From 083a29ba529006246a6a4a86c7c395bc51245bcb Mon Sep 17 00:00:00 2001 From: aachiu <61710375+aachiu@users.noreply.github.com> Date: Mon, 2 Mar 2020 11:36:27 -0800 Subject: [PATCH 1/6] Document DeviceEnroller.exe behavior when local admin already exists --- windows/client-management/mdm/policy-csp-restrictedgroups.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index 475db540e0..5e9ed757bd 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -76,6 +76,8 @@ manager: dansimp This security setting allows an administrator to define the members of a security-sensitive (restricted) group. When a Restricted Groups Policy is enforced, any current member of a restricted group that is not on the Members list is removed. Any user on the Members list who is not currently a member of the restricted group is added. You can use Restricted Groups policy to control group membership. Using the policy, you can specify what members are part of a group. Any members that are not specified in the policy are removed during configuration or refresh. For example, you can create a Restricted Groups policy to only allow specified users (for example, Alice and John) to be members of the Administrators group. When policy is refreshed, only Alice and John will remain as members of the Administrators group. +Please note that DeviceEnroller.exe will not elevate the user if there is already a local admin group pre-configured on the device. This is a security measure in the executable where it checks for other non-disabled Administrators membership and if there are already at least one then the tool exits without elevating. + Caution: If a Restricted Groups policy is applied, any current member not on the Restricted Groups policy members list is removed. This can include default members, such as administrators. Restricted Groups should be used primarily to configure membership of local groups on workstation or member servers. An empty Members list means that the restricted group has no members. Starting in Windows 10, version 1809, you can use this schema for retrieval and application of the RestrictedGroups/ConfigureGroupMembership policy. A minimum occurrence of 0 members when applying the policy implies clearing the access group and should be used with caution. From 3b4d3da67d998ad49e87fd089cadd1c516a3319b Mon Sep 17 00:00:00 2001 From: aachiu <61710375+aachiu@users.noreply.github.com> Date: Thu, 5 Mar 2020 11:15:43 -0800 Subject: [PATCH 2/6] Update windows/client-management/mdm/policy-csp-restrictedgroups.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-restrictedgroups.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index 5e9ed757bd..8138c1bd37 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -76,7 +76,8 @@ manager: dansimp This security setting allows an administrator to define the members of a security-sensitive (restricted) group. When a Restricted Groups Policy is enforced, any current member of a restricted group that is not on the Members list is removed. Any user on the Members list who is not currently a member of the restricted group is added. You can use Restricted Groups policy to control group membership. Using the policy, you can specify what members are part of a group. Any members that are not specified in the policy are removed during configuration or refresh. For example, you can create a Restricted Groups policy to only allow specified users (for example, Alice and John) to be members of the Administrators group. When policy is refreshed, only Alice and John will remain as members of the Administrators group. -Please note that DeviceEnroller.exe will not elevate the user if there is already a local admin group pre-configured on the device. This is a security measure in the executable where it checks for other non-disabled Administrators membership and if there are already at least one then the tool exits without elevating. +> [!NOTE] +> DeviceEnroller.exe will not elevate the user if a pre-configured local admin group already exists on the device. This is a security measure in the executable where it checks for other non-disabled Administrators' membership(s). If at least one already exists, the tool will exit without elevating. Caution: If a Restricted Groups policy is applied, any current member not on the Restricted Groups policy members list is removed. This can include default members, such as administrators. Restricted Groups should be used primarily to configure membership of local groups on workstation or member servers. An empty Members list means that the restricted group has no members. From 5630f1866c2e53f3fd26fb60538abccd4f5c6b67 Mon Sep 17 00:00:00 2001 From: KarenYin01 <57435111+KarenYin01@users.noreply.github.com> Date: Fri, 6 Mar 2020 15:10:15 +0800 Subject: [PATCH 3/6] Create index.yml Migrate the original index.md landing page to hub page. --- devices/surface-hub/index.yml | 124 ++++++++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 devices/surface-hub/index.yml diff --git a/devices/surface-hub/index.yml b/devices/surface-hub/index.yml new file mode 100644 index 0000000000..8ac91d150a --- /dev/null +++ b/devices/surface-hub/index.yml @@ -0,0 +1,124 @@ +### YamlMime:Hub + +title: Surface Hub documentation # < 60 chars +summary: Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device. # < 160 chars +# brand: aspnet | azure | dotnet | dynamics | m365 | ms-graph | office | power-bi | power-platform | sql | sql-server | vs | visual-studio | windows | xamarin +brand: windows + +metadata: + title: Surface Hub documentation # Required; page title displayed in search results. Include the brand. < 60 chars. + description: Get started with Microsoft Surface Hub. # Required; article description that is displayed in search results. < 160 chars. + services: product-insights + ms.service: product-insights #Required; service per approved list. service slug assigned to your service by ACOM. + ms.topic: hub-page # Required + ms.prod: surface-hub + ms.technology: windows + author: greg-lindsay #Required; your GitHub user alias, with correct capitalization. + ms.author: greglin #Required; microsoft alias of author; optional team alias. + +# highlightedContent section (optional) +# Maximum of 8 items +highlightedContent: +# itemType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | sample | tutorial | video | whats-new + items: + # Card + - title: What is Surface Hub 2S? + itemType: overview + url: https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Behind-the-design-Surface-Hub-2S/ba-p/464099 + # Card + - title: What's new in Surface Hub 2S? + itemType: whats-new + url: surface-hub-2s-whats-new.md + # Card + - title: Operating system essentials + itemType: learn + url: differences-between-surface-hub-and-windows-10-enterprise.md + # Card + - title: Surface Hub 2S Site Readiness Guide + itemType: learn + url: surface-hub-2s-site-readiness-guide.md + # Card + - title: Install and mount Surface Hub 2S + itemType: how-to-guide + url: surface-hub-2s-install-mount.md + # Card + - title: Customize Surface Hub 2S installation + itemType: how-to-guide + url: surface-hub-2s-custom-install.md + +# productDirectory section (optional) +productDirectory: + title: Deploy, manage, and support your Surface Hub devices # < 60 chars (optional) + summary: Find related links to deploy, manage and support your Surface Hub devices. # < 160 chars (optional) + items: + # Card + - title: Deploy + # imageSrc should be square in ratio with no whitespace + imageSrc: https://docs.microsoft.com/office/media/icons/deploy-blue.svg + links: + - url: surface-hub-2s-adoption-kit.md + text: Surface Hub 2S adoption and training + - url: surface-hub-2s-deploy-checklist.md + text: Surface Hub 2S deployment checklist + - url: surface-hub-2s-account.md + text: Create device account + # Card + - title: Manage + imageSrc: https://docs.microsoft.com/office/media/icons/process-flow-blue.svg + links: + - url: surface-hub-2s-manage-intune.md + text: Manage with Intune + - url: local-management-surface-hub-settings.md + text: Manage local settings + # Card + - title: Secure + imageSrc: https://docs.microsoft.com/office/media/icons/security-blue.svg + links: + - url: surface-hub-2s-secure-with-uefi-semm.md + text: Secure with UEFI and SEMM + - url: surface-hub-wifi-direct.md + text: Wi-Fi security considerations + # Card + - title: Troubleshoot + imageSrc: https://docs.microsoft.com/office/media/icons/connector-blue.svg + links: + - url: https://support.microsoft.com/help/4493926 + text: Service and warranty + - url: surface-hub-2s-recover-reset.md + text: Recover & reset Surface Hub 2S + - url: support-solutions-surface-hub.md + text: Surface Hub support solutions + - url: https://support.office.com/article/Enable-Microsoft-Whiteboard-on-Surface-Hub-b5df4539-f735-42ff-b22a-0f5e21be7627 + text: Enable Microsoft Whiteboard on Surface Hub + +# additionalContent section (optional) +# Card with links style +additionalContent: + # Supports up to 3 sections + sections: + - title: Other content # < 60 chars (optional) + summary: Find related links for videos, community and support. # < 160 chars (optional) + items: + # Card + - title: Get ready for Surface Hub 2S + links: + - text: Ordering Surface Hub 2S + url: https://www.microsoft.com/p/surface-hub-2S/8P62MW6BN9G4?activetab=pivot:overviewtab + - text: Prepare your environment for Surface Hub 2S + url: surface-hub-2s-prepare-environment.md + # Card + - title: Surface Hub 2S Videos + links: + - text: Adoption and training videos + url: surface-hub-2s-adoption-videos.md + - text: Surface Hub 2S with Teams + url: https://www.youtube.com/watch?v=CH2seLS5Wb0 + - text: Surface Hub 2S with Microsoft 365 + url: https://www.youtube.com/watch?v=I4N2lQX4WyI&list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ&index=7 + # Card + - title: Community + links: + - text: Join the Surface Hub Technical Community + url: https://techcommunity.microsoft.com/t5/Surface-Hub/bd-p/SurfaceHub + - text: Join the Surface Devices Technical Community + url: https://techcommunity.microsoft.com/t5/Surface-Devices/ct-p/SurfaceDevices From 41bf3edd88b8f405a9e3bb4eaa7de391112d1e82 Mon Sep 17 00:00:00 2001 From: KarenYin01 <57435111+KarenYin01@users.noreply.github.com> Date: Fri, 6 Mar 2020 15:11:09 +0800 Subject: [PATCH 4/6] Delete index.md Replace this page with new hub page. --- devices/surface-hub/index.md | 182 ----------------------------------- 1 file changed, 182 deletions(-) delete mode 100644 devices/surface-hub/index.md diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md deleted file mode 100644 index f60588a000..0000000000 --- a/devices/surface-hub/index.md +++ /dev/null @@ -1,182 +0,0 @@ ---- -title: Surface Hub -author: greg-lindsay -ms.author: greglin -manager: laurawi -layout: LandingPage -ms.prod: surface-hub -ms.tgt_pltfrm: na -ms.devlang: na -ms.topic: landing-page -description: "Get started with Microsoft Surface Hub." -ms.localizationpriority: High ---- -# Get started with Surface Hub - -Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device that brings the power of Windows 10 to team collaboration. Use the links below to learn how to plan, deploy, manage, and support your Surface Hub devices. - - - - - ---- - - \ No newline at end of file From aae13da6a1653dd947b13a3c28ddaa5149b3f9de Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 10 Mar 2020 13:33:29 -0700 Subject: [PATCH 5/6] Corrected mark up of a "Caution" note --- windows/client-management/mdm/policy-csp-restrictedgroups.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md index 8138c1bd37..4de4f71bdc 100644 --- a/windows/client-management/mdm/policy-csp-restrictedgroups.md +++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md @@ -79,7 +79,8 @@ This security setting allows an administrator to define the members of a securit > [!NOTE] > DeviceEnroller.exe will not elevate the user if a pre-configured local admin group already exists on the device. This is a security measure in the executable where it checks for other non-disabled Administrators' membership(s). If at least one already exists, the tool will exit without elevating. -Caution: If a Restricted Groups policy is applied, any current member not on the Restricted Groups policy members list is removed. This can include default members, such as administrators. Restricted Groups should be used primarily to configure membership of local groups on workstation or member servers. An empty Members list means that the restricted group has no members. +> [!CAUTION] +> If a Restricted Groups policy is applied, any current member not on the Restricted Groups policy members list is removed. This can include default members, such as administrators. Restricted Groups should be used primarily to configure membership of local groups on workstation or member servers. An empty Members list means that the restricted group has no members. Starting in Windows 10, version 1809, you can use this schema for retrieval and application of the RestrictedGroups/ConfigureGroupMembership policy. A minimum occurrence of 0 members when applying the policy implies clearing the access group and should be used with caution. From dc37009e4baab5141c4c1a5095c224366a508839 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Tue, 10 Mar 2020 13:51:54 -0700 Subject: [PATCH 6/6] Added required metadata: manager, audience, ms.localizationpriority The most common setting for **ms.localizationpriority** in this repo is *medium*. Because of that, and because *high* specifies higher cost, I'm adding this with medium priority. --- devices/surface-hub/index.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/devices/surface-hub/index.yml b/devices/surface-hub/index.yml index 8ac91d150a..7f4e46228a 100644 --- a/devices/surface-hub/index.yml +++ b/devices/surface-hub/index.yml @@ -13,8 +13,11 @@ metadata: ms.topic: hub-page # Required ms.prod: surface-hub ms.technology: windows + audience: ITPro + ms.localizationpriority: medium author: greg-lindsay #Required; your GitHub user alias, with correct capitalization. ms.author: greglin #Required; microsoft alias of author; optional team alias. + manager: laurawi # highlightedContent section (optional) # Maximum of 8 items