diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index be7007b5ea..7c4e04d4a5 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -2,9 +2,9 @@ "build_entry_point": "", "docsets_to_publish": [ { - "docset_name": "bcs-vsts", + "docset_name": "bcs-VSTS", "build_source_folder": "bcs", - "build_output_subfolder": "bcs-vsts", + "build_output_subfolder": "bcs-VSTS", "locale": "en-us", "monikers": [], "moniker_ranges": [], diff --git a/bcs/index.md b/bcs/index.md index aee1cc4e7a..49e0775203 100644 --- a/bcs/index.md +++ b/bcs/index.md @@ -1,3 +1,3 @@ --- -redirect_url: https://docs.microsoft.com/microsoft-365/business/index +redirect_url: /microsoft-365/business/ --- diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md index 237d0411b6..df6a01cb68 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md +++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md @@ -191,6 +191,17 @@ The <url> attribute, as part of the <site> element in the v.2 versio +allow-redirect +A boolean attribute of the <open-in> element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser). +

Example +

+<site url="contoso.com/travel">
+  <open-in allow-redirect="true">IE11</open-in>
+</site>
+In this example, if http://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer. +Internet Explorer 11 and Microsoft Edge + + version Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <site-list> element. Internet Explorer 11 and Microsoft Edge diff --git a/education/get-started/configure-microsoft-store-for-education.md b/education/get-started/configure-microsoft-store-for-education.md index b57970b3ce..ec173a261d 100644 --- a/education/get-started/configure-microsoft-store-for-education.md +++ b/education/get-started/configure-microsoft-store-for-education.md @@ -23,7 +23,7 @@ You'll need to configure Microsoft Store for Education to accept the services ag You can watch the video to see how this is done, or follow the step-by-step guide.
- +> [!VIDEO https://www.youtube.com/embed/Jnbssq0gC_g] You can watch the descriptive audio version here: [Microsoft Education: Configure Microsoft Store for Education (DA)](https://www.youtube.com/watch?v=bStgEpHbEXw) @@ -53,11 +53,6 @@ You can watch the descriptive audio version here: [Microsoft Education: Configur Your Microsoft Store for Education account is now linked to Intune for Education so let's set that up next. - - > [!div class="step-by-step"] [<< Use School Data Sync to import student data](use-school-data-sync.md) [Use Intune for Education to manage groups, apps, and settings >>](use-intune-for-education.md) diff --git a/education/get-started/enable-microsoft-teams.md b/education/get-started/enable-microsoft-teams.md index 09326b1e2e..6c74c506b0 100644 --- a/education/get-started/enable-microsoft-teams.md +++ b/education/get-started/enable-microsoft-teams.md @@ -46,10 +46,6 @@ To get started, IT administrators need to use the Office 365 Admin Center to ena You can find more info about how to control which users in your school can use Microsoft Teams, turn off group creation, configure tenant-level settings, and more by reading the *Guide for IT admins* getting started guide in the Meet Microsoft Teams page. - > [!div class="step-by-step"] [<< Use School Data Sync to import student data](use-school-data-sync.md) diff --git a/education/get-started/finish-setup-and-other-tasks.md b/education/get-started/finish-setup-and-other-tasks.md index 7dd5513764..55a52faa11 100644 --- a/education/get-started/finish-setup-and-other-tasks.md +++ b/education/get-started/finish-setup-and-other-tasks.md @@ -26,7 +26,7 @@ Once you've set up your Windows 10 education device, it's worth checking to veri You can watch the video to see how this is done, or follow the step-by-step guide.
- +> [!VIDEO https://www.youtube.com/embed/nhQ_4okWFmk] You can watch the descriptive audio version here: [Microsoft Education: Verify Windows 10 education devices are Azure AD joined and managed (DA)](https://www.youtube.com/watch?v=_hVIxaEsu2Y) @@ -78,7 +78,7 @@ You can follow the rest of the walkthrough to finish setup and complete other ta You can watch the following video to see how to update group settings in Intune for Education and configure Azure settings. Or, you can follow the step-by-step guide for these tasks and the other tasks listed above. - +> [!VIDEO https://www.youtube.com/embed/M6-k73dZOfw] You can watch the descriptive audio version here: [Microsoft Education: Update settings, apps, and Azure AD settings for your education tenant (DA)](https://www.youtube.com/watch?v=-Rz3VcDXbzs) diff --git a/education/get-started/set-up-office365-edu-tenant.md b/education/get-started/set-up-office365-edu-tenant.md index 3fcbd5064e..59d939c2eb 100644 --- a/education/get-started/set-up-office365-edu-tenant.md +++ b/education/get-started/set-up-office365-edu-tenant.md @@ -23,7 +23,7 @@ Schools can use Office 365 to save time and be more productive. Built with power Don't have an Office 365 for Education verified tenant or just starting out? Follow these steps to set up an Office 365 for Education tenant. [Learn more about Office 365 for Education plans and pricing](https://products.office.com/academic/compare-office-365-education-plans).
- +> [!VIDEO https://www.youtube.com/embed/X7bscA-knaY] You can watch the descriptive audio version here: [Microsoft Education: Set up an Office 365 Education tenant (DA)](https://www.youtube.com/watch?v=d5tQ8KoB3ic) diff --git a/education/get-started/set-up-windows-education-devices.md b/education/get-started/set-up-windows-education-devices.md index 3398db7d3f..edb76d6448 100644 --- a/education/get-started/set-up-windows-education-devices.md +++ b/education/get-started/set-up-windows-education-devices.md @@ -19,7 +19,7 @@ If you are setting up a Windows 10 device invidividually, and network bandwidth You can watch the video to see how this is done, or follow the step-by-step guide.
- +> [!VIDEO https://www.youtube.com/embed/nADWqBYvqXk] You can watch the descriptive audio version here: [Microsoft Education: Set up a new Windows 10 education devices using the Windows setup experience (DA)](https://www.youtube.com/watch?v=_UtS1Cz2Pno) diff --git a/education/get-started/use-intune-for-education.md b/education/get-started/use-intune-for-education.md index 5541526c47..646d7b8e16 100644 --- a/education/get-started/use-intune-for-education.md +++ b/education/get-started/use-intune-for-education.md @@ -41,7 +41,7 @@ Note that for verified education tenants, Microsoft automatically provisions you You can watch the video to see how this is done, or follow the step-by-step guide.
- +> [!VIDEO https://www.youtube.com/embed/c3BLoZZw3TQ] You can watch the descriptive audio version here: [Microsoft Education: Use Intune for Education to manage groups, apps, and settings (DA)](https://youtu.be/Tejxfc4V7cQ) diff --git a/education/get-started/use-school-data-sync.md b/education/get-started/use-school-data-sync.md index a370bb71b8..c5392b41b9 100644 --- a/education/get-started/use-school-data-sync.md +++ b/education/get-started/use-school-data-sync.md @@ -25,7 +25,7 @@ Follow all the steps in this section to use SDS and sample CSV files in a trial You can watch the video to see how this is done, or follow the step-by-step guide.
-
+> [!VIDEO https://www.youtube.com/embed/ehSU8jr8T24] You can watch the descriptive audio version here: [Microsoft Education: Use School Data Sync to import student data (DA)](https://www.youtube.com/watch?v=l4b086IMtvc) diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md index 125ea5cd60..b932073a8f 100644 --- a/education/trial-in-a-box/educator-tib-get-started.md +++ b/education/trial-in-a-box/educator-tib-get-started.md @@ -31,10 +31,10 @@ ms.date: 01/12/2017
- + ![Log in to Device A and connect to the school network](images/edu-TIB-setp-1-jump.png) ## 1. Log in and connect to the school network @@ -49,10 +49,10 @@ To try out the educator tasks, start by logging in as a teacher. ![Improve student reading speed and comprehension](images/edu-TIB-setp-2-jump.png) ## 2. Significantly improve student reading speed and comprehension - + Learning Tools and the Immersive Reader can be used in the Microsoft Edge browser, Microsoft Word, and Microsoft OneNote to: * Increase fluency for English language learners @@ -80,10 +80,10 @@ Learning Tools and the Immersive Reader can be used in the Microsoft Edge browse ![Spark communication, critical thinking, and creativity with Microsoft Teams](images/edu-TIB-setp-3-jump.png) ## 3. Spark communication, critical thinking, and creativity in the classroom - + Microsoft Teams is a digital hub that brings conversations, content, and apps together in one place. This guided tour walks you through the essential teaching features of the app. Then, through interactive prompts, experience how you can use this tool in your own classroom to spark digital classroom discussions, respond to student questions, organize content, and more! @@ -99,10 +99,10 @@ Take a guided tour of Microsoft Teams and test drive this digital hub. ![Expand classroom collaboration and interaction with OneNote](images/edu-TIB-setp-4-jump.png) ## 4. Expand classroom collaboration and interaction between students - + Microsoft OneNote organizes curriculum and lesson plans for teachers and students to work together and at their own pace. It provides a digital canvas to store text, images, handwritten drawings, attachments, links, voice, and video. @@ -130,10 +130,9 @@ See how a group project comes together with opportunities to interact with other ![Further collaborate and problem solve with Minecraft: Education Edition](images/edu-TIB-setp-5-jump.png) ## 5. Get kids to further collaborate and problem solve - Minecraft: Education Edition provides an immersive environment to develop creativity, collaboration, and problem-solving in an immersive environment where the only limit is your imagination. diff --git a/education/trial-in-a-box/index.md b/education/trial-in-a-box/index.md index 2dbb835a36..62510022e6 100644 --- a/education/trial-in-a-box/index.md +++ b/education/trial-in-a-box/index.md @@ -20,9 +20,9 @@ ms.date: 12/11/2017
- +> [!VIDEO https://www.youtube.com/embed/azoxUYWbeGg] + +
Welcome to Microsoft Education Trial in a Box. We built this trial to make it easy to try our latest classroom technologies. We have two scenarios for you to try: one for educators and one for IT. We recommend starting with Educators. To begin, click **Get started** below. diff --git a/education/trial-in-a-box/itadmin-tib-get-started.md b/education/trial-in-a-box/itadmin-tib-get-started.md index 5164c21a1d..bd1c4b36cd 100644 --- a/education/trial-in-a-box/itadmin-tib-get-started.md +++ b/education/trial-in-a-box/itadmin-tib-get-started.md @@ -35,9 +35,8 @@ To get the most out of Microsoft Education, we've pre-configured your tenant for If you run into any problems while following the steps in this guide, or you have questions about Trial in a Box or Microsoft Education, see [Microsoft Education Trial in a Box Support](support-options.md).
- + +> [!VIDEO https://www.youtube.com/embed/cVVKCpO2tyI]
diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md index 21ac36db3c..7cd7884f9b 100644 --- a/education/windows/use-set-up-school-pcs-app.md +++ b/education/windows/use-set-up-school-pcs-app.md @@ -42,7 +42,7 @@ Set up School PCs makes it easy to set up Windows 10 PCs with Microsoft's recomm You can watch the video to see how to use the Set up School PCs app, or follow the step-by-step guide.
- +> [!VIDEO https://www.youtube.com/embed/2ZLup_-PhkA] You can watch the descriptive audio version here: [Microsoft Education: Use the Set up School PCs app (DA)](https://www.youtube.com/watch?v=qqe_T2LkGsI) @@ -89,9 +89,19 @@ You can watch the descriptive audio version here: [Microsoft Education: Use the 5. Click **Just remove my files**. 6. Click **Reset**. +* **Use an NTFS-formatted USB key** + + If you're planning to install several apps, the Set up School PCs package may exceed 4 GB. Check if your USB drive format is FAT32. If it is, you won't be able to save more than 4 GB of data on the drive. To work around this, reformat the USB drive to use the NTFS format. To do this: + + 1. Insert the USB key into your computer. + 2. Go to the Start menu and type **This PC** and then select the **This PC (Desktop app)** from the search results. + 3. In the **Devices and drivers** section, find the USB drive, select and then right-click to bring up options. + 4. Select **Format** from the list to bring up the **Format ** window. + 5. Set **File system** to **NTFS** and then click **Start** to format the drive. + * **Use more than one USB key** - If you are setting up multiple PCs, you can set them up at the same time. Just save the provisioning package to another USB drive. Create two keys and you can run it on two PCs at once, and so on. + If you are setting up multiple PCs, you can set them up at the same time. Just save the provisioning package to another USB drive. Create two keys and you can run it on two PCs at once, and so on. * **Keep it clean** @@ -112,7 +122,8 @@ You can watch the descriptive audio version here: [Microsoft Education: Use the - You must have the Microsoft Store for Education configured. - You must be a global admin in the Microsoft Store for Education. - It's best if you sign up for and [configure Intune for Education](../get-started/use-intune-for-education.md) before using the Set up School PCs app. -- Have a USB drive, 1 GB or larger, to save the provisioning package. We recommend an 8 GB or larger USB drive if you're installing Office. +- Have a USB drive, 1 GB or larger, to save the provisioning package. We recommend an 8 GB or larger USB drive if you're installing Office. +- Check the default file system format for your USB drive. You may need to set this to NTFS to save a provisioning package that's 4 GB or larger. ## Set up School PCs step-by-step diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md index d63ff3800d..20536b0115 100644 --- a/store-for-business/add-profile-to-devices.md +++ b/store-for-business/add-profile-to-devices.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: store author: TrudyHa ms.author: TrudyHa -ms.date: 1/29/2018 +ms.date: 2/9/2018 ms.localizationpriority: high --- @@ -20,7 +20,7 @@ Windows AutoPilot Deployment Program simplifies device set up for IT Admins. For Watch this video to learn more about Windows AutoPilot in Micrsoft Store for Business.
-[!video https://www.microsoft.com/en-us/videoplayer/embed/3b30f2c2-a3e2-4778-aa92-f65dbc3ecf54?autoplay=false] +> [!video https://www.microsoft.com/en-us/videoplayer/embed/3b30f2c2-a3e2-4778-aa92-f65dbc3ecf54?autoplay=false] ## What is Windows AutoPilot Deployment Program? In Microsoft Store for Business, you can manage devices for your organization and apply an *AutoPilot deployment profile* to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the AutoPilot deployment profile you applied to the device. diff --git a/store-for-business/images/invite-people.png b/store-for-business/images/invite-people.png new file mode 100644 index 0000000000..b004d3ad7f Binary files /dev/null and b/store-for-business/images/invite-people.png differ diff --git a/store-for-business/images/mpsa-link.png b/store-for-business/images/mpsa-link.png new file mode 100644 index 0000000000..74f1496935 Binary files /dev/null and b/store-for-business/images/mpsa-link.png differ diff --git a/store-for-business/images/msfb-products-services.png b/store-for-business/images/msfb-products-services.png new file mode 100644 index 0000000000..1ddba79518 Binary files /dev/null and b/store-for-business/images/msfb-products-services.png differ diff --git a/store-for-business/images/msfb-settings-icon.png b/store-for-business/images/msfb-settings-icon.png new file mode 100644 index 0000000000..1601965566 Binary files /dev/null and b/store-for-business/images/msfb-settings-icon.png differ diff --git a/store-for-business/images/msfb-wn-1801-products-services.png b/store-for-business/images/msfb-wn-1801-products-services.png new file mode 100644 index 0000000000..dc98ffd2e4 Binary files /dev/null and b/store-for-business/images/msfb-wn-1801-products-services.png differ diff --git a/store-for-business/images/office-logo.png b/store-for-business/images/office-logo.png new file mode 100644 index 0000000000..04d970bb47 Binary files /dev/null and b/store-for-business/images/office-logo.png differ diff --git a/store-for-business/images/product-and-service-icon.png b/store-for-business/images/product-and-service-icon.png new file mode 100644 index 0000000000..c18d3c8266 Binary files /dev/null and b/store-for-business/images/product-and-service-icon.png differ diff --git a/store-for-business/images/products-and-services-photoshop.png b/store-for-business/images/products-and-services-photoshop.png new file mode 100644 index 0000000000..f20c074aeb Binary files /dev/null and b/store-for-business/images/products-and-services-photoshop.png differ diff --git a/store-for-business/images/products-and-services-ppt.png b/store-for-business/images/products-and-services-ppt.png new file mode 100644 index 0000000000..9b4d77fb7c Binary files /dev/null and b/store-for-business/images/products-and-services-ppt.png differ diff --git a/store-for-business/release-history-microsoft-store-business-education.md b/store-for-business/release-history-microsoft-store-business-education.md index 4d706c69f6..705b6a6199 100644 --- a/store-for-business/release-history-microsoft-store-business-education.md +++ b/store-for-business/release-history-microsoft-store-business-education.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store author: TrudyHa -ms.date: 1/8/2018 +ms.date: 2/8/2018 --- # Microsoft Store for Business and Education release history @@ -15,6 +15,10 @@ Microsoft Store for Business and Education regularly releases new and improved f Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md) +## December 2017 + +- Bug fixes and permformance improvements. + ## November 2017 - **Export list of Minecraft: Education Edition users** - Admins and teachers can now export a list of users who have Minecraft: Education Edition licenses assigned to them. Click **Export users**, and Store for Education creates an Excel spreadsheet for you, and saves it as a .csv file. diff --git a/store-for-business/whats-new-microsoft-store-business-education.md b/store-for-business/whats-new-microsoft-store-business-education.md index 80d4cc6d6c..2afacd4204 100644 --- a/store-for-business/whats-new-microsoft-store-business-education.md +++ b/store-for-business/whats-new-microsoft-store-business-education.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: store author: TrudyHa -ms.date: 1/8/2018 +ms.date: 2/8/2018 --- # What's new in Microsoft Store for Business and Education @@ -15,9 +15,16 @@ Microsoft Store for Business and Education regularly releases new and improved f ## Latest updates for Store for Business and Education -**December 2017** +**January 2018** + +| | | +|--------------------------------------|---------------------------------| +| ![Microsoft Store for Business Products & services page.](images/product-and-service-icon.png) |**One place for apps, software, and subscriptions**

The new **Products & services** page in Microsoft Store for Business and Education gives customers a single place to manage all products and services. This includes Apps, Software, and Subscriptions that your organization acquired or manages through Microsoft Store for Business. This change centralizes these products, but the platform changes also improve overall performance.

**Applies to**:
Microsoft Store for Business
Microsoft Store for Education | +| ![Upgrade Office 365 trial subscription.](images/office-logo.png) |**Upgrade Office 365 trial subscription**

Customers with Office 365 trials can now transition their trial to a paid subscription in Microsoft Store for Business. This works for trials you acquired from Microsoft Store for Business, or Office Admin Portal.

**Applies to**:
Microsoft Store for Business
Microsoft Store for Education | +| ![Image showing Settings icon.](images/mpsa-link.png) |**Supporting Microsoft Product and Services Agreement customers**

If you are purchasing under the Microsoft Products and Services Agreement (MPSA), you can use Microsoft Store for Business. Here you will find access to Products & Services purchased, Downloads & Keys, Software Assurance benefits, Order history, and Agreement details. Also, we added the ability to associate your purchasing account to your tenant.

**Applies to**:
Microsoft Store for Business
Microsoft Store for Education | +| ![Image showing Settings icon.](images/invite-people.png) |**Microsoft Product and Services Agreement customers can invite people to take roles**

MPSA admins can invite people to take Microsoft Store for Business roles even if the person is not in their tenant. You provide an email address when you assign the role, and we'll add the account to your tenant and assign the role.

**Applies to**:
Microsoft Store for Business
Microsoft Store for Education | + -We’ve been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features! -If data processing is delayed, you can continue using your workspace as normal. However, any changes or additional information that is added might not be displayed. Data is typically refreshed and the display will return to normal again within 24 hours. +If data processing is delayed, the "Last updated" banner will indicate the date on which data was last updated. You can continue using your workspace as normal. However, any changes or additional information that is added might not be displayed until data is refreshed. When your workspace is in this state, there is no action required; data is typically refreshed and the display will return to normal again within 24 hours. -If there are computers with incomplete data, verify that you have installed the latest compatibilty update and run the most recent [Update Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the Microsoft download center. +If there are computers with incomplete data, verify that you have installed the latest compatibilty update KBs. Install the updated KBs if necessary and then run the most recent [Update Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the Microsoft download center. The updated data payload should appear in Upgrade Readiness within 48 hours of a successful run on the deployment script. Select **Total computers** for a list of computers and details about them, including: diff --git a/windows/security/identity-protection/TOC.md b/windows/security/identity-protection/TOC.md index 73e64850ce..7fde2f9d2f 100644 --- a/windows/security/identity-protection/TOC.md +++ b/windows/security/identity-protection/TOC.md @@ -67,6 +67,7 @@ ### [VPN auto-triggered profile options](vpn\vpn-auto-trigger-profile.md) ### [VPN security features](vpn\vpn-security-features.md) ### [VPN profile options](vpn\vpn-profile-options.md) +### [How to configure Diffie Hellman protocol over IKEv2 VPN connections](vpn\how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md) ### [How to use single sign-on (SSO) over VPN and Wi-Fi connections](vpn\how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md) ### [Windows 10 credential theft mitigation guide abstract](windows-credential-theft-mitigation-guide-abstract.md) diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md new file mode 100644 index 0000000000..7b30f32d4d --- /dev/null +++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md @@ -0,0 +1,44 @@ +--- +title: How to configure Diffie Hellman protocol over IKEv2 VPN connections (Windows 10) +description: Explains how to secure VPN connections for Diffie Hellman Group 2 +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security, networking +author: shortpatti +ms.author: pashort +ms.localizationpriority: medium +ms.date: 02/08/2018 +--- + +# How to configure Diffie Hellman protocol over IKEv2 VPN connections + +>Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows 10 + +In IKEv2 VPN connections, the default configuration for Diffie Hellman group is Group 2, which is not secure for IKE exchanges. +To secure the connections, update the configuration of VPN servers and clients by running VPN cmdlets. + +## VPN server + +For VPN servers that run Windows Server 2012 R2 or later, you need to run [Set-VpnServerConfiguration](https://docs.microsoft.com/powershell/module/remoteaccess/set-vpnserverconfiguration?view=win10-ps) to configure the tunnel type. This makes all IKE exchanges on IKEv2 tunnel use the secure configuration. + +```powershell +Set-VpnServerConfiguration -TunnelType IKEv2 -CustomPolicy +``` + +On an earlier versions of Windows Server, run [Set-VpnServerIPsecConfiguration](https://technet.microsoft.com/library/hh918373(v=wps.620).aspx). Since `Set-VpnServerIPsecConfiguration` doesn’t have `-TunnelType`, the configuration applies to all tunnel types on the server. + +```powershell +Set-VpnServerIPsecConfiguration -CustomPolicy +``` + +## VPN client + +For VPN client, you need to configure each VPN connection. +For example, run [Set-VpnConnectionIPsecConfiguration (version 4.0)](https://docs.microsoft.com/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=win10-ps) and specify the name of the connection: + + +```powershell +Set-VpnConnectionIPsecConfiguration -ConnectionName +``` + diff --git a/windows/security/threat-protection/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules.md b/windows/security/threat-protection/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules.md index 3b2d35881e..891d33a3be 100644 --- a/windows/security/threat-protection/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules.md +++ b/windows/security/threat-protection/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules.md @@ -70,13 +70,13 @@ RuleOption -Help** in a Windows PowerShell session. Table 2 describes each rule | **2 Required:WHQL** | By default, legacy drivers that are not Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Going forward, every new Windows 10–compatible driver must be WHQL certified. | | **3 Enabled:Audit Mode (Default)** | Enables the execution of binaries outside of the WDAC policy but logs each occurrence in the CodeIntegrity event log, which can be used to update the existing policy before enforcement. To begin enforcing a WDAC policy, delete this option. | | **4 Disabled:Flight Signing** | If enabled, WDAC policies will not trust flightroot-signed binaries. This would be used in the scenario in which organizations only want to run released binaries, not flighted builds. | -| **5 Enabled:Inherent Default Policy** | This option is not currently supported. | +| **5 Enabled:Inherit Default Policy** | This option is not currently supported. | | **6 Enabled:Unsigned System Integrity Policy (Default)** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and have UpdatePolicySigners added to the policy to enable future policy modifications. | | **7 Allowed:Debug Policy Augmented** | This option is not currently supported. | | **8 Required:EV Signers** | In addition to being WHQL signed, this rule requires that drivers must have been submitted by a partner that has an Extended Verification (EV) certificate. All future Windows 10 and later drivers will meet this requirement. | | **9 Enabled:Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users. | | **10 Enabled:Boot Audit on Failure** | Used when the WDAC policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. | -| **11 Disabled:Script Enforcement** | WDAC policies also restrict scripts and MSIs, and PowerShell runs in constrained language mode. Enabling this rule option will allow unsigned scripts to run and will leave PowerShell in full language mode. | +| **11 Disabled:Script Enforcement** | This option is not currently supported. | | **12 Required:Enforce Store Applications** | If this rule option is enabled, WDAC policies will also apply to Universal Windows applications. | | **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as System Center Configuration Manager, that has been defined as a managed installer. | | **14 Enabled:Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). | diff --git a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md index 84a88683e7..7efd232814 100644 --- a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md +++ b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md @@ -9,9 +9,9 @@ ms.mktglfcycl: manage ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: iaanw -ms.author: iawilt -ms.date: 11/20/2017 +author: andreabichsel +ms.author: v-anbic +ms.date: 02/08/2018 --- @@ -38,7 +38,9 @@ Block at first sight is a feature of Windows Defender Antivirus cloud-delivered It is enabled by default when certain pre-requisite settings are also enabled. In most cases, these pre-requisite settings are also enabled by default, so the feature is running without any intervention. You can use group policy settings to confirm the feature is enabled. -You can also [specify how long the file should be prevented from running](configure-cloud-block-timeout-period-windows-defender-antivirus.md) while the cloud-based protection service analyzes the file. +You can [specify how long the file should be prevented from running](configure-cloud-block-timeout-period-windows-defender-antivirus.md) while the cloud-based protection service analyzes the file. + +You can also [customize the message displayed on users' desktops](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information) when a file is blocked. You can change the company name, contact information, and message URL. > [!IMPORTANT] > There is no specific individual setting in System Center Configuration Manager to enable or disable Block at First Sight. It is enabled by default when the pre-requisite settings are configured correctly. You must use Group Policy settings to enable or disable the feature.