From ae11e2a51a7f4e6d5f7c720f9bf53b0588473116 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Fri, 14 Apr 2017 09:31:01 -0700 Subject: [PATCH 01/17] Updated content --- ...ange-history-for-keep-windows-10-secure.md | 1 + .../create-vpn-and-wip-policy-using-intune.md | 100 +++++------------- 2 files changed, 30 insertions(+), 71 deletions(-) diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index ece3a3c127..7f88bd6164 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -16,6 +16,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md ## March 2017 |New or changed topic |Description | |---------------------|------------| +|[Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Azure Intune](create-vpn-and-wip-poloicy-using-intune.md)|Updated based on Windows 10, version 1703. | |[Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |Updated based on Windows 10, version 1703. | |[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Updated based on Windows 10, version 1703. | |[Deploy your Windows Information Protection (WIP) policy using Microsoft Intune](deploy-wip-policy-using-intune.md) |Updated based on Windows 10, version 1703. diff --git a/windows/keep-secure/create-vpn-and-wip-policy-using-intune.md b/windows/keep-secure/create-vpn-and-wip-policy-using-intune.md index a7f261c3e7..485a568cca 100644 --- a/windows/keep-secure/create-vpn-and-wip-policy-using-intune.md +++ b/windows/keep-secure/create-vpn-and-wip-policy-using-intune.md @@ -11,103 +11,61 @@ author: eross-msft localizationpriority: high --- -# Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune +# Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Azure Intune **Applies to:** -- Windows 10, version 1607 -- Windows 10 Mobile +- Windows 10, version 1703 +- Windows 10 Mobile, version 1703 -After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy. +After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Azure Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy. -## Create your VPN policy using Microsoft Intune +## Create your VPN policy using Microsoft Azure Intune Follow these steps to create the VPN policy you want to use with WIP. **To create your VPN policy** -1. Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy**. +1. Open the Microsoft Azure Intune mobile application management console, click **Device configuration**, and then click **Create Profile**. -2. Go to **Windows**, click the **VPN Profile (Windows 10 Desktop and Mobile and later)**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**. + ![Microsoft Azure Intune, Create a new policy using the the Azure portal](images/wip-azure-vpn-device-policy.png) - ![Microsoft Intune, Create a new policy using the New Policy screen](images/intune-vpn-createpolicy.png) +2. In the **Create Profile** blade, type a name for your profile, such as *Contoso_VPN_Win10*, into the **Name** box, add an optional description for your policy into the **Description** box, select **Windows 10 and later** from the **Platform** dropdown box, select **Custom** from the **Profile type** dropdown box, and then click **Configure**. -3. Type *Contoso_VPN_Win10* into the **Name** box, along with an optional description for your policy into the **Description** box. + ![Microsoft Azure Intune, Create a new policy using the Create Profile blade](images/wip-azure-vpn-configure-policy.png) - ![Microsoft Intune: Fill in the required Name and optional Description for your policy](images/intune-vpn-titledescription.png) +3. In the **Custom OMA-URI Settings** blade, click **Add**. -4. In the **VPN Settings** area, type the following info: +4. In the **Add Row** blade, type: - - **VPN connection name.** This name is also what appears to your employees, so it's important that it be clear and understandable. + - **Name.** Type a name for your setting, such as *EDPModeID*. + + - **Description.** Type an optional description for your setting. + + - **OMA-URI.** Type _./Vendor/MSFT/VPNv2/<VPNProfileName>/EDPModeId_ into the box. - - **Connection type.** Pick the connection type that matches your infrastructure. The options are **Pulse Secure**, **F5 Edge Client**, **Dell SonicWALL Mobile Connect**, or **Check Point Capsule VPN**. + - **Data type.** Select **String** from the dropdown box + + - **Value.** Type your fully-qualified domain that should be used by the OMA-URI setting. For example, _corp.contoso.com_. - - **VPN server description.** A descriptive name for this connection. Only you will see it, but it should be unique and readable. + ![Microsoft Azure Intune, Add your OMA-URI settings](images/wip-azure-vpn-custom-omauri.png) - - **Server IP address or FQDN.** The server's IP address or fully-qualified domain name (FQDN). +5. Click **OK** to save your setting info in the **Add Row** blade, and then click **OK** in the **Custom OMA-URI Settings** blade to save the setting with your policy. - ![Microsoft Intune: Fill in the VPN Settings area](images/intune-vpn-vpnsettings.png) +6. Click **Create** to create the policy, including your OMA_URI info. -5. In the **Authentication** area, choose the authentication method that matches your VPN infrastructure, either **Username and Password** or **Certificates**.

-It's your choice whether you check the box to **Remember the user credentials at each logon**. - - ![Microsoft Intune, Choose the Authentication Method for your VPN system](images/intune-vpn-authentication.png) - -6. You can leave the rest of the default or blank settings, and then click **Save Policy**. - -## Deploy your VPN policy using Microsoft Intune +## Deploy your VPN policy using Microsoft Azure Intune After you’ve created your VPN policy, you'll need to deploy it to the same group you deployed your Windows Information Protection (WIP) policy. -**To deploy your VPN policy** +**To deploy your Custom VPN policy** -1. On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button. +1. On the **App policy** blade, click your newly-created policy, click **User groups** from the menu that appears, and then click **Add user group**. -2. In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**.

-The added people move to the **Selected Groups** list on the right-hand pane. + A list of user groups, made up of all of the security groups in your Azure Active Directory, appear in the **Add user group** blade. - ![Microsoft Intune: Pick the group of employees that should get the policy](images/intune-deploy-vpn.png) +2. Choose the group you want your policy to apply to, and then click **Select** to deploy the policy. -3. After you've picked all of the employees and groups that should get the policy, click **OK**.

-The policy is deployed to the selected users' devices. + The policy is deployed to the selected users' devices. -## Link your WIP and VPN policies and deploy the custom configuration policy -The final step to making your VPN configuration work with WIP, is to link your two policies together. To do this, you must first create a custom configuration policy, setting it to use your **EDPModeID** setting, and then deploying the policy to the same group you deployed your WIP and VPN policies - -**To link your VPN policy** - -1. Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy**. - -2. Go to **Windows**, click the **Custom Configuration (Windows 10 Desktop and Mobile and later)**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**. - - ![Microsoft Intune, Create a new policy from the New Policy screen](images/intune-vpn-customconfig.png) - -3. Type a name (required) and an optional description for your policy into the **Name** and **Description** boxes. - - ![Microsoft Intune: Fill in the required Name and optional Description for your policy](images/intune-vpn-wipmodeid.png) - -4. In the **OMA-URI Settings** area, click **Add** to add your **EDPModeID** info. - -5. In the **OMA-URI Settings** area, type the following info: - - - **Setting name.** Type **EDPModeID** as the name. - - - **Data type.** Pick the **String** data type. - - - **OMA-URI.** Type `./Vendor/MSFT/VPNv2//EDPModeId`, replacing <*VPNProfileName*> with the name you gave to your VPN policy. For example, `./Vendor/MSFT/VPNv2/W10-Checkpoint-VPN1/EDPModeId`. - - - **Value.** Your fully-qualified domain that should be used by the OMA-URI setting. - - ![Microsoft Intune: Fill in the OMA-URI Settings for the EMPModeID setting](images/intune-vpn-omaurisettings.png) - -6. Click **OK** to save your new OMA-URI setting, and then click **Save Policy.** - - **To deploy your linked policy** - -1. On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button. - -2. In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**. The added people move to the **Selected Groups** list on the right-hand pane. - - ![Microsoft Intune, Manage Deployment box used to deploy your linked VPN policy](images/intune-groupselection_vpnlink.png) - -3. After you've picked all of the employees and groups that should get the policy, click **OK**. The policy is deployed to the selected users' devices. + ![Microsoft Intune: Pick your user groups that should get the policy when it's deployed](images/wip-azure-add-user-groups.png) >[!NOTE] >Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md). \ No newline at end of file From 484e0dde299f74b90f08de7676e700a1e73ec266 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Fri, 14 Apr 2017 09:39:06 -0700 Subject: [PATCH 02/17] Fixing typo --- .../keep-secure/change-history-for-keep-windows-10-secure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index 7f88bd6164..e163691c6d 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -16,7 +16,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md ## March 2017 |New or changed topic |Description | |---------------------|------------| -|[Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Azure Intune](create-vpn-and-wip-poloicy-using-intune.md)|Updated based on Windows 10, version 1703. | +|[Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md)|Updated based on Windows 10, version 1703. | |[Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |Updated based on Windows 10, version 1703. | |[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Updated based on Windows 10, version 1703. | |[Deploy your Windows Information Protection (WIP) policy using Microsoft Intune](deploy-wip-policy-using-intune.md) |Updated based on Windows 10, version 1703. From 15eca4852da0adee4aefebfb6f7034737f7db3b0 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Thu, 20 Apr 2017 08:42:34 -0700 Subject: [PATCH 03/17] Fixed conflict --- .../keep-secure/change-history-for-keep-windows-10-secure.md | 3 +-- .../threat-protection/change-history-for-threat-protection.md | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index bc62d9c947..239dcf860d 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -16,8 +16,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md ## March 2017 |New or changed topic |Description | |---------------------|------------| -|[Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md)|Updated based on Windows 10, version 1703. | -|[How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md) |New | + |[Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |Updated based on Windows 10, version 1703. | |[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Updated based on Windows 10, version 1703. | |[Deploy your Windows Information Protection (WIP) policy using Microsoft Intune](deploy-wip-policy-using-intune.md) |Updated based on Windows 10, version 1703. diff --git a/windows/threat-protection/change-history-for-threat-protection.md b/windows/threat-protection/change-history-for-threat-protection.md index 5ada088112..ee41beee2f 100644 --- a/windows/threat-protection/change-history-for-threat-protection.md +++ b/windows/threat-protection/change-history-for-threat-protection.md @@ -14,6 +14,7 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc ## March 2017 |New or changed topic |Description | |---------------------|------------| +|[Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Azure Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md)|Updated based on Windows 10, version 1703. | |[How to collect Windows Information Protection (WIP) audit event logs](windows-information-protection\collect-wip-audit-event-logs.md) |New | |[Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](windows-information-protection\mandatory-settings-for-wip.md) |Updated based on Windows 10, version 1703. | |[Create a Windows Information Protection (WIP) policy using Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md) |Updated based on Windows 10, version 1703. | From 6601f65f22fe23e2e80f6d8c72642229ee2a883b Mon Sep 17 00:00:00 2001 From: LizRoss Date: Thu, 20 Apr 2017 08:47:39 -0700 Subject: [PATCH 04/17] Fixing conflict --- ...ange-history-for-keep-windows-10-secure.md | 193 ------------------ 1 file changed, 193 deletions(-) delete mode 100644 windows/keep-secure/change-history-for-keep-windows-10-secure.md diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md deleted file mode 100644 index 239dcf860d..0000000000 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ /dev/null @@ -1,193 +0,0 @@ ---- -title: Change history for Keep Windows 10 secure (Windows 10) -description: This topic lists new and updated topics in the Keep Windows 10 secure documentation for Windows 10 and Windows 10 Mobile. -ms.assetid: E50EC5E6-71AA-4FF1-8356-574CFDB8079B -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -author: brianlic-msft ---- - -# Change history for Keep Windows 10 secure -This topic lists new and updated topics in the [Keep Windows 10 secure](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md). - - -## March 2017 -|New or changed topic |Description | -|---------------------|------------| - -|[Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |Updated based on Windows 10, version 1703. | -|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Updated based on Windows 10, version 1703. | -|[Deploy your Windows Information Protection (WIP) policy using Microsoft Intune](deploy-wip-policy-using-intune.md) |Updated based on Windows 10, version 1703. -|[Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md) |Added additional limitations for Windows 10, version 1703.| -|[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md)|Added content about recovering data from a cloud environment.| -|[Protect derived domain credentials with Credential Guard](credential-guard.md) |Updated to include additional security qualifications starting with Window 10, version 1703.| -|[Requirements and deployment planning guidelines for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md) |Updated to include additional security qualifications starting with Window 10, version 1703.| -|[Windows Defender SmartScreen overview](windows-defender-smartscreen-overview.md)|New | -|[Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen-available-settings.md)|New | -|[Use Windows Defender Security Center to set Windows Defender SmartScreen for individual devices](windows-defender-smartscreen-set-individual-device.md)|New | -|[Overview of threat mitigations in Windows 10](overview-of-threat-mitigations-in-windows-10.md) | Reorganized from existing content, to provide a better overview of threat mitigations. Explains how mitigations in the Enhanced Mitigation Experience Toolkit (EMET) relate to those in Windows 10. | - -## January 2017 -|New or changed topic |Description | -|---------------------|------------| -|[Determine the Enterprise Context of an app running in Windows Information Protection (WIP)](wip-app-enterprise-context.md) |New | -|[Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md) |Updated to include info about USB drives and Azure RMS (Windows Insider Program only) and to add more info about Work Folders and Offline files. | -|[Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)](recommended-network-definitions-for-wip.md) |New | -|[Using Outlook on the web with Windows Information Protection (WIP)](using-owa-with-wip.md) |New | -| Microsoft Passport guide | Content merged into [Windows Hello for Business](hello-identity-verification.md) topics | - -## December 2016 -|New or changed topic |Description | -|---------------------|------------| -|[Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md) |Added filter examples for Windows 10 and Windows Server 2016. | - - - -## November 2016 -| New or changed topic | Description | -| --- | --- | -|[Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md), [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md), and [Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) |Added additional details about what happens when you turn off WIP. | -|[Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune.md) |Changed WIPModeID to EDPModeID, to match the CSP. | - - - -## October 2016 - -| New or changed topic | Description | -| --- | --- | -|[List of enlightened Microsoft apps for use with Windows Information Protection (WIP)](enlightened-microsoft-apps-and-wip.md) |Added Microsoft Remote Desktop information. | -|[Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) and [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Updated the text about where the optioanl icon overlay appears.| -|[Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md) |Added content about using ActiveX controls.| -|[Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)](app-behavior-with-wip.md) |New | -|[VPN technical guide](vpn-guide.md) | Multiple new topics, replacing previous **VPN profile options** topic | -|[Windows security baselines](windows-security-baselines.md) | Added Windows 10, version 1607 and Windows Server 2016 baseline | - - -## September 2016 - -| New or changed topic | Description | -| --- | --- | -|[Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md) | New | -|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Updated the networking table to clarify details around Enterprise Cloud Resources and Enterprise Proxy Servers. | -|[Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) |Updated the networking table to clarify details around Enterprise Cloud Resources and Enterprise Proxy Servers. | -| [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md) | Clarified how convenience PIN works in Windows 10, version 1607, on domain-joined PCs | -| [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) | Corrected certreq example and added a new Windows PowerShell example for creating a self-signed certificate | - -## August 2016 -|New or changed topic | Description | -|----------------------|-------------| -|[Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |New | -|[Testing scenarios for Windows Information Protection (WIP)](testing-scenarios-for-wip.md) |Updated and added additional scenarios for testing | -|[Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) |Updated to include info from the original What's New and Overview topics | - -## RELEASE: Windows 10, version 1607 - -The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added: - -- [Enable phone sign-in to PC or VPN](enable-phone-signin-to-pc-and-vpn.md) -- [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) -- [Windows Defender Offline in Windows 10](windows-defender-offline.md) -- [Use PowerShell cmdlets to configure and run Windows Defender](use-powershell-cmdlets-windows-defender-for-windows-10.md) -- [Enable the Block at First Sight feature in Windows 10](windows-defender-block-at-first-sight.md) -- [Configure enhanced notifications for Windows Defender in Windows 10](windows-defender-enhanced-notifications.md) -- [Run a Windows Defender scan from the command line](run-cmd-scan-windows-defender-for-windows-10.md) -- [Detect and block Potentially Unwanted Applications with Windows Defender](enable-pua-windows-defender-for-windows-10.md) -- [Assign user access to the Windows Defender ATP portal](assign-portal-access-windows-defender-advanced-threat-protection.md) -- [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) -- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) -- [Configure security information and events management (SIEM) tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md) -- [Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md) - - -## July 2016 - -|New or changed topic | Description | -|----------------------|-------------| -|[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |New | -|[Mandatory settings for Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |New | -|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |New | -|[Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) |New | -|[Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) (multiple topics) | Updated | -|[Device Guard deployment guide](device-guard-deployment-guide.md) (multiple topics) | Updated | - - -## June 2016 - -|New or changed topic | Description | -|----------------------|-------------| -|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Added an update about needing to reconfigure your enterprise data protection app rules after delivery of the June service update. | -| [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md) (multiple topics) | New | -| [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) (mutiple topics) | New security monitoring reference topics | -| [Windows security baselines](windows-security-baselines.md) | New | - -## May 2016 - -|New or changed topic | Description | -|----------------------|-------------| -| [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md) | Changed Internet Explorer to Microsoft Edge | -| [Microsoft Passport errors during PIN creation](microsoft-passport-errors-during-pin-creation.md) | Added errors 0x80090029 and 0x80070057, and merged entries for error 0x801c03ed. | -| [Microsoft Passport guide](microsoft-passport-guide.md) | Updated Roadmap section content | -|[Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) |Updated info based on changes to the features and functionality.| -| [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 | -|[Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) (mutiple topics) | New | - -## April 2016 - -|New or changed topic | Description | -|----------------------|-------------| -|[Protect derived domain credentials with Credential Guard](credential-guard.md) |Clarified Credential Guard protections | - -## March 2016 - -|New or changed topic | Description | -|----------------------|-------------| -|[Requirements to use AppLocker](requirements-to-use-applocker.md) |Added that MDM can be used to manage any edition of Windows 10. Windows 10 Enterprise or Windows Server 2016 is required to manage AppLocker by using Group Policy.| -|[Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) |Added pre-release content about how to set up and deploy Windows Information Protection (WIP) in an enterprise environment.| - -## February 2016 - -| New or changed topic | Description | -|----------------------|-------------| -|[Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md) |New | -|[Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md) |New | -|[Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md) |New | -|[Encrypted Hard Drive](encrypted-hard-drive.md) |New | - -## January 2016 - -|New or changed topic |Description | -|---------------------|------------| -|[Device Guard deployment guide](device-guard-deployment-guide.md) |Updated recommendations in Bring Your Own Device section | -|[Implement Microsoft Passport in your organization](implement-microsoft-passport-in-your-organization.md) |Updated the prerequisites for an Azure Active Directory/Active Directory hybrid environment | -|[Microsoft Passport and password changes](microsoft-passport-and-password-changes.md) |Updated to clarify that this procedure is not needed for Passport for Work | -|[Microsoft Passport guide](microsoft-passport-guide.md) |Updated the prerequisites for an Azure Active Directory/Active Directory hybrid environment | -|[Windows 10 Mobile security guide](windows-10-mobile-security-guide.md) |New | - -## December 2015 - -|New or changed topic |Description | -|---------------------|------------| -|[Device Guard certification and compliance](device-guard-certification-and-compliance.md) |Updated | -|[Microsoft Passport errors during PIN creation](microsoft-passport-errors-during-pin-creation.md) |Updated | -|[Protect derived domain credentials with Credential Guard](credential-guard.md) |Updated | -|[Security policy settings](security-policy-settings.md) (multiple topics) |Updated | - -## November 2015 - -|New or changed topic |Description | -|---------------------|-------------| -|[Windows Defender in Windows 10](windows-defender-in-windows-10.md) |New | -|[Windows Hello biometrics in the enterprise](windows-hello-in-enterprise.md)|New | -|[AppLocker](applocker-overview.md) (multiple topics) |Updated | -|[Device Guard certification and compliance](device-guard-certification-and-compliance.md) |Updated | -|[Device Guard deployment guide](device-guard-deployment-guide.md) |Updated | -|[Security auditing](security-auditing-overview.md) (multiple topics) |Updated | -|[Why a PIN is better than a password](why-a-pin-is-better-than-a-password.md) |Updated | - -## Related topics -- [Change history for What's new in Windows 10](../whats-new/change-history-for-what-s-new-in-windows-10.md) -- [Change history for Plan for Windows 10 deployment](../plan/change-history-for-plan-for-windows-10-deployment.md) -- [Change history for Deploy Windows 10](../deploy/change-history-for-deploy-windows-10.md) -- [Change history for Manage and update Windows 10](../manage/change-history-for-manage-and-update-windows-10.md) From 0c0dfd310ed4fb221cb88b3e465ee6fa10138487 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Tue, 25 Apr 2017 08:30:47 -0700 Subject: [PATCH 05/17] shared PC WMI script --- .../set-up-shared-or-guest-pc.md | 23 ++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md index 68d3432d27..e93bdd976e 100644 --- a/windows/configuration/set-up-shared-or-guest-pc.md +++ b/windows/configuration/set-up-shared-or-guest-pc.md @@ -85,7 +85,28 @@ You can configure Windows to be in shared PC mode in a couple different ways: ![Shared PC settings in ICD](images/icd-adv-shared-pc.png) -- WMI bridge: Environments that use Group Policy can use the WMI bridge to configure the [SharedPC CSP](https://msdn.microsoft.com/library/windows/hardware/mt723294.aspx). +- WMI bridge: Environments that use Group Policy can use the [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224.aspx) to configure the [MDM_SharedPC class](https://msdn.microsoft.com/library/windows/desktop/mt779129.aspx). For example, open PowerShell as an administrator and enter the following: + +``` +$sharedPC = Get-CimInstance -Namespace "root\cimv2\mdm\dmmap" -ClassName "MDM_SharedPC" +$sharedPC.EnableSharedPCMode = $True +$sharedPC.SetEduPolicies = $True +$sharedPC.SetPowerPolicies = $True +$sharedPC.MaintenanceStartTime = 0 +$sharedPC.SignInOnResume = $True +$sharedPC.SleepTimeout = 0 +$sharedPC.EnableAccountManager = $True +$sharedPC.AccountModel = 2 +$sharedPC.DeletionPolicy = 1 +$sharedPC.DiskLevelDeletion = 25 +$sharedPC.DiskLevelCaching = 50 +$sharedPC.RestrictLocalStorage = $False +$sharedPC.KioskModeAUMID = "" +$sharedPC.KioskModeUserTileDisplayText = "" +$sharedPC.InactiveThreshold = 0 +Set-CimInstance -CimInstance $sharedPC +Get-CimInstance -Namespace $namespaceName -ClassName $MDM_SharedPCClass +``` ### Create a provisioning package for shared use From 8bf6d1675525304d7393a95238621eac4e9bd52a Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Tue, 25 Apr 2017 10:04:54 -0700 Subject: [PATCH 06/17] add change history to client management --- windows/client-management/TOC.md | 1 + .../change-history-for-client-management.md | 23 +++++++++++++++++++ windows/client-management/index.md | 3 ++- ...change-history-for-configure-windows-10.md | 6 +++++ 4 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 windows/client-management/change-history-for-client-management.md diff --git a/windows/client-management/TOC.md b/windows/client-management/TOC.md index 0a84ebaf2e..82de2c56b1 100644 --- a/windows/client-management/TOC.md +++ b/windows/client-management/TOC.md @@ -8,3 +8,4 @@ ## [Reset a Windows 10 Mobile device](reset-a-windows-10-mobile-device.md) ## [Windows 10 Mobile deployment and management guide](windows-10-mobile-and-mdm.md) ## [Windows libraries](windows-libraries.md) +## [Change history for Client management](change-history-for-client-management.md) diff --git a/windows/client-management/change-history-for-client-management.md b/windows/client-management/change-history-for-client-management.md new file mode 100644 index 0000000000..e0349be98b --- /dev/null +++ b/windows/client-management/change-history-for-client-management.md @@ -0,0 +1,23 @@ +--- +title: Change history for Client management (Windows 10) +description: This topic lists changes to documentation for configuring Windows 10. +keywords: +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.pagetype: security +localizationpriority: high +author: jdeckerMS +--- + +# Change history for Client management + +This topic lists new and updated topics in the [Client management](index.md) documentation for Windows 10 and Windows 10 Mobile. + + + +## RELEASE: Windows 10, version 1703 + +The topics in this library have been updated for Windows 10, version 1703 (also known as the Creators Update). The following new topic has been added: + +- [Manage the Settings app with Group Policy](manage-settings-app-with-group-policy.md) diff --git a/windows/client-management/index.md b/windows/client-management/index.md index 9360321453..b26f244d6c 100644 --- a/windows/client-management/index.md +++ b/windows/client-management/index.md @@ -8,7 +8,7 @@ author: jdeckerMS localizationpriority: medium --- -# Client Management +# Client management **Applies to** - Windows 10 @@ -28,3 +28,4 @@ Learn about the administrative tools, tasks and best practices for managing Wind |[Reset a Windows 10 Mobile device](reset-a-windows-10-mobile-device.md)| Instructions for resetting a Windows 10 Mobile device using either *factory* or *'wipe and persist'* reset options| |[Deploy Windows 10 Mobile](windows-10-mobile-and-mdm.md)| Considerations and instructions for deploying Windows 10 Mobile| |[Windows libraries](windows-libraries.md)| Considerations and instructions for managing Windows 10 libraries such as My Documents, My Pictures, and My Music.| +|[Change history for Client management](change-history-for-client-management.md) | This topic lists new and updated topics in the Client management documentation for Windows 10 and Windows 10 Mobile. | \ No newline at end of file diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md index 8398eff1df..726fbd96c4 100644 --- a/windows/configuration/change-history-for-configure-windows-10.md +++ b/windows/configuration/change-history-for-configure-windows-10.md @@ -14,6 +14,12 @@ author: jdeckerMS This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile. +## April 2017 + +| New or changed topic | Description | +| --- | --- | +| [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md) | Added instructions for using WMI bridge to configure shared PC | + ## RELEASE: Windows 10, version 1703 From dd13ef8cd97533da8bc6e56dfa2225f91a33b35c Mon Sep 17 00:00:00 2001 From: LizRoss Date: Tue, 25 Apr 2017 11:35:23 -0700 Subject: [PATCH 07/17] Added note with links for creating the VPN profile --- .../create-vpn-and-wip-policy-using-intune.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md b/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md index a186b9a8a5..64ffc85c66 100644 --- a/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md +++ b/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md @@ -19,9 +19,14 @@ localizationpriority: high After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Azure Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy. +>[!Note] +>Before you create your VPN policy, you must first create your VPN profile. For more info about how to do this, see https://docs.microsoft.com/en-us/intune-azure/configure-devices/how-to-configure-vpn-settings and https://docs.microsoft.com/en-us/intune-azure/configure-devices/create-custom-vpn-profiles#create-a-custom-configuration. + ## Create your VPN policy using Microsoft Azure Intune Follow these steps to create the VPN policy you want to use with WIP. + + **To create your VPN policy** 1. Open the Microsoft Azure Intune mobile application management console, click **Device configuration**, and then click **Create Profile**. From b6cfd9b0183f73c66040535c48459c547a86e648 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Tue, 25 Apr 2017 11:53:46 -0700 Subject: [PATCH 08/17] Fixing links --- .../create-vpn-and-wip-policy-using-intune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md b/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md index 64ffc85c66..e9da7e7497 100644 --- a/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md +++ b/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md @@ -20,7 +20,7 @@ localizationpriority: high After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Azure Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy. >[!Note] ->Before you create your VPN policy, you must first create your VPN profile. For more info about how to do this, see https://docs.microsoft.com/en-us/intune-azure/configure-devices/how-to-configure-vpn-settings and https://docs.microsoft.com/en-us/intune-azure/configure-devices/create-custom-vpn-profiles#create-a-custom-configuration. +>Before you create your VPN policy, you must first create your VPN profile. For more info about how to do this, see [How to configure VPN settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/how-to-configure-vpn-settings) and [How to create custom VPN profiles in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/create-custom-vpn-profiles#create-a-custom-configuration). ## Create your VPN policy using Microsoft Azure Intune Follow these steps to create the VPN policy you want to use with WIP. From 1ed1ff3bca9b3383d13c349485422c6de6ebdddd Mon Sep 17 00:00:00 2001 From: LizRoss Date: Tue, 25 Apr 2017 13:19:40 -0700 Subject: [PATCH 09/17] Updated content --- .../create-vpn-and-wip-policy-using-intune.md | 26 +++++++++---------- .../whats-new-windows-10-version-1703.md | 3 +++ 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md b/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md index e9da7e7497..8a3b3e8a68 100644 --- a/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md +++ b/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md @@ -11,35 +11,35 @@ author: eross-msft localizationpriority: high --- -# Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Azure Intune +# Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune **Applies to:** -- Windows 10, version 1607 and later -- Windows 10 Mobile, version 1607 and later +- Windows 10, version 1607 and later +- Windows 10 Mobile, version 1607 and later (except Microsoft Azure Rights Management, which is only available on the desktop) After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Azure Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy. >[!Note] >Before you create your VPN policy, you must first create your VPN profile. For more info about how to do this, see [How to configure VPN settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/how-to-configure-vpn-settings) and [How to create custom VPN profiles in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/create-custom-vpn-profiles#create-a-custom-configuration). -## Create your VPN policy using Microsoft Azure Intune -Follow these steps to create the VPN policy you want to use with WIP. +## Associate your WIP policy to your VPN policy by using Microsoft Azure Intune +Follow these steps to associate your WIP policy with your organization's existing VPN policy. +**To associate your policies** +1. Create your VPN profile. For info about how to do this, see [How to configure VPN settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/how-to-configure-vpn-settings) and [How to create custom VPN profiles in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/create-custom-vpn-profiles#create-a-custom-configuration). -**To create your VPN policy** - -1. Open the Microsoft Azure Intune mobile application management console, click **Device configuration**, and then click **Create Profile**. +2. Open the Microsoft Azure Intune mobile application management console, click **Device configuration**, and then click **Create Profile**. ![Microsoft Azure Intune, Create a new policy using the the Azure portal](images/wip-azure-vpn-device-policy.png) -2. In the **Create Profile** blade, type a name for your profile, such as *Contoso_VPN_Win10*, into the **Name** box, add an optional description for your policy into the **Description** box, select **Windows 10 and later** from the **Platform** dropdown box, select **Custom** from the **Profile type** dropdown box, and then click **Configure**. +3. In the **Create Profile** blade, type a name for your profile, such as *Contoso_VPN_Win10*, into the **Name** box, add an optional description for your policy into the **Description** box, select **Windows 10 and later** from the **Platform** dropdown box, select **Custom** from the **Profile type** dropdown box, and then click **Configure**. ![Microsoft Azure Intune, Create a new policy using the Create Profile blade](images/wip-azure-vpn-configure-policy.png) -3. In the **Custom OMA-URI Settings** blade, click **Add**. +4. In the **Custom OMA-URI Settings** blade, click **Add**. -4. In the **Add Row** blade, type: +5. In the **Add Row** blade, type: - **Name.** Type a name for your setting, such as *EDPModeID*. @@ -53,9 +53,9 @@ Follow these steps to create the VPN policy you want to use with WIP. ![Microsoft Azure Intune, Add your OMA-URI settings](images/wip-azure-vpn-custom-omauri.png) -5. Click **OK** to save your setting info in the **Add Row** blade, and then click **OK** in the **Custom OMA-URI Settings** blade to save the setting with your policy. +6. Click **OK** to save your setting info in the **Add Row** blade, and then click **OK** in the **Custom OMA-URI Settings** blade to save the setting with your policy. -6. Click **Create** to create the policy, including your OMA_URI info. +7. Click **Create** to create the policy, including your OMA_URI info. ## Deploy your VPN policy using Microsoft Azure Intune After you’ve created your VPN policy, you'll need to deploy it to the same group you deployed your Windows Information Protection (WIP) policy. diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index cdbdbcb65b..5840483790 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -170,6 +170,9 @@ For Windows desktops, users are able to reset a forgotten PIN through **Settings For more details, check out [What if I forget my PIN?](/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password#what-if-i-forget-my-pin). +### Windows Information Protection (WIP) and Azure Active Directory (Azure AD) +You can now [Create a Windows Information Protection (WIP) policy using Microsoft Azure Intune](https://docs.microsoft.com/en-us/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune) and [Associate your WIP policy with your VPN policy]() + ## Update ### Windows Update for Business From 9a6eb55f475e3cd27d64f2dcc0785018af89c119 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Tue, 25 Apr 2017 13:35:48 -0700 Subject: [PATCH 10/17] Updated content --- .../create-vpn-and-wip-policy-using-intune.md | 2 +- windows/whats-new/whats-new-windows-10-version-1703.md | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md b/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md index 8a3b3e8a68..8febc9f6d9 100644 --- a/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md +++ b/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md @@ -1,5 +1,5 @@ --- -title: Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune (Windows 10) +title: Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune (Windows 10) description: After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy. ms.assetid: d0eaba4f-6d7d-4ae4-8044-64680a40cf6b keywords: WIP, Enterprise Data Protection diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 5840483790..901e7a0a0c 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -171,7 +171,9 @@ For Windows desktops, users are able to reset a forgotten PIN through **Settings For more details, check out [What if I forget my PIN?](/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password#what-if-i-forget-my-pin). ### Windows Information Protection (WIP) and Azure Active Directory (Azure AD) -You can now [Create a Windows Information Protection (WIP) policy using Microsoft Azure Intune](https://docs.microsoft.com/en-us/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune) and [Associate your WIP policy with your VPN policy]() +Microsoft Azure Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network. For more info, see [Create a Windows Information Protection (WIP) policy using Microsoft Azure Intune](/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md) and [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md). + +You can also now collect your audit event logs by using the Reporting configuration service provider (CSP) or the Windows Event Forwarding (for Windows desktop domain-joined devices). For info, see the brand-new topic, [How to collect Windows Information Protection (WIP) audit event logs](/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs.md). ## Update From 4181774d14341b963cc8cfccb5882c7c229769ae Mon Sep 17 00:00:00 2001 From: LizRoss Date: Tue, 25 Apr 2017 13:44:39 -0700 Subject: [PATCH 11/17] Updated content --- .../create-vpn-and-wip-policy-using-intune.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md b/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md index 8febc9f6d9..9fbe861ddc 100644 --- a/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md +++ b/windows/threat-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune.md @@ -1,6 +1,6 @@ --- title: Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune (Windows 10) -description: After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy. +description: After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to associate and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy. ms.assetid: d0eaba4f-6d7d-4ae4-8044-64680a40cf6b keywords: WIP, Enterprise Data Protection ms.prod: w10 @@ -17,10 +17,7 @@ localizationpriority: high - Windows 10, version 1607 and later - Windows 10 Mobile, version 1607 and later (except Microsoft Azure Rights Management, which is only available on the desktop) -After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Azure Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy. - ->[!Note] ->Before you create your VPN policy, you must first create your VPN profile. For more info about how to do this, see [How to configure VPN settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/how-to-configure-vpn-settings) and [How to create custom VPN profiles in Microsoft Intune](https://docs.microsoft.com/en-us/intune-azure/configure-devices/create-custom-vpn-profiles#create-a-custom-configuration). +After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Azure Intune to associate and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy. ## Associate your WIP policy to your VPN policy by using Microsoft Azure Intune Follow these steps to associate your WIP policy with your organization's existing VPN policy. From f27ed5eb5b1c88223cedb64c484d838c2b7186f0 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Tue, 25 Apr 2017 13:47:09 -0700 Subject: [PATCH 12/17] Updated topic title --- .../threat-protection/change-history-for-threat-protection.md | 2 +- .../create-wip-policy-using-intune.md | 2 +- .../deploy-wip-policy-using-intune.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/threat-protection/change-history-for-threat-protection.md b/windows/threat-protection/change-history-for-threat-protection.md index ee41beee2f..2b8f582b4e 100644 --- a/windows/threat-protection/change-history-for-threat-protection.md +++ b/windows/threat-protection/change-history-for-threat-protection.md @@ -14,7 +14,7 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc ## March 2017 |New or changed topic |Description | |---------------------|------------| -|[Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Azure Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md)|Updated based on Windows 10, version 1703. | +|[Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md)|Updated based on Windows 10, version 1703. | |[How to collect Windows Information Protection (WIP) audit event logs](windows-information-protection\collect-wip-audit-event-logs.md) |New | |[Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](windows-information-protection\mandatory-settings-for-wip.md) |Updated based on Windows 10, version 1703. | |[Create a Windows Information Protection (WIP) policy using Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md) |Updated based on Windows 10, version 1703. | diff --git a/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md b/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md index fea2c0a721..cb3d8f028e 100644 --- a/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md +++ b/windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md @@ -506,7 +506,7 @@ Optionally, if you don’t want everyone in your organization to be able to shar ## Related topics - [Deploy your Windows Information Protection (WIP) policy](deploy-wip-policy-using-intune.md) -- [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md) +- [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md) - [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md) - [Azure RMS Documentation Update for May 2016](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/azure-rms-documentation-update-for-may-2016/) - [What is Azure Rights Management?]( https://docs.microsoft.com/en-us/information-protection/understand-explore/what-is-azure-rms) diff --git a/windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune.md b/windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune.md index 1f45e69882..486fadd600 100644 --- a/windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune.md +++ b/windows/threat-protection/windows-information-protection/deploy-wip-policy-using-intune.md @@ -38,6 +38,6 @@ After you’ve created your Windows Information Protection (WIP) policy, you'll ## Related topics - [Create a Windows Information Protection (WIP) policy using Microsoft Azure Intune](create-wip-policy-using-intune.md) -- [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md) +- [Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](create-vpn-and-wip-policy-using-intune.md) - [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md) From 6c7efffeab98c45e3a8749ff6da640c779a51bb0 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Tue, 25 Apr 2017 13:55:08 -0700 Subject: [PATCH 13/17] Updated --- .../threat-protection/change-history-for-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/threat-protection/change-history-for-threat-protection.md b/windows/threat-protection/change-history-for-threat-protection.md index 2b8f582b4e..94f62ff897 100644 --- a/windows/threat-protection/change-history-for-threat-protection.md +++ b/windows/threat-protection/change-history-for-threat-protection.md @@ -14,7 +14,7 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc ## March 2017 |New or changed topic |Description | |---------------------|------------| -|[Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md)|Updated based on Windows 10, version 1703. | +|[Associate and deploy your Windows Information Protection (WIP) and VPN policies by using Microsoft Azure Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md)|Updated based on Windows 10, version 1703.| |[How to collect Windows Information Protection (WIP) audit event logs](windows-information-protection\collect-wip-audit-event-logs.md) |New | |[Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](windows-information-protection\mandatory-settings-for-wip.md) |Updated based on Windows 10, version 1703. | |[Create a Windows Information Protection (WIP) policy using Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md) |Updated based on Windows 10, version 1703. | From f132bdd82aa40714210e55fd12525d9f54c52c45 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Tue, 25 Apr 2017 14:00:05 -0700 Subject: [PATCH 14/17] fixing redirect --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index de2ae4dcfe..ad5be1128c 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -627,7 +627,7 @@ }, { "source_path": "windows/manage/introduction-to-windows-10-servicing.md", -"redirect_url": "/itpro/windows/deployment/update/index", +"redirect_url": "/windows/deployment/update/index", "redirect_document_id": true }, { From 7c6ad167255c4d9c6e907b3a817964b6dd2bf819 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Tue, 25 Apr 2017 14:20:48 -0700 Subject: [PATCH 15/17] WaaS redirect --- .openpublishing.redirection.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index ad5be1128c..fbd613f320 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -122,7 +122,7 @@ }, { "source_path": "windows/manage/waas-manage-updates-wufb.md", -"redirect_url": "/itpro/windows/update/waas-manage-updates-wufb", +"redirect_url": "/windows/deployment/update/waas-manage-updates-wufb", "redirect_document_id": true }, { @@ -872,7 +872,7 @@ }, { "source_path": "windows/plan/integration-with-management-solutions-.md", -"redirect_url": "/itpro/windows/update/waas-manage-updates-wufb", +"redirect_url": "/windows/deployment/update/waas-manage-updates-wufb", "redirect_document_id": false }, { @@ -952,7 +952,7 @@ }, { "source_path": "windows/plan/setup-and-deployment.md", -"redirect_url": "/itpro/windows/update/waas-manage-updates-wufb", +"redirect_url": "/windows/deployment/update/waas-manage-updates-wufb", "redirect_document_id": false }, { @@ -1037,7 +1037,7 @@ }, { "source_path": "windows/plan/windows-update-for-business.md", -"redirect_url": "/itpro/windows/update/waas-manage-updates-wufb", +"redirect_url": "/windows/deployment/update/waas-manage-updates-wufb", "redirect_document_id": false }, { From c67652f861da83b6eafb72b651535a4b64f1f52a Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Tue, 25 Apr 2017 14:41:53 -0700 Subject: [PATCH 16/17] fixing device guard redirect --- .openpublishing.redirection.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index fbd613f320..d463b173e0 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -67,7 +67,7 @@ }, { "source_path": "windows/manage/waas-overview.md", -"redirect_url": "/itpro/windows/update/waas-overview", +"redirect_url": "/windows/deployment/update/waas-overview", "redirect_document_id": true }, { @@ -1032,7 +1032,7 @@ }, { "source_path": "windows/plan/windows-10-servicing-options.md", -"redirect_url": "/itpro/windows/update/waas-overview", +"redirect_url": "/windows/deployment/update/waas-overview", "redirect_document_id": false }, { @@ -8157,7 +8157,7 @@ }, { "source_path": "windows/keep-secure/deploy-managed-installer-for-device-guard.md", -"redirect_url": "/windows/device-security/deploy-managed-installer-for-device-guard", +"redirect_url": "/windows/device-security/device-guard/deploy-managed-installer-for-device-guard", "redirect_document_id": true }, { From 335159256e52f1cb9d21fa8bfe1a5e63b70e69d2 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Tue, 25 Apr 2017 14:45:42 -0700 Subject: [PATCH 17/17] redirect --- .openpublishing.redirection.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index d463b173e0..be0ad14f6d 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -62,7 +62,7 @@ }, { "source_path": "windows/manage/waas-quick-start.md", -"redirect_url": "/itpro/windows/update/waas-quick-start", +"redirect_url": "/windows/deployment/update/waas-quick-start", "redirect_document_id": true }, {