deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #10346 from MicrosoftDocs/main

Browse Source 
publish main to live, 3:30 pm, 10/29/24
This commit is contained in:
Rebecca Agiewich 2024-10-29 15:59:11 -07:00 committed by GitHub
commit 4bd57e8558
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
19 changed files with 37 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
education/windows/suspcs/reference.md
View File

@ -1,8 +1,8 @@
--- ---
title: Set up School PCs app technical reference overview title: Set up School PCs app technical reference overview
description: Describes the purpose of the Set up School PCs app for Windows 10 devices. description: Describes the purpose of the Set up School PCs app for Windows devices.
ms.topic: overview ms.topic: overview
ms.date: 01/16/2024 ms.date: 10/29/2024
appliesto: appliesto:
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a> - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a> - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
@ -12,12 +12,12 @@ appliesto:
The **Set up School PCs** app helps you configure new Windows 10 PCs for school use. The app, which is available for Windows 10 version 1703 and later, configures and saves school-optimized settings, apps, and policies into a single provisioning package. You can then save the package to a USB drive and distribute it to your school PCs. The **Set up School PCs** app helps you configure new Windows 10 PCs for school use. The app, which is available for Windows 10 version 1703 and later, configures and saves school-optimized settings, apps, and policies into a single provisioning package. You can then save the package to a USB drive and distribute it to your school PCs.
If your school uses Microsoft Entra ID or Office 365, the Set up If your school uses Microsoft Entra ID or Microsoft 365, the Set up
School PCs app will create a setup file. This file joins the PC to your Microsoft Entra tenant. The app also helps set up PCs for use with or without Internet connectivity. School PCs app will create a setup file. This file joins the PC to your Microsoft Entra tenant. The app also helps set up PCs for use with or without Internet connectivity.
## Join devices to Microsoft Entra ID ## Join devices to Microsoft Entra ID
If your school uses Microsoft Entra ID or Office 365, the Set up School PCs app creates a setup file that joins your PC to your Microsoft Entra ID tenant. If your school uses Microsoft Entra ID or Microsoft 365, the Set up School PCs app creates a setup file that joins your PC to your Microsoft Entra ID tenant.
The app also helps set up PCs for use with or without Internet connectivity. The app also helps set up PCs for use with or without Internet connectivity.

2
windows/configuration/assigned-access/shell-launcher/quickstart-kiosk.md
View File

@ -2,7 +2,7 @@
title: "Quickstart: configure a kiosk experience with Shell Launcher" title: "Quickstart: configure a kiosk experience with Shell Launcher"
description: Learn how to configure a kiosk experience with Shell Launcher, using the Assigned Access configuration service provider (CSP), Microsoft Intune, PowerShell, or group policy (GPO). description: Learn how to configure a kiosk experience with Shell Launcher, using the Assigned Access configuration service provider (CSP), Microsoft Intune, PowerShell, or group policy (GPO).
ms.topic: quickstart ms.topic: quickstart
ms.date: 02/05/2024 ms.date: 10/29/2024
--- ---
# Quickstart: configure a kiosk experience with Shell Launcher # Quickstart: configure a kiosk experience with Shell Launcher

2
windows/security/identity-protection/passwordless-strategy/index.md
View File

@ -2,7 +2,7 @@
title: Passwordless strategy overview title: Passwordless strategy overview
description: Learn about the passwordless strategy and how Windows security features help implementing it. description: Learn about the passwordless strategy and how Windows security features help implementing it.
ms.topic: concept-article ms.topic: concept-article
ms.date: 01/29/2024 ms.date: 10/29/2024
--- ---
# Passwordless strategy overview # Passwordless strategy overview

2
windows/security/identity-protection/passwordless-strategy/journey-step-1.md
View File

@ -2,7 +2,7 @@
title: Deploy a passwordless replacement option title: Deploy a passwordless replacement option
description: Learn about how to deploy a passwordless replacement option, the first step of the Microsoft passwordless journey. description: Learn about how to deploy a passwordless replacement option, the first step of the Microsoft passwordless journey.
ms.topic: concept-article ms.topic: concept-article
ms.date: 01/29/2024 ms.date: 10/29/2024
--- ---
# Deploy a passwordless replacement option # Deploy a passwordless replacement option

2
windows/security/identity-protection/passwordless-strategy/journey-step-2.md
View File

@ -2,7 +2,7 @@
title: Reduce the user-visible password surface area title: Reduce the user-visible password surface area
description: Learn about how to reduce the user-visible password surface area, the second step of the Microsoft passwordless journey. description: Learn about how to reduce the user-visible password surface area, the second step of the Microsoft passwordless journey.
ms.topic: concept-article ms.topic: concept-article
ms.date: 01/29/2024 ms.date: 10/29/2024
--- ---
# Reduce the user-visible password surface area # Reduce the user-visible password surface area

2
windows/security/identity-protection/passwordless-strategy/journey-step-3.md
View File

@ -2,7 +2,7 @@
title: Transition into a passwordless deployment title: Transition into a passwordless deployment
description: Learn about how to transition into a passwordless deployment, the third step of the Microsoft passwordless journey. description: Learn about how to transition into a passwordless deployment, the third step of the Microsoft passwordless journey.
ms.topic: concept-article ms.topic: concept-article
ms.date: 01/29/2024 ms.date: 10/29/2024
--- ---
# Transition into a passwordless deployment # Transition into a passwordless deployment

2
windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
View File

@ -2,7 +2,7 @@
title: Smart Card and Remote Desktop Services title: Smart Card and Remote Desktop Services
description: This topic for the IT professional describes the behavior of Remote Desktop Services when you implement smart card sign-in. description: This topic for the IT professional describes the behavior of Remote Desktop Services when you implement smart card sign-in.
ms.topic: concept-article ms.topic: concept-article
ms.date: 01/16/2024 ms.date: 10/29/2024
--- ---
# Smart Card and Remote Desktop Services # Smart Card and Remote Desktop Services

4
windows/security/identity-protection/smart-cards/smart-card-architecture.md
View File

@ -1,8 +1,8 @@
--- ---
title: Smart Card Architecture title: Smart Card Architecture
description: This topic for the IT professional describes the system architecture that supports smart cards in the Windows operating system. description: This topic for the IT professional describes the system architecture that supports smart cards in the Windows operating system.
ms.topic: reference-architecture ms.topic: reference-architecture
ms.date: 01/16/2024 ms.date: 10/29/2024
--- ---
# Smart Card Architecture # Smart Card Architecture

6
windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
View File

@ -1,8 +1,8 @@
--- ---
title: Certificate propagation service title: Certificate propagation service
description: Learn about the certificate propagation service (CertPropSvc), which is used in smart card implementation. description: Learn about the certificate propagation service (CertPropSvc), which is used in smart card implementation.
ms.topic: concept-article ms.topic: concept-article
ms.date: 01/16/2024 ms.date: 10/29/2024
--- ---
# Certificate propagation service # Certificate propagation service
@ -19,7 +19,7 @@ The following figure shows the flow of the certificate propagation service. The
1. The arrow labeled **2** indicates the certification to the reader 1. The arrow labeled **2** indicates the certification to the reader
1. The arrow labeled **3** indicates the access to the certificate store during the client session 1. The arrow labeled **3** indicates the access to the certificate store during the client session
![Certificate propagation service.](images/sc-image302.gif) ![Certificate propagation service.](images/sc-image302.gif)
1. A signed-in user inserts a smart card 1. A signed-in user inserts a smart card
1. CertPropSvc is notified that a smart card was inserted 1. CertPropSvc is notified that a smart card was inserted

7
windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
View File

@ -1,8 +1,8 @@
--- ---
title: Certificate Requirements and Enumeration title: Certificate Requirements and Enumeration
description: This topic for the IT professional and smart card developers describes how certificates are managed and used for smart card sign-in. description: This topic for the IT professional and smart card developers describes how certificates are managed and used for smart card sign-in.
ms.topic: concept-article ms.topic: concept-article
ms.date: 01/16/2024 ms.date: 10/29/2024
--- ---
# Certificate Requirements and Enumeration # Certificate Requirements and Enumeration
@ -71,7 +71,8 @@ Following are the steps that are performed during a smart card sign-in:
1. Winlogon presents the data from LogonUI to the LSA with the user information in LSALogonUser 1. Winlogon presents the data from LogonUI to the LSA with the user information in LSALogonUser
1. LSA calls the Kerberos authentication package (Kerberos SSP) to create a Kerberos authentication service request (KRB_AS_REQ), which containing a preauthenticator (as specified in RFC 4556: [Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)](http://www.ietf.org/rfc/rfc4556.txt)). 1. LSA calls the Kerberos authentication package (Kerberos SSP) to create a Kerberos authentication service request (KRB_AS_REQ), which containing a preauthenticator (as specified in RFC 4556: [Public Key Cryptography for Initial Authentication in Kerberos (PKINIT)](http://www.ietf.org/rfc/rfc4556.txt)).
If the authentication is performed by using a certificate that uses a digital signature, the preauthentication data consists of the user's public certificate and the certificate that is digitally signed with the corresponding private key.\ If the authentication is performed by using a certificate that uses a digital signature, the preauthentication data consists of the user's public certificate and the certificate that is digitally signed with the corresponding private key.
If the authentication is performed by using a certificate that uses key encipherment, the preauthentication data consists of the user's public certificate and the certificate that is encrypted with the corresponding private key. If the authentication is performed by using a certificate that uses key encipherment, the preauthentication data consists of the user's public certificate and the certificate that is encrypted with the corresponding private key.
1. To sign the request digitally (as per RFC 4556), a call is made to the corresponding CSP for a private key operation. Because the private key in this case is stored in a smart card, the smart card subsystem is called, and the necessary operation is completed. The result is sent back to the Kerberos security support provider (SSP). 1. To sign the request digitally (as per RFC 4556), a call is made to the corresponding CSP for a private key operation. Because the private key in this case is stored in a smart card, the smart card subsystem is called, and the necessary operation is completed. The result is sent back to the Kerberos security support provider (SSP).

4
windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
View File

@ -1,8 +1,8 @@
--- ---
title: Smart Card Troubleshooting title: Smart Card Troubleshooting
description: Describes the tools and services that smart card developers can use to help identify certificate issues with the smart card deployment. description: Describes the tools and services that smart card developers can use to help identify certificate issues with the smart card deployment.
ms.topic: troubleshooting ms.topic: troubleshooting
ms.date: 01/16/2024 ms.date: 10/29/2024
--- ---
# Smart Card Troubleshooting # Smart Card Troubleshooting

4
windows/security/identity-protection/smart-cards/smart-card-events.md
View File

@ -1,8 +1,8 @@
--- ---
title: Smart card events title: Smart card events
description: Learn about smart card deployment and development events. description: Learn about smart card deployment and development events.
ms.topic: troubleshooting ms.topic: troubleshooting
ms.date: 01/16/2024 ms.date: 10/29/2024
--- ---
# Smart card events # Smart card events

6
windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
View File

@ -1,8 +1,8 @@
--- ---
title: Smart Card Group Policy and Registry Settings title: Smart Card Group Policy and Registry Settings
description: Discover the Group Policy, registry key, local security policy, and credential delegation policy settings that are available for configuring smart cards. description: Discover the Group Policy, registry key, local security policy, and credential delegation policy settings that are available for configuring smart cards.
ms.topic: reference ms.topic: reference
ms.date: 01/16/2024 ms.date: 10/29/2024
--- ---
# Smart Card Group Policy and Registry Settings # Smart Card Group Policy and Registry Settings
@ -194,7 +194,7 @@ You can use this policy setting to configure which valid sign-in certificates ar
> [!NOTE] > [!NOTE]
> During the certificate renewal period, a user's smart card can have multiple valid sign-in certificates issued from the same certificate template, which can cause confusion about which certificate to select. This behavior can occur when a certificate is renewed and the old certificate has not expired yet. > During the certificate renewal period, a user's smart card can have multiple valid sign-in certificates issued from the same certificate template, which can cause confusion about which certificate to select. This behavior can occur when a certificate is renewed and the old certificate has not expired yet.
> >
> If two certificates are issued from the same template with the same major version and they are for the same user (this is determined by their UPN), they are determined to be the same. > If two certificates are issued from the same template with the same major version and they are for the same user (this is determined by their UPN), they are determined to be the same.
When this policy setting is turned on, filtering occurs so that the user can select from only the most current valid certificates. When this policy setting is turned on, filtering occurs so that the user can select from only the most current valid certificates.

2
windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
View File

@ -2,7 +2,7 @@
title: How Smart Card Sign-in Works in Windows title: How Smart Card Sign-in Works in Windows
description: This topic for IT professional provides links to resources about the implementation of smart card technologies in the Windows operating system. description: This topic for IT professional provides links to resources about the implementation of smart card technologies in the Windows operating system.
ms.topic: overview ms.topic: overview
ms.date: 01/16/2024 ms.date: 10/29/2024
--- ---
# How Smart Card Sign-in Works in Windows # How Smart Card Sign-in Works in Windows

4
windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
View File

@ -1,8 +1,8 @@
--- ---
title: Smart Card Removal Policy Service title: Smart Card Removal Policy Service
description: This topic for the IT professional describes the role of the removal policy service (ScPolicySvc) in smart card implementation. description: This topic for the IT professional describes the role of the removal policy service (ScPolicySvc) in smart card implementation.
ms.topic: concept-article ms.topic: concept-article
ms.date: 01/16/2024 ms.date: 10/29/2024
--- ---
# Smart Card Removal Policy Service # Smart Card Removal Policy Service

4
windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
View File

@ -1,8 +1,8 @@
--- ---
title: Smart Cards for Windows Service title: Smart Cards for Windows Service
description: This topic for the IT professional and smart card developers describes how the Smart Cards for Windows service manages readers and application interactions. description: This topic for the IT professional and smart card developers describes how the Smart Cards for Windows service manages readers and application interactions.
ms.topic: concept-article ms.topic: concept-article
ms.date: 01/16/2024 ms.date: 10/29/2024
--- ---
# Smart Cards for Windows Service # Smart Cards for Windows Service

4
windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
View File

@ -1,8 +1,8 @@
--- ---
title: Smart Card Tools and Settings title: Smart Card Tools and Settings
description: This topic for the IT professional and smart card developer links to information about smart card debugging, settings, and events. description: This topic for the IT professional and smart card developer links to information about smart card debugging, settings, and events.
ms.topic: get-started ms.topic: get-started
ms.date: 01/16/2024 ms.date: 10/29/2024
--- ---
# Smart Card Tools and Settings # Smart Card Tools and Settings

4
windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
View File

@ -1,8 +1,8 @@
--- ---
title: Smart Card Technical Reference title: Smart Card Technical Reference
description: Learn about the Windows smart card infrastructure for physical smart cards, and how smart card-related components work in Windows. description: Learn about the Windows smart card infrastructure for physical smart cards, and how smart card-related components work in Windows.
ms.topic: overview ms.topic: overview
ms.date: 01/16/2024 ms.date: 10/29/2024
--- ---
# Smart Card Technical Reference # Smart Card Technical Reference

2
windows/security/operating-system-security/data-protection/bitlocker/includes/choose-how-bitlocker-protected-operating-system-drives-can-be-recovered.md
View File

@ -17,6 +17,8 @@ This policy setting allows you to control how BitLocker-protected operating syst
If this policy setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS. If this policy setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS.
For Microsoft Entra hybrid joined devices, the BitLocker recovery password is backed up to both Active Directory and Entra ID.
| | Path | | | Path |
|--|--| |--|--|
| **CSP** | `./Device/Vendor/MSFT/BitLocker/`[SystemDrivesRecoveryOptions](/windows/client-management/mdm/bitlocker-csp#systemdrivesrecoveryoptions)| | **CSP** | `./Device/Vendor/MSFT/BitLocker/`[SystemDrivesRecoveryOptions](/windows/client-management/mdm/bitlocker-csp#systemdrivesrecoveryoptions)|