deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 20:33:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into wsfb-6366597

Browse Source
This commit is contained in:
Trudy Hakala
2016-08-03 10:31:49 -07:00
parent 0789f5f94f 198c4a8157
commit 4c89c5190d
41 changed files with 355 additions and 221 deletions
Download Patch File Download Diff File Expand all files Collapse all files

181
.openpublishing.publish.config.json
View File

@ -1,78 +1,107 @@
{
"build_entry_point": "",
"git_repository_url_open_to_public_contributors": "",
"docsets_to_publish": [
{
"docset_name": "microsoft-edge",
"build_output_subfolder": "browsers/edge",
"locale": "en-us",
"version": 0,
"open_to_public_contributors": "false",
"type_mapping": {
"Conceptual": "Content"
}
},
{
"docset_name": "internet-explorer",
"build_output_subfolder": "browsers/internet-explorer",
"locale": "en-us",
"version": 0,
"open_to_public_contributors": "false",
"type_mapping": {
"Conceptual": "Content"
}
},
{
"docset_name": "windows",
"build_output_subfolder": "windows",
"locale": "en-us",
"version": 0,
"open_to_public_contributors": "false",
"type_mapping": {
"Conceptual": "Content"
}
},
{
"docset_name": "surface",
"build_output_subfolder": "devices/surface",
"locale": "en-us",
"version": 0,
"open_to_public_contributors": "false",
"type_mapping": {
"Conceptual": "Content"
}
},
{
"docset_name": "surface-hub",
"build_output_subfolder": "devices/surface-hub",
"locale": "en-us",
"version": 0,
"open_to_public_contributors": "false",
"type_mapping": {
"Conceptual": "Content"
}
},
{
"docset_name": "mdop",
"build_output_subfolder": "mdop",
"locale": "en-us",
"version": 0,
"open_to_public_contributors": "false",
"type_mapping": {
"Conceptual": "Content"
}
},
{
"docset_name": "education",
"build_output_subfolder": "education",
"locale": "en-us",
"version": 0,
"open_to_public_contributors": "false",
"type_mapping": {
"Conceptual": "Content"
}
}
],
"notification_subscribers": ["brianlic@microsoft.com"],
"branches_to_filter": [""]
"build_entry_point": "",
"need_generate_pdf": false,
"need_generate_intellisense": false,
"docsets_to_publish": [
{
"docset_name": "education",
"build_source_folder": "education",
"build_output_subfolder": "education",
"locale": "en-us",
"version": 0,
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content"
}
},
{
"docset_name": "internet-explorer",
"build_source_folder": "browsers/internet-explorer",
"build_output_subfolder": "browsers/internet-explorer",
"locale": "en-us",
"version": 0,
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content"
}
},
{
"docset_name": "itpro-hololens",
"build_source_folder": "devices/hololens",
"build_output_subfolder": "devices/hololens",
"locale": "en-us",
"version": 0,
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "op"
},
{
"docset_name": "mdop",
"build_source_folder": "mdop",
"build_output_subfolder": "mdop",
"locale": "en-us",
"version": 0,
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content"
}
},
{
"docset_name": "microsoft-edge",
"build_source_folder": "browsers/edge",
"build_output_subfolder": "browsers/edge",
"locale": "en-us",
"version": 0,
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content"
}
},
{
"docset_name": "surface",
"build_source_folder": "devices/surface",
"build_output_subfolder": "devices/surface",
"locale": "en-us",
"version": 0,
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content"
}
},
{
"docset_name": "surface-hub",
"build_source_folder": "devices/surface-hub",
"build_output_subfolder": "devices/surface-hub",
"locale": "en-us",
"version": 0,
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content"
}
},
{
"docset_name": "windows",
"build_source_folder": "windows",
"build_output_subfolder": "windows",
"locale": "en-us",
"version": 0,
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content"
}
}
],
"notification_subscribers": [
"brianlic@microsoft.com"
],
"branches_to_filter": [
""
],
"git_repository_url_open_to_public_contributors": "",
"skip_source_output_uploading": false,
"dependent_repositories": []
}

1
devices/hololens/TOC.md Normal file
View File

@ -0,0 +1 @@
# [Index](index.md)

37
devices/hololens/docfx.json Normal file
View File

@ -0,0 +1,37 @@
{
"build": {
"content": [
{
"files": [
"**/*.md"
],
"exclude": [
"**/obj/**",
"devices/hololens/**",
"**/includes/**"
]
}
],
"resource": [
{
"files": [
"**/*.png",
"**/*.jpg"
],
"exclude": [
"**/obj/**",
"devices/hololens/**",
"**/includes/**"
]
}
],
"overwrite": [],
"externalReference": [],
"globalMetadata": {},
"fileMetadata": {},
"template": [
null
],
"dest": "devices/hololens"
}
}

1
devices/hololens/index.md Normal file
View File

@ -0,0 +1 @@
# Index test file for Open Publishing

4
devices/surface-hub/create-and-test-a-device-account-surface-hub.md
View File

@ -55,11 +55,11 @@ These properties represent the minimum configuration for a device account to wor
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>Exchange mailbox (Exchange 2010 or later, or Exchange Online)</p></td>
<td align="left"><p>Exchange mailbox (Exchange 2013 or later, or Exchange Online)</p></td>
<td align="left"><p>Enabling the account with an Exchange mailbox gives the device account the capability to receive and send both mail and meeting requests, and to display a meetings calendar on the Surface Hubs welcome screen. The Surface Hub mailbox must be a room mailbox.</p></td>
</tr>
<tr class="even">
<td align="left"><p>Skype for Business-enabled (Lync/Skype for Business 2010 or later or Skype for Business Online)</p></td>
<td align="left"><p>Skype for Business-enabled (Lync/Skype for Business 2013 or later or Skype for Business Online)</p></td>
<td align="left"><p>Skype for Business must be enabled in order to use various conferencing features, like video calls, IM, and screen-sharing.</p></td>
</tr>
<tr class="odd">

2
devices/surface-hub/intro-to-surface-hub.md
View File

@ -33,7 +33,7 @@ The capabilities of your Surface Hub will depend on what other Microsoft product
<tbody>
<tr class="odd">
<td align="left"><p>One-touch meeting join, meetings calendar, and email (for example, sending whiteboards)</p></td>
<td align="left"><p>Device account with Microsoft Exchange 2010 or later, or Exchange Online and a network connection to where the account is hosted.</p></td>
<td align="left"><p>Device account with Microsoft Exchange 2013 or later, or Exchange Online and a network connection to where the account is hosted.</p></td>
</tr>
<tr class="even">
<td align="left"><p>Meetings using Skype for Business</p></td>

1
education/TOC.md Normal file
View File

@ -0,0 +1 @@
# [Index](index.md)

1
education/index.md Normal file
View File

@ -0,0 +1 @@
# Index test file for Open Publishing

19
windows/keep-secure/TOC.md
View File

@ -1,8 +1,5 @@
# [Keep Windows 10 secure](index.md)
## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md)
## [Device Guard certification and compliance](device-guard-certification-and-compliance.md)
### [Get apps to run on Device Guard-protected devices](getting-apps-to-run-on-device-guard-protected-devices.md)
### [Create a Device Guard code integrity policy based on a reference device](creating-a-device-guard-policy-for-signed-apps.md)
## [Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md)
### [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md)
### [Enable phone sign-in to PC or VPN](enable-phone-signin-to-pc-and-vpn.md)
@ -14,6 +11,16 @@
### [Windows Hello biometrics in the enterprise](windows-hello-in-enterprise.md)
## [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md)
## [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md)
## [Device Guard deployment guide](device-guard-deployment-guide.md)
### [Introduction to Device Guard: virtualization-based security and code integrity policies](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md)
### [Requirements and deployment planning guidelines for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md)
### [Planning and getting started on the Device Guard deployment process](planning-and-getting-started-on-the-device-guard-deployment-process.md)
### [Deploy Device Guard: deploy code integrity policies](deploy-device-guard-deploy-code-integrity-policies.md)
#### [Optional: Create a code signing certificate for code integrity policies](optional-create-a-code-signing-certificate-for-code-integrity-policies.md)
#### [Deploy code integrity policies: policy rules and file rules](deploy-code-integrity-policies-policy-rules-and-file-rules.md)
#### [Deploy code integrity policies: steps](deploy-code-integrity-policies-steps.md)
#### [Deploy catalog files to support code integrity policies](deploy-catalog-files-to-support-code-integrity-policies.md)
### [Deploy Device Guard: enable virtualization-based security](deploy-device-guard-enable-virtualization-based-security.md)
## [Protect derived domain credentials with Credential Guard](credential-guard.md)
## [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md)
## [Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md)
@ -27,9 +34,10 @@
### [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
#### [Windows Information Protection (WIP) overview](wip-enterprise-overview.md)
#### [Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](mandatory-settings-for-wip.md)
#### [Enlightened apps for use with enterprise data protection (EDP)](enlightened-microsoft-apps-and-edp.md)
#### [Testing scenarios for enterprise data protection (EDP)](testing-scenarios-for-edp.md)
#### [Enlightened apps for use with Windows Information Protection (WIP)](enlightened-microsoft-apps-and-wip.md)
#### [Testing scenarios for Windows Information Protection (WIP)](testing-scenarios-for-wip.md)
## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)
## [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md)
## [VPN profile options](vpn-profile-options.md)
## [Windows security baselines](windows-security-baselines.md)
## [Security technologies](security-technologies.md)
@ -832,7 +840,6 @@
###### [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)
## [Enterprise security guides](windows-10-enterprise-security-guides.md)
### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
### [Device Guard deployment guide](device-guard-deployment-guide.md)
### [Microsoft Passport guide](microsoft-passport-guide.md)
### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
### [Windows 10 security overview](windows-10-security-guide.md)

21
windows/keep-secure/change-history-for-keep-windows-10-secure.md
View File

@ -12,22 +12,25 @@ author: brianlic-msft
# Change history for Keep Windows 10 secure
This topic lists new and updated topics in the [Keep Windows 10 secure](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
## August 2016
- [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |New |
## RELEASE: Windows 10, version 1607
The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added:
- [Enable phone sign-in to PC or VPN](enable-phone-signin-to-pc-and-vpn.md)
- [Remote Credential Guard](remote-credential-guard.md)
- [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md)
- [Windows Defender Offline in Windows 10](windows-defender-offline.md)
- [Use PowerShell cmdlets for Windows Defender](use-powershell-cmdlets-windows-defender-for-windows-10.md)
- [Use PowerShell cmdlets to configure and run Windows Defender](use-powershell-cmdlets-windows-defender-for-windows-10.md)
- [Enable the Block at First Sight feature in Windows 10](windows-defender-block-at-first-sight.md)
- [Configure enhanced notifications for Windows Defender in Windows 10](windows-defender-enhanced-notifications.md)
- [Run a Windows Defender scan from the command line](run-cmd-scan-windows-defender-for-windows-10.md)
- [Detect and block Potentially Unwanted Applications with Windows Defender](enable-pua-windows-defender-for-windows-10.md)
- [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md)
- [Configure endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
- [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
- [Configure SIEM tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md)
- [Assign user access to the Windows Defender ATP portal](assign-portal-access-windows-defender-advanced-threat-protection.md)
- [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
- [Configure security information and events management (SIEM) tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md)
- [Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md)
@ -37,8 +40,8 @@ The topics in this library have been updated for Windows 10, version 1607 (also
|----------------------|-------------|
|[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |New |
|[Mandatory settings for Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |New |
|[Create an enterprise data protection (EDP) policy using Microsoft Intune](create-edp-policy-using-intune.md) |New |
|[Create an enterprise data protection (EDP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md) |New |
|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |New |
|[Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) |New |
|[Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) (multiple topics) | Updated |
|[Device Guard deployment guide](device-guard-deployment-guide.md) (multiple topics) | Updated |
@ -47,7 +50,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also
|New or changed topic | Description |
|----------------------|-------------|
|[Create an enterprise data protection (EDP) policy using Microsoft Intune](create-edp-policy-using-intune.md) |Added an update about needing to reconfigure your enterprise data protection app rules after delivery of the June service update. |
|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Added an update about needing to reconfigure your enterprise data protection app rules after delivery of the June service update. |
| [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md) (multiple topics) | New |
| [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) (mutiple topics) | New security monitoring reference topics |
| [Windows security baselines](windows-security-baselines.md) | New |

10
windows/keep-secure/credential-guard.md
View File

@ -115,6 +115,11 @@ The PC must meet the following hardware and software requirements to use Credent
<td align="left"><p>Virtual machine</p></td>
<td align="left"><p>For PCs running Windows 10, version 1607, you can run Credential Guard on a Generation 2 virtual machine.</p></td>
</tr>
</tr>
<tr class="even">
<td align="left"><p>Hypervisor</p></td>
<td align="left"><p>Only the Windows hypervisor is supported.</p></td>
</tr>
</tbody>
</table>
 
@ -158,6 +163,7 @@ First, you must add the virtualization-based security features. You can do this
``` syntax
dism /image:<WIM file name> /Enable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /all
```
> [!NOTE]
> You can also add these features to an online image by using either DISM or Configuration Manager.
@ -183,6 +189,7 @@ If you don't use Group Policy, you can enable Credential Guard by using the regi
- Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Credential Guard with UEFI lock, set it to 2 to enable Credential Guard without lock, and set it to 0 to disable it.
4. Close Registry Editor.
> [!NOTE]
> You can also turn on Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting.
@ -348,6 +355,7 @@ On devices that are running Credential Guard, enroll the devices using the machi
``` syntax
CertReq -EnrollCredGuardCert MachineAuthentication
```
> [!NOTE]
> You must restart the device after enrolling the machine authentication certificate.
 
@ -364,6 +372,7 @@ By using an authentication policy, you can ensure that users only sign into devi
``` syntax
.\set-IssuancePolicyToGroupLink.ps1 IssuancePolicyName:”<name of issuance policy>” groupOU:”<Name of OU to create>” groupName:”<name of Universal security group to create>”
```
### Deploy the authentication policy
Before setting up the authentication policy, you should log any failed attempt to apply an authentication policy on the KDC. To do this in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**.
@ -388,6 +397,7 @@ Now you can set up an authentication policy to use Credential Guard.
14. Click **OK** to create the authentication policy.
15. Close Active Directory Administrative Center.
> [!NOTE]
> When authentication policies in enforcement mode are deployed with Credential Guard, users will not be able to sign in using devices that do not have the machine authentication certificate provisioned. This applies to both local and remote sign in scenarios.
 

14
windows/keep-secure/enable-pua-windows-defender-for-windows-10.md
View File

@ -32,7 +32,7 @@ Since the stakes are higher in an enterprise environment, the potential disaster
##Enable PUA protection in SCCM and Intune
The PUA feature is available for enterprise users who are running System Center Configuration Manager (SCCM) or Microsoft Intune in their infrastructure.
The PUA feature is available for enterprise users who are running System Center Configuration Manager (SCCM) or Intune in their infrastructure.
###Configure PUA in SCCM
@ -53,10 +53,8 @@ You can use PowerShell to detect PUA without blocking them. In fact, you can run
a. Click **Start**, type **powershell**, and press **Enter**.
b. Click **Windows PowerShell** to open the interface.
> [!NOTE]
> You may need to open an administrator-level version of PowerShell. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
2. Enter the PowerShell command:
```text
@ -89,15 +87,12 @@ You can find a complete list of the Microsoft antimalware event IDs, the symbol,
##What PUA notifications look like
When a detection occurs, end users who enabled the PUA detection feature will see the following notification:<br>
When a detection occurs, end users who enabled the PUA detection feature will see the following notification:
![Image showing the potentally unwanted application detection](images/pua1.png)
To see historical PUA detections that occurred on a PC, users can go to History, then **Quarantined items** or **All detected items**.<br>
To see historical PUA detections that occurred on a PC, users can go to History, then **Quarantined items** or **All detected items**.
![Image showing the potentally unwanted application detection history](images/pua2.png)
##PUA threat file-naming convention
##PUA threat naming convention
When enabled, potentially unwanted applications are identified with threat names that start with “PUA:”, such as, PUA:Win32/Creprote.
@ -105,6 +100,5 @@ When enabled, potentially unwanted applications are identified with threat names
PUA protection quarantines the file so they wont run. PUA will be blocked only at download or install-time. A file will be included for blocking if it has been identified as PUA and meets one of the following conditions:
* The file is being scanned from the browser
* The file has [Mark of the Web](https://msdn.microsoft.com/en-us/library/ms537628%28v=vs.85%29.aspx) set
* The file is in the %downloads% folder
* Or if the file in the %temp% folder

4
windows/keep-secure/enlightened-microsoft-apps-and-wip.md
View File

@ -10,11 +10,11 @@ ms.pagetype: security
author: eross-msft
---
# List of enlightened Microsoft apps for use with Windows Information Protection(WIP)
# List of enlightened Microsoft apps for use with Windows Information Protection (WIP)
**Applies to:**
- Windows 10, version 6017
- Windows 10, version 1607
- Windows 10 Mobile
Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list.

1
windows/keep-secure/guidance-and-best-practices-wip.md
View File

@ -21,6 +21,7 @@ This section includes info about the enlightened Microsoft apps, including how t
## In this section
|Topic |Description |
|------|------------|
|[Windows Information Protection (WIP) overview](wip-enterprise-overview.md) |High-level overview info about why to use WIP, the enterprise scenarios, and how to turn it off. |
|[Mandatory settings for Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |A list of all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as Windows Information Protection (WIP), in your enterprise. |
|[Enlightened apps for use with Windows Information Protection (WIP)](enlightened-microsoft-apps-and-wip.md) |Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list. |
|[Testing scenarios for Windows Information Protection (WIP)](testing-scenarios-for-wip.md) |We've come up with a list of suggested testing scenarios that you can use to test WIP in your company. |

BIN
windows/keep-secure/images/gp-process-mitigation-options-bit-flag-image.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.7 KiB

BIN
windows/keep-secure/images/gp-process-mitigation-options-show.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 20 KiB

BIN
windows/keep-secure/images/gp-process-mitigation-options.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 136 KiB

1
windows/keep-secure/index.md
View File

@ -25,6 +25,7 @@ Learn about keeping Windows 10 and Windows 10 Mobile secure.
| [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) | Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that's requesting the connection. |
| [Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) | With the increase of employee-owned devices in the enterprise, theres also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprises control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage. |
| [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md) | Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected. |
|[Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |Use Group Policy to override individual **Process Mitigation Options** settings and help to enforce specific app-related security policies. |
| [VPN profile options](vpn-profile-options.md) | Virtual private networks (VPN) let you give your users secure remote access to your company network. Windows 10 adds useful new VPN profile options to help you manage how users connect. |
| [Windows security baselines](windows-security-baselines.md) | Learn why you should use security baselines in your organization. |
| [Security technologies](security-technologies.md) | Learn more about the different security technologies that are available in Windows 10 and Windows 10 Mobile. |

58
windows/keep-secure/override-mitigation-options-for-app-related-security-policies.md Normal file
View File

@ -0,0 +1,58 @@
---
title: Override Process Mitigation Options to help enforce app-related security policies (Windows 10)
description: How to use Group Policy to override individual Process Mitigation Options settings and to help enforce specific app-related security policies.
keywords: Process Mitigation Options, Mitigation Options, Group Policy Mitigation Options
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: security
ms.sitesec: library
---
# Override Process Mitigation Options to help enforce app-related security policies
**Applies to:**
- Windows 10, version 1607
- Windows Server 2016
Use Group Policy to override individual **Process Mitigation Options** settings and help to enforce specific app-related security policies.
**To modify Process Mitigation Options**
1. Open your Group Policy editor and go to the **Administrative Templates\System\Mitigation Options\Process Mitigation Options** setting.
![Group Policy editor: Process Mitigation Options with setting enabled and Show button active](images/gp-process-mitigation-options.png)
2. Click **Enabled**, and then in the **Options** area, click **Show** to open the **Show Contents** box, where youll be able to add your apps and the appropriate bit flag values, as shown in the [Setting the bit field](#setting-the-bit-field) and [Example](#example) sections of this topic.
**Important**<br>For each app you want to include, you must include:
- **Value name.** The app file name, including the extension. For example, iexplore.exe.
- **Value.** A bit field with a series of bit flags in particular positions. Bits can be set to 0 (where the setting is forced off), 1 (where the setting is forced on), or ? (where the setting retains the previous, existing value).
**Note**<br>Setting bit flags in positions not specified here to anything other than ? might cause undefined behavior.
![Group Policy editor: Process Mitigation Options with Show Contents box and example text](images/gp-process-mitigation-options-show.png)
## Setting the bit field
Heres a visual representation of the bit flag locations for the various Process Mitigation Options settings:
![Visual representation of the bit flag locations for the Process Mitigation Options settings](images/gp-process-mitigation-options-bit-flag-image.png)
Where the bit flags are read from right to left and are defined as:
|Flag |Bit location |Setting |Details |
|-----|--------------|--------|--------|
|A |0 |PROCESS_CREATION_MITIGATION_<br>POLICY_DEP_ENABLE (0x00000001) |Turns on Data Execution Prevention (DEP) for child processes. |
|B |1 |PROCESS_CREATION_MITIGATION_<br>POLICY_DEP_ATL_THUNK_ENABLE (0x00000002) |Turns on DEP-ATL thunk emulation for child processes. DEP-ATL thunk emulation lets the system intercept non-executable (NX) faults that originate from the Active Template Library (ATL) thunk layer, and then emulate and handle the instructions so the process can continue to run. |
|C |2 |PROCESS_CREATION_MITIGATION_<br>POLICY_SEHOP_ENABLE (0x00000004) |Turns on Structured Exception Handler Overwrite Protection (SEHOP) for child processes. SEHOP helps to block exploits that use the Structured Exception Handler (SEH) overwrite technique. |
|D |8 |PROCESS_CREATION_MITIGATION_<br>POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000100) |Uses the force Address Space Layout Randomization (ASLR) setting to act as though an image base collision happened at load time, forcibly rebasing images that arent dynamic base compatible. Images without the base relocation section wont be loaded if relocations are required. |
|E |15 |PROCESS_CREATION_MITIGATION_<br>POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00010000) |Turns on the bottom-up randomization policy, which includes stack randomization options and causes a random location to be used as the lowest user address. |
|F |16 |PROCESS_CREATION_MITIGATION_<br>POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00020000) |Turns off the bottom-up randomization policy, which includes stack randomization options and causes a random location to be used as the lowest user address. |
## Example
If you want to turn on the **PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE** and **PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON** settings, turn off the **PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF** setting, and leave everything else as the default values, youd want to type a value of `???????????????0???????1???????1`.

2
windows/keep-secure/protect-enterprise-data-using-wip.md
View File

@ -16,7 +16,7 @@ author: eross-msft
- Windows 10, version 1607
- Windows 10 Mobile
With the increase of employee-owned devices in the enterprise, theres also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprises control. For example, when an employee sends the latest engineering pictures to their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
With the increase of employee-owned devices in the enterprise, theres also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprises control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
Windows Information Protection (WIP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Finally, another data protection technology, Azure Rights Management also works alongside WIP to extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client.

10
windows/keep-secure/windows-defender-block-at-first-sight.md
View File

@ -21,7 +21,7 @@ Block at First Sight is a feature of Windows Defender cloud protection that prov
You can enable Block at First Sight with Group Policy or individually on endpoints.
## Backend procesing and near-instant determinations
## Backend processing and near-instant determinations
When a Windows Defender client encounters a suspicious but previously undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean.
@ -86,16 +86,16 @@ Block at First Sight requires a number of Group Policy settings to be configured
5. Expand the tree through **Windows components > Windows Defender > MAPS**.
1. Double-click the **Configure the <EFBFBD>Block at First Sight<EFBFBD> feature** setting and set the option to **Enabled**.
1. Double-click the **Configure the Block at First Sight feature** setting and set the option to **Enabled**.
> [!NOTE]
> The Block at First Sight feature will not function if the pre-requisite group policies have not been correctly set.
### Manually enable Block at First Sight on Individual clients
### Manually enable Block at First Sight on individual clients
To configure un-managed clients that are running Windows 10, Block at First Sight is automatically enabled as long as **Cloud-based protection** and **Automatic sample submission** are both turned on.
**Enable Block at First Sight on invididual clients**
**Enable Block at First Sight on individual clients**
1. Open Windows Defender settings:
@ -110,4 +110,4 @@ To configure un-managed clients that are running Windows 10, Block at First Sigh
## Related topics
- [Windows Defender in Windows 10](windows-defender-in-windows-10.md)
- [Windows Defender in Windows 10](windows-defender-in-windows-10.md)

4
windows/manage/TOC.md
View File

@ -36,7 +36,7 @@
## [Configure devices without MDM](configure-devices-without-mdm.md)
## [Windows 10 servicing options](introduction-to-windows-10-servicing.md)
## [Application development for Windows as a service](application-development-for-windows-as-a-service.md)
## [Application Virtualization for Windows (App-V)](appv-for-windows.md)
## [Application Virtualization (App-V) for Windows](appv-for-windows.md)
### [Getting Started with App-V](appv-getting-started.md)
#### [About App-V](appv-about-appv.md)
##### [Release Notes for App-V](appv-release-notes-for-appv-for-windows.md)
@ -133,7 +133,7 @@
#### [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md)
#### [Viewing App-V Server Publishing Metadata](appv-viewing-appv-server-publishing-metadata.md)
#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md)
## [User Experience Virtualization (UE-V)](uev-for-windows.md)
## [User Experience Virtualization (UE-V) for Windows](uev-for-windows.md)
### [Get Started with UE-V](uev-getting-started.md)
#### [What's New in UE-V for Windows 10, version 1607](uev-whats-new-in-uev-for-windows.md)
#### [User Experience Virtualization Release Notes](uev-release-notes-1607.md)

113
windows/manage/appv-about-appv.md
View File

@ -9,10 +9,11 @@ ms.prod: w10
---
# About App-V
# About App-V for Windows
Applies to: Windows 10, version 1607
Use the following sections to review information about significant changes that apply to Application Virtualization (App-V):
Review the following sections for information about significant changes that apply to Application Virtualization (App-V) for Windows:
[App-V software prerequisites and supported configurations](#bkmk-51-prereq-configs)
@ -32,10 +33,10 @@ Use the following sections to review information about significant changes that
[Hardcoded path to installation folder is redirected to virtual file system root](#bkmk-hardcodepath)
## <a href="" id="bkmk-51-prereq-configs"></a>App-V software prerequisites and supported configurations
## <a href="" id="bkmk-51-prereq-configs"></a>App-V for Windows software prerequisites and supported configurations
See the following links for the App-V software prerequisites and supported configurations.
See the following links for the App-V for Windows software prerequisites and supported configurations.
<table>
<colgroup>
@ -51,7 +52,7 @@ See the following links for the App-V software prerequisites and supported confi
<tbody>
<tr class="odd">
<td align="left"><p>[App-V Prerequisites](appv-prerequisites.md)</p></td>
<td align="left"><p>Prerequisite software that you must install before starting the App-V installation</p></td>
<td align="left"><p>Prerequisite software that you must install before you can get started with App-V for Windows</p></td>
</tr>
<tr class="even">
<td align="left"><p>[App-V Supported Configurations](appv-supported-configurations.md)</p></td>
@ -62,12 +63,12 @@ See the following links for the App-V software prerequisites and supported confi
 
**Support for using Configuration Manager with App-V:** App-V supports System Center 2012 R2 Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx) for information about integrating your App-V environment with Configuration Manager and Configuration Manager.
**Support for using Configuration Manager with App-V:** App-V supports System Center 2012 R2 Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx) for information about integrating your App-V environment with Configuration Manager.
## <a href="" id="bkmk-migrate-to-51"></a>Migrating to App-V
## <a href="" id="bkmk-migrate-to-51"></a>Upgrade to App-V for Windows
Use the following information to upgrade to App-V from earlier versions. See [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md) for more information.
Use the following information to upgrade to App-V for Windows from earlier versions. See [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md) for more information.
### Before you start the upgrade
@ -102,24 +103,21 @@ Review the following information before you start the upgrade:
</tr>
<tr class="even">
<td align="left"><p>Upgrading from App-V 4.x</p></td>
<td align="left"><p>You must first upgrade to App-V 5.0. You cannot upgrade directly from App-V 4.x to App-V. For more information, see:</p>
<ul>
<li><p>“Differences between App-V 4.6 and App-V 5.0” in [About App-V 5.0](https://technet.microsoft.com/en-us/itpro/mdop/appv-v5/about-app-v-50.md)</p></li>
<li><p>[Planning for Migrating from a Previous Version of App-V](appv-planning-for-migrating-from-a-previous-version-of-appv.md)</p></li>
<td align="left"><p>You must first upgrade to App-V 5.0. You cannot upgrade directly from App-V 4.x to App-V for Windows. For more information, see [Planning for Migrating from a Previous Version of App-V](appv-planning-for-migrating-from-a-previous-version-of-appv.md)</p></li>
</ul>
<p></p></td>
</tr>
<tr class="odd">
<td align="left"><p>Upgrading from App-V 5.0 or later</p></td>
<td align="left"><p>You can upgrade to App-V directly from any of the following versions:</p>
<td align="left"><p>You can upgrade to App-V for Windows directly from any of the following versions:</p>
<ul>
<li><p>App-V 5.0</p></li>
<li><p>App-V 5.0 SP1</p></li>
<li><p>App-V 5.0 SP2</p></li>
<li><p>App-V 5.0 SP3</p></li>
</ul>
<p>To upgrade to App-V, follow the steps in the remaining sections of this topic.</p>
<p>Packages and connection groups will continue to work with App-V as they currently do.</p></td>
<p>To upgrade to App-V for Windows, follow the steps in the remaining sections of this topic.</p>
<p>Packages and connection groups will continue to work with App-V for Windows as they currently do.</p></td>
</tr>
</tbody>
</table>
@ -128,7 +126,7 @@ Review the following information before you start the upgrade:
### <a href="" id="bkmk-steps-upgrd-infrastruc"></a>Steps to upgrade the App-V infrastructure
Complete the following steps to upgrade each component of the App-V infrastructure to App-V. The following order is only a suggestion; you may upgrade components in any order.
Complete the following steps to upgrade each component of the App-V infrastructure to App-V for Windows. The following order is only a suggestion; you can upgrade components in any order.
<table>
<colgroup>
@ -153,7 +151,7 @@ Complete the following steps to upgrade each component of the App-V infrastructu
</div></td>
<td align="left"><p>Follow these steps:</p>
<ol>
<li><p>Do one of the following, depending on the method you are using to upgrade the Management database and/or Reporting database:</p>
<li><p>Do one of the following, depending on the method you are using to upgrade the management database and/or reporting database:</p>
<table>
<colgroup>
<col width="50%" />
@ -176,17 +174,17 @@ Complete the following steps to upgrade each component of the App-V infrastructu
</tr>
</tbody>
</table>
<li><p>If you are upgrading the App-V Server from App-V 5.0 SP1 Hotfix Package 3 or later, complete the steps in section [Check registry keys after installing the App-V 5.0 SP3 Server](https://technet.microsoft.com/en-us/itpro/mdop/appv-v5/check-reg-key-svr).</p></li>
<li><p>If you are upgrading the App-V for Windows Server from App-V 5.0 SP1 Hotfix Package 3 or later, complete the steps in section [Check registry keys after installing the App-V 5.0 SP3 Server](https://technet.microsoft.com/en-us/itpro/mdop/appv-v5/check-reg-key-svr).</p></li>
<li><p>Follow the steps in [How to Deploy the App-V Server](appv-deploy-the-appv-server.md)</p></li>
<p> </p></li>
</ol></td>
</tr>
<tr class="even">
<td align="left"><p>Step 2: Upgrade the App-V Sequencer.</p></td>
<td align="left"><p>Step 2: Install the new App-V for Windows sequencer.</p></td>
<td align="left"><p>See [How to Install the Sequencer](appv-install-the-sequencer.md).</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Step 3: Enabled the App-V Client.</p></td>
<td align="left"><p>Step 3: Enable the in-box App-V Client.</p></td>
<td align="left"><p>See [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).</p></td>
</tr>
</tbody>
@ -198,61 +196,24 @@ Complete the following steps to upgrade each component of the App-V infrastructu
Use the package converter utility to upgrade virtual application packages created using versions of App-V prior to App-V 5.0. The package converter uses PowerShell to convert packages and can help automate the process if you have many packages that require conversion.
**Note**  
App-V packages are exactly the same as App-V 5.0 packages. There has been no change in the package format between the versions and so there is no need to convert App-V 5.0 packages to App-V packages.
>**Note**  
App-V for Windows packages are exactly the same as App-V 5.0 packages. There has been no change in the package format between the versions and so there is no need to convert App-V 5.0 packages to App-V for Windows packages.
 
## <a href="" id="bkmk-whatsnew"></a>Whats New in App-V
These sections are for users who are already familiar with App-V and want to know what has changed in App-V. If you are not already familiar with App-V, you should start by reading [Planning for App-V](appv-planning-for-appv.md).
These sections are for users who are already familiar with App-V and want to know what has changed in App-V for Windows. If you are not already familiar with App-V, you should start by reading [Planning for App-V](appv-planning-for-appv.md).
### <a href="" id="bkmk-win10support"></a>App-V support for Windows 10
The following table lists the Windows 10 support for App-V. Windows 10 is not supported in versions of App-V prior to App-V.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Component</th>
<th align="left">App-V</th>
<th align="left">App-V 5.0</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>App-V Client</p></td>
<td align="left"><p>Yes</p></td>
<td align="left"><p>No</p></td>
</tr>
<tr class="even">
<td align="left"><p>App-V RDS Client</p></td>
<td align="left"><p>Yes</p></td>
<td align="left"><p>No</p></td>
</tr>
<tr class="odd">
<td align="left"><p>App-V Sequencer</p></td>
<td align="left"><p>Yes</p></td>
<td align="left"><p>No</p></td>
</tr>
</tbody>
</table>
 
### <a href="" id="bkmk-mgmtconsole"></a>App-V Management Console Changes
This section compares the App-V Management Consoles current and previous functionality.
This section compares the App-V for Windows Management Consoles current and previous functionality.
### Silverlight is no longer required
The Management Console UI no longer requires Silverlight. The 5.1 Management Console is built on HTML5 and Javascript.
The Management Console UI no longer requires Silverlight. The Management Console is built on HTML5 and Javascript.
### Notifications and messages are displayed individually in a dialog box
@ -263,7 +224,7 @@ The Management Console UI no longer requires Silverlight. The 5.1 Management Con
</colgroup>
<thead>
<tr class="header">
<th align="left">New in App-V</th>
<th align="left">New in App-V for Windows</th>
<th align="left">Prior to App-V</th>
</tr>
</thead>
@ -300,8 +261,8 @@ The Management Console UI no longer requires Silverlight. The 5.1 Management Con
</colgroup>
<thead>
<tr class="header">
<th align="left">New in App-V</th>
<th align="left">Prior to App-V</th>
<th align="left">New in App-V for Windows</th>
<th align="left">Prior to App-V for Windows</th>
</tr>
</thead>
<tbody>
@ -324,8 +285,8 @@ The Management Console UI no longer requires Silverlight. The 5.1 Management Con
</colgroup>
<thead>
<tr class="header">
<th align="left">New in App-V</th>
<th align="left">Prior to App-V</th>
<th align="left">New in App-V for Windows</th>
<th align="left">Prior to App-V for Windows</th>
</tr>
</thead>
<tbody>
@ -347,8 +308,8 @@ The Management Console UI no longer requires Silverlight. The 5.1 Management Con
</colgroup>
<thead>
<tr class="header">
<th align="left">New in App-V</th>
<th align="left">Prior to App-V</th>
<th align="left">New in App-V for Windows</th>
<th align="left">Prior to App-V Windows</th>
</tr>
</thead>
<tbody>
@ -483,7 +444,7 @@ You can enable or disable Browser Helper Objects by selecting a new check box, E
You can now use the package converter to convert App-V 4.6 packages that contain scripts, and registry information and scripts from source .osd files are now included in package converter output.
For more information including examples, see [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md).
For more information including examples, see [Migrating to App-V for Windows from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md).
### <a href="" id="bkmk-supmultscripts"></a>Support for multiple scripts on a single event trigger
@ -491,18 +452,6 @@ App-V supports the use of multiple scripts on a single event trigger for App-V p
For more information, including a list of event triggers and the context under which scripts can be run, see the Scripts section in [About App-V Dynamic Configuration](appv-dynamic-configuration.md).
### <a href="" id="bkmk-hardcodepath"></a>Hardcoded path to installation folder is redirected to virtual file system root
When you convert packages from App-V 4.6 to 5.1, the App-V package can access the hardcoded drive that you were required to use when you created 4.6 packages. The drive letter will be the drive you selected as the installation drive on the 4.6 sequencing machine. (The default drive letter is Q:\\.)
Previously, the 4.6 root folder was not recognized and could not be accessed by App-V 5.0 packages. App-V packages can access hardcoded files by their full path or can programmatically enumerate files under the App-V 4.6 installation root.
**Technical Details:** The App-V package converter will save the App-V 4.6 installation root folder and short folder names in the FilesystemMetadata.xml file in the Filesystem element. When the App-V client creates the virtual process, it will map requests from the App-V 4.6 installation root to the virtual file system root.
## How to Get MDOP Technologies
App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049).
## Have a suggestion for App-V?

2
windows/manage/appv-for-windows.md
View File

@ -9,7 +9,7 @@ ms.prod: w10
---
# Application Virtualization (App-V) overview
# Application Virtualization (App-V) for Windows 10 overview
The topics in this section provides information and step-by-step procedures to help you administer App-V and its components. This information will be valuable for system administrators who manage large installations with many servers and clients and for support personnel who interact directly with the computers or the end users.

3
windows/manage/appv-getting-started.md
View File

@ -11,10 +11,9 @@ ms.prod: w10
# Getting Started with App-V
Microsoft Application Virtualization (App-V) enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service in real time and on as as-needed basis. Users launch virtual applications from familiar access points, including the Windows Store, and interact with them as if they were installed locally.
With the release of Windows 10, version 1607, App-V is included with the [Windows 10 Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise) and is available with Software Assurance. If you are new to Windows 10 and App-V, youll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. For information about what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md).
With the release of Windows 10, version 1607, App-V is included with the [Windows 10 Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise). If you are new to Windows 10 and App-V, youll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. For information about what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md).
If youre already using App-V, performing an in-place upgrade to Windows 10 on user devices automatically installs the App-V client and migrates users App-V applications and settings. For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md).

2
windows/manage/change-history-for-manage-and-update-windows-10.md
View File

@ -21,6 +21,8 @@ The topics in this library have been updated for Windows 10, version 1607 (also
- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
- [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)
- [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md)
- [Application Virtualization (App-V) for Windows 10](appv-for-windows.md)
- [User Experience Virtualization (UE-V) for Windows 10](uev-for-windows.md)
## July 2016

3
windows/manage/group-policies-for-enterprise-and-education-editions.md
View File

@ -26,7 +26,8 @@ In Windows 10, version 1607, the following Group Policies apply only to Windows
| **Do not show Windows Tips** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md |
| **Force a specific default lock screen image** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md) |
| **Start layout** | User Configuration\Administrative Templates\Start Menu and Taskbar | For more info, see [Manage Windows 10 Start layout options and policies](windows-10-start-layout-options-and-policies.md) |
| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application<br><br>User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). |
| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application<br><br>User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). |
| **Only display the private store within the Windows Store app** | Computer Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Windows Store app<br><br>User Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Windows Store app | For more info, see [Manage access to private store](manage-access-to-private-store.md) |
| **Don't search the web or display web results** | Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results | For more info, see [Cortana integration in your enterprise](manage-cortana-in-enterprise.md) |

20
windows/manage/uev-for-windows.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.prod: w10
---
# User Experience Virtualization overview
# User Experience Virtualization (UE-V) for Windows 10 overview
Many users customize their settings for Windows and for specific applications. Customizable Windows settings include Windows Store appearance, language, background picture, font size, and accent colors. Customizable application settings include language, appearance, behavior, and user interface options.
@ -24,6 +24,8 @@ With User Experience Virtualization (UE-V), you can capture user-customized Wind
- Recover settings after hardware replacement or upgrade, or after re-imaging a virtual machine to its initial state
With the release of Windows 10, version 1607, UE-V is included with the Windows 10 for Enterprise edition. If you are new to Windows 10 and UE-V or upgrading from a previous version of UE-V, youll need to download, activate, and install server- and client-side components to start synchronizing user-customized settings across devices.
## Components of UE-V
The diagram below illustrates how UE-V components work together to synchronize user settings.
@ -48,7 +50,7 @@ Use these UE-V components to create and manage custom templates for your third-p
| Component | Description |
|-------------------------------|---------------|
| **UE-V template generator** | Use the **UE-V template generator** to create custom settings location templates that you can then distribute to user computers. The UE-V template generator also lets you edit an existing template or validate a template that was created with a different XML editor. <br>With the Windows 10, version 1607 release, the UE-V template generator is installed with the [Windows 10 Assessment and Deployment kit](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) (Windows ADK). <br>If you are upgrading from an existing UE-V installation, youll need to use the new generator to create new settings location templates. Application templates created with previous versions of the UE-V template generator are still supported, however. |
| **UE-V template generator** | Use the **UE-V template generator** to create custom settings location templates that you can then distribute to user computers. The UE-V template generator also lets you edit an existing template or validate a template that was created with a different XML editor. <br>With the Windows 10, version 1607 release, the UE-V template generator is installed with the [Windows Assessment and Deployment kit for Windows 10, version 1607](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) (Windows ADK). <br>If you are upgrading from an existing UE-V installation, youll need to use the new generator to create new settings location templates. Application templates created with previous versions of the UE-V template generator are still supported, however. |
| **Settings template catalog** | The **settings template catalog** is a folder path on UE-V computers or a Server Message Block (SMB) network share that stores the custom settings location templates. The UE-V service checks this location once a day, retrieves new or updated templates, and updates its synchronization behavior.<br>If you use only the UE-V default settings location templates, then a settings template catalog is unnecessary. For more information about settings deployment catalogs, see [Deploy a UE-V settings template catalog](uev-deploy-uev-for-custom-applications.md#deploycatalogue). |
<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE - NOTE THAT UPDATED IMAGE IS A PNG FILE
@ -63,7 +65,7 @@ UE-V synchronizes settings for these applications by default. For a complete lis
- Microsoft Office 2016, 2013, and 2010
- Internet Explorer 11, 10, and 9
- Internet Explorer 11 and 10
- Many Windows applications, such as Xbox
@ -71,22 +73,22 @@ UE-V synchronizes settings for these applications by default. For a complete lis
- Many Windows settings, such as desktop background or wallpaper
**Note**
>**Note**
You can also [customize UE-V to synchronize settings](uev-deploy-uev-for-custom-applications.md) for applications other than those synchronized by default.
## Other resources for this feature
- [Get Started with UE-V](uev-getting-started.md)
- [Get Started with UE-V for Windows 10](uev-getting-started.md)
- [UE-V Release Notes](uev-release-notes-1607.md)
- [UE-V for Windows 10 Release Notes](uev-release-notes-1607.md)
- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
- [Prepare to deploy UE-V for Windows 10](uev-prepare-for-deployment.md)
- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
- [Administer UE-V](uev-administering-uev.md)
- [Administer UE-V for Windows 10](uev-administering-uev.md)
- [Technical Reference for UE-V](uev-technical-reference.md)
- [Technical Reference for UE-V for Windows 10](uev-technical-reference.md)
## Have a suggestion for UE-V?

2
windows/plan/change-history-for-plan-for-windows-10-deployment.md
View File

@ -16,7 +16,7 @@ This topic lists new and updated topics in the [Plan for Windows 10 deployment](
## RELEASE: Windows 10, version 1607
The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added:
The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update).
## July 2016

2
windows/whats-new/applocker.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
author: brianlic-msft
redirect_url: whats-new-windows-10-version-1507-and-1511.md
redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview
---
# What's new in AppLocker?

2
windows/whats-new/bitlocker.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security, mobile
author: brianlic-msft
redirect_url: whats-new-windows-10-version-1507-and-1511.md
redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview
---
# What's new in BitLocker?

2
windows/whats-new/credential-guard.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
author: brianlic-msft
redirect_url: whats-new-windows-10-version-1507-and-1511.md
redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
---
# What's new in Credential Guard?

2
windows/whats-new/device-management.md
View File

@ -7,7 +7,7 @@ ms.pagetype: devices, mobile
ms.mktglfcycl: explore
ms.sitesec: library
author: jdeckerMS
redirect_url: /whats-new/whats-new-windows-10-version-1507-and-1511
redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/manage-corporate-devices
---
# Enterprise management for Windows 10 devices

2
windows/whats-new/lockdown-features-windows-10.md
View File

@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: jdeckerMS
redirect_url: /manage/lockdown-features-windows-10
redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/lockdown-features-windows-10
---
# Lockdown features from Windows Embedded 8.1 Industry

2
windows/whats-new/microsoft-passport.md
View File

@ -8,7 +8,7 @@ ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: mobile, security
author: jdeckerMS
redirect_url: /whats-new/whats-new-windows-10-version-1607
redirect_url: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/manage-identity-verification-using-microsoft-passport
---
# Windows Hello overview

2
windows/whats-new/new-provisioning-packages.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: mobile
author: jdeckerMS
redirect_url: /deploy/provisioning-packages
redirect_url: https://technet.microsoft.com/en-us/itpro/windows/deploy/provisioning-packages
---
# Provisioning packages

2
windows/whats-new/security-auditing.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: explore
ms.sitesec: library
author: brianlic-msft
ms.pagetype: security, mobile
redirect_url: whats-new-windows-10-version-1507-and-1511.md
redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/security-auditing-overview
---
# What's new in security auditing?

2
windows/whats-new/trusted-platform-module.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security, mobile
author: brianlic-msft
redirect_url: whats-new-windows-10-version-1507-and-1511.md
redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/trusted-platform-module-overview
---
# What's new in Trusted Platform Module?

2
windows/whats-new/user-account-control.md
View File

@ -7,7 +7,7 @@ ms.mktglfcycl: explore
ms.sitesec: library
ms.pagetype: security
author: brianlic-msft
redirect_url: whats-new-windows-10-version-1507-and-1511.md
redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/user-account-control-overview
---
# What's new in User Account Control?

37
windows/whats-new/whats-new-windows-10-version-1607.md
View File

@ -30,6 +30,26 @@ Windows ICD now includes simplified workflows for creating provisioning packages
[Learn more about using provisioning packages in Windows 10.](../deploy/provisioning-packages.md)
### Windows Upgrade Analytics
Microsoft developed Upgrade Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Analytics was built taking into account multiple channels of customer feedback, testing, and Microsofts experience upgrading millions of devices to Windows 10.
With Windows telemetry enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
Use Upgrade Analytics to get:
- A visual workflow that guides you from pilot to production
- Detailed computer and application inventory
- Powerful computer level search and drill-downs
- Guidance and insights into application and driver compatibility issues, with suggested fixes
- Data driven application rationalization tools
- Application usage information, allowing targeted validation; workflow to track validation progress and decisions
- Data export to commonly used software deployment tools
The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are upgrade-ready.
[Learn more about planning and managing Windows upgrades with Windows Upgrade Analytics.](../deploy/manage-windows-upgrades-with-upgrade-analytics.md)
## Security
### Credential Guard and Device Guard
@ -100,6 +120,23 @@ Numerous settings have been added to the Windows 10 CSPs to expand MDM capabilit
Windows 10, Version 1607, introduces shared PC mode, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows 10 Pro, Education, and Enterprise. [Learn how to set up a shared or guest PC.](../manage/set-up-shared-or-guest-pc.md)
### Application Virtualization (App-V) for Windows 10
Application Virtualization (App-V) enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service in real time and on as as-needed basis. Users launch virtual applications from familiar access points, including the Windows Store, and interact with them as if they were installed locally.
With the release of Windows 10, version 1607, App-V is included with the Windows 10 for Enterprise edition. If you are new to Windows 10 and App-V or if you're upgrading from a previous version of App-V, youll need to download, activate, and install server- and client-side components to start delivering virtual applications to users.
[Learn how to deliver virtual applications with App-V.](../manage/appv-getting-started.md)
### User Experience Virtualization (UE-V) for Windows 10
Many users customize their settings for Windows and for specific applications. Customizable Windows settings include Windows Store appearance, language, background picture, font size, and accent colors. Customizable application settings include language, appearance, behavior, and user interface options.
With User Experience Virtualization (UE-V), you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.
With the release of Windows 10, version 1607, UE-V is included with the Windows 10 for Enterprise edition. If you are new to Windows 10 and EU-V or upgrading from a previous version of UE-V, youll need to download, activate, and install server- and client-side components to start synchronizing user-customized settings across devices.
[Learn how to synchronize user-customized settings with UE-V.](../manage/uev-for-windows.md)
## Learn more

2
windows/whats-new/windows-spotlight.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: explore
ms.sitesec: library
author: jdeckerMS
redirect_url: /manage/windows-spotlight
redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/windows-spotlight
---
# Windows Spotlight on the lock screen