej# zq<#2nH3&iVa#B5Cej6@dB#~~jnpfPu!y6gQ5134-_`yoN* zbbv%}F(flnX*`xTOsez>89MJ`l;2!Miu_PEFDWH=j8g=NwwYPvRh_$*#gY2SfSp_E zFcg(kl)rnMXRmd6=q$E!%&0gHI6169^3oh=D@!NM;FLX$!oIQX-%1?JY9dGcJf)r9 zQ%}j=Y|;)oxdOiq4SxB1=*^5Qd2Hd@6JhNJ>X&i|@XH`JE&C&9jZ=Z}`K?M=@tzw( zu3w`h)$C$zjjGHF|*M7iLv@Z^TuYXX(ci5%+2x5n?8_7JE_xY>1OPBbG>~Ki#WZO;jh3gm&8XqWUu9dfe+K#v_i1SYGR(;5pfT)D{$) zXBApd2a|9fH*VOZ{oQvhkhou0=y%a)TT{O#6fOM&JuDk6a()&|i@z9ywHKdO1yu*z znN{bTJt2oOT1gC3H?;hghBBHUkNkQEH*by#J=u6jrJn zNtV_zFHi zKz|4FOG!#%^~&MS3&89i(H2i5S1S39A%1PAf=Io5?rNn*{kv-9RMR2sb-M;wPOme4 zRXY{hv+;!aNj`1LbP$RvBvug1@ebnhwj4lEix7&9Cr!`(fWx}w-vRW;87FS}{YWKi4giG;EI z5Q@EXk3f?mK7v!E6|>EiJCt`m4Ev>YX{5(+-z=y;BC?N3nP3Mu@`G7_{03*k_+J*_ z$CR&OA5Ml`O9$`*Qt$WH4bp183dQ?A=YAYg3magcdq!Mi582$qDb_R}ip`Ne3L_EP zx=C2Nn`3aeZt&S=PT@^Ca5x}E$=`Ot&9w*lYpw1w&dMdxa)*jMI0|#he?ES0{f=ih zOZuppSi_`em6q~_JI`=Lnz{4_w5Rx`XF4v}uh#{KqhFv4UXUI@ml%NFOLi{Ted^}1 zkBB<+t!Mf0@Up-&bb!eU07X|94m0bWol=3pA)sU8m#Q z0*&TiQ-^2FyKFg*oyxh(=%@cYW+6xH#1mH>kNsEk`Qz0p?D1vSzq+00@-LjwSr=iE zsGPn0-?h$KnUa7Fzi-@&ueP%H`?|0D>&p1+;8eEJ5V%P)Yt`X~&oK^lOBa7TkRBYF zS=(@#-_DA8_0CC?GPh+<+q}$GJs{$C`MN15YVvLG1Bclb?O&fNamv}*?mS<(uj65# z@UK%9)ov_j;RU9yB&OL-Zr9h!F>RgVxaDJ(>z`HaZ<|P~;5 z<>3KM>4iMaZ997nZk_(KkEQpaDropug01%_mehZmQ54uvJ~M5BAUIeK9u(Dfu1(W! z);tCr69Nty13LrQ&&7gDsb%c>a>@HJJ7~xEE-{n1`oE>1{P3tn3%oCR>jK5f#B;zs z`E|eFZog`Or$88#ZT6 zBb=c|2PP`J&sm@-nYdsEO{;r!cEj_dwe@X($^idV|m7mIq1%;oUc>cY!EQM{Sgrd0Glb=1nQzL-eqO_XZY;Gjx&HwXwRqrn$PH;#V zP38G;h+BUJXk(83cFmcN&rY{?-UyHW%?8}w4^sLHS*gN)u3w-5m*-}x#wU()oaB1; zvuB^9^FIFS^S0k#EKvL&edg`t`l#Z~>jKQ0I=Zhz4i^BO;b3{@Bd{am9H09&fA)+8 z4=+!is*+Lj(mVdrbVrq(6K{oq%elXG+At`6Pk%D~;FGxCn&savEOdVLa{2sg|K6nA zJ0CGDeZOxx?C6YReeIIR`Q>a@954O3v+!r5-cPU9cZ??9KR@B){eQgq6~FW2>RnEiADs8qDrLI8yLh5J^QlpniGx$SMtrT{(!>snxOdhCD$rvu zme$*x*^zs!F!0z{@%Wm+{*Oh8j_XoR?9f+qE^4T>J8Z*YwS0l%bVr{X5nJC)`($pq zq-dwPa=6)(?dMVtPbzrwT5pjFo8a-w%jeDIMLoeHcFM=tdB-hEUrpI}K;gd0#0iP} zaxcB#=4p`OG2zCx+}Xec;|DhN+9zp^pq(wel@=jp8vgT69aF97m{cZEXk%OSW-IK- zk&TZNj}=N@c9p#U^iWgJ*P_)fOl>x&Go9N0<^p%8tYGI|`j20{XdB;w3y~?n2}1@? LS3j3^P6 The specified product key is invalid, or is unsupported by this version of VAMT. An update to support additional products may be available online. -![](./111496-1.png) +![VAMT error message](./images/vamt-known-issue-message.png) -This issue occurs because VAMT 3.1 does not contain the correct pkconfig files to recognize this kind of key. +This issue occurs because VAMT 3.1 does not contain the correct Pkconfig files to recognize this kind of key. ### Workaround @@ -43,7 +45,7 @@ To work around this issue, use one of the following methods. **Method 1** -Do not add the CSVLK to the VAMT 3.1 tool. Instead, use the **slmgr.vbs /ipk \<*CSVLK*>** command-line tool to install a CSVLK on a KMS host (where \<*CSVLK*> represents the specific key that you want to install). For more information about using the slmgr.vbs tool, see [Slmgr.vbs options for obtaining volume activation information](https://docs.microsoft.com/windows-server/get-started/activation-slmgr-vbs-options). +Do not add the CSVLK to the VAMT 3.1 tool. Instead, use the **slmgr.vbs /ipk \<*CSVLK*>** command-line tool to install a CSVLK on a KMS host (where \<*CSVLK*> represents the specific key that you want to install). For more information about using the Slmgr.vbs tool, see [Slmgr.vbs options for obtaining volume activation information](https://docs.microsoft.com/windows-server/get-started/activation-slmgr-vbs-options). **Method 2** From a1feac0703465ae76c411143e96b057612037207 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 19 Dec 2019 11:19:51 -0800 Subject: [PATCH 55/93] Edits --- windows/deployment/volume-activation/vamt-known-issues.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index d40f009f58..615ee4033e 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -22,10 +22,10 @@ ms.custom: The following list and the section that follows contain the current known issues regarding the Volume Activation Management Tool (VAMT) 3.0. -- VAMT Windows Management Infrastructure (WMI) remote operations may take longer to execute if the target computer is in a sleep or standby state. -- Recovery of a non-genuine computer is a two-step process, as follows: +- VAMT Windows Management Infrastructure (WMI) remote operations might take longer to execute if the target computer is in a sleep or standby state. +- To recover a non-Genuine computer, follow these steps: 1. Use VAMT to install a new product key and activate the computer. - 1. To revalidate the computer's Genuine status, use the computer to access the [Windows Genuine Advantage](https://go.microsoft.com/fwlink/p/?linkid=182914) website. Upon successfully completing this step, the computer will be restored to full functionality. For more information on recovering non-genuine Windows-based computers, see [Windows Volume Activation](https://go.microsoft.com/fwlink/p/?linkid=184668). + 1. To revalidate the Genuine status of the computer, use the computer to access the [Windows Genuine Advantage](https://go.microsoft.com/fwlink/p/?linkid=182914) website. This step restores the computer to full functionality. For more information about recovering non-genuine Windows-based computers, see [Windows Volume Activation](https://go.microsoft.com/fwlink/p/?linkid=184668). - When opening a Computer Information List (.cil file) that was saved by using a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information. - The remaining activation count can only be retrieved for MAKs.   From 1949117becd368526c913098dc394a6710174852 Mon Sep 17 00:00:00 2001 From: Thomas Date: Thu, 19 Dec 2019 11:42:01 -0800 Subject: [PATCH 56/93] Create CODEOWNERS --- CODEOWNERS | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 CODEOWNERS diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000000..7fc05fbd5b --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,5 @@ +docfx.json @microsoftdocs/officedocs-admin +.openpublishing.build.ps1 @microsoftdocs/officedocs-admin +.openpublishing.publish.config.json @microsoftdocs/officedocs-admin +CODEOWNERS @microsoftdocs/officedocs-admin +.acrolinx-config.edn @microsoftdocs/officedocs-admin From ca0ee5dafb83b94bd861d2e5222643bc924f131e Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 19 Dec 2019 11:48:42 -0800 Subject: [PATCH 57/93] Removed deprecated instructions --- windows/deployment/volume-activation/vamt-known-issues.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 615ee4033e..545046e153 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -23,9 +23,6 @@ ms.custom: The following list and the section that follows contain the current known issues regarding the Volume Activation Management Tool (VAMT) 3.0. - VAMT Windows Management Infrastructure (WMI) remote operations might take longer to execute if the target computer is in a sleep or standby state. -- To recover a non-Genuine computer, follow these steps: - 1. Use VAMT to install a new product key and activate the computer. - 1. To revalidate the Genuine status of the computer, use the computer to access the [Windows Genuine Advantage](https://go.microsoft.com/fwlink/p/?linkid=182914) website. This step restores the computer to full functionality. For more information about recovering non-genuine Windows-based computers, see [Windows Volume Activation](https://go.microsoft.com/fwlink/p/?linkid=184668). - When opening a Computer Information List (.cil file) that was saved by using a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information. - The remaining activation count can only be retrieved for MAKs.   From f74d40a8948a5ae57e25d651bc5423edd0faf375 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 19 Dec 2019 12:00:04 -0800 Subject: [PATCH 58/93] edits --- windows/deployment/volume-activation/vamt-known-issues.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 545046e153..5f2f126d54 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -25,7 +25,7 @@ The following list and the section that follows contain the current known issues - VAMT Windows Management Infrastructure (WMI) remote operations might take longer to execute if the target computer is in a sleep or standby state. - When opening a Computer Information List (.cil file) that was saved by using a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information. - The remaining activation count can only be retrieved for MAKs. -  + ## Can't add CSVLKs for Windows 10 activation to VAMT 3.1 When you try to add a Windows 10 Key Management Service (KMS) Host key (CSVLK) or a Windows Server 2012 R2 for Windows 10 CSVLK into VAMT 3.1 (version 10.0.10240.0), you receive the following error message: @@ -42,7 +42,7 @@ To work around this issue, use one of the following methods. **Method 1** -Do not add the CSVLK to the VAMT 3.1 tool. Instead, use the **slmgr.vbs /ipk \<*CSVLK*>** command-line tool to install a CSVLK on a KMS host (where \<*CSVLK*> represents the specific key that you want to install). For more information about using the Slmgr.vbs tool, see [Slmgr.vbs options for obtaining volume activation information](https://docs.microsoft.com/windows-server/get-started/activation-slmgr-vbs-options). +Do not add the CSVLK to the VAMT 3.1 tool. Instead, use the **slmgr.vbs /ipk \<*CSVLK*>** command-line tool to install a CSVLK on a KMS host. In this command, \<*CSVLK*> represents the specific key that you want to install. For more information about how to use the Slmgr.vbs tool, see [Slmgr.vbs options for obtaining volume activation information](https://docs.microsoft.com/windows-server/get-started/activation-slmgr-vbs-options). **Method 2** @@ -52,13 +52,13 @@ On the KMS host computer, follow these steps: 1. In Windows Explorer, right-click **485392_intl_x64_zip**, and then extract the hotfix to **C:\KB3058168**. -1. Open a Command Prompt window, and extract the contents of the update by running the following command: +1. To extract the contents of the update, open a Command Prompt window and run the following command: ```cmd expand c:\KB3058168\Windows8.1-KB3058168-x64.msu -f:* C:\KB3058168\ ``` -1. Extract the contents of Windows8.1-KB3058168-x64.cab by running the following command: +1. To extract the contents of Windows8.1-KB3058168-x64.cab, run the following command: ```cmd expand c:\KB3058168\Windows8.1-KB3058168-x64.cab -f:pkeyconfig-csvlk.xrm-ms c:\KB3058168 From 474832eea32338b69d8339eb6ccde69305069a98 Mon Sep 17 00:00:00 2001 From: martyav Date: Thu, 19 Dec 2019 15:35:31 -0500 Subject: [PATCH 59/93] items 26 to 56 reviewed --- .../mdm/devicemanageability-csp.md | 2 +- windows/client-management/mdm/dmclient-csp.md | 2 +- .../mdm/eap-configuration.md | 2 +- ...rver-side-mobile-application-management.md | 2 +- ...ence-with-configuration-manager-and-mdt.md | 2 +- .../use-orchestrator-runbooks-with-mdt.md | 355 +++++++++--------- ...stage-windows-10-deployment-information.md | 2 +- ...-message-in-compatibility-administrator.md | 2 +- ...with-system-center-configuraton-manager.md | 2 +- .../bitlocker/bitlocker-key-management-faq.md | 2 +- .../tpm/tpm-fundamentals.md | 2 +- .../auditing/audit-application-generated.md | 2 +- .../audit-central-access-policy-staging.md | 2 +- .../audit-kerberos-authentication-service.md | 2 +- .../auditing/audit-network-policy-server.md | 2 +- .../auditing/audit-process-termination.md | 2 +- .../audit-security-group-management.md | 2 +- .../auditing/audit-sensitive-privilege-use.md | 2 +- ...ss-policies-that-apply-on-a-file-server.md | 2 +- ...tion-based-protection-of-code-integrity.md | 2 +- ...-credential-manager-as-a-trusted-caller.md | 2 +- ...f-blank-passwords-to-console-logon-only.md | 2 +- ...ted-password-to-third-party-smb-servers.md | 2 +- ...-enumeration-of-sam-accounts-and-shares.md | 2 +- ...-pipes-that-can-be-accessed-anonymously.md | 2 +- .../network-list-manager-policies.md | 2 +- ...outgoing-ntlm-traffic-to-remote-servers.md | 2 +- ...-that-are-installed-in-secure-locations.md | 2 +- .../windows-10-mobile-security-guide.md | 2 +- .../document-your-applocker-rules.md | 2 +- 30 files changed, 207 insertions(+), 206 deletions(-) diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md index 724027f5f0..3bf0368ffd 100644 --- a/windows/client-management/mdm/devicemanageability-csp.md +++ b/windows/client-management/mdm/devicemanageability-csp.md @@ -1,6 +1,6 @@ --- title: DeviceManageability CSP -description: The DeviceManageability configuration service provider (CSP) is used retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607. +description: The DeviceManageability configuration service provider (CSP) is used retrieve general information about MDM configuration capabilities on the device. ms.assetid: FE563221-D5B5-4EFD-9B60-44FE4066B0D2 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 7946edba39..4767766c8c 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -1,6 +1,6 @@ --- title: DMClient CSP -description: The DMClient configuration service provider is used to specify additional enterprise-specific mobile device management configuration settings for identifying the device in the enterprise domain, security mitigation for certificate renewal, and server-triggered enterprise unenrollment. +description: Understand how the DMClient configuration service provider works. It is used to specify enterprise-specific mobile device management configuration settings. ms.assetid: a5cf35d9-ced0-4087-a247-225f102f2544 ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md index 03e82dc9e8..f687502610 100644 --- a/windows/client-management/mdm/eap-configuration.md +++ b/windows/client-management/mdm/eap-configuration.md @@ -1,6 +1,6 @@ --- title: EAP configuration -description: The topic provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for the VPN profile and information about EAP certificate filtering in Windows 10. +description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, plus info about EAP certificate filtering in Windows 10. ms.assetid: DD3F2292-4B4C-4430-A57F-922FED2A8FAE ms.reviewer: manager: dansimp diff --git a/windows/client-management/mdm/implement-server-side-mobile-application-management.md b/windows/client-management/mdm/implement-server-side-mobile-application-management.md index bc80bbff44..481d57ea45 100644 --- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md +++ b/windows/client-management/mdm/implement-server-side-mobile-application-management.md @@ -1,6 +1,6 @@ --- title: Provide server-side support for mobile app management on Windows -description: The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. MAM support is built into Windows on top of Windows Information Protection (WIP). +description: The Windows version of mobile application management (MAM) is a lightweight solution for managing company data access and security on personal devices. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md index 692b7306a7..9076a17339 100644 --- a/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md +++ b/windows/deployment/deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md @@ -1,6 +1,6 @@ --- title: Create a task sequence with Configuration Manager (Windows 10) -description: In this topic, you will learn how to create a Microsoft System Center 2012 R2 Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard. +description: Create a Microsoft System Center 2012 R2 Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard. ms.assetid: 0b069bec-5be8-47c6-bf64-7a630f41ac98 ms.reviewer: manager: laurawi diff --git a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md index 234a716425..e7cabd8fec 100644 --- a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md +++ b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md @@ -1,177 +1,178 @@ ---- -title: Use Orchestrator runbooks with MDT (Windows 10) -description: This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions. -ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: web services, database -ms.prod: w10 -ms.mktglfcycl: deploy -ms.localizationpriority: medium -ms.sitesec: library -ms.pagetype: mdt -audience: itpro author: greg-lindsay -ms.topic: article ---- - -# Use Orchestrator runbooks with MDT - -This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions. -MDT can integrate with System Center 2012 R2 Orchestrator, which is a component that ties the Microsoft System Center products together, as well as other products from both Microsoft and third-party vendors. The difference between using Orchestrator and "normal" web services, is that with Orchestrator you have a rich drag-and-drop style interface when building the solution, and little or no coding is required. - -**Note**   -If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website. - -## Orchestrator terminology - -Before diving into the core details, here is a quick course in Orchestrator terminology: -- **Orchestrator Server.** This is a server that executes runbooks. -- **Runbooks.** A runbook is similar to a task sequence; it is a series of instructions based on conditions. Runbooks consist of workflow activities; an activity could be Copy File, Get User from Active Directory, or even Write to Database. -- **Orchestrator Designer.** This is where you build the runbooks. In brief, you do that by creating an empty runbook, dragging in the activities you need, and then connecting them in a workflow with conditions and subscriptions. -- **Subscriptions.** These are variables that come from an earlier activity in the runbook. So if you first execute an activity in which you type in a computer name, you can then subscribe to that value in the next activity. All these variables are accumulated during the execution of the runbook. -- **Orchestrator Console.** This is the Microsoft Silverlight-based web page you can use interactively to execute runbooks. The console listens to TCP port 81 by default. -- **Orchestrator web services.** These are the web services you use in the Microsoft Deployment Toolkit to execute runbooks during deployment. The web services listen to TCP port 82 by default. -- **Integration packs.** These provide additional workflow activities you can import to integrate with other products or solutions, like the rest of Active Directory, other System Center 2012 R2 products, or Microsoft Exchange Server, to name a few. - -**Note**   -To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](https://go.microsoft.com/fwlink/p/?LinkId=619554). - -## Create a sample runbook - -This section assumes you have Orchestrator 2012 R2 installed on a server named OR01. In this section, you create a sample runbook, which is used to log some of the MDT deployment information into a text file on OR01. - -1. On OR01, using File Explorer, create the **E:\\Logfile** folder, and grant Users modify permissions (NTFS). -2. In the **E:\\Logfile** folder, create the DeployLog.txt file. - **Note** - Make sure File Explorer is configured to show known file extensions so the file is not named DeployLog.txt.txt. - - ![figure 23](../images/mdt-09-fig23.png) - - Figure 23. The DeployLog.txt file. - -3. Using System Center 2012 R2 Orchestrator Runbook Designer, in the **Runbooks** node, create the **1.0 MDT** folder. - - ![figure 24](../images/mdt-09-fig24.png) - - Figure 24. Folder created in the Runbooks node. - -4. In the **Runbooks** node, right-click the **1.0 MDT** folder, and select **New / Runbook**. -5. On the ribbon bar, click **Check Out**. -6. Right-click the **New Runbook** label, select **Rename**, and assign the name **MDT Sample**. -7. Add (using a drag-and-drop operation) the following items from the **Activities** list to the middle pane: - 1. Runbook Control / Initialize Data - 2. Text File Management / Append Line -8. Connect **Initialize Data** to **Append Line**. - - ![figure 25](../images/mdt-09-fig25.png) - - Figure 25. Activities added and connected. - -9. Right-click the **Initialize Data** activity, and select **Properties** -10. On **the Initialize Data Properties** page, click **Add**, change **Parameter 1** to **OSDComputerName**, and then click **Finish**. - - ![figure 26](../images/mdt-09-fig26.png) - - Figure 26. The Initialize Data Properties window. - -11. Right-click the **Append Line** activity, and select **Properties**. -12. On the **Append Line Properties** page, in the **File** text box, type **E:\\Logfile\\DeployLog.txt**. -13. In the **File** encoding drop-down list, select **ASCII**. -14. In the **Append** area, right-click inside the **Text** text box and select **Expand**. - - ![figure 27](../images/mdt-09-fig27.png) - - Figure 27. Expanding the Text area. - -15. In the blank text box, right-click and select **Subscribe / Published Data**. - - ![figure 28](../images/mdt-09-fig28.png) - - Figure 28. Subscribing to data. - -16. In the **Published Data** window, select the **OSDComputerName** item, and click **OK**. -17. After the **{OSDComputerName from "Initialize Data"}** text, type in **has been deployed at** and, once again, right-click and select **Subscribe / Published Data**. -18. In the **Published Data** window, select the **Show common Published Data** check box, select the **Activity end time** item, and click **OK**. - - ![figure 29](../images/mdt-09-fig29.png) - - Figure 29. The expanded text box after all subscriptions have been added. - -19. On the **Append Line Properties** page, click **Finish**. - ## Test the demo MDT runbook - After the runbook is created, you are ready to test it. -20. On the ribbon bar, click **Runbook Tester**. -21. Click **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then click **OK**: - - OSDComputerName: PC0010 -22. Verify that all activities are green (for additional information, see each target). -23. Close the **Runbook Tester**. -24. On the ribbon bar, click **Check In**. - -![figure 30](../images/mdt-09-fig30.png) - -Figure 30. All tests completed. - -## Use the MDT demo runbook from MDT - -1. On MDT01, using the Deployment Workbench, in the MDT Production deployment share, select the **Task Sequences** node, and create a folder named **Orchestrator**. -2. Right-click the **Orchestrator** node, and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: - 1. Task sequence ID: OR001 - 2. Task sequence name: Orchestrator Sample - 3. Task sequence comments: <blank> - 4. Template: Custom Task Sequence -3. In the **Orchestrator** node, double-click the **Orchestrator Sample** task sequence, and then select the **Task Sequence** tab. -4. Remove the default **Application Install** action. -5. Add a **Gather** action and select the **Gather only local data (do not process rules)** option. -6. After the **Gather** action, add a **Set Task Sequence Variable** action with the following settings: - 1. Name: Set Task Sequence Variable - 2. Task Sequence Variable: OSDComputerName - 3. Value: %hostname% -7. After the **Set Task Sequence Variable** action, add a new **Execute Orchestrator Runbook** action with the following settings: - 1. Orchestrator Server: OR01.contoso.com - 2. Use Browse to select **1.0 MDT / MDT Sample**. -8. Click **OK**. - -![figure 31](../images/mdt-09-fig31.png) - -Figure 31. The ready-made task sequence. - -## Run the orchestrator sample task sequence - -Since this task sequence just starts a runbook, you can test this on the PC0001 client that you used for the MDT simulation environment. -**Note**   -Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](https://go.microsoft.com/fwlink/p/?LinkId=619555). - -1. On PC0001, log on as **CONTOSO\\MDT\_BA**. -2. Using an elevated command prompt (run as Administrator), type the following command: - - ``` syntax - cscript \\MDT01\MDTProduction$\Scripts\Litetouch.vbs - ``` -3. Complete the Windows Deployment Wizard using the following information: - 1. Task Sequence: Orchestrator Sample - 2. Credentials: - 1. User Name: MDT\_BA - 2. Password: P@ssw0rd - 3. Domain: CONTOSO -4. Wait until the task sequence is completed and then verify that the DeployLog.txt file in the E:\\Logfile folder on OR01 was updated. - -![figure 32](../images/mdt-09-fig32.png) - -Figure 32. The ready-made task sequence. - -## Related topics - -[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md) - -[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md) - -[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md) - -[Simulate a Windows10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md) - -[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md) - -[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md) - -[Use web services in MDT](use-web-services-in-mdt.md) +--- +title: Use Orchestrator runbooks with MDT (Windows 10) +description: Learn how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions. +ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f +ms.reviewer: +manager: laurawi +ms.author: greglin +keywords: web services, database +ms.prod: w10 +ms.mktglfcycl: deploy +ms.localizationpriority: medium +ms.sitesec: library +ms.pagetype: mdt +audience: itpro +author: greg-lindsay +ms.topic: article +--- + +# Use Orchestrator runbooks with MDT + +This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions. +MDT can integrate with System Center 2012 R2 Orchestrator, which is a component that ties the Microsoft System Center products together, as well as other products from both Microsoft and third-party vendors. The difference between using Orchestrator and "normal" web services, is that with Orchestrator you have a rich drag-and-drop style interface when building the solution, and little or no coding is required. + +**Note**   +If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website. + +## Orchestrator terminology + +Before diving into the core details, here is a quick course in Orchestrator terminology: +- **Orchestrator Server.** This is a server that executes runbooks. +- **Runbooks.** A runbook is similar to a task sequence; it is a series of instructions based on conditions. Runbooks consist of workflow activities; an activity could be Copy File, Get User from Active Directory, or even Write to Database. +- **Orchestrator Designer.** This is where you build the runbooks. In brief, you do that by creating an empty runbook, dragging in the activities you need, and then connecting them in a workflow with conditions and subscriptions. +- **Subscriptions.** These are variables that come from an earlier activity in the runbook. So if you first execute an activity in which you type in a computer name, you can then subscribe to that value in the next activity. All these variables are accumulated during the execution of the runbook. +- **Orchestrator Console.** This is the Microsoft Silverlight-based web page you can use interactively to execute runbooks. The console listens to TCP port 81 by default. +- **Orchestrator web services.** These are the web services you use in the Microsoft Deployment Toolkit to execute runbooks during deployment. The web services listen to TCP port 82 by default. +- **Integration packs.** These provide additional workflow activities you can import to integrate with other products or solutions, like the rest of Active Directory, other System Center 2012 R2 products, or Microsoft Exchange Server, to name a few. + +**Note**   +To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](https://go.microsoft.com/fwlink/p/?LinkId=619554). + +## Create a sample runbook + +This section assumes you have Orchestrator 2012 R2 installed on a server named OR01. In this section, you create a sample runbook, which is used to log some of the MDT deployment information into a text file on OR01. + +1. On OR01, using File Explorer, create the **E:\\Logfile** folder, and grant Users modify permissions (NTFS). +2. In the **E:\\Logfile** folder, create the DeployLog.txt file. + **Note** + Make sure File Explorer is configured to show known file extensions so the file is not named DeployLog.txt.txt. + + ![figure 23](../images/mdt-09-fig23.png) + + Figure 23. The DeployLog.txt file. + +3. Using System Center 2012 R2 Orchestrator Runbook Designer, in the **Runbooks** node, create the **1.0 MDT** folder. + + ![figure 24](../images/mdt-09-fig24.png) + + Figure 24. Folder created in the Runbooks node. + +4. In the **Runbooks** node, right-click the **1.0 MDT** folder, and select **New / Runbook**. +5. On the ribbon bar, click **Check Out**. +6. Right-click the **New Runbook** label, select **Rename**, and assign the name **MDT Sample**. +7. Add (using a drag-and-drop operation) the following items from the **Activities** list to the middle pane: + 1. Runbook Control / Initialize Data + 2. Text File Management / Append Line +8. Connect **Initialize Data** to **Append Line**. + + ![figure 25](../images/mdt-09-fig25.png) + + Figure 25. Activities added and connected. + +9. Right-click the **Initialize Data** activity, and select **Properties** +10. On **the Initialize Data Properties** page, click **Add**, change **Parameter 1** to **OSDComputerName**, and then click **Finish**. + + ![figure 26](../images/mdt-09-fig26.png) + + Figure 26. The Initialize Data Properties window. + +11. Right-click the **Append Line** activity, and select **Properties**. +12. On the **Append Line Properties** page, in the **File** text box, type **E:\\Logfile\\DeployLog.txt**. +13. In the **File** encoding drop-down list, select **ASCII**. +14. In the **Append** area, right-click inside the **Text** text box and select **Expand**. + + ![figure 27](../images/mdt-09-fig27.png) + + Figure 27. Expanding the Text area. + +15. In the blank text box, right-click and select **Subscribe / Published Data**. + + ![figure 28](../images/mdt-09-fig28.png) + + Figure 28. Subscribing to data. + +16. In the **Published Data** window, select the **OSDComputerName** item, and click **OK**. +17. After the **{OSDComputerName from "Initialize Data"}** text, type in **has been deployed at** and, once again, right-click and select **Subscribe / Published Data**. +18. In the **Published Data** window, select the **Show common Published Data** check box, select the **Activity end time** item, and click **OK**. + + ![figure 29](../images/mdt-09-fig29.png) + + Figure 29. The expanded text box after all subscriptions have been added. + +19. On the **Append Line Properties** page, click **Finish**. + ## Test the demo MDT runbook + After the runbook is created, you are ready to test it. +20. On the ribbon bar, click **Runbook Tester**. +21. Click **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then click **OK**: + - OSDComputerName: PC0010 +22. Verify that all activities are green (for additional information, see each target). +23. Close the **Runbook Tester**. +24. On the ribbon bar, click **Check In**. + +![figure 30](../images/mdt-09-fig30.png) + +Figure 30. All tests completed. + +## Use the MDT demo runbook from MDT + +1. On MDT01, using the Deployment Workbench, in the MDT Production deployment share, select the **Task Sequences** node, and create a folder named **Orchestrator**. +2. Right-click the **Orchestrator** node, and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard: + 1. Task sequence ID: OR001 + 2. Task sequence name: Orchestrator Sample + 3. Task sequence comments: <blank> + 4. Template: Custom Task Sequence +3. In the **Orchestrator** node, double-click the **Orchestrator Sample** task sequence, and then select the **Task Sequence** tab. +4. Remove the default **Application Install** action. +5. Add a **Gather** action and select the **Gather only local data (do not process rules)** option. +6. After the **Gather** action, add a **Set Task Sequence Variable** action with the following settings: + 1. Name: Set Task Sequence Variable + 2. Task Sequence Variable: OSDComputerName + 3. Value: %hostname% +7. After the **Set Task Sequence Variable** action, add a new **Execute Orchestrator Runbook** action with the following settings: + 1. Orchestrator Server: OR01.contoso.com + 2. Use Browse to select **1.0 MDT / MDT Sample**. +8. Click **OK**. + +![figure 31](../images/mdt-09-fig31.png) + +Figure 31. The ready-made task sequence. + +## Run the orchestrator sample task sequence + +Since this task sequence just starts a runbook, you can test this on the PC0001 client that you used for the MDT simulation environment. +**Note**   +Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](https://go.microsoft.com/fwlink/p/?LinkId=619555). + +1. On PC0001, log on as **CONTOSO\\MDT\_BA**. +2. Using an elevated command prompt (run as Administrator), type the following command: + + ``` syntax + cscript \\MDT01\MDTProduction$\Scripts\Litetouch.vbs + ``` +3. Complete the Windows Deployment Wizard using the following information: + 1. Task Sequence: Orchestrator Sample + 2. Credentials: + 1. User Name: MDT\_BA + 2. Password: P@ssw0rd + 3. Domain: CONTOSO +4. Wait until the task sequence is completed and then verify that the DeployLog.txt file in the E:\\Logfile folder on OR01 was updated. + +![figure 32](../images/mdt-09-fig32.png) + +Figure 32. The ready-made task sequence. + +## Related topics + +[Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md) + +[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md) + +[Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md) + +[Simulate a Windows10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md) + +[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md) + +[Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md) + +[Use web services in MDT](use-web-services-in-mdt.md) diff --git a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md index 79b6610104..1ca54bbdb6 100644 --- a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md +++ b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md @@ -1,6 +1,6 @@ --- title: Use MDT database to stage Windows 10 deployment info (Windows 10) -description: This topic is designed to teach you how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database, rather than include the information in a text file (CustomSettings.ini). +description: Learn how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database. ms.assetid: 8956ab54-90ba-45d3-a384-4fdec72c4d46 ms.reviewer: manager: laurawi diff --git a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md index 8d8da0f126..c35e379797 100644 --- a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md +++ b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md @@ -1,6 +1,6 @@ --- title: Create AppHelp Message in Compatibility Administrator (Windows 10) -description: The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system. +description: Create an AppHelp text message with Compatibility Administrator; a message that appears upon starting an app with major issues on the Windows® operating system. ms.assetid: 5c6e89f5-1942-4aa4-8439-ccf0ecd02848 ms.reviewer: manager: laurawi diff --git a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md index 513ae0cfd8..c6118f8f14 100644 --- a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md +++ b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md @@ -1,6 +1,6 @@ --- title: Perform in-place upgrade to Windows 10 via Configuration Manager -description: The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. Use a System Center Configuration Manager task sequence to completely automate the process. +description: In-place upgrades make upgrading Windows 7, Windows 8, and Windows 8.1 to Windows 10 easy -- you can even automate the whole process with a SCCM task sequence. ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878 ms.reviewer: manager: laurawi diff --git a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md index 5ab13673ea..226acb2e7c 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md +++ b/windows/security/information-protection/bitlocker/bitlocker-key-management-faq.md @@ -1,6 +1,6 @@ --- title: BitLocker Key Management FAQ (Windows 10) -description: This topic for the IT professional answers frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. +description: Browse frequently asked questions concerning the requirements to use, upgrade, deploy and administer, and key management policies for BitLocker. ms.assetid: c40f87ac-17d3-47b2-afc6-6c641f72ecee ms.reviewer: ms.prod: w10 diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md index 8f99d1e45e..e2ae8c85e5 100644 --- a/windows/security/information-protection/tpm/tpm-fundamentals.md +++ b/windows/security/information-protection/tpm/tpm-fundamentals.md @@ -1,6 +1,6 @@ --- title: TPM fundamentals (Windows 10) -description: This topic for the IT professional provides a description of the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and explains how they are used to mitigate dictionary attacks. +description: Inform yourself about the components of the Trusted Platform Module (TPM 1.2 and TPM 2.0) and how they are used to mitigate dictionary attacks. ms.assetid: ac90f5f9-9a15-4e87-b00d-4adcf2ec3000 ms.reviewer: ms.prod: w10 diff --git a/windows/security/threat-protection/auditing/audit-application-generated.md b/windows/security/threat-protection/auditing/audit-application-generated.md index 72a5aecec7..b594ba40ca 100644 --- a/windows/security/threat-protection/auditing/audit-application-generated.md +++ b/windows/security/threat-protection/auditing/audit-application-generated.md @@ -1,6 +1,6 @@ --- title: Audit Application Generated (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Application Generated, which determines whether the operating system generates audit events when applications attempt to use the Windows Auditing application programming interfaces (APIs). +description: The policy setting, Audit Application Generated, determines if audit events are generated when applications attempt to use the Windows Auditing APIs. ms.assetid: 6c58a365-b25b-42b8-98ab-819002e31871 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md index 061105bbac..f655b5d8c6 100644 --- a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md +++ b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md @@ -1,6 +1,6 @@ --- title: Audit Central Access Policy Staging (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Central Access Policy Staging, which determines permissions on a Central Access Policy. +description: The Advanced Security Audit policy setting, Audit Central Access Policy Staging, determines permissions on a Central Access Policy. ms.assetid: D9BB11CE-949A-4B48-82BF-30DC5E6FC67D ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md index d28314643d..529003459d 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md @@ -1,6 +1,6 @@ --- title: Audit Kerberos Authentication Service (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Kerberos Authentication Service, which determines whether to generate audit events for Kerberos authentication ticket-granting ticket (TGT) requests. +description: The policy setting Audit Kerberos Authentication Service decides if audit events are generated for Kerberos authentication ticket-granting ticket (TGT) requests ms.assetid: 990dd6d9-1a1f-4cce-97ba-5d7e0a7db859 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-network-policy-server.md b/windows/security/threat-protection/auditing/audit-network-policy-server.md index 6d7eaac005..697ae99b16 100644 --- a/windows/security/threat-protection/auditing/audit-network-policy-server.md +++ b/windows/security/threat-protection/auditing/audit-network-policy-server.md @@ -1,6 +1,6 @@ --- title: Audit Network Policy Server (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Network Policy Server, which determines whether the operating system generates audit events for RADIUS (IAS) and Network Access Protection (NAP) activity on user access requests (Grant, Deny, Discard, Quarantine, Lock, and Unlock). +description: The policy setting, Audit Network Policy Server, determines if audit events are generated for RADIUS (IAS) and NAP activity on user access requests. ms.assetid: 43b2aea4-26df-46da-b761-2b30f51a80f7 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-process-termination.md b/windows/security/threat-protection/auditing/audit-process-termination.md index 3943542ccf..7ba49fbd59 100644 --- a/windows/security/threat-protection/auditing/audit-process-termination.md +++ b/windows/security/threat-protection/auditing/audit-process-termination.md @@ -1,6 +1,6 @@ --- title: Audit Process Termination (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Process Termination, which determines whether the operating system generates audit events when an attempt is made to end a process. +description: The Advanced Security Audit policy setting, Audit Process Termination, determines if audit events are generated when an attempt is made to end a process. ms.assetid: 65d88e53-14aa-48a4-812b-557cebbf9e50 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md index 710f45b4ae..d75b85e522 100644 --- a/windows/security/threat-protection/auditing/audit-security-group-management.md +++ b/windows/security/threat-protection/auditing/audit-security-group-management.md @@ -1,6 +1,6 @@ --- title: Audit Security Group Management (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit Security Group Management, which determines whether the operating system generates audit events when specific security group management tasks are performed. +description: The policy setting, Audit Security Group Management, determines if audit events are generated when specific security group management tasks are performed. ms.assetid: ac2ee101-557b-4c84-b9fa-4fb23331f1aa ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md index ac5edaec4a..3bdb900b00 100644 --- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md @@ -1,6 +1,6 @@ --- title: Audit Sensitive Privilege Use (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Sensitive Privilege Use, which determines whether the operating system generates audit events when sensitive privileges (user rights) are used. +description: The policy setting, Audit Sensitive Privilege Use, determines if the operating system generates audit events when sensitive privileges (user rights) are used. ms.assetid: 915abf50-42d2-45f6-9fd1-e7bd201b193d ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md index 4a9c0d7f29..7be96ce69b 100644 --- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md +++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md @@ -1,6 +1,6 @@ --- title: Monitor central access policies on a file server (Windows 10) -description: This topic for the IT professional describes how to monitor changes to the central access policies that apply to a file server when using advanced security auditing options to monitor dynamic access control objects. +description: Learn how to monitor changes to the central access policies that apply to a file server, when using advanced security auditing options. ms.assetid: 126b051e-c20d-41f1-b42f-6cff24dcf20c ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md index 92fb064c14..e88b1b13e8 100644 --- a/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity.md @@ -1,6 +1,6 @@ --- title: Deployment guidelines for Windows Defender Device Guard (Windows 10) -description: To help you plan a deployment of Microsoft Windows Defender Device Guard, this article describes hardware requirements for Windows Defender Device Guard, outlines deployment approaches, and describes methods for code signing and code integrity policies. +description: Plan your deployment of Windows Defender Device Guard. Learn about hardware requirements, deployment approaches, code signing and code integrity policies. keywords: virtualization, security, malware ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md index 49f815ce3f..60fe8eaa5f 100644 --- a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md +++ b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md @@ -1,6 +1,6 @@ --- title: Access Credential Manager as a trusted caller (Windows 10) -description: Describes the best practices, location, values, policy management, and security considerations for the Access Credential Manager as a trusted caller security policy setting. +description: Describes best practices, security considerations and more for the security policy setting, Access Credential Manager as a trusted caller. ms.assetid: a51820d2-ca5b-47dd-8e9b-d7008603db88 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md index f6beb6795e..429a6e932a 100644 --- a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md +++ b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md @@ -1,6 +1,6 @@ --- title: Accounts Limit local account use of blank passwords (Windows 10) -description: Describes the best practices, location, values, and security considerations for the Accounts Limit local account use of blank passwords to console logon only security policy setting. +description: Learn best practices, security considerations, and more for the policy setting, Accounts Limit local account use of blank passwords to console logon only. ms.assetid: a1bfb58b-1ae8-4de9-832b-aa889a6e64bd ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md index 2f0c68363e..0eb20f0245 100644 --- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md +++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md @@ -1,6 +1,6 @@ --- title: Microsoft network client Send unencrypted password (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the Microsoft network client Send unencrypted password to third-party SMB servers security policy setting. +description: Learn about best practices and more for the security policy setting, Microsoft network client Send unencrypted password to third-party SMB servers. ms.assetid: 97a76b93-afa7-4dd9-bb52-7c9e289b6017 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md index 56ba9ce742..b679530985 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md @@ -1,6 +1,6 @@ --- title: Network access Do not allow anonymous enumeration (Windows 10) -description: Describes the best practices, location, values, and security considerations for the Network access Do not allow anonymous enumeration of SAM accounts and shares security policy setting. +description: Learn about best practices and more for the security policy setting, Network access Do not allow anonymous enumeration of SAM accounts and shares. ms.assetid: 3686788d-4cc7-4222-9163-cbc7c3362d73 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md index cfb1f5e23c..ca8b104079 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md @@ -1,6 +1,6 @@ --- title: Network access Named Pipes that can be accessed anonymously (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the Network access Named Pipes that can be accessed anonymously security policy setting. +description: Describes best practices, security considerations and more for the security policy setting, Network access Named Pipes that can be accessed anonymously. ms.assetid: 8897d2a4-813e-4d2b-8518-fcee71e1cf2c ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md index b052ac4ccf..4ac7af5f3c 100644 --- a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md +++ b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md @@ -1,6 +1,6 @@ --- title: Network List Manager policies (Windows 10) -description: Network List Manager policies are security settings that you can use to configure different aspects of how networks are listed and displayed on one device or on many devices. +description: Network List Manager policies are security settings that configure different aspects of how networks are listed and displayed on one device or on many devices. ms.assetid: bd8109d4-b07c-4beb-a9a6-affae2ba2fda ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md index 0e229ebce6..582a95f107 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md @@ -1,6 +1,6 @@ --- title: Network security Restrict NTLM Outgoing traffic (Windows 10) -description: Describes the best practices, location, values, management aspects, and security considerations for the Network Security Restrict NTLM Outgoing NTLM traffic to remote servers security policy setting. +description: Learn about best practices, security considerations and more for the policy setting, Network Security Restrict NTLM Outgoing NTLM traffic to remote servers. ms.assetid: 63437a90-764b-4f06-aed8-a4a26cf81bd1 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md index 47e4c3b995..77c4b06163 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md @@ -1,6 +1,6 @@ --- title: Only elevate UIAccess app installed in secure location (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Only elevate UIAccess applications that are installed in secure locations security policy setting. +description: Learn about best practices and more for the policy setting, User Account Control Only elevate UIAccess applications that are installed in secure locations. ms.assetid: 4333409e-a5be-4f2f-8808-618f53abd22c ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/windows-10-mobile-security-guide.md b/windows/security/threat-protection/windows-10-mobile-security-guide.md index 6e9ba266d1..5ce47adcb7 100644 --- a/windows/security/threat-protection/windows-10-mobile-security-guide.md +++ b/windows/security/threat-protection/windows-10-mobile-security-guide.md @@ -1,6 +1,6 @@ --- title: Windows 10 Mobile security guide (Windows 10) -description: This guide provides a detailed description of the most important security features in the Windows 10 Mobile operating system—identity access and control, data protection, malware resistance, and app platform security. +description: The most important security features in the Windows 10 Mobile — identity access & control, data protection, malware resistance, and app platform security. ms.assetid: D51EF508-699E-4A68-A7CD-91D821A97205 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md index 2147e2fe3f..acfdd8e57d 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/document-your-applocker-rules.md @@ -1,6 +1,6 @@ --- title: Document your AppLocker rules (Windows 10) -description: This topic describes what rule conditions to associate with each file, how to associate the rule conditions with each file, the source of the rule, and whether the file should be included or excluded. +description: Learn how to document your Applocker rules with this planning guide. Associate rule conditions with files, permissions, rule source, and implementation. ms.assetid: 91a198ce-104a-45ff-b49b-487fb40cd2dd ms.reviewer: ms.author: dansimp From d1b0a533e870b51f1328b0611c9b0c4e1a9ad451 Mon Sep 17 00:00:00 2001 From: Teresa-Motiv Date: Thu, 19 Dec 2019 12:41:39 -0800 Subject: [PATCH 60/93] Edits --- windows/deployment/volume-activation/vamt-known-issues.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 5f2f126d54..8022121cb3 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -1,6 +1,6 @@ --- title: VAMT known issues (Windows 10) -description: VAMT known issues +description: Volume Activation Management Tool (VAMT) known issues ms.assetid: 8992f1f3-830a-4ce7-a248-f3a6377ab77f ms.reviewer: manager: laurawi @@ -20,10 +20,10 @@ ms.custom: # VAMT known issues -The following list and the section that follows contain the current known issues regarding the Volume Activation Management Tool (VAMT) 3.0. +The following list and the section that follows contain the current known issues regarding the Volume Activation Management Tool (VAMT), versions 3.0. and 3.1. - VAMT Windows Management Infrastructure (WMI) remote operations might take longer to execute if the target computer is in a sleep or standby state. -- When opening a Computer Information List (.cil file) that was saved by using a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information. +- When opening a Computer Information List (CIL file) that was saved by using a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information. - The remaining activation count can only be retrieved for MAKs. ## Can't add CSVLKs for Windows 10 activation to VAMT 3.1 From ce2db075fdfe0d8117f77eccf432d694c7706ece Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 19 Dec 2019 13:33:25 -0800 Subject: [PATCH 61/93] Update prevent-malware-infection.md Edits --- .../threat-protection/intelligence/prevent-malware-infection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/intelligence/prevent-malware-infection.md b/windows/security/threat-protection/intelligence/prevent-malware-infection.md index 884759126a..7bce69882c 100644 --- a/windows/security/threat-protection/intelligence/prevent-malware-infection.md +++ b/windows/security/threat-protection/intelligence/prevent-malware-infection.md @@ -85,7 +85,7 @@ To further ensure that data is protected from malware as well as other threats: * Do not use untrusted devices to log on to email, social media, and corporate accounts. -* Do not downlaod or run old Binary / Office 2003 and ealier file formats like .doc, .ppt, .xls. These file formats allow macros to be included. This can be a security risk. +* Avoid downloading or running older apps. Some of these apps might have vulnerabilities. Also, older file formats for Office 2003 (.doc, .pps, and .xls) allow macros or run. This could be a security risk. ## Software solutions From d7d1744e1f695c1be186739cdc6b9bc88de1adeb Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Thu, 19 Dec 2019 16:00:59 -0800 Subject: [PATCH 62/93] Make link locale agnostic --- devices/hololens/hololens2-basic-usage.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/hololens/hololens2-basic-usage.md b/devices/hololens/hololens2-basic-usage.md index fadbb7a4bc..59426de18e 100644 --- a/devices/hololens/hololens2-basic-usage.md +++ b/devices/hololens/hololens2-basic-usage.md @@ -106,7 +106,7 @@ To **close** the Start menu, do the Start gesture when the Start menu is open. > For the one-handed Start gesture to work: > > 1. You must update to the November 2019 update (build 18363.1039) or later. -> 1. Your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not [calibrated](https://docs.microsoft.com/en-us/hololens/hololens-calibration#calibrating-your-hololens-2) on the device. +> 1. Your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not [calibrated](https://docs.microsoft.com/hololens/hololens-calibration#calibrating-your-hololens-2) on the device. You can also perform the Start gesture with only one hand. To do this, hold out your hand with your palm facing you and look at the **Start icon** on your inner wrist. **While keeping your eye on the icon**, pinch your thumb and index finger together. From d08a491ad820de3c6ee83f3edd6d5bf1fe32b478 Mon Sep 17 00:00:00 2001 From: martyav Date: Fri, 20 Dec 2019 13:06:00 -0500 Subject: [PATCH 63/93] reviewed through item 90 --- windows/client-management/mdm/accounts-ddf-file.md | 2 +- windows/client-management/mdm/multisim-ddf.md | 2 +- windows/client-management/mdm/tenantlockdown-ddf.md | 2 +- .../client-management/mdm/win32compatibilityappraiser-ddf.md | 2 +- windows/privacy/manage-windows-1709-endpoints.md | 2 +- windows/privacy/manage-windows-1803-endpoints.md | 2 +- windows/privacy/manage-windows-1809-endpoints.md | 2 +- windows/privacy/manage-windows-1903-endpoints.md | 2 +- .../credential-guard/additional-mitigations.md | 2 +- .../credential-guard/credential-guard-scripts.md | 2 +- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- .../hello-for-business/hello-hybrid-aadj-sso-cert.md | 2 +- .../hello-for-business/hello-hybrid-aadj-sso.md | 2 +- .../hello-for-business/hello-hybrid-cert-whfb-settings.md | 2 +- .../hello-for-business/hello-hybrid-key-whfb-settings.md | 2 +- .../threat-protection/microsoft-defender-atp/alerts.md | 2 +- .../microsoft-defender-atp/emet-exploit-protection.md | 2 +- .../microsoft-defender-atp/enable-exploit-protection.md | 2 +- .../microsoft-defender-atp/exploit-protection.md | 2 +- .../threat-protection/microsoft-defender-atp/files.md | 2 +- .../threat-protection/microsoft-defender-atp/get-alerts.md | 2 +- .../microsoft-defender-atp/troubleshoot-asr.md | 4 ++-- .../microsoft-defender-atp/troubleshoot-np.md | 4 ++-- .../security/threat-protection/microsoft-defender-atp/user.md | 2 +- 24 files changed, 26 insertions(+), 26 deletions(-) diff --git a/windows/client-management/mdm/accounts-ddf-file.md b/windows/client-management/mdm/accounts-ddf-file.md index 0815b489ba..c4a1538d53 100644 --- a/windows/client-management/mdm/accounts-ddf-file.md +++ b/windows/client-management/mdm/accounts-ddf-file.md @@ -1,6 +1,6 @@ --- title: Accounts DDF file -description: XML file containing the device description framework +description: XML file containing the device description framework for the Accounts configuration service provider. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/multisim-ddf.md b/windows/client-management/mdm/multisim-ddf.md index 24cf91748a..2e34159750 100644 --- a/windows/client-management/mdm/multisim-ddf.md +++ b/windows/client-management/mdm/multisim-ddf.md @@ -1,6 +1,6 @@ --- title: MultiSIM DDF file -description: XML file containing the device description framework +description: XML file containing the device description framework for the MultiSIM configuration service provider. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md index 041b690a01..ad901702a5 100644 --- a/windows/client-management/mdm/tenantlockdown-ddf.md +++ b/windows/client-management/mdm/tenantlockdown-ddf.md @@ -1,6 +1,6 @@ --- title: TenantLockdown DDF file -description: XML file containing the device description framework +description: XML file containing the device description framework for the TenantLockdown configuration service provider. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md index e86a9edcc0..ce4b0b3bf3 100644 --- a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md +++ b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md @@ -1,6 +1,6 @@ --- title: Win32CompatibilityAppraiser DDF file -description: XML file containing the device description framework +description: XML file containing the device description framework for the Win32CompatibilityAppraiser configuration service provider. ms.author: dansimp ms.topic: article ms.prod: w10 diff --git a/windows/privacy/manage-windows-1709-endpoints.md b/windows/privacy/manage-windows-1709-endpoints.md index 28c2ac9038..32fc4b968a 100644 --- a/windows/privacy/manage-windows-1709-endpoints.md +++ b/windows/privacy/manage-windows-1709-endpoints.md @@ -1,6 +1,6 @@ --- title: Connection endpoints for Windows 10 Enterprise, version 1709 -description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. +description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1709. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/privacy/manage-windows-1803-endpoints.md b/windows/privacy/manage-windows-1803-endpoints.md index cb80bc42cd..f62497b8ad 100644 --- a/windows/privacy/manage-windows-1803-endpoints.md +++ b/windows/privacy/manage-windows-1803-endpoints.md @@ -1,6 +1,6 @@ --- title: Connection endpoints for Windows 10, version 1803 -description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. +description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1803. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/privacy/manage-windows-1809-endpoints.md b/windows/privacy/manage-windows-1809-endpoints.md index 83bf617928..0504d6eceb 100644 --- a/windows/privacy/manage-windows-1809-endpoints.md +++ b/windows/privacy/manage-windows-1809-endpoints.md @@ -1,6 +1,6 @@ --- title: Connection endpoints for Windows 10, version 1809 -description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. +description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1809. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md index 2151461b3a..786649ef6a 100644 --- a/windows/privacy/manage-windows-1903-endpoints.md +++ b/windows/privacy/manage-windows-1903-endpoints.md @@ -1,6 +1,6 @@ --- title: Connection endpoints for Windows 10 Enterprise, version 1903 -description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. +description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. Specific to Windows 10 Enterprise, version 1903. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: w10 ms.mktglfcycl: manage diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md index d42dc24268..68410a7305 100644 --- a/windows/security/identity-protection/credential-guard/additional-mitigations.md +++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md @@ -1,6 +1,6 @@ --- title: Additional mitigations -description: Scripts listed in this topic for obtaining the available issuance policies on the certificate authority for Windows Defender Credential Guard on Windows 10. +description: Advice and sample code for making your domain environment more secure and robust with Windows Defender Credential Guard. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library diff --git a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md index ae294baabb..b62a1d9818 100644 --- a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md +++ b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md @@ -1,6 +1,6 @@ --- title: Scripts for Certificate Issuance Policies in Windows Defender Credential Guard (Windows 10) -description: Scripts listed in this topic for obtaining the available issuance policies on the certificate authority for Windows Defender Credential Guard on Windows 10. +description: Obtain issuance policies from the certificate authority for Windows Defender Credential Guard on Windows 10. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 060bf7e60a..9874fcd53a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -1,6 +1,6 @@ --- title: Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business -description: Azure Active Directory joined devices in a hybrid Deployment for on-premises single sign-on +description: Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support them. keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index 1bb87570ff..54f37c9b50 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -1,6 +1,6 @@ --- title: Using Certificates for AADJ On-premises Single-sign On single sign-on -description: Azure Active Directory joined devices in a hybrid Deployment for on-premises single sign-on +description: If you want to use certificates for on-premises single-sign on for Azure Active Directory joined devices, then follow these additional steps. keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md index 27c18d43e7..4eed2e7435 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md @@ -1,6 +1,6 @@ --- title: Azure AD Join Single Sign-on Deployment -description: Azure Active Directory joined devices in a hybrid Deployment for on-premises single sign-on +description: Learn how to provide single sign-on to your on-premises resources for Azure Active Directory joined devices, using Windows Hello for Business. keywords: identity, PIN, biometric, Hello, passport, AADJ, SSO, ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md index eb54aba4fd..fba1fd76f8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md @@ -1,6 +1,6 @@ --- title: Configure Hybrid Windows Hello for Business Settings (Windows Hello for Business) -description: Configuring Windows Hello for Business Settings in Hybrid deployment +description: Configuring Windows Hello for Business settings in hybrid certificate trust deployment. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md index 5202ec8d19..d8eb2ac3ed 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md @@ -1,6 +1,6 @@ --- title: Configure Hybrid Windows Hello for Business key trust Settings -description: Configuring Windows Hello for Business Settings in Hybrid deployment +description: Configuring Windows Hello for Business settings in hybrid key trust deployment. keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md index 7a3ea94c49..3bf7ffba39 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md @@ -1,6 +1,6 @@ --- title: Get alerts API -description: Retrieves top recent alerts. +description: Retrieve recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts. keywords: apis, graph api, supported apis, get, alerts, recent search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md index 73df2fb5a4..040f644860 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection.md @@ -1,7 +1,7 @@ --- title: Compare the features in Exploit protection with EMET keywords: emet, enhanced mitigation experience toolkit, configuration, exploit, compare, difference between, versus, upgrade, convert -description: Exploit protection in Windows 10 provides advanced configuration over the settings offered in EMET. +description: Exploit protection in Microsoft Defender ATP is our successor to Enhanced Mitigation Experience Toolkit (EMET) and provides stronger protection, more customization, an easier user interface, and better configuration and management options. search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md index 76bada624f..0f325b3497 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md @@ -1,7 +1,7 @@ --- title: Turn on exploit protection to help mitigate against attacks keywords: exploit, mitigation, attacks, vulnerability -description: Exploit protection in Windows 10 provides advanced configuration over the settings offered in EMET. +description: Learn how to enable exploit protection in Windows 10. Exploit protection helps protect your device against malware. search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md index e47d2c93c1..3d1b7367e0 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/exploit-protection.md @@ -1,7 +1,7 @@ --- title: Apply mitigations to help prevent attacks through vulnerabilities keywords: mitigations, vulnerabilities, vulnerability, mitigation, exploit, exploits, emet -description: Exploit protection in Windows 10 provides advanced configuration over the settings offered in EMET. +description: Protect devices against exploits with Windows 10. Windows 10 has advanced exploit protection capabilities, building upon and improving the settings available in Enhanced Mitigation Experience Toolkit (EMET). search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/files.md b/windows/security/threat-protection/microsoft-defender-atp/files.md index 2bb588f0ce..d4cc5e85cb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/files.md +++ b/windows/security/threat-protection/microsoft-defender-atp/files.md @@ -1,6 +1,6 @@ --- title: File resource type -description: Retrieves information associated with files alerts. +description: Retrieve recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts related to files. keywords: apis, graph api, supported apis, get, alerts, recent search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md index 21b0d34987..b6056a66b3 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md +++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md @@ -1,6 +1,6 @@ --- title: List alerts API -description: Retrieves top recent alerts. +description: Retrieve a collection of recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts. keywords: apis, graph api, supported apis, get, alerts, recent search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md index 963402fe1d..ed130a1720 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md @@ -1,7 +1,7 @@ --- title: Troubleshoot problems with attack surface reduction rules -description: Check prerequisites, use audit mode, add exclusions, or collect diagnostic data to help troubleshoot issues -keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking +description: Resources and sample code to troubleshoot issues with attack surface reduction rules in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). +keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking, microsoft defender atp, microsoft defender advanced threat protection search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md index 8589345cbe..9c2e5cfdff 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md +++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md @@ -1,7 +1,7 @@ --- title: Troubleshoot problems with Network protection -description: Check prerequisites, use audit mode, add exclusions, or collect diagnostic data to help troubleshoot issues -keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking +description: Resources and sample code to troubleshoot issues with Network protection in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). +keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking, microsoft defender atp, microsoft defender advanced threat protection search.product: eADQiWindows 10XVcnh ms.pagetype: security ms.prod: w10 diff --git a/windows/security/threat-protection/microsoft-defender-atp/user.md b/windows/security/threat-protection/microsoft-defender-atp/user.md index 2729130721..9700fea0cb 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/user.md +++ b/windows/security/threat-protection/microsoft-defender-atp/user.md @@ -1,6 +1,6 @@ --- title: User resource type -description: Retrieves top recent alerts. +description: Retrieve recent Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) alerts related to users. keywords: apis, graph api, supported apis, get, alerts, recent search.product: eADQiWindows 10XVcnh ms.prod: w10 From ff4e468313552dd8bd6c8d6d11d61d5b42937376 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Fri, 20 Dec 2019 12:52:04 -0800 Subject: [PATCH 64/93] update powerbi topics --- windows/security/threat-protection/TOC.md | 3 ++- .../microsoft-defender-atp/api-power-bi.md | 6 ++++++ .../microsoft-defender-atp/powerbi-reports.md | 6 +++--- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md index 1df34b54fd..a483760fe8 100644 --- a/windows/security/threat-protection/TOC.md +++ b/windows/security/threat-protection/TOC.md @@ -459,7 +459,8 @@ ##### [Troubleshoot SIEM tool integration issues](microsoft-defender-atp/troubleshoot-siem.md) #### [Reporting]() -##### [Create and build Power BI reports using Microsoft Defender ATP data (deprecated)](microsoft-defender-atp/powerbi-reports.md) +##### [Power BI - How to use API - Samples](microsoft-defender-atp/api-power-bi.md) +##### [Create and build Power BI reports using Microsoft Defender ATP data connectors (deprecated)](microsoft-defender-atp/powerbi-reports.md) ##### [Threat protection reports](microsoft-defender-atp/threat-protection-reports.md) ##### [Machine health and compliance reports](microsoft-defender-atp/machine-reports.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md index 2eaa43daee..bf6f5843b9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md @@ -121,6 +121,12 @@ The first example demonstrates how to connect Power BI to Advanced Hunting API a - You also can use OData queries for queries filters, see [Using OData Queries](exposed-apis-odata-samples.md) + +## Power BI dashboard samples in GitHub +For more information see the [Power BI report templates](https://github.com/microsoft/MDATP-PowerBI-Templates). + + + ## Related topic - [Microsoft Defender ATP APIs](apis-intro.md) - [Advanced Hunting API](run-advanced-query-api.md) diff --git a/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports.md b/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports.md index 2af159a95b..2119a0e8da 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports.md +++ b/windows/security/threat-protection/microsoft-defender-atp/powerbi-reports.md @@ -1,7 +1,7 @@ --- -title: Create and build Power BI reports using Microsoft Defender ATP data +title: Create and build Power BI reports using Microsoft Defender ATP data connectors description: Get security insights by creating and building Power BI dashboards using data from Microsoft Defender ATP and other data sources. -keywords: settings, power bi, power bi service, power bi desktop, reports, dashboards, connectors , security insights, mashup +keywords: settings, power bi, power bi service, power bi desktop, reports, dashboards, connectors, security insights, mashup search.product: eADQiWindows 10XVcnh search.appverid: met150 ms.prod: w10 @@ -18,7 +18,7 @@ ms.topic: article --- -# Create and build Power BI reports using Microsoft Defender ATP data (Deprecated) +# Create and build Power BI reports using Microsoft Defender ATP data connectors (Deprecated) **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) From c83e650685c4d63065f446aeced9ce43ff566e09 Mon Sep 17 00:00:00 2001 From: martyav Date: Fri, 20 Dec 2019 16:29:18 -0500 Subject: [PATCH 65/93] items 57 to 87 reviewed --- ...-windows-pe-using-configuration-manager.md | 221 +++++++++--------- ...0-deployment-with-configuration-manager.md | 2 +- ...0-deployment-with-configuration-manager.md | 2 +- .../deployment/planning/using-the-sua-tool.md | 185 +++++++-------- .../planning/windows-to-go-overview.md | 2 +- .../microsoft-compatible-security-key.md | 2 +- ...ccount-control-security-policy-settings.md | 2 +- .../overview-create-wip-policy.md | 2 +- .../protect-enterprise-data-using-wip.md | 2 +- .../auditing/advanced-security-auditing.md | 2 +- .../auditing/audit-audit-policy-change.md | 2 +- .../audit-distribution-group-management.md | 2 +- .../audit-filtering-platform-policy-change.md | 2 +- .../auditing/audit-ipsec-main-mode.md | 2 +- .../auditing/audit-registry.md | 2 +- .../threat-protection/auditing/audit-sam.md | 2 +- .../audit-security-system-extension.md | 2 +- .../intelligence/understanding-malware.md | 2 +- .../intelligence/virus-initiative-criteria.md | 2 +- .../configure-email-notifications.md | 2 +- ...iately-if-unable-to-log-security-audits.md | 2 +- ...criptor-definition-language-sddl-syntax.md | 2 +- ...ccess-to-this-computer-from-the-network.md | 2 +- ...r-accounts-to-be-trusted-for-delegation.md | 2 +- ...-credentials-for-network-authentication.md | 2 +- ...shares-that-can-be-accessed-anonymously.md | 2 +- ...o-be-shut-down-without-having-to-log-on.md | 2 +- ...nsensitivity-for-non-windows-subsystems.md | 2 +- ...-installations-and-prompt-for-elevation.md | 2 +- .../manage-packaged-apps-with-applocker.md | 2 +- 30 files changed, 232 insertions(+), 230 deletions(-) diff --git a/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md index ddc3a8a1da..19e35e39b3 100644 --- a/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md @@ -1,110 +1,111 @@ ---- -title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager (Windows 10) -description: In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. -ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c -ms.reviewer: -manager: laurawi -ms.author: greglin -keywords: deploy, task sequence -ms.prod: w10 -ms.localizationpriority: medium -ms.mktglfcycl: deploy -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 07/27/2017 -ms.topic: article ---- - -# Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager - - -**Applies to** - -- Windows 10 versions 1507, 1511 - ->[!IMPORTANT] ->For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). ->Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10). - -In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. Even though the Windows PE boot image and the Windows 10 operating system contain many out-of-the-box drivers, it is likely you will have to add new or updated drivers to support all your hardware. In this section, you import drivers for both Windows PE and the full Windows 10 operating system. - -For the purposes of this topic, we will use CM01, a machine running Windows Server 2012 R2 Standard that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md). - -## Add drivers for Windows PE - - -This section will show you how to import some network and storage drivers for Windows PE. This section assumes you have downloaded some drivers to the E:\\Sources\\OSD\\DriverSources\\WinPE x64 folder on CM01. - -1. On CM01, using the Configuration Manager Console, in the Software Library workspace, right-click the **Drivers** node and select **Import Driver**. - -2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, below the Import all drivers in the following network path (UNC) option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\WinPE x64** folder and click **Next**. - -3. On the **Specify the details for the imported driver** page, click **Categories**, create a category named **WinPE x64**, and then click **Next**. - -4. On the **Select the packages to add the imported driver** page, click **Next**. - -5. On the **Select drivers to include in the boot image** page, select the **Zero Touch WinPE x64** boot image. Also select the **Update distribution points when finished** check box, and click **Next** twice. - -![Add drivers to Windows PE](../images/fig21-add-drivers.png "Add drivers to Windows PE") - -*Figure 21. Add drivers to Windows PE* - ->[!NOTE] ->The Updating Boot Image part of the wizard will appear to hang when displaying Done. It will complete in a minute or two. - - -## Add drivers for Windows 10 - - -This section illustrates how to add drivers for Windows 10 through an example in which you want to import Windows 10 drivers for the HP EliteBook 8560w model. For the purposes of this section, we assume that you have downloaded the Windows 10 drivers for the HP EliteBook 8560w model and copied them to the E:\\Sources\\OSD\\DriverSources\\Windows 10 x64\\HP EliteBook 8560w folder on CM01. - -1. On CM01, using the Configuration Manager Console, right-click the **Drivers** folder and select **Import Driver**. - -2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, below the Import all drivers in the following network path (UNC) option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\Windows 10 x64\\HP EliteBook 8560w** folder and click **Next**. - -3. On the **Specify the details for the imported driver** page, click **Categories**, create a category named Windows 10 x64 - HP EliteBook 8560w, and then click **Next**. - - ![Create driver categories](../images/fig22-createcategories.png "Create driver categories") - - *Figure 22. Create driver categories* - -4. On the **Select the packages to add the imported driver** page, click **New Package**, use the following settings for the package, and then click **Next**: - - * Name: Windows 10 x64 - HP EliteBook 8560w - - * Path: \\\\CM01\\Sources$\\OSD\\DriverPackages\\Windows 10 x64\\HP EliteBook 8560w - - >[!NOTE] - >The package path does not yet exist, so you have to type it in. The wizard will create the new package in that folder. - - -5. On the **Select drivers to include in the boot image** page, do not select anything, and click **Next** twice. After the package has been created, click **Close**. - - >[!NOTE] - >If you want to monitor the driver import process more closely, you can open the SMSProv.log file during driver import. - - ![Drivers imported and a new driver package created](../images/mdt-06-fig26.png "Drivers imported and a new driver package created") - - *Figure 23. Drivers imported and a new driver package created* - -## Related topics - - -[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md) - - -[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) - -[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md) - -[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md) - -[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) - -[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md) - -[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md) - -[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) - -[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) +--- +title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager (Windows 10) +description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers. +ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c +ms.reviewer: +manager: laurawi +ms.author: greglin +keywords: deploy, task sequence +ms.prod: w10 +ms.localizationpriority: medium +ms.mktglfcycl: deploy +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 07/27/2017 +ms.topic: article +--- + +# Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager + + +**Applies to** + +- Windows 10 versions 1507, 1511 + +>[!IMPORTANT] +>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems). +>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10). + +In this topic, you will learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. Even though the Windows PE boot image and the Windows 10 operating system contain many out-of-the-box drivers, it is likely you will have to add new or updated drivers to support all your hardware. In this section, you import drivers for both Windows PE and the full Windows 10 operating system. + +For the purposes of this topic, we will use CM01, a machine running Windows Server 2012 R2 Standard that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md). + +## Add drivers for Windows PE + + +This section will show you how to import some network and storage drivers for Windows PE. This section assumes you have downloaded some drivers to the E:\\Sources\\OSD\\DriverSources\\WinPE x64 folder on CM01. + +1. On CM01, using the Configuration Manager Console, in the Software Library workspace, right-click the **Drivers** node and select **Import Driver**. + +2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, below the Import all drivers in the following network path (UNC) option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\WinPE x64** folder and click **Next**. + +3. On the **Specify the details for the imported driver** page, click **Categories**, create a category named **WinPE x64**, and then click **Next**. + +4. On the **Select the packages to add the imported driver** page, click **Next**. + +5. On the **Select drivers to include in the boot image** page, select the **Zero Touch WinPE x64** boot image. Also select the **Update distribution points when finished** check box, and click **Next** twice. + +![Add drivers to Windows PE](../images/fig21-add-drivers.png "Add drivers to Windows PE") + +*Figure 21. Add drivers to Windows PE* + +>[!NOTE] +>The Updating Boot Image part of the wizard will appear to hang when displaying Done. It will complete in a minute or two. + + +## Add drivers for Windows 10 + + +This section illustrates how to add drivers for Windows 10 through an example in which you want to import Windows 10 drivers for the HP EliteBook 8560w model. For the purposes of this section, we assume that you have downloaded the Windows 10 drivers for the HP EliteBook 8560w model and copied them to the E:\\Sources\\OSD\\DriverSources\\Windows 10 x64\\HP EliteBook 8560w folder on CM01. + +1. On CM01, using the Configuration Manager Console, right-click the **Drivers** folder and select **Import Driver**. + +2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, below the Import all drivers in the following network path (UNC) option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\Windows 10 x64\\HP EliteBook 8560w** folder and click **Next**. + +3. On the **Specify the details for the imported driver** page, click **Categories**, create a category named Windows 10 x64 - HP EliteBook 8560w, and then click **Next**. + + ![Create driver categories](../images/fig22-createcategories.png "Create driver categories") + + *Figure 22. Create driver categories* + +4. On the **Select the packages to add the imported driver** page, click **New Package**, use the following settings for the package, and then click **Next**: + + * Name: Windows 10 x64 - HP EliteBook 8560w + + * Path: \\\\CM01\\Sources$\\OSD\\DriverPackages\\Windows 10 x64\\HP EliteBook 8560w + + >[!NOTE] + >The package path does not yet exist, so you have to type it in. The wizard will create the new package in that folder. + + +5. On the **Select drivers to include in the boot image** page, do not select anything, and click **Next** twice. After the package has been created, click **Close**. + + >[!NOTE] + >If you want to monitor the driver import process more closely, you can open the SMSProv.log file during driver import. + + ![Drivers imported and a new driver package created](../images/mdt-06-fig26.png "Drivers imported and a new driver package created") + + *Figure 23. Drivers imported and a new driver package created* + +## Related topics + + +[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md) + + +[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) + +[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md) + +[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md) + +[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md) + +[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md) + +[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md) + +[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) + +[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) diff --git a/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md index b695cf75f7..bad7159496 100644 --- a/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md @@ -1,6 +1,6 @@ --- title: Finalize operating system configuration for Windows 10 deployment -description: This topic walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enablement of the optional Microsoft Deployment Toolkit (MDT) monitoring for Microsoft System Center 2012 R2 Configuration Manager, logs folder creation, rules configuration, content distribution, and deployment of the previously created task sequence. +description: Follow this walk-through to finalize the configuration of your Windows 10 operating deployment. ms.assetid: 38b55fa8-e717-4689-bd43-8348751d493e ms.reviewer: manager: laurawi diff --git a/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md index d5fce49214..e09b542e0e 100644 --- a/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md +++ b/windows/deployment/deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md @@ -1,6 +1,6 @@ --- title: Monitor the Windows 10 deployment with Configuration Manager -description: In this topic, you will learn how to monitor a Windows 10 deployment that was started previously using Microsoft System Center 2012 R2 Configuration Manager and the Microsoft Deployment Toolkit (MDT) Deployment Workbench. +description: Learn how to monitor a Windows 10 deployment with Configuration Manager. Use the Deployment Workbench to access the computer remotely. ms.assetid: 4863c6aa-6369-4171-8e1a-b052ca195fce ms.reviewer: manager: laurawi diff --git a/windows/deployment/planning/using-the-sua-tool.md b/windows/deployment/planning/using-the-sua-tool.md index 008d9e50a5..e1293703ac 100644 --- a/windows/deployment/planning/using-the-sua-tool.md +++ b/windows/deployment/planning/using-the-sua-tool.md @@ -1,92 +1,93 @@ ---- -title: Using the SUA Tool (Windows 10) -description: By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature. -ms.assetid: ebe52061-3816-47f7-a865-07bc5f405f03 -ms.reviewer: -manager: laurawi -ms.author: greglin -ms.prod: w10 -ms.mktglfcycl: plan -ms.pagetype: appcompat -ms.sitesec: library -audience: itpro author: greg-lindsay -ms.date: 04/19/2017 -ms.topic: article ---- - -# Using the SUA Tool - - -**Applies to** - -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 -- Windows Server 2008 R2 - -By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature. - -The SUA Wizard also addresses UAC-related issues. In contrast to the SUA tool, the SUA Wizard guides you through the process step by step, without the in-depth analysis of the SUA tool. For information about the SUA Wizard, see [Using the SUA Wizard](using-the-sua-wizard.md). - -In the SUA tool, you can turn virtualization on and off. When you turn virtualization off, the tested application may function more like the way it does in earlier versions of Windows®. - -In the SUA tool, you can choose to run the application as **Administrator** or as **Standard User**. Depending on your selection, you may locate different types of UAC-related issues. - -## Testing an Application by Using the SUA Tool - - -Before you can use the SUA tool, you must install Application Verifier. You must also install the Microsoft® .NET Framework 3.5 or later. - -The following flowchart shows the process of using the SUA tool. - -![act sua flowchart](images/dep-win8-l-act-suaflowchart.jpg) - -**To collect UAC-related issues by using the SUA tool** - -1. Close any open instance of the SUA tool or SUA Wizard on your computer. - - If there is an existing SUA instance on the computer, the SUA tool opens in log viewer mode instead of normal mode. In log viewer mode, you cannot start applications, which prevents you from collecting UAC issues. - -2. Run the Standard User Analyzer. - -3. In the **Target Application** box, browse to the executable file for the application that you want to analyze, and then double-click to select it. - -4. Clear the **Elevate** check box, and then click **Launch**. - - If a **Permission denied** dialog box appears, click **OK**. The application starts, despite the warning. - -5. Exercise the aspects of the application for which you want to gather information about UAC issues. - -6. Exit the application. - -7. Review the information from the various tabs in the SUA tool. For information about each tab, see [Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md). - -**To review and apply the recommended mitigations** - -1. In the SUA tool, on the **Mitigation** menu, click **Apply Mitigations**. - -2. Review the recommended compatibility fixes. - -3. Click **Apply**. - - The SUA tool generates a custom compatibility-fix database and automatically applies it to the local computer, so that you can test the fixes to see whether they worked. - -## Related topics -[Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md) - -[Showing Messages Generated by the SUA Tool](showing-messages-generated-by-the-sua-tool.md) - -[Applying Filters to Data in the SUA Tool](applying-filters-to-data-in-the-sua-tool.md) - -[Fixing Applications by Using the SUA Tool](fixing-applications-by-using-the-sua-tool.md) - -  - -  - - - - - +--- +title: Using the SUA Tool (Windows 10) +description: The Standard User Analyzer (SUA) tool can test applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature. +ms.assetid: ebe52061-3816-47f7-a865-07bc5f405f03 +ms.reviewer: +manager: laurawi +ms.author: greglin +ms.prod: w10 +ms.mktglfcycl: plan +ms.pagetype: appcompat +ms.sitesec: library +audience: itpro +author: greg-lindsay +ms.date: 04/19/2017 +ms.topic: article +--- + +# Using the SUA Tool + + +**Applies to** + +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows 7 +- Windows Server 2012 +- Windows Server 2008 R2 + +By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature. + +The SUA Wizard also addresses UAC-related issues. In contrast to the SUA tool, the SUA Wizard guides you through the process step by step, without the in-depth analysis of the SUA tool. For information about the SUA Wizard, see [Using the SUA Wizard](using-the-sua-wizard.md). + +In the SUA tool, you can turn virtualization on and off. When you turn virtualization off, the tested application may function more like the way it does in earlier versions of Windows®. + +In the SUA tool, you can choose to run the application as **Administrator** or as **Standard User**. Depending on your selection, you may locate different types of UAC-related issues. + +## Testing an Application by Using the SUA Tool + + +Before you can use the SUA tool, you must install Application Verifier. You must also install the Microsoft® .NET Framework 3.5 or later. + +The following flowchart shows the process of using the SUA tool. + +![act sua flowchart](images/dep-win8-l-act-suaflowchart.jpg) + +**To collect UAC-related issues by using the SUA tool** + +1. Close any open instance of the SUA tool or SUA Wizard on your computer. + + If there is an existing SUA instance on the computer, the SUA tool opens in log viewer mode instead of normal mode. In log viewer mode, you cannot start applications, which prevents you from collecting UAC issues. + +2. Run the Standard User Analyzer. + +3. In the **Target Application** box, browse to the executable file for the application that you want to analyze, and then double-click to select it. + +4. Clear the **Elevate** check box, and then click **Launch**. + + If a **Permission denied** dialog box appears, click **OK**. The application starts, despite the warning. + +5. Exercise the aspects of the application for which you want to gather information about UAC issues. + +6. Exit the application. + +7. Review the information from the various tabs in the SUA tool. For information about each tab, see [Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md). + +**To review and apply the recommended mitigations** + +1. In the SUA tool, on the **Mitigation** menu, click **Apply Mitigations**. + +2. Review the recommended compatibility fixes. + +3. Click **Apply**. + + The SUA tool generates a custom compatibility-fix database and automatically applies it to the local computer, so that you can test the fixes to see whether they worked. + +## Related topics +[Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md) + +[Showing Messages Generated by the SUA Tool](showing-messages-generated-by-the-sua-tool.md) + +[Applying Filters to Data in the SUA Tool](applying-filters-to-data-in-the-sua-tool.md) + +[Fixing Applications by Using the SUA Tool](fixing-applications-by-using-the-sua-tool.md) + +  + +  + + + + + diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md index 57d74a1341..ba83d6224b 100644 --- a/windows/deployment/planning/windows-to-go-overview.md +++ b/windows/deployment/planning/windows-to-go-overview.md @@ -1,6 +1,6 @@ --- title: Windows To Go feature overview (Windows 10) -description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs. +description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that lets you create a workspace that can be booted from a USB-connected drive. ms.assetid: 9df82b03-acba-442c-801d-56db241f8d42 ms.reviewer: manager: laurawi diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index 99d02689bd..d924d3f98c 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -1,6 +1,6 @@ --- title: Microsoft-compatible security key -description: Windows 10 enables users to sign in to their device using a security key. How is a Microsoft-compatible security key different (and better) than any other FIDO2 security key +description: Learn how a Microsoft-compatible security key for Windows 10 is different (and better) than any other FIDO2 security key. keywords: FIDO2, security key, CTAP, Hello, WHFB ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md index e6ee5742aa..f107a2346a 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md @@ -1,6 +1,6 @@ --- title: User Account Control security policy settings (Windows 10) -description: You can use security policies to configure how User Account Control works in your organization. They can be configured locally by using the Local Security Policy snap-in (secpol.msc) or configured for the domain, OU, or specific groups by Group Policy. +description: You can use security policies to configure how User Account Control works in your organization. ms.assetid: 3D75A9AC-69BB-4EF2-ACB3-1769791E1B98 ms.reviewer: ms.prod: w10 diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md index 8905cdb7b4..3338a0ebab 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md @@ -1,6 +1,6 @@ --- title: Create a Windows Information Protection (WIP) policy using Microsoft Intune (Windows 10) -description: Microsoft Intune and System Center Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. +description: Microsoft Intune and System Center Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy. ms.assetid: d2059e74-94bd-4e54-ab59-1a7b9b52bdc6 ms.reviewer: ms.prod: w10 diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index 62403b8b81..02c855053e 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -1,6 +1,6 @@ --- title: Protect your enterprise data using Windows Information Protection (WIP) (Windows 10) -description: With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. +description: Learn how to prevent accidental enterprise data leaks through apps and services, such as email, social media, and the public cloud. ms.assetid: 6cca0119-5954-4757-b2bc-e0ea4d2c7032 ms.reviewer: keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, DLP, data loss prevention, data leakage protection diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing.md b/windows/security/threat-protection/auditing/advanced-security-auditing.md index 9270164aec..7c55d51d21 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing.md +++ b/windows/security/threat-protection/auditing/advanced-security-auditing.md @@ -1,6 +1,6 @@ --- title: Advanced security audit policies (Windows 10) -description: Advanced security audit policy settings are found in Security Settings\\Advanced Audit Policy Configuration\\System Audit Policies and appear to overlap with basic security audit policies, but they are recorded and applied differently. +description: Advanced security audit policy settings may appear to overlap with basic policies, but they are recorded and applied differently. Learn more about them here. ms.assetid: 6FE8AC10-F48E-4BBF-979B-43A5DFDC5DFC ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/auditing/audit-audit-policy-change.md b/windows/security/threat-protection/auditing/audit-audit-policy-change.md index 8f4d1d0d23..376cab2bcf 100644 --- a/windows/security/threat-protection/auditing/audit-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-audit-policy-change.md @@ -1,6 +1,6 @@ --- title: Audit Audit Policy Change (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Audit Policy Change, which determines whether the operating system generates audit events when changes are made to audit policy. +description: The Advanced Security Audit policy setting, Audit Audit Policy Change, determines if audit events are generated when changes are made to audit policy. ms.assetid: 7153bf75-6978-4d7e-a821-59a699efb8a9 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-distribution-group-management.md b/windows/security/threat-protection/auditing/audit-distribution-group-management.md index 0c779c954f..2bacdbe3a1 100644 --- a/windows/security/threat-protection/auditing/audit-distribution-group-management.md +++ b/windows/security/threat-protection/auditing/audit-distribution-group-management.md @@ -1,6 +1,6 @@ --- title: Audit Distribution Group Management (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Distribution Group Management, which determines whether the operating system generates audit events for specific distribution-group management tasks. +description: The policy setting, Audit Distribution Group Management, determines if audit events are generated for specific distribution-group management tasks. ms.assetid: d46693a4-5887-4a58-85db-2f6cba224a66 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md index c82bbebd49..4103970aa4 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md @@ -1,6 +1,6 @@ --- title: Audit Filtering Platform Policy Change (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Policy Change, which determines whether the operating system generates audit events for certain IPsec and Windows Filtering Platform actions. +description: The policy setting, Audit Filtering Platform Policy Change, determines if audit events are generated for certain IPsec and Windows Filtering Platform actions. ms.assetid: 0eaf1c56-672b-4ea9-825a-22dc03eb4041 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md index d4aa3ebf77..bf2db28b53 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md @@ -1,6 +1,6 @@ --- title: Audit IPsec Main Mode (Windows 10) -description: This topic for the IT professional describes the advanced security audit policy setting, Audit IPsec Main Mode, which determines whether the operating system generates events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations. +description: Learn about the policy setting, Audit IPsec Main Mode, which determines if the results of certain protocols generate events during Main Mode negotiations. ms.assetid: 06ed26ec-3620-4ef4-a47a-c70df9c8827b ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index fe4cd66839..4b0d88838f 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -1,6 +1,6 @@ --- title: Audit Registry (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Registry, which determines whether the operating system generates audit events when users attempt to access registry objects. +description: The Advanced Security Audit policy setting, Audit Registry, determines if audit events are generated when users attempt to access registry objects. ms.assetid: 02bcc23b-4823-46ac-b822-67beedf56b32 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-sam.md b/windows/security/threat-protection/auditing/audit-sam.md index 10c0796852..6e60284ead 100644 --- a/windows/security/threat-protection/auditing/audit-sam.md +++ b/windows/security/threat-protection/auditing/audit-sam.md @@ -1,6 +1,6 @@ --- title: Audit SAM (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit SAM, which enables you to audit events that are generated by attempts to access Security Account Manager (SAM) objects. +description: The Advanced Security Audit policy setting, Audit SAM, enables you to audit events generated by attempts to access Security Account Manager (SAM) objects. ms.assetid: 1d00f955-383d-4c95-bbd1-fab4a991a46e ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/auditing/audit-security-system-extension.md b/windows/security/threat-protection/auditing/audit-security-system-extension.md index 3d2beb88d0..50dcccadde 100644 --- a/windows/security/threat-protection/auditing/audit-security-system-extension.md +++ b/windows/security/threat-protection/auditing/audit-security-system-extension.md @@ -1,6 +1,6 @@ --- title: Audit Security System Extension (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Security System Extension, which determines whether the operating system generates audit events related to security system extensions. +description: The Advanced Security Audit policy setting, Audit Security System Extension, determines if audit events related to security system extensions are generated. ms.assetid: 9f3c6bde-42b2-4a0a-b353-ed3106ebc005 ms.reviewer: manager: dansimp diff --git a/windows/security/threat-protection/intelligence/understanding-malware.md b/windows/security/threat-protection/intelligence/understanding-malware.md index c28ab7c0e4..eb417b74dd 100644 --- a/windows/security/threat-protection/intelligence/understanding-malware.md +++ b/windows/security/threat-protection/intelligence/understanding-malware.md @@ -1,7 +1,7 @@ --- title: Understanding malware & other threats ms.reviewer: -description: Learn about the most prevalent viruses, malware, and other threats. Understand how they arrive, their detailed behaviors, infection symptoms, and how to prevent & remove them. +description: Learn about the most prevalent viruses, malware, and other threats. Understand how they infect systems, how they behave, and how to prevent and remove them. keywords: security, malware, virus, malware, threat, analysis, research, encyclopedia, dictionary, glossary, ransomware, support scams, unwanted software, computer infection, virus infection, descriptions, remediation, latest threats, mmpc, microsoft malware protection center, wdsi ms.prod: w10 ms.mktglfcycl: secure diff --git a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md index 1723f5ee27..a896140ce6 100644 --- a/windows/security/threat-protection/intelligence/virus-initiative-criteria.md +++ b/windows/security/threat-protection/intelligence/virus-initiative-criteria.md @@ -1,7 +1,7 @@ --- title: Microsoft Virus Initiative ms.reviewer: -description: The Microsoft Virus Initiative (MVI) helps organizations that make antivirus or antimalware products integrate with Windows and share antimalware telemetry data with Microsoft. +description: The Microsoft Virus Initiative (MVI) helps organizations that make antivirus or antimalware products integrate with Windows and share telemetry with Microsoft. keywords: security, malware, MVI, Microsoft Malware Protection Center, MMPC, alliances, WDSI ms.prod: w10 ms.mktglfcycl: secure diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md index 35c6a3a37d..8fafbb0b85 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md @@ -1,6 +1,6 @@ --- title: Configure alert notifications in Microsoft Defender ATP -description: Send email notifications to specified recipients to receive new alerts based on severity with Microsoft Defender ATP on Windows 10 Enterprise, Pro, and Education editions. +description: You can use Microsoft Defender Advanced Threat Protection to configure email notification settings for security alerts, based on severity and other criteria. keywords: email notifications, configure alert notifications, windows defender atp notifications, windows defender atp alerts, windows 10 enterprise, windows 10 education search.product: eADQiWindows 10XVcnh search.appverid: met150 diff --git a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md index cbdc94c7ae..e9e6d09cf2 100644 --- a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md +++ b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md @@ -1,6 +1,6 @@ --- title: Audit Shut down system immediately if unable to log security audits (Windows 10) -description: Describes the best practices, location, values, management practices, and security considerations for the Audit Shut down system immediately if unable to log security audits security policy setting. +description: Best practices, security considerations, and more for the security policy setting, Audit Shut down system immediately if unable to log security audits. ms.assetid: 2cd23cd9-0e44-4d0b-a1f1-39fc29303826 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md index 4d60dbd07d..dbef4f23b0 100644 --- a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md +++ b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md @@ -1,6 +1,6 @@ --- title: DCOM Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax (Windows 10) -description: Describes the best practices, location, values, and security considerations for the DCOM Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax policy setting. +description: Learn about best practices and more for the syntax policy setting, DCOM Machine Access Restrictions in Security Descriptor Definition Language (SDDL). ms.assetid: 0fe3521a-5252-44df-8a47-8d92cf936e7c ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md index 1ffae4c1ad..c7de16a3ed 100644 --- a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md +++ b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md @@ -1,6 +1,6 @@ --- title: Deny access to this computer from the network (Windows 10) -description: Describes the best practices, location, values, policy management, and security considerations for the Deny access to this computer from the network security policy setting. +description: Best practices, location, values, policy management, and security considerations for the Deny access to this computer from the network security policy setting. ms.assetid: 935e9f89-951b-4163-b186-fc325682bb0b ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md index dcf829294a..1968ce5913 100644 --- a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md +++ b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md @@ -1,6 +1,6 @@ --- title: Trust computer and user accounts for delegation (Windows 10) -description: Describes the best practices, location, values, policy management, and security considerations for the Enable computer and user accounts to be trusted for delegation security policy setting. +description: Learn about best practices, security considerations and more for the security policy setting, Enable computer and user accounts to be trusted for delegation. ms.assetid: 524062d4-1595-41f3-8ce1-9c85fd21497b ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md index 4078193cc3..3668aaef4c 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md @@ -1,6 +1,6 @@ --- title: Network access Do not allow storage of passwords and credentials for network authentication (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the Network access Do not allow storage of passwords and credentials for network authentication security policy setting. +description: Learn about best practices and more for the security policy setting, Network access Do not allow storage of passwords and credentials for network authentication ms.assetid: b9b64360-36ea-40fa-b795-2d6558c46563 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md index 594926f1d8..1fbdd1c98d 100644 --- a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md +++ b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md @@ -1,6 +1,6 @@ --- title: Network access Shares that can be accessed anonymously (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the Network access Shares that can be accessed anonymously security policy setting. +description: Learn about best practices, security considerations, and more for the security policy setting, Network access Shares that can be accessed anonymously. ms.assetid: f3e4b919-8279-4972-b415-5f815e2f0a1a ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md index 070f0d589a..de1024fc83 100644 --- a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md @@ -1,6 +1,6 @@ --- title: Shutdown Allow system to be shut down without having to log on (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the Shutdown Allow system to be shut down without having to log on security policy setting. +description: Best practices, security considerations and more for the security policy setting, Shutdown Allow system to be shut down without having to log on. ms.assetid: f3964767-5377-4416-8eb3-e14d553a7315 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md index 6023a2ff25..08eaf1bdab 100644 --- a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md +++ b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md @@ -1,6 +1,6 @@ --- title: System objects Require case insensitivity for non-Windows subsystems (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the System objects Require case insensitivity for non-Windows subsystems security policy setting. +description: Best practices, security considerations and more for the security policy setting, System objects Require case insensitivity for non-Windows subsystems. ms.assetid: 340d6769-8f33-4067-8470-1458978d1522 ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md index d0232771ba..2fd36ac32f 100644 --- a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md +++ b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md @@ -1,6 +1,6 @@ --- title: User Account Control Detect application installations and prompt for elevation (Windows 10) -description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Detect application installations and prompt for elevation security policy setting. +description: Learn about best practices and more for the security policy setting, User Account Control Detect application installations and prompt for elevation. ms.assetid: 3f8cb170-ba77-4c9f-abb3-c3ed1ef264fc ms.reviewer: ms.author: dansimp diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md index 4b12248403..e33dc7ed87 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/manage-packaged-apps-with-applocker.md @@ -1,6 +1,6 @@ --- title: Manage packaged apps with AppLocker (Windows 10) -description: This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy. +description: Learn concepts and lists procedures to help you manage packaged apps with AppLocker as part of your overall application control strategy. ms.assetid: 6d0c99e7-0284-4547-a30a-0685a9916650 ms.reviewer: ms.author: dansimp From cc49423deab42d82f11745b8898416ba55c0eebf Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Fri, 20 Dec 2019 14:57:06 -0800 Subject: [PATCH 66/93] Changed "preventions systems" to "prevention systems" --- .../protect-enterprise-data-using-wip.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index 02c855053e..fc2050b5d2 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -59,7 +59,7 @@ To help address this security insufficiency, companies developed data loss preve - **The ability to specify what happens when data matches a rule, including whether employees can bypass enforcement.** For example, in Microsoft SharePoint and SharePoint Online, the Microsoft data loss prevention system lets you warn your employees that shared data includes sensitive info, and to share it anyway (with an optional audit log entry). -Unfortunately, data loss prevention systems have their own problems. For example, the more detailed the rule set, the more false positives are created, leading employees to believe that the rules slow down their work and need to be bypassed in order to remain productive, potentially leading to data being incorrectly blocked or improperly released. Another major problem is that data loss prevention systems must be widely implemented to be effective. For example, if your company uses a data loss prevention system for email, but not for file shares or document storage, you might find that your data leaks through the unprotected channels. But perhaps the biggest problem with data loss preventions systems is that it provides a jarring experience that interrupts the employees’ natural workflow by stopping some operations (such as sending a message with an attachment that the system tags as sensitive) while allowing others, often according to subtle rules that the employee doesn’t see and can’t understand. +Unfortunately, data loss prevention systems have their own problems. For example, the more detailed the rule set, the more false positives are created, leading employees to believe that the rules slow down their work and need to be bypassed in order to remain productive, potentially leading to data being incorrectly blocked or improperly released. Another major problem is that data loss prevention systems must be widely implemented to be effective. For example, if your company uses a data loss prevention system for email, but not for file shares or document storage, you might find that your data leaks through the unprotected channels. But perhaps the biggest problem with data loss prevention systems is that it provides a jarring experience that interrupts the employees’ natural workflow by stopping some operations (such as sending a message with an attachment that the system tags as sensitive) while allowing others, often according to subtle rules that the employee doesn’t see and can’t understand. ### Using information rights management systems To help address the potential data loss prevention system problems, companies developed information rights management (also known as IRM) systems. Information rights management systems embed protection directly into documents, so that when an employee creates a document, he or she determines what kind of protection to apply. For example, an employee can choose to stop the document from being forwarded, printed, shared outside of the organization, and so on. From d89b0b9b58287ebb894945d84ff6da23532881fb Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sat, 21 Dec 2019 16:26:04 +0530 Subject: [PATCH 67/93] Added particular file name added the particular file name **Surface_Brightness_Control_v1.16.137.0.msi** which will be used to control the surface brightness --- devices/surface/microsoft-surface-brightness-control.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md index 8c512f48c2..1765b71f55 100644 --- a/devices/surface/microsoft-surface-brightness-control.md +++ b/devices/surface/microsoft-surface-brightness-control.md @@ -22,8 +22,7 @@ kiosk scenarios, you can optimize power management using the new Surface Brightness Control app. Available for download with [Surface Tools for -IT](https://www.microsoft.com/download/details.aspx?id=46703), Surface Brightness Control is -designed to help reduce thermal load and lower the overall carbon +IT](https://www.microsoft.com/download/details.aspx?id=46703), Download only this file **Surface_Brightness_Control_v1.16.137.0.msi**. Surface Brightness Control is designed to help reduce thermal load and lower the overall carbon footprint for deployed Surface devices. The tool automatically dims the screen when not in use and includes the following configuration options: From 311fa6a79a4259ab89c192b73ecf82dc16357d17 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 21 Dec 2019 19:12:33 +0500 Subject: [PATCH 68/93] Missing Windows Version Added missing Windows version in the document. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5511 --- .../smart-card-certificate-requirements-and-enumeration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md index a408a47cf2..17564fc13b 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md +++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md @@ -185,7 +185,7 @@ Certificate requirements are listed by versions of the Windows operating system. The smart card certificate has specific format requirements when it is used with Windows XP and earlier operating systems. You can enable any certificate to be visible for the smart card credential provider. -| **Component** | **Requirements for Windows 8.1, Windows 8, Windows 7, and Windows Vista** | **Requirements for Windows XP** | +| **Component** | **Requirements for Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows 10** | **Requirements for Windows XP** | |--------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | CRL distribution point location | Not required | The location must be specified, online, and available, for example:
\[1\]CRL Distribution Point
Distribution Point Name:
Full Name:
URL= | | Key usage | Digital signature | Digital signature | From f370b45fcc9411c59007f88dc1e27a1185be548c Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 21 Dec 2019 21:22:23 +0500 Subject: [PATCH 69/93] Information update Deleting old information and redirecting the user to the current and updated document. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5514 --- .../microsoft-cloud-app-security-config.md | 20 +++++-------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md index 996ac58a26..3010803ba6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md @@ -31,6 +31,10 @@ To benefit from Microsoft Defender Advanced Threat Protection (ATP) cloud app di >[!NOTE] >This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)) or later Windows 10 versions. +> See [Microsoft Defender Advanced Threat Protection integration with Microsoft Cloud App Security](https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration) for detailed integration of Microsoft Defender ATP with Microsoft Cloud App Security. + +## Enable Microsoft Cloud App Security in Microsoft Defender ATP + 1. In the navigation pane, select **Preferences setup** > **Advanced features**. 2. Select **Microsoft Cloud App Security** and switch the toggle to **On**. 3. Click **Save preferences**. @@ -39,21 +43,7 @@ Once activated, Microsoft Defender ATP will immediately start forwarding discove ## View the data collected -1. Browse to the [Cloud App Security portal](https://portal.cloudappsecurity.com). - -2. Navigate to the Cloud Discovery dashboard. - - ![Image of menu to cloud discovery dashboard](images/atp-cloud-discovery-dashboard-menu.png) - -3. Select **Win10 Endpoint Users report**, which contains the data coming from Microsoft Defender ATP. - - ![Win10 endpoint users](./images/win10-endpoint-users.png) - -This report is similar to the existing discovery report with one major difference: you can now benefit from visibility to the machine context. - -Notice the new **Machines** tab that allows you to view the data split to the device dimensions. This is available in the main report page or any subpage (for example, when drilling down to a specific cloud app). - -![Cloud discovery](./images/cloud-discovery.png) +To view and access Microsoft Defender ATP data in Microsoft Cloud Apps Security see [Investigate machines in Cloud App Security](https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security). For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps). From 3de268961dcf2ea1f20cb56d4533172c323717ad Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sat, 21 Dec 2019 21:59:11 +0500 Subject: [PATCH 70/93] Sentence correction There was confusion in the sentence and its updated now. Probolem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5515 --- .../system-guard-secure-launch-and-smm-protection.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md index 5b92c4240f..18526e6918 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md @@ -66,8 +66,7 @@ To verify that Secure Launch is running, use System Information (MSInfo32). Clic >[!NOTE] >To enable System Guard Secure launch, the platform must meet all the baseline requirements for [Device Guard](https://docs.microsoft.com/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control), [Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-requirements), and [Virtualization Based Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). -## Requirements Met by System Guard Enabled Machines -Any machine with System Guard enabled will automatically meet the following low-level hardware requirements: +## System requirments for System Guard |For Intel® vPro™ processors starting with Intel® Coffeelake, Whiskeylake, or later silicon|Description| |--------|-----------| From ac7ad5f086bb1535bc9f06189cf01f7bb8655221 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sat, 21 Dec 2019 22:58:08 +0530 Subject: [PATCH 71/93] Added support link and hotfix package link as per the user report, i added the download link for Microsoft Desktop Optimization Pack March 2017 Servicing Release --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index c19488dbb0..a0340871f3 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -39,3 +39,16 @@ This section lists common issues that you may encounter when you upgrade your Ad - Install the required hotfix. - Connect to AGPM using an AGPM client to test that your difference reports are now functioning. + + ## Install Hotfix Package 1 for Microsoft Advanced Group Policy Management 4.0 SP3 + + AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs) + install the latest version of Microsoft Desktop Optimization Pack (March 2017 Servicing Release). See KB 4014009 for more information. + + Download the Microsoft Desktop Optimization Pack March 2017 Servicing Release from below link + https://www.microsoft.com/en-us/download/details.aspx?id=54967 + + + ## Reference link + https://support.microsoft.com/en-us/help/3127165/hotfix-package-1-for-microsoft-advanced-group-policy-management-4-0-sp + From c1f869dec54af1355275c6898dab60dc12981a73 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 07:06:09 +0530 Subject: [PATCH 72/93] Update mdop/agpm/troubleshooting-agpm40-upgrades.md accepted Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index a0340871f3..99f67155ee 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -40,7 +40,7 @@ This section lists common issues that you may encounter when you upgrade your Ad - Connect to AGPM using an AGPM client to test that your difference reports are now functioning. - ## Install Hotfix Package 1 for Microsoft Advanced Group Policy Management 4.0 SP3 +## Install Hotfix Package 1 for Microsoft Advanced Group Policy Management 4.0 SP3 AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs) install the latest version of Microsoft Desktop Optimization Pack (March 2017 Servicing Release). See KB 4014009 for more information. From 65bae3e61bffe98ca2d21e1f4c5fce06769a8062 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 07:06:37 +0530 Subject: [PATCH 73/93] Update mdop/agpm/troubleshooting-agpm40-upgrades.md looks good Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index 99f67155ee..a06d29828b 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -42,7 +42,8 @@ This section lists common issues that you may encounter when you upgrade your Ad ## Install Hotfix Package 1 for Microsoft Advanced Group Policy Management 4.0 SP3 - AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs) +**Issue fixed in this hotfix** +AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs). install the latest version of Microsoft Desktop Optimization Pack (March 2017 Servicing Release). See KB 4014009 for more information. Download the Microsoft Desktop Optimization Pack March 2017 Servicing Release from below link From 2f85c29582d9d0008a9678e2b847b53a995b2424 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 07:06:59 +0530 Subject: [PATCH 74/93] Update mdop/agpm/troubleshooting-agpm40-upgrades.md looks ok Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index a06d29828b..7b77f69f0b 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -44,7 +44,11 @@ This section lists common issues that you may encounter when you upgrade your Ad **Issue fixed in this hotfix** AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs). - install the latest version of Microsoft Desktop Optimization Pack (March 2017 Servicing Release). See KB 4014009 for more information. + +**How to get this update** +Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information. + +More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe` from the list presented after pressing the download button. Download the Microsoft Desktop Optimization Pack March 2017 Servicing Release from below link https://www.microsoft.com/en-us/download/details.aspx?id=54967 From bfdfe7d8e6d3ce3ee5d99bbb3e542198a510bd74 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 07:08:58 +0530 Subject: [PATCH 75/93] Update mdop/agpm/troubleshooting-agpm40-upgrades.md this redirects to https://www.microsoft.com/en-us/download/details.aspx?id=54967 Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index 7b77f69f0b..ae6378eb4f 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -51,7 +51,7 @@ Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 S More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe` from the list presented after pressing the download button. Download the Microsoft Desktop Optimization Pack March 2017 Servicing Release from below link - https://www.microsoft.com/en-us/download/details.aspx?id=54967 +https://www.microsoft.com/download/details.aspx?id=54967 ## Reference link From 6154e207a288ff6eae98661c976cba8fd4d4c2ef Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 07:10:11 +0530 Subject: [PATCH 76/93] Update mdop/agpm/troubleshooting-agpm40-upgrades.md this redirects to https://support.microsoft.com/en-in/help/3127165/hotfix-package-1-for-microsoft-advanced-group-policy-management-4-0-sp Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index ae6378eb4f..4301d3b355 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -55,5 +55,5 @@ https://www.microsoft.com/download/details.aspx?id=54967 ## Reference link - https://support.microsoft.com/en-us/help/3127165/hotfix-package-1-for-microsoft-advanced-group-policy-management-4-0-sp +https://support.microsoft.com/help/3127165/hotfix-package-1-for-microsoft-advanced-group-policy-management-4-0-sp From 7ac69c996aaae9da629c9fb70fb327caf78bf337 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 07:10:38 +0530 Subject: [PATCH 77/93] Update mdop/agpm/troubleshooting-agpm40-upgrades.md looks good Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index 4301d3b355..f372d6c288 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -50,7 +50,7 @@ Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 S More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe` from the list presented after pressing the download button. - Download the Microsoft Desktop Optimization Pack March 2017 Servicing Release from below link +Download link to the Microsoft Desktop Optimization Pack (March 2017 Servicing Release) is shown below: https://www.microsoft.com/download/details.aspx?id=54967 From 7e813f3428b2059c954aca7ad3f882f7c55dcb16 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 07:10:52 +0530 Subject: [PATCH 78/93] Update mdop/agpm/troubleshooting-agpm40-upgrades.md ok Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index f372d6c288..1449ec5728 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -54,6 +54,6 @@ Download link to the Microsoft Desktop Optimization Pack (March 2017 Servicing R https://www.microsoft.com/download/details.aspx?id=54967 - ## Reference link +## Reference link https://support.microsoft.com/help/3127165/hotfix-package-1-for-microsoft-advanced-group-policy-management-4-0-sp From 1a351dbbf13c91a8ca551f975118cc2efee891a7 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:25:42 +0530 Subject: [PATCH 79/93] Update devices/surface/microsoft-surface-brightness-control.md ok Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- devices/surface/microsoft-surface-brightness-control.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md index 1765b71f55..f83886b181 100644 --- a/devices/surface/microsoft-surface-brightness-control.md +++ b/devices/surface/microsoft-surface-brightness-control.md @@ -22,7 +22,8 @@ kiosk scenarios, you can optimize power management using the new Surface Brightness Control app. Available for download with [Surface Tools for -IT](https://www.microsoft.com/download/details.aspx?id=46703), Download only this file **Surface_Brightness_Control_v1.16.137.0.msi**. Surface Brightness Control is designed to help reduce thermal load and lower the overall carbon +Surface Brightness Control is designed to help reduce thermal load and lower the overall carbon footprint for deployed Surface devices. +If you plan to get only this tool from the download page, select the file **Surface_Brightness_Control_v1.16.137.0.msi** in the available list. footprint for deployed Surface devices. The tool automatically dims the screen when not in use and includes the following configuration options: From 428b6e7af86fd2f6e831b6abc1a85dcea1bc3685 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:26:08 +0530 Subject: [PATCH 80/93] Update devices/surface/microsoft-surface-brightness-control.md ok Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- devices/surface/microsoft-surface-brightness-control.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md index f83886b181..eb63185e2d 100644 --- a/devices/surface/microsoft-surface-brightness-control.md +++ b/devices/surface/microsoft-surface-brightness-control.md @@ -24,7 +24,7 @@ Brightness Control app. Available for download with [Surface Tools for Surface Brightness Control is designed to help reduce thermal load and lower the overall carbon footprint for deployed Surface devices. If you plan to get only this tool from the download page, select the file **Surface_Brightness_Control_v1.16.137.0.msi** in the available list. -footprint for deployed Surface devices. The tool automatically dims the screen when not in use and +The tool automatically dims the screen when not in use and includes the following configuration options: includes the following configuration options: - Period of inactivity before dimming the display. From 1b00d183a32b1270c69cb10d510f1f07337685ce Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:26:34 +0530 Subject: [PATCH 81/93] Update devices/surface/microsoft-surface-brightness-control.md ok Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- devices/surface/microsoft-surface-brightness-control.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md index eb63185e2d..fff81efcd4 100644 --- a/devices/surface/microsoft-surface-brightness-control.md +++ b/devices/surface/microsoft-surface-brightness-control.md @@ -21,7 +21,7 @@ When deploying Surface devices in point of sale or other “always-on” kiosk scenarios, you can optimize power management using the new Surface Brightness Control app. -Available for download with [Surface Tools for +Available for download with [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703). Surface Brightness Control is designed to help reduce thermal load and lower the overall carbon footprint for deployed Surface devices. If you plan to get only this tool from the download page, select the file **Surface_Brightness_Control_v1.16.137.0.msi** in the available list. The tool automatically dims the screen when not in use and includes the following configuration options: From 9cd7fc1d4b4cf28e93a9595cb9fe22768e7dd138 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:26:56 +0530 Subject: [PATCH 82/93] Update devices/surface/microsoft-surface-brightness-control.md good Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- devices/surface/microsoft-surface-brightness-control.md | 1 - 1 file changed, 1 deletion(-) diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md index fff81efcd4..47c2ffed10 100644 --- a/devices/surface/microsoft-surface-brightness-control.md +++ b/devices/surface/microsoft-surface-brightness-control.md @@ -25,7 +25,6 @@ Available for download with [Surface Tools for IT](https://www.microsoft.com/dow Surface Brightness Control is designed to help reduce thermal load and lower the overall carbon footprint for deployed Surface devices. If you plan to get only this tool from the download page, select the file **Surface_Brightness_Control_v1.16.137.0.msi** in the available list. The tool automatically dims the screen when not in use and includes the following configuration options: -includes the following configuration options: - Period of inactivity before dimming the display. From 15bfda0dcc72b4dde8f248f1b8a281507704306a Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:27:35 +0530 Subject: [PATCH 83/93] Update mdop/agpm/troubleshooting-agpm40-upgrades.md ok Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index 1449ec5728..46d606b246 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -42,7 +42,7 @@ This section lists common issues that you may encounter when you upgrade your Ad ## Install Hotfix Package 1 for Microsoft Advanced Group Policy Management 4.0 SP3 -**Issue fixed in this hotfix** +**Issue fixed in this hotfix**: AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs). AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs). **How to get this update** From 1da0b3d5edde9f4ef8a4a882a64f027aea68e5ff Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:27:56 +0530 Subject: [PATCH 84/93] Update mdop/agpm/troubleshooting-agpm40-upgrades.md ok Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 1 - 1 file changed, 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index 46d606b246..cc3a54124e 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -43,7 +43,6 @@ This section lists common issues that you may encounter when you upgrade your Ad ## Install Hotfix Package 1 for Microsoft Advanced Group Policy Management 4.0 SP3 **Issue fixed in this hotfix**: AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs). -AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs). **How to get this update** Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information. From d294d4dce96263faed89819ccb43fa3b00867f77 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:28:13 +0530 Subject: [PATCH 85/93] Update mdop/agpm/troubleshooting-agpm40-upgrades.md ok Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index cc3a54124e..81eeaea9cf 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -44,7 +44,7 @@ This section lists common issues that you may encounter when you upgrade your Ad **Issue fixed in this hotfix**: AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs). -**How to get this update** +**How to get this update**: Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information. Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information. More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe` from the list presented after pressing the download button. From a0849a5ac51a3a7f16820eaa5406712a09a80811 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:28:28 +0530 Subject: [PATCH 86/93] Update mdop/agpm/troubleshooting-agpm40-upgrades.md ok Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 1 - 1 file changed, 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index 81eeaea9cf..cc4fa92c83 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -45,7 +45,6 @@ This section lists common issues that you may encounter when you upgrade your Ad **Issue fixed in this hotfix**: AGPM can't generate difference reports when it controls or manages new Group Policy Objects (GPOs). **How to get this update**: Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information. -Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information. More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe` from the list presented after pressing the download button. From 816b26c6603e274f9bef04eb3bef1083ecaaba5d Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:28:55 +0530 Subject: [PATCH 87/93] Update mdop/agpm/troubleshooting-agpm40-upgrades.md ok Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index cc4fa92c83..721be58506 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -46,7 +46,7 @@ This section lists common issues that you may encounter when you upgrade your Ad **How to get this update**: Install the latest version of Microsoft Desktop Optimization Pack ([March 2017 Servicing Release](https://www.microsoft.com/download/details.aspx?id=54967)). See [KB 4014009](https://support.microsoft.com/help/4014009/) for more information. -More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe` from the list presented after pressing the download button. +More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe`, from the list presented after pressing the download button. Download link to the Microsoft Desktop Optimization Pack (March 2017 Servicing Release) is shown below: https://www.microsoft.com/download/details.aspx?id=54967 From 6627a1647024f32062f2dabd8de2799918999586 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:29:17 +0530 Subject: [PATCH 88/93] Update mdop/agpm/troubleshooting-agpm40-upgrades.md ok Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index 721be58506..aa0459b438 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -48,7 +48,7 @@ This section lists common issues that you may encounter when you upgrade your Ad More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe`, from the list presented after pressing the download button. -Download link to the Microsoft Desktop Optimization Pack (March 2017 Servicing Release) is shown below: +The download link to the Microsoft Desktop Optimization Pack (March 2017 Servicing Release) can be found [here](https://www.microsoft.com/download/details.aspx?id=54967). https://www.microsoft.com/download/details.aspx?id=54967 From 1ee6d78ec02fc7db69955eb1fb3026b071b17c1c Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Sun, 22 Dec 2019 15:29:39 +0530 Subject: [PATCH 89/93] Update mdop/agpm/troubleshooting-agpm40-upgrades.md ok Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- mdop/agpm/troubleshooting-agpm40-upgrades.md | 1 - 1 file changed, 1 deletion(-) diff --git a/mdop/agpm/troubleshooting-agpm40-upgrades.md b/mdop/agpm/troubleshooting-agpm40-upgrades.md index aa0459b438..0275e8dc91 100644 --- a/mdop/agpm/troubleshooting-agpm40-upgrades.md +++ b/mdop/agpm/troubleshooting-agpm40-upgrades.md @@ -49,7 +49,6 @@ This section lists common issues that you may encounter when you upgrade your Ad More specifically, you can choose to download only the first file, `AGPM4.0SP1_Server_X64_KB4014009.exe`, from the list presented after pressing the download button. The download link to the Microsoft Desktop Optimization Pack (March 2017 Servicing Release) can be found [here](https://www.microsoft.com/download/details.aspx?id=54967). -https://www.microsoft.com/download/details.aspx?id=54967 ## Reference link From 97216a50616cc5a9ed5231ba92193cf3951deebc Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 22 Dec 2019 21:31:16 +0500 Subject: [PATCH 90/93] Update windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../system-guard-secure-launch-and-smm-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md index 18526e6918..05dc390aef 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md @@ -66,7 +66,7 @@ To verify that Secure Launch is running, use System Information (MSInfo32). Clic >[!NOTE] >To enable System Guard Secure launch, the platform must meet all the baseline requirements for [Device Guard](https://docs.microsoft.com/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control), [Credential Guard](https://docs.microsoft.com/windows/security/identity-protection/credential-guard/credential-guard-requirements), and [Virtualization Based Security](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-virtualization-based-protection-of-code-integrity). -## System requirments for System Guard +## System requirements for System Guard |For Intel® vPro™ processors starting with Intel® Coffeelake, Whiskeylake, or later silicon|Description| |--------|-----------| From 9d4826fe2360a80d9f72a71f92c922758855932a Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 22 Dec 2019 21:32:43 +0500 Subject: [PATCH 91/93] Update windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-cloud-app-security-config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md index 3010803ba6..0373464307 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md @@ -43,7 +43,7 @@ Once activated, Microsoft Defender ATP will immediately start forwarding discove ## View the data collected -To view and access Microsoft Defender ATP data in Microsoft Cloud Apps Security see [Investigate machines in Cloud App Security](https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security). +To view and access Microsoft Defender ATP data in Microsoft Cloud Apps Security, see [Investigate machines in Cloud App Security](https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security). For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps). From 749bf1778ec8ed3a9c89ae2b90056fdc28291146 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 22 Dec 2019 21:32:53 +0500 Subject: [PATCH 92/93] Update windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-cloud-app-security-config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md index 0373464307..7b474d5228 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md @@ -31,7 +31,7 @@ To benefit from Microsoft Defender Advanced Threat Protection (ATP) cloud app di >[!NOTE] >This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on machines running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)) or later Windows 10 versions. -> See [Microsoft Defender Advanced Threat Protection integration with Microsoft Cloud App Security](https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration) for detailed integration of Microsoft Defender ATP with Microsoft Cloud App Security. +> See [Microsoft Defender Advanced Threat Protection integration with Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration) for detailed integration of Microsoft Defender ATP with Microsoft Cloud App Security. ## Enable Microsoft Cloud App Security in Microsoft Defender ATP From 1fcddb19408c66437552377b33b5c7d396fe4ddb Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Sun, 22 Dec 2019 21:34:06 +0500 Subject: [PATCH 93/93] Removed language locale Removed language locale --- .../microsoft-cloud-app-security-config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md index 7b474d5228..5779992a72 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md @@ -43,7 +43,7 @@ Once activated, Microsoft Defender ATP will immediately start forwarding discove ## View the data collected -To view and access Microsoft Defender ATP data in Microsoft Cloud Apps Security, see [Investigate machines in Cloud App Security](https://docs.microsoft.com/en-us/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security). +To view and access Microsoft Defender ATP data in Microsoft Cloud Apps Security, see [Investigate machines in Cloud App Security](https://docs.microsoft.com/cloud-app-security/wdatp-integration#investigate-machines-in-cloud-app-security). For more information about cloud discovery, see [Working with discovered apps](https://docs.microsoft.com/cloud-app-security/discovered-apps).