Merge branch 'master' into create-wdac-deny-policy2

browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml

@@ -24,9 +24,6 @@ summary: |
 sections:
   - name: Ignored
     questions:
-      - question: |
-          Frequently Asked Questions
-        answer: |
       - question: |
           What operating system does IE11 run on?
         answer: |
@@ -250,4 +247,4 @@ additionalContent: |
 
   - [Microsoft Edge - Deployment Guide for IT Pros](/microsoft-edge/deploy/)
   - [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
-  - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
+  - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)

education/includes/education-content-updates.md

@@ -2,6 +2,15 @@
 
 
 
+## Week of November 29, 2021
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 11/29/2021 | [What is Windows 11 SE](/education/windows/windows-11-se-overview) | added |
+| 11/29/2021 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | added |
+
+
 ## Week of November 15, 2021
 
 
@@ -12,13 +21,3 @@
 | 11/18/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
 | 11/18/2021 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
 | 11/18/2021 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
-
-
-## Week of October 25, 2021
-
-
-| Published On |Topic title | Change |
-|------|------------|--------|
-| 10/28/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
-| 10/28/2021 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
-| 10/28/2021 | [Windows 10 for Education (Windows 10)](/education/windows/index) | modified |

windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: dansimp
-ms.date: 10/14/2021
+ms.date: 12/03/2021
 ms.reviewer:
 manager: dansimp
 ms.collection: highpri
@@ -14,6 +14,10 @@ ms.collection: highpri
 
 # Enroll a Windows 10 device automatically using Group Policy
 
+**Applies to:**
+
+-   Windows 10
+
 Starting in Windows 10, version 1709, you can use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices.
 
 The enrollment into Intune is triggered by a group policy created on your local AD and happens without any user interaction. This means you can automatically mass-enroll a large number of domain-joined corporate devices into Microsoft Intune. The enrollment process starts in the background once you sign in to the device with your Azure AD account.
@@ -191,6 +195,9 @@ Requirements:
 
    - 21H1 --> [Administrative Templates (.admx) for Windows 10 May 2021 Update (21H1)](https://www.microsoft.com/download/details.aspx?id=103124)
 
+   - 21H2 --> [Administrative Templates (.admx) for Windows 10 November 2021 Update (21H2)](https://www.microsoft.com/download/103667)
+   
+   
 2. Install the package on the Domain Controller.
 
 3. Navigate, depending on the version to the folder:
@@ -209,9 +216,11 @@ Requirements:
 
    - 21H1 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2021 Update (21H1)**
 
+   - 21H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2021 Update (21H2)**
+
 4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**.
 
-5. Copy PolicyDefinitions folder to **\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions**.
+5. Copy PolicyDefinitions folder to **\\SYSVOL\contoso.com\policies\PolicyDefinitions**.
 
    If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain.
 
@@ -296,6 +305,7 @@ To collect Event Viewer logs:
 
 
 ### Useful Links
+- [Windows 10 Administrative Templates for Windows 10 November 2021 Update 21H2](https://www.microsoft.com/download/103667)
 - [Windows 10 Administrative Templates for Windows 10 May 2021 Update 21H1](https://www.microsoft.com/download/details.aspx?id=103124)
 - [Windows 10 Administrative Templates for Windows 10 November 2019 Update 1909](https://www.microsoft.com/download/details.aspx?id=100591)
 - [Windows 10 Administrative Templates for Windows 10 May 2019 Update 1903](https://www.microsoft.com/download/details.aspx?id=58495)

windows/client-management/troubleshoot-stop-errors.md

@@ -49,6 +49,9 @@ To troubleshoot Stop error messages, follow these general steps:
 
     1. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system:
 
+        - [Windows 10, version 21H2](https://support.microsoft.com/topic/windows-10-update-history-857b8ccb-71e4-49e5-b3f6-7073197d98fb)
+        - [Windows 10, version 21H1](https://support.microsoft.com/topic/windows-10-update-history-1b6aac92-bf01-42b5-b158-f80c6d93eb11)
+        - [Windows 10, version 20H2](https://support.microsoft.com/topic/windows-10-update-history-7dd3071a-3906-fa2c-c342-f7f86728a6e3)
         - [Windows 10, version 2004](https://support.microsoft.com/help/4555932)  
         - [Windows 10, version 1909](https://support.microsoft.com/help/4529964)
         - [Windows 10, version 1903](https://support.microsoft.com/help/4498140)

windows/privacy/required-windows-diagnostic-data-events-and-fields-2004.md

@@ -2,7 +2,7 @@
 description: Use this article to learn more about what required Windows diagnostic data is gathered.
 title: Windows 10, version 21H2, Windows 10, version 21H1, Windows 10, version 20H2 and Windows 10, version 2004 required diagnostic events and fields (Windows 10)
 keywords: privacy, telemetry
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -16,6 +16,7 @@ ms.collection:
 ms.topic: article
 audience: ITPro
 ms.date: 
+ms.technology: privacy
 ---
 
 

windows/privacy/windows-10-and-privacy-compliance.md

@@ -2,7 +2,7 @@
 title: Windows Privacy Compliance Guide
 description: This article provides information to help IT and compliance professionals understand the personal data policies as related to Windows.
 keywords: privacy, GDPR, compliance
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
@@ -13,7 +13,8 @@ ms.author: brianlic
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 10/04/2021
+ms.date: 12/01/2021
+ms.technology: privacy
 ---
 
 # Windows Privacy Compliance:<br />A Guide for IT and Compliance Professionals

windows/privacy/windows-11-endpoints-non-enterprise-editions.md

@@ -12,7 +12,7 @@ ms.author: v-hakima
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 10/04/2021
+ms.date: 12/01/2021
 ms.technology: privacy
 ---
 # Windows 11 connection endpoints for non-Enterprise editions

windows/privacy/windows-diagnostic-data-1703.md

@@ -2,7 +2,7 @@
 title: Windows 10 diagnostic data for the Full diagnostic data level (Windows 10)
 description: Use this article to learn about the types of data that is collected the Full diagnostic data level.
 keywords: privacy,Windows 10
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
@@ -12,8 +12,9 @@ ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 11/28/2017
+ms.date: 12/01/2021
 ms.reviewer: 
+ms.technology: privacy
 ---
 
 # Windows 10 diagnostic data for the Full diagnostic data level

windows/privacy/windows-diagnostic-data.md

@@ -2,7 +2,7 @@
 title: Windows 10, version 1709 and Windows 11 and later optional diagnostic data (Windows 10)
 description: Use this article to learn about the types of optional diagnostic data that is collected.
 keywords: privacy,Windows 10
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
@@ -14,6 +14,9 @@ ms.collection:
   - M365-security-compliance
   - highpri
 ms.topic: article
+ms.reviewer:
+ms.technology: privacy 
+
 ---
 
 # Windows 10, version 1709 and later and Windows 11 optional diagnostic data

windows/privacy/windows-endpoints-1709-non-enterprise-editions.md

@@ -2,7 +2,7 @@
 title: Windows 10, version 1709, connection endpoints for non-Enterprise editions
 description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1709.
 keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
@@ -12,8 +12,9 @@ ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 6/26/2018
-ms.reviewer: 
+ms.date: 12/01/2021
+ms.reviewer:
+ms.technology: privacy 
 ---
 # Windows 10, version 1709, connection endpoints for non-Enterprise editions
 

windows/privacy/windows-endpoints-1803-non-enterprise-editions.md

@@ -2,7 +2,7 @@
 title: Windows 10, version 1803, connection endpoints for non-Enterprise editions
 description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1803.
 keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
@@ -12,8 +12,9 @@ ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 6/26/2018
+ms.date: 12/01/2021
 ms.reviewer: 
+ms.technology: privacy
 ---
 # Windows 10, version 1803, connection endpoints for non-Enterprise editions
 

windows/privacy/windows-endpoints-1809-non-enterprise-editions.md

@@ -2,7 +2,7 @@
 title: Windows 10, version 1809, connection endpoints for non-Enterprise editions
 description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1809.
 keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
@@ -12,8 +12,9 @@ ms.author: dansimp
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 6/26/2018
+ms.date: 12/01/2021
 ms.reviewer: 
+ms.technology: privacy
 ---
 # Windows 10, version 1809, connection endpoints for non-Enterprise editions
 

windows/privacy/windows-endpoints-1903-non-enterprise-editions.md

@@ -2,7 +2,7 @@
 title: Windows 10, version 1903, connection endpoints for non-Enterprise editions
 description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1903.
 keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
@@ -12,7 +12,8 @@ ms.author: obezeajo
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 7/22/2020
+ms.date: 12/01/2021
+ms.technology: privacy
 ---
 
 # Windows 10, version 1903, connection endpoints for non-Enterprise editions

windows/privacy/windows-endpoints-1909-non-enterprise-editions.md

@@ -2,7 +2,7 @@
 title: Windows 10, version 1909, connection endpoints for non-Enterprise editions
 description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 1909.
 keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
@@ -12,7 +12,8 @@ ms.author: v-hakima
 manager: obezeajo
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 08/18/2020
+ms.date: 12/01/2021
+ms.technology: privacy
 ---
 # Windows 10, version 1909, connection endpoints for non-Enterprise editions
 

windows/privacy/windows-endpoints-2004-non-enterprise-editions.md

@@ -2,7 +2,7 @@
 title: Windows 10, version 2004, connection endpoints for non-Enterprise editions
 description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 2004.
 keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
@@ -12,7 +12,8 @@ ms.author: obezeajo
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 5/11/2020
+ms.date: 12/01/2021
+ms.technology: privacy
 ---
 # Windows 10, version 2004, connection endpoints for non-Enterprise editions
 

windows/privacy/windows-endpoints-20H2-non-enterprise-editions.md

@@ -2,7 +2,7 @@
 title: Windows 10, version 20H2, connection endpoints for non-Enterprise editions
 description: Explains what Windows 10 endpoints are used in non-Enterprise editions. Specific to Windows 10, version 20H2.
 keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
-ms.prod: w10
+ms.prod: m365-security
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: high
@@ -12,7 +12,8 @@ ms.author: v-hakima
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 12/17/2020
+ms.date: 12/01/2021
+ms.technology: privacy
 ---
 # Windows 10, version 20H2, connection endpoints for non-Enterprise editions
 

windows/privacy/windows-endpoints-21H1-non-enterprise-editions.md

@@ -12,7 +12,7 @@ ms.author: v-hakima
 manager: dansimp
 ms.collection: M365-security-compliance
 ms.topic: article
-ms.date: 10/04/2021
+ms.date: 12/01/2021
 ms.technology: privacy
 ---
 # Windows 10, version 21H1, connection endpoints for non-Enterprise editions

windows/security/information-protection/tpm/change-the-tpm-owner-password.md

@@ -13,7 +13,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 11/30/2021
+ms.date: 12/03/2021
 ---
 
 # Change the TPM owner password
@@ -30,7 +30,7 @@ This topic for the IT professional describes how to change the password or PIN f
 Starting with Windows 10, version 1607, or Windows 11, Windows will not retain the TPM owner password when provisioning the TPM. The password will be set to a random high entropy value and then discarded.
 
 > [!IMPORTANT]
-> Although the TPM owner password is not retained starting with Windows 10, version 1607, or Windows 11, you can change a default registry key to retain it. However, we strongly recommend that you do not make this change. To retain the TPM owner password, set the registry key 'HKLM\\Software\\Policies\\Microsoft\\TPM' \[REG\_DWORD\] 'OSManagedAuthLevel' to 4. The default value for this key is 5, and unless it is changed to 4 before the TPM is provisioned, the owner password will not be saved.
+> Although the TPM owner password is not retained starting with Windows 10, version 1607, or Windows 11, you can change a default registry key to retain it. However, we strongly recommend that you do not make this change. To retain the TPM owner password, set the registry key 'HKLM\\Software\\Policies\\Microsoft\\TPM' \[REG\_DWORD\] 'OSManagedAuthLevel' to 4. For Windows 10 versions newer than 1703 the default value for this key is 5. For TPM 2.0, a value of 5 means keep the lockout authorization. For TPM 1.2, it means discard the Full TPM owner authorization and retain only the Delegated authorization. Unless it is changed to 4 before the TPM is provisioned, the owner password will not be saved.
 
 Only one owner password exists for each TPM. The TPM owner password allows the ability to enable, disable, or clear the TPM without having physical access to the computer, for example, by using the command-line tools remotely. The TPM owner password also allows manipulation of the TPM dictionary attack logic. Taking ownership of the TPM is performed by Windows as part of the provisioning process on each boot. Ownership can change when you share the password or clear your ownership of the TPM so someone else can initialize it.
 

windows/security/threat-protection/auditing/audit-registry.md

@@ -44,4 +44,8 @@ If success auditing is enabled, an audit entry is generated each time any accoun
 
 -   [5039](event-5039.md)(-): A registry key was virtualized.
 
--   [4670](event-4670.md)(S): Permissions on an object were changed.
+-   [4670](event-4670.md)(S): Permissions on an object were changed.
+
+> [!NOTE]
+> On creating a subkey for a parent, the expectation is to see a 4656 event for the newly created subkey. You will see this event only when "Audit Object Access" is enabled under **Local Policies** > **Audit Policy** in Local Security Policy. This event is not generated while using advanced audit policy configurations for registry specific events, such as using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". While using regedit.exe for creating subkeys you will see an additional 4663 event because you perform NtEnumerateKeys on the newly created subkey. You might additionally see a 4663 event on the newly created key if you try to rename the subkey. While using reg.exe for creating subkeys you'll see an additional 4663 event because you perform NtSetValueKey on the newly created subkey. We recommend not relying on 4663 events for subkey creation as they are dependent on the type of permissions enabled on the parent and are not consistent across regedit.exe and reg.exe.
+

windows/security/threat-protection/auditing/basic-audit-logon-events.md

@@ -45,7 +45,7 @@ You can configure this security setting by opening the appropriate policy under
 | 4779          | A user disconnected a terminal server session without logging off.                                                                                                                                              |
  
 
-When event 528 is logged, a logon type is also listed in the event log. The following table describes each logon type.
+When event 4624 (Legacy Windows Event ID 528) is logged, a logon type is also listed in the event log. The following table describes each logon type.
 
 | Logon type | Logon title | Description |
 | - | - | - |

windows/security/threat-protection/index.md

@@ -29,23 +29,24 @@ In Windows client, hardware and software work together to help protect you from
 
 See the following articles to learn more about the different areas of Windows threat protection:
 
-- [Microsoft Defender Application Guard](\windows\security\threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md)
-- [Virtualization-based protection of code integrity](\windows\security\threat-protection\device-guard\enable-virtualization-based-protection-of-code-integrity.md)
-- [Application control](/windows-defender-application-control/windows-defender-application-control.md)
+- [Application Control](/windows-defender-application-control/windows-defender-application-control.md)
+- [Attack Surface Reduction Rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)
+- [Controlled Folder Access](/microsoft-365/security/defender-endpoint/controlled-folders)
+- [Exploit Protection](/microsoft-365/security/defender-endpoint/exploit-protection)
+- [Microsoft Defender Application Guard](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md)
 - [Microsoft Defender Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
-- [Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)
-- [Network protection](/microsoft-365/security/defender-endpoint/network-protection), [web protection](/microsoft-365/security/defender-endpoint/web-protection-overview)
-- [Microsoft Defender SmartScreen](\windows\security\threat-protection\microsoft-defender-smartscreen\microsoft-defender-smartscreen-overview.md)
-- [Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)
-- [Network firewall](windows-firewall/windows-firewall-with-advanced-security.md)
-- [Attack surface reduction rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)
-- [Windows Sandbox](\windows\security\threat-protection\windows-sandbox\windows-sandbox-overview.md)
+- [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md)
+- [Network Protection](/microsoft-365/security/defender-endpoint/network-protection)
+- [Virtualization-Based Protection of Code Integrity](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md)
+- [Web Protection](/microsoft-365/security/defender-endpoint/web-protection-overview)
+- [Windows Firewall](windows-firewall/windows-firewall-with-advanced-security.md)
+- [Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md)
 
 ### Next-generation protection
 Next-generation protection is designed to identify and block new and emerging threats. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time. 
 
+- [Automated sandbox service](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus)
 - [Behavior monitoring](/microsoft-365/security/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus)
 - [Cloud-based protection](/microsoft-365/security/defender-endpoint/configure-protection-features-microsoft-defender-antivirus)
 - [Machine learning](/microsoft-365/security/defender-endpoint/cloud-protection-microsoft-defender-antivirus)
 - [URL Protection](/microsoft-365/security/defender-endpoint/configure-network-connections-microsoft-defender-antivirus)
-- [Automated sandbox service](/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus)

windows/security/threat-protection/intelligence/phishing.md

@@ -85,7 +85,7 @@ If you feel you've been a victim of a phishing attack:
     - Junk: junk@office365.microsoft.com
     - Phishing: phish@office365.microsoft.com
 
-    Drag and drop the junk or phishing message into the new message. This will save the junk or phishing message as an attachment in the new message. Don't copy and paste the content of the message or forward the message (we need the original message so we can inspect the message headers). For more information, see [Submit spam, non-spam, and phishing scam messages to Microsoft for analysis](/office365/SecurityCompliance/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis).
+    Drag and drop the junk or phishing message into the new message. This will save the junk or phishing message as an attachment in the new message. Don't copy and paste the content of the message or forward the message (we need the original message so we can inspect the message headers). For more information, see [Report messages and files to Microsoft](/microsoft-365/security/office-365-security/report-junk-email-messages-to-microsoft).
 
 - **Anti-Phishing Working Group**: phishing-report@us-cert.gov. The group uses reports generated from emails sent to fight phishing scams and hackers. ISPs, security vendors, financial institutions, and law enforcement agencies are involved.