diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md index 2c43aa28c6..78197c768a 100644 --- a/education/windows/deploy-windows-10-in-a-school-district.md +++ b/education/windows/deploy-windows-10-in-a-school-district.md @@ -114,7 +114,7 @@ Office 365 Education allows: * Faculty to help prevent unauthorized users from accessing documents and email by using Microsoft Azure Rights Management. -* Faculty to use advanced compliance tools on the unified eDiscovery pages in the Office 365 Compliance Center. +* Faculty to use advanced compliance tools on the unified eDiscovery pages in the Microsoft Purview compliance portal. * Faculty to host online classes, parent–teacher conferences, and other collaboration in Skype for Business. diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md index c0e52a36d6..fa698dfbff 100644 --- a/education/windows/deploy-windows-10-in-a-school.md +++ b/education/windows/deploy-windows-10-in-a-school.md @@ -74,7 +74,7 @@ Office 365 Education allows: - Students and faculty to use email and calendars, with mailboxes up to 50 GB per user. - Faculty to use advanced email features like email archiving and legal hold capabilities. - Faculty to help prevent unauthorized users from accessing documents and email by using Azure Rights Management. -- Faculty to use advanced compliance tools on the unified eDiscovery pages in the Office 365 Compliance Center. +- Faculty to use advanced compliance tools on the unified eDiscovery pages in the Microsoft Purview compliance portal. - Faculty to host online classes, parent–teacher conferences, and other collaboration in Skype for Business or Skype. - Students and faculty to access up to 1 TB of personal cloud storage that users inside and outside the educational institution can share through OneDrive for Business. - Teachers to provide collaboration in the classroom through Microsoft SharePoint Online team sites. diff --git a/windows/deployment/do/mcc-enterprise.md b/windows/deployment/do/mcc-enterprise.md index 8078d99554..2622d23564 100644 --- a/windows/deployment/do/mcc-enterprise.md +++ b/windows/deployment/do/mcc-enterprise.md @@ -114,7 +114,7 @@ For questions regarding these instructions contact [msconnectedcache@microsoft.c As part of the MCC preview onboarding process an Azure subscription ID must be provided to Microsoft. > [!IMPORTANT] -> [Contact Microsoft](mailto:mccforenterprise@microsoft.com?subject=[MCC%20for%20Enterprise]%20Please%20add%20our%20Azure%20subscription%20to%20the%20allow%20list) and provide this information if you have not already. You'll not be able to proceed if you skip this step. +> [Take this survey](https://aka.ms/MSConnectedCacheSignup) and provide your Azure subscription ID and contact information to be added to the allow list for this preview. You will not be able to proceed if you skip this step. For information about creating or locating your subscription ID, see [Steps to obtain an Azure Subscription ID](#steps-to-obtain-an-azure-subscription-id). @@ -122,7 +122,7 @@ For information about creating or locating your subscription ID, see [Steps to o The MCC Azure management portal is used to create and manage MCC nodes. An Azure Subscription ID is used to grant access to the preview and to create the MCC resource in Azure and Cache nodes. -Send email to the MCC team ([mccforenterprise@microsoft.com](mailto:mccforenterprise@microsoft.com)) with your Azure subscription ID to get access to the preview. The team will send you a link to the Azure portal which will allow you to create the resource described below. +Once you take the survey above and the MCC team adds your subscription id to the allow list, you will be given a link to the Azure portal where you can create the resource described below. 1. On the Azure Portal home page, choose **Create a resource**: ![eMCC img02](images/emcc02.png) diff --git a/windows/deployment/do/mcc-isp.md b/windows/deployment/do/mcc-isp.md index ccdf0bbec3..dd4a7afbbc 100644 --- a/windows/deployment/do/mcc-isp.md +++ b/windows/deployment/do/mcc-isp.md @@ -13,7 +13,7 @@ ms.collection: M365-modern-desktop ms.topic: article --- -# Microsoft Connected Cached for Internet Service Providers (ISPs) +# Microsoft Connected Cache for Internet Service Providers (ISPs) **Applies to** @@ -27,7 +27,7 @@ ms.topic: article Microsoft Connected Cache (MCC) preview is a software-only caching solution that delivers Microsoft content within Enterprise networks. MCC can be deployed to as many physical servers or VMs as needed, and is managed from a cloud portal. Microsoft cloud services handle routing of consumer devices to the cache server for content downloads. -MCC is a hybrid (a mix of on-prem and cloud resources) SaaS solution built as an Azure IoT Edge module; it is a Docker compatible Linux container that is deployed to your Windows devices. IoT Edge for Linux on Windows (EFLOW) was chosen because it is a secure, reliable container management infrastructure. EFLOW is a Linux virtual machine, based on Microsoft's first party CBL-Mariner operating system. It’s built with the IoT Edge runtime and validated as a tier 1 supported environment for IoT Edge workloads. MCC will be a Linux IoT Edge module running on the Windows Host OS. Azure IoT Edge consists of three components that the MCC infrastructure will utilize: +Microsoft Connected Cache is a Hybrid (mix of on-prem and cloud resources) solution composed of a Docker compatible Linux container deployed to your server and a cloud management portal. Microsoft chose Azure IoT Edge (more information on IoT Edge [in the appendix](#iot-edge-runtime)) as a secure and reliable control plane, and even though your scenario is not related to IoT, Azure IoT Edge is our secure Linux container deployment and management infrastructure. Azure IoT Edge consists of three components that the Microsoft Connected Cache infrastructure will utilize: 1. A cloud-based interface that enables secure, remote installation, monitoring, and management of MCC nodes. 2. A runtime that securely manages the modules deployed to each device. diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index f9a0db9b78..aabc6b7080 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -57,7 +57,7 @@ To help address this security insufficiency, companies developed data loss preve - **A way to scan company data to see whether it matches any of your defined rules.** Currently, Microsoft Exchange Server and Exchange Online provide this service for email in transit, while Microsoft SharePoint and SharePoint Online provide this service for content stored in document libraries. -- **The ability to specify what happens when data matches a rule, including whether employees can bypass enforcement.** For example, in Microsoft SharePoint and SharePoint Online, the Microsoft data loss prevention system lets you warn your employees that shared data includes sensitive info, and to share it anyway (with an optional audit log entry). +- **The ability to specify what happens when data matches a rule, including whether employees can bypass enforcement.** For example, in Microsoft SharePoint and SharePoint Online, the Microsoft Purview data loss prevention system lets you warn your employees that shared data includes sensitive info, and to share it anyway (with an optional audit log entry). Unfortunately, data loss prevention systems have their own problems. For example, the less detailed the rule set, the more false positives are created, leading employees to believe that the rules slow down their work and need to be bypassed in order to remain productive, potentially leading to data being incorrectly blocked or improperly released. Another major problem is that data loss prevention systems must be widely implemented to be effective. For example, if your company uses a data loss prevention system for email, but not for file shares or document storage, you might find that your data leaks through the unprotected channels. But perhaps the biggest problem with data loss prevention systems is that it provides a jarring experience that interrupts the employees’ natural workflow by stopping some operations (such as sending a message with an attachment that the system tags as sensitive) while allowing others, often according to subtle rules that the employee doesn’t see and can’t understand. diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md index ac76e18a1a..42a29f7d54 100644 --- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md +++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md @@ -56,9 +56,14 @@ After you configure the settings to monitor removable storage devices, use the f 4. In Server Manager, click **Tools**, and then click **Event Viewer**. 5. Expand **Windows Logs**, and then click **Security**. 6. Look for event 4663, which logs successful attempts to write to or read from a removable storage device. Failures will log event 4656. Both events include **Task Category = Removable Storage device**. + + For more information, see [Audit Removable Storage](audit-removable-storage.md). Key information to look for includes the name and account domain of the user who attempted to access the file, the object that the user is attempting to access, resource attributes of the resource, and the type of access that was attempted. + > [!NOTE] + > Even after configuring settings to monitor removable storage devices, some versions of Windows 10 may require registry key **HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Storage\HotPlugSecureOpen** to be set to **1** to start logging the removable storage audit events. + > [!NOTE] > We do not recommend that you enable this category on a file server that hosts file shares on a removable storage device. When Removable Storage Auditing is configured, any attempt to access the removable storage device will generate an audit event. diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md index 547b17ac29..4a34381192 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-security.md @@ -78,17 +78,3 @@ If you don't want users to see the recommendation to update TPM firmware, you ca 5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy). -## Disable Memory integrity switch -If you don't want users to be able to change the Hypervisor Control Integrity (HVCI), or memory integrity, setting on their computers, you can disable the **Memory integrity** switch. -> [!IMPORTANT] -> You must have Windows 10, version 1803 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. - -1. On your Group Policy management computer, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**. - -2. In the **Group Policy Management Editor** go to **Computer configuration** and then select **Administrative templates**. - -3. Expand the tree to **Windows components** > **Windows Security** > **Device security**. - -4. Open the **Disable Memory integrity switch** setting and set it to **Enabled**. Select **OK**. - -5. [Deploy the updated GPO as you normally do](/windows/win32/srvnodes/group-policy). diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md index e8872fb1a3..33d369d823 100644 --- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md +++ b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md @@ -27,10 +27,9 @@ ms.technology: windows-sec >[!IMPORTANT] >This information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. -To get started, open Device Configuration in Intune, then create a new profile. -Choose Windows 10 or Windows 11 as the platform, and Endpoint Protection as the profile type. +To get started, Open the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), and then go to **Devices** > **Windows** > **Configuration profiles** > **Create profile** > Choose **Windows 10 and later** as the platform, Choose **Templates**, then **Endpoint protection** as the profile type. Select Windows Defender Firewall. -![Windows Defender Firewall in Intune.](images/windows-firewall-intune.png) +:::image type="content" source="images/windows-firewall-intune.png" alt-text="Example of a Windows Defender Firewall policy in Microsoft Endpoint Manager."::: >[!IMPORTANT] >A single Endpoint Protection profile may contain up to a maximum of 150 firewall rules. If a client device requires more than 150 rules, then multiple profiles must be assigned to it. @@ -115,4 +114,4 @@ Specifies the list of authorized local users for this rule. A list of authorized ## Configuring firewall rules programmatically -Coming soon. \ No newline at end of file +Coming soon. diff --git a/windows/security/threat-protection/windows-firewall/images/windows-firewall-intune.png b/windows/security/threat-protection/windows-firewall/images/windows-firewall-intune.png index 796a030a6e..bda6e08768 100644 Binary files a/windows/security/threat-protection/windows-firewall/images/windows-firewall-intune.png and b/windows/security/threat-protection/windows-firewall/images/windows-firewall-intune.png differ