Merge branch 'master' into v-gmoor-fix-pr-5061

windows/client-management/mdm/configuration-service-provider-reference.md

@@ -1270,10 +1270,10 @@ Additional lists:
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="check mark" /></td>
 	<td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
 </table>

windows/client-management/mdm/federated-authentication-device-enrollment.md

@@ -266,12 +266,10 @@ The following is an enrollment policy request example with a received security t
           https://enrolltest.contoso.com/ENROLLMENTSERVER/DEVICEENROLLMENTWEBSERVICE.SVC
         </a:To>
         <wsse:Security s:mustUnderstand="1">
-          <wsse:BinarySecurityToken  ValueType= 
-    "http: //schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentUserToken"
-          EncodingType=
-          "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary"
-          xmlns=
-          "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+          <wsse:BinarySecurityToken
+             ValueType="http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentUserToken"
+             EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary"
+             xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
           B64EncodedSampleBinarySecurityToken
           </wsse:BinarySecurityToken>
         </wsse:Security>
@@ -410,12 +408,9 @@ The following example shows the enrollment web service request for federated aut
           https://enrolltest.contoso.com:443/ENROLLMENTSERVER/DEVICEENROLLMENTWEBSERVICE.SVC
         </a:To>
         <wsse:Security s:mustUnderstand="1">
-          <wsse:BinarySecurityToken  wsse:ValueType= 
-    "http:"//schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentUserToken
-          wsse:EncodingType=
-          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary"
-          
-    >
+          <wsse:BinarySecurityToken
+             wsse:ValueType="http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentUserToken"
+             wsse:EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary">
           B64EncodedSampleBinarySecurityToken
           </wsse:BinarySecurityToken>
         </wsse:Security>
@@ -520,19 +515,16 @@ The following example shows the enrollment web service response.
                 <TokenType>
                     http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken
                 </TokenType>
-                 <DispositionMessage xmlns="http://schemas.microsoft.com/windows/pki/2009/01/enrollment"/>           <RequestedSecurityToken>
+                 <DispositionMessage xmlns="http://schemas.microsoft.com/windows/pki/2009/01/enrollment"/>
+                 <RequestedSecurityToken>
                    <BinarySecurityToken 
-                      ValueType=
-    "http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentProvisionDoc"
-                      EncodingType=
-       "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary"
-                      xmlns=
-              "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+                      ValueType="http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentProvisionDoc"
+                      EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary"
+                      xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                       B64EncodedSampleBinarySecurityToken
                    </BinarySecurityToken>
                 </RequestedSecurityToken>
-                <RequestID xmlns="http://schemas.microsoft.com/windows/pki/2009/01/enrollment">0
-                </RequestID>
+                <RequestID xmlns="http://schemas.microsoft.com/windows/pki/2009/01/enrollment">0</RequestID>
              </RequestSecurityTokenResponse>
           </RequestSecurityTokenResponseCollection>
        </s:Body>
@@ -581,8 +573,7 @@ The following code shows sample provisioning XML (presented in the preceding pac
       <parm name="MAXBACKOFFTIME" value="120000" />
       <parm name="BACKCOMPATRETRYDISABLED" />
       <parm name="DEFAULTENCODING" value="application/vnd.syncml.dm+wbxml" />
-      <parm name="SSLCLIENTCERTSEARCHCRITERIA" value=
-  "Subject=DC%3dcom%2cDC%3dmicrosoft%2cCN%3dUsers%2cCN%3dAdministrator&amp;amp;Stores=My%5CUser"/>
+      <parm name="SSLCLIENTCERTSEARCHCRITERIA" value="Subject=DC%3dcom%2cDC%3dmicrosoft%2cCN%3dUsers%2cCN%3dAdministrator&amp;amp;Stores=My%5CUser"/>
       <characteristic type="APPAUTH">
          <parm name="AAUTHLEVEL" value="CLIENT"/>
          <parm name="AAUTHTYPE" value="DIGEST"/>
@@ -598,25 +589,24 @@ The following code shows sample provisioning XML (presented in the preceding pac
    </characteristic>
    <characteristic type="DMClient"> <!-- In Windows 10, an enrollment server should use DMClient CSP XML to configure DM polling schedules. -->
       <characteristic type="Provider">
-<!-- ProviderID in DMClient CSP must match to PROVIDER-ID in w7 APPLICATION characteristics -->
+        <!-- ProviderID in DMClient CSP must match to PROVIDER-ID in w7 APPLICATION characteristics -->
         <characteristic type="TestMDMServer">
             <parm name="UPN" value="UserPrincipalName@contoso.com" datatype="string" />
+            <parm name="EntDeviceName" value="Administrator_Windows" datatype="string" />
             <characteristic type="Poll">
                 <parm name="NumberOfFirstRetries" value="8" datatype="integer" />
                 <parm name="IntervalForFirstSetOfRetries" value="15" datatype="integer" />
                 <parm name="NumberOfSecondRetries" value="5" datatype="integer" />
                 <parm name="IntervalForSecondSetOfRetries" value="3" datatype="integer" />
                 <parm name="NumberOfRemainingScheduledRetries" value="0" datatype="integer" />
-<!-- Windows 10 supports MDM push for real-time communication. The DM client long term polling schedule’s retry waiting interval should be more than 24 hours (1440) to reduce the impact to data consumption and battery life. Refer to the DMClient Configuration Service Provider section for information about polling schedule parameters.-->
+                <!-- Windows 10 supports MDM push for real-time communication. The DM client long term polling schedule’s retry waiting interval should be more than 24 hours (1440) to reduce the impact to data consumption and battery life. Refer to the DMClient Configuration Service Provider section for information about polling schedule parameters.-->
                 <parm name="IntervalForRemainingScheduledRetries" value="1560" datatype="integer" />
                 <parm name="PollOnLogin" value="true" datatype="boolean" />
             </characteristic>
-        <parm name="EntDeviceName" value="Administrator_Windows" datatype="string" />
-</characteristic>
         </characteristic>
       </characteristic>
-   <!-- For Windows 10, we removed EnterpriseAppManagement from the enrollment 
-        protocol. -->
+   </characteristic>
+   <!-- For Windows 10, we removed EnterpriseAppManagement from the enrollment protocol. -->
 </wap-provisioningdoc>
 ```
 

windows/security/threat-protection/intelligence/phishing.md

@@ -99,4 +99,3 @@ If you feel you've been a victim of a phishing attack:
 
 - [Protect yourself from phishing](https://support.microsoft.com/help/4033787/windows-protect-yourself-from-phishing)
 - [Phishing trends](phishing-trends.md)
-- [Microsoft e-book on preventing social engineering attacks](https://info.microsoft.com/Protectyourweakestlink.html?ls=social), especially in enterprise environments.

windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md

@@ -27,6 +27,14 @@ ms.technology: mde
 
 Windows Defender Application Control (WDAC) can control what runs on Windows 10 by setting policies that specify whether a driver or application is trusted. A policy includes *policy rules* that control options such as audit mode, and *file rules* (or *file rule levels*) that specify how applications are identified and trusted.
 
+## Getting started with commdlets
+
+Some of the [SKUs](feature-availability.md) that support our PowerShell commandlets [(ConfigCI Module)](/powershell/module/configci/?view=windowsserver2019-ps) support but do not have the module installed on the box. 
+
+**Steps to install the module:**
+- Install-Module "ConfigCI"
+- Import-Module "ConfigCI"
+
 ## Windows Defender Application Control policy rules
 
 To modify the policy rule options of an existing WDAC policy XML, use [Set-RuleOption](/powershell/module/configci/set-ruleoption). The following examples show how to use this cmdlet to add and remove a rule option on an existing WDAC policy: