Take tests in Windows 10
Take a Test is a new app that lets you create the right environment for taking tests. Learn how to use and get it set up.
Chromebook migration guide
Find out how you can migrate a Chromebook-based learning environment to a Windows 10-based learning environment.
Set up Windows devices for education
Depending on your school's device management needs, you can use the Set up School PCs app or the Windows Configuration Designer tool to quickly set up student PCs.
Deploy Windows 10 in a school
Get step-by-step guidance to help you deploy Windows 10 in a school environment.
Deploy Windows 10 in a school district
Get step-by-step guidance on how to deploy Windows 10 to PCs and devices across a school district.
Test Windows 10 S on existing Windows 10 education devices
Test Windows 10 S on a variety of Windows 10 devices (except Windows 10 Home) in your school and share your feedback with us.
Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S
If you have an education tenant and use Windows 10 Pro or Windows 10 S in your schools, find out how you can opt-in to a free switch to Windows 10 Pro Education.
Microsoft Store apps
Explore Microsoft Store app deployment strategies and considerations for educational institutions running Windows 8.1.
Windows To Go
Learn about the benefits, limitations, and processes involved in deploying Windows To Go.
Defines the name of the connection.
@@ -51,27 +77,27 @@ The following diagram shows the CM\_CellularEntries configuration service providgprs
Gprs
Default. Used for GPRS type connections (GPRS + GSM + EDGE + UMTS + LTE).
cdma
Cdma
Used for CDMA type connections (1XRTT + EVDO).
lte
Lte
Used for LTE type connections (eHRPD + LTE) when the device is registered HOME.
legacy
Legacy
Used for GPRS + GSM + EDGE + UMTS connections.
lte_iwlan
Lte_iwlan
Used for GPRS type connections that may be offloaded over WiFi
iwlan
Iwlan
Used for connections that are implemented over WiFi offload only
nocharacteristic
Nocharacteristic
Yes
characteristic-query
Characteristic-query
Yes
parm-query
Parm-query
Yes
| Element | -Available | -
|---|---|
parm-query |
-Yes |
-
nocharacteristic |
-Yes |
-
characteristic-query |
-Yes -Recursive query: Yes -Top level query: Yes |
-
4444666666352222333331222223333322222222223666662222222
+ 33333B3333244444422222222222BBBBBB111111115555444111155551111333355555- Footnotes: -- A - Only for mobile application management (MAM). -- B - Provisioning only. -- 1 - Added in Windows 10, version 1607. -- 2 - Added in Windows 10, version 1703. -- 3 - Added in Windows 10, version 1709. -- 4 - Added in Windows 10, version 1803. -- 5 - Added in Windows 10, version 1809. -- 6 - Added in Windows 10, version 1903. -- 7 - Added in Windows 10, version 1909. -- 8 - Added in Windows 10, version 2004. -- 9 - Added in Windows 10 Team 2020 Update -- 10 - Added in [Windows Holographic, version 20H2](/hololens/hololens-release-notes#windows-holographic-version-20h2) - diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index 5337bb0cfd..9466edec32 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -1,6 +1,6 @@ --- title: DevDetail CSP -description: Learn how the DevDetail configuration service provider handles the management object which provides device-specific parameters to the OMA DM server. +description: Learn how the DevDetail configuration service provider handles the management object. This CSP provides device-specific parameters to the OMA DM server. ms.assetid: 719bbd2d-508d-439b-b175-0874c7e6c360 ms.reviewer: manager: dansimp @@ -14,15 +14,16 @@ ms.date: 03/27/2020 # DevDetail CSP -The DevDetail configuration service provider handles the management object which provides device-specific parameters to the OMA DM server. These device parameters are not sent from the client to the server automatically, but can be queried by servers using OMA DM commands. +The DevDetail configuration service provider handles the management object that provides device-specific parameters to the OMA DM server. These device parameters can be queried by servers using OMA DM commands. They aren't sent from the client to the server automatically. > [!NOTE] > This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application. -For the DevDetail CSP, you cannot use the Replace command unless the node already exists. +For the DevDetail CSP, you can't use the Replace command unless the node already exists. -The following shows the DevDetail configuration service provider management object in tree format as used by OMA Device Management. The OMA Client Provisioning protocol is not supported for this configuration service provider. -``` +The following information shows the DevDetail configuration service provider management object in tree format as used by OMA Device Management. The OMA Client Provisioning protocol isn't supported for this configuration service provider. + +```console . DevDetail ----URI @@ -97,24 +98,24 @@ Required. Returns the maximum depth of the management tree that the device suppo Supported operation is Get. -This is the maximum number of URI segments that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited depth. +This value is the maximum number of URI segments that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited depth. **URI/MaxTotLen** Required. Returns the maximum total length of any URI used to address a node or node property. The default is zero (0). Supported operation is Get. -This is the largest number of characters in the URI that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited length. +This value is the largest number of characters in the URI that the device supports. The default value zero (0) indicates that the device supports a URI of unlimited length. **URI/MaxSegLen** Required. Returns the total length of any URI segment in a URI that addresses a node or node property. The default is zero (0). Supported operation is Get. -This is the largest number of characters that the device can support in a single URI segment. The default value zero (0) indicates that the device supports URI segment of unlimited length. +This value is the largest number of characters that the device can support in a single URI segment. The default value zero (0) indicates that the device supports URI segment of unlimited length. **Ext/Microsoft/MobileID** -Required. Returns the mobile device ID associated with the cellular network. Returns 404 for devices that do not have a cellular network support. +Required. Returns the mobile device ID associated with the cellular network. Returns 404 for devices that don't have a cellular network support. Supported operation is Get. @@ -131,7 +132,7 @@ Required. Returns the UI screen resolution of the device (example: "480x800 Supported operation is Get. **Ext/Microsoft/CommercializationOperator** -Required. Returns the name of the mobile operator if it exists; otherwise it returns 404.. +Required. Returns the name of the mobile operator if it exists. Otherwise, it returns 404. Supported operation is Get. @@ -158,7 +159,7 @@ Supported operation is Get. **Ext/Microsoft/DeviceName** Required. Contains the user-specified device name. -Support for Replace operation for Windows 10 Mobile was added in Windows 10, version 1511. Replace operation is not supported in the desktop or IoT Core. When you change the device name using this node, it triggers a dialog on the device asking the user to reboot. The new device name does not take effect until the device is restarted. If the user cancels the dialog, it will show again until a reboot occurs. +Replace operation isn't supported in Windows client or IoT Core. When you change the device name using this node, it triggers a dialog on the device asking the user to reboot. The new device name doesn't take effect until the device is restarted. If the user cancels the dialog, it will show again until a reboot occurs. Value type is string. @@ -171,23 +172,15 @@ The following are the available naming macros: | Macro | Description | Example | Generated Name | | -------| -------| -------| -------| -| %RAND:<# of digits> | Generates the specified number of random digits. | Test%RAND:6% | Test123456| -| %SERIAL% | Generates the serial number derived from the device. If the serial number causes the new name to exceed the 63 character limit, the serial number will be truncated from the beginning of the sequence.| Test-Device-%SERIAL% | Test-Device-456| +| %RAND:<# of digits> | Generates the specified number of random digits. | `Test%RAND:6%` | Test123456| +| %SERIAL% | Generates the serial number derived from the device. If the serial number causes the new name to exceed the 63 character limit, the serial number will be truncated from the beginning of the sequence.| `Test-Device-%SERIAL%` | Test-Device-456| Value type is string. Supported operations are Get and Replace. > [!NOTE] > We recommend using `%SERIAL%` or `%RAND:x%` with a high character limit to reduce the chance of name collision when generating a random name. This feature doesn't check if a particular name is already present in the environment. -On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer's` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit does not count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**. - -**Ext/Microsoft/TotalStorage** -Added in Windows 10, version 1511. Integer that specifies the total available storage in MB from first internal drive on the device (may be less than total physical storage). - -Supported operation is Get. - -> [!NOTE] -> This is only supported in Windows 10 Mobile. +On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the computer's serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit doesn't count the length of the macros, `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10, version 1709 and earlier releases, use the **ComputerName** setting under **Accounts** > **ComputerAccount**. **Ext/Microsoft/TotalRAM** Added in Windows 10, version 1511. Integer that specifies the total available memory in MB on the device (may be less than total physical memory). @@ -205,30 +198,30 @@ The MAC address of the active WLAN connection, as a 12-digit hexadecimal number. Supported operation is Get. > [!NOTE] -> This is not supported in Windows 10 for desktop editions. +> This isn't supported in Windows 10 for desktop editions. **Ext/VoLTEServiceSetting** -Returns the VoLTE service to on or off. This is only exposed to mobile operator OMA-DM servers. +Returns the VoLTE service to on or off. This setting is only exposed to mobile operator OMA-DM servers. Supported operation is Get. **Ext/WlanIPv4Address** -Returns the IPv4 address of the active Wi-Fi connection. This is only exposed to enterprise OMA DM servers. +Returns the IPv4 address of the active Wi-Fi connection. This address is only exposed to enterprise OMA DM servers. Supported operation is Get. **Ext/WlanIPv6Address** -Returns the IPv6 address of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers. +Returns the IPv6 address of the active Wi-Fi connection. This address is only exposed to enterprise OMA-DM servers. Supported operation is Get. **Ext/WlanDnsSuffix** -Returns the DNS suffix of the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers. +Returns the DNS suffix of the active Wi-Fi connection. This suffix is only exposed to enterprise OMA-DM servers. Supported operation is Get. **Ext/WlanSubnetMask** -Returns the subnet mask for the active Wi-Fi connection. This is only exposed to enterprise OMA-DM servers. +Returns the subnet mask for the active Wi-Fi connection. This subnet mask is only exposed to enterprise OMA-DM servers. Supported operation is Get. @@ -236,17 +229,10 @@ Supported operation is Get. Added in Windows 10 version 1703. Returns a base64-encoded string of the hardware parameters of a device. > [!NOTE] -> This node contains a raw blob used to identify a device in the cloud. It's not meant to be human readable by design and you cannot parse the content to get any meaningful hardware information. +> This node contains a raw blob used to identify a device in the cloud. It's not meant to be human readable by design and you can't parse the content to get any meaningful hardware information. Supported operation is Get. -## Related topics +## Related articles [Configuration service provider reference](configuration-service-provider-reference.md) - - - - - - - diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md index bd80931f74..b41ccfecfa 100644 --- a/windows/client-management/mdm/device-update-management.md +++ b/windows/client-management/mdm/device-update-management.md @@ -19,24 +19,24 @@ ms.date: 11/15/2017 >[!TIP] >If you're not a developer or administrator, you'll find more helpful information in the [Windows Update: Frequently Asked Questions](https://support.microsoft.com/help/12373/windows-update-faq). -In the current device landscape of PC, tablets, phones, and IoT devices, Mobile Device Management (MDM) solutions are becoming prevalent as a lightweight device management technology. In Windows 10, we are investing heavily in extending the management capabilities available to MDMs. One key feature we are adding is the ability for MDMs to keep devices up to date with the latest Microsoft updates. +With PCs, tablets, phones, and IoT devices, Mobile Device Management (MDM) solutions are becoming prevalent as a lightweight device management technology. In Windows 10, we're investing heavily in extending the management capabilities available to MDMs. One key feature we're adding is the ability for MDMs to keep devices up to date with the latest Microsoft updates. In particular, Windows 10 provides APIs to enable MDMs to: - Ensure machines stay up to date by configuring Automatic Update policies. -- Test updates on a smaller set of machines before enterprise-wide rollout by configuring which updates are approved for a given device. -- Get compliance status of managed devices so IT can easily understand which machines still need a particular security patch, or how up to date is a particular machine. +- Test updates on a smaller set of machines by configuring which updates are approved for a given device. Then, do an enterprise-wide rollout. +- Get compliance status of managed devices. IT can understand which machines still need a security patch, or how current is a particular machine. -This topic provides MDM independent software vendors (ISV) with the information they need to implement update management in Windows 10. +This article provides independent software vendors (ISV) with the information they need to implement update management in Windows 10. In Windows 10, the MDM protocol has been extended to better enable IT admins to manage updates. In particular, Windows has added configuration service providers (CSPs) that expose policies and actions for MDMs to: -- Configure automatic update policies to ensure devices stay up-to-date. +- Configure automatic update policies to ensure devices stay up to date. - Get device compliance information (the list of updates that are needed but not yet installed). -- Specify a per-device update approval list, to ensure devices don’t install unapproved updates that have not been tested. -- Approve EULAs on behalf of the end user so update deployment can be automated even for updates with EULAs. +- Enter a per-device update approval list. The list makes sure devices only install updates that are approved and tested. +- Approve end-user license agreements (EULAs) for the end user so update deployment can be automated even for updates with EULAs. -The OMA DM APIs for specifying update approvals and getting compliance status refer to updates by using an Update ID, which is a GUID that identifies a particular update. The MDM, of course, will want to expose IT-friendly information about the update (instead of a raw GUID), including the update’s title, description, KB, update type (for example, a security update or service pack). For more information, see [\[MS-WSUSSS\]: Windows Update Services: Server-Server Protocol](/openspecs/windows_protocols/ms-wsusss/f49f0c3e-a426-4b4b-b401-9aeb2892815c). +The OMA DM APIs for specifying update approvals and getting compliance status refer to updates by using an Update ID. The Update ID is a GUID that identifies a particular update. The MDM will want to show IT-friendly information about the update, instead of a raw GUID, including the update’s title, description, KB, update type, like a security update or service pack. For more information, see [\[MS-WSUSSS\]: Windows Update Services: Server-Server Protocol](/openspecs/windows_protocols/ms-wsusss/f49f0c3e-a426-4b4b-b401-9aeb2892815c). For more information about the CSPs, see [Update CSP](update-csp.md) and the update policy area of the [Policy CSP](policy-configuration-service-provider.md). @@ -48,29 +48,29 @@ The diagram can be roughly divided into three areas: - The Device Management service syncs update information (title, description, applicability) from Microsoft Update using the Server-Server sync protocol (top of the diagram). - The Device Management service sets automatic update policies, obtains update compliance information, and sets approvals via OMA DM (left portion of the diagram). -- The device gets updates from Microsoft Update using client/server protocol, but only downloads and installs updates that are both applicable to the device and approved by IT (right portion of the diagram). +- The device gets updates from Microsoft Update using client/server protocol. It only downloads and installs updates that apply to the device and are approved by IT (right portion of the diagram). ## Getting update metadata using the Server-Server sync protocol -The Microsoft Update Catalog is huge and contains many updates that are not needed by MDM-managed devices, including updates for legacy software (for example, updates to servers, down-level desktop operating systems, and legacy apps), and a large number of drivers. We recommend that the MDM use the Server-Server sync protocol to get update metadata for updates reported from the client. +The Microsoft Update Catalog contains many updates that aren't needed by MDM-managed devices. It includes updates for legacy software, like updates to servers, down-level desktop operating systems, & legacy apps, and a large number of drivers. We recommend MDMs use the Server-Server sync protocol to get update metadata for updates reported from the client. -This section describes how this is done. The following diagram shows the server-server sync protocol process. +This section describes this setup. The following diagram shows the server-server sync protocol process. - +:::image type="content" alt-text="mdm server-server sync." source="images/deviceupdateprocess2.png" lightbox="images/deviceupdateprocess2.png"::: MSDN provides much information about the Server-Server sync protocol. In particular: -- It is a SOAP-based protocol, and you can get the WSDL in [Server Sync Web Service](/openspecs/windows_protocols/ms-wsusss/8a3b2470-928a-4bd1-bdcc-8c2bf6b8e863). The WSDL can be used to generate calling proxies for many programming environments, which will simplify your development. -- You can find code samples in [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a). The sample code shows raw SOAP commands, which can be used. Although it’s even simpler to make the call from a programming language like .NET (calling the WSDL-generated proxies). The stub generated by the Server Sync WSDL from the MSDN link above generates an incorrect binding URL. The binding URL should be set to https://fe2.update.microsoft.com/v6/ServerSyncWebService/serversyncwebservice.asmx. +- It's a SOAP-based protocol, and you can get the WSDL in [Server Sync Web Service](/openspecs/windows_protocols/ms-wsusss/8a3b2470-928a-4bd1-bdcc-8c2bf6b8e863). The WSDL can be used to generate calling proxies for many programming environments, which will simplify your development. +- You can find code samples in [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a). The sample code shows raw SOAP commands, which can be used. Although it’s even simpler to make the call from a programming language like .NET (calling the WSDL-generated proxies). The stub generated by the Server Sync WSDL from the MSDN link above generates an incorrect binding URL. The binding URL should be set to `https://fe2.update.microsoft.com/v6/ServerSyncWebService/serversyncwebservice.asmx`. Some important highlights: -- The protocol has an authorization phase (calling GetAuthConfig, GetAuthorizationCookie, and GetCookie). In [Protocol Examples](/openspecs/windows_protocols/ms-wsusss/2dedbd00-fbb7-46ee-8ee0-aec9bd1ecd2a), the **Sample 1: Authorization** code shows how this is done. Even though this is called the authorization phase, the protocol is completely open (no credentials are needed to run this phase of the protocol). This sequence of calls needs to be done to obtain a cookie for the main part of the sync protocol. As an optimization, you can cache the cookie and only call this sequence again if your cookie has expired. -- The protocol allows the MDM to sync update metadata for a particular update by calling GetUpdateData. For more information, see [GetUpdateData](/openspecs/windows_protocols/ms-wsusss/c28ad30c-fa3f-4bc6-a747-788391d2d964) in MSDN. The LocURI to get the applicable updates with their revision Numbers is `
Added in Windows 10, version 1607. Allows the IT admin (when used with Update/ActiveHoursStart) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time. +Added in Windows 10, version 1607. When used with **Update/ActiveHoursStart**, it allows the IT admin to manage a range of active hours where update reboots aren't scheduled. This value sets the end time. There's a 12-hour maximum from start time. > [!NOTE] -> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information. +> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. For more information, see **Update/ActiveHoursMaxRange** in this article. -
Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. +Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, and so on. -
The default is 17 (5 PM). +The default is 17 (5 PM). **Update/ActiveHoursMaxRange** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. -
Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time. +Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time. -
Supported values are 8-18. +Supported values are 8-18. -
The default value is 18 (hours). +The default value is 18 (hours). **Update/ActiveHoursStart** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. -
Added in Windows 10, version 1607. Allows the IT admin (when used with Update/ActiveHoursEnd) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time. +Added in Windows 10, version 1607. When used with **Update/ActiveHoursEnd**, it allows the IT admin to manage a range of hours where update reboots aren't scheduled. This value sets the start time. There's a 12-hour maximum from end time. > [!NOTE] -> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information. +> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. For more information, see **Update/ActiveHoursMaxRange** in this article. -
Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc. +Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, and so on. -
The default value is 8 (8 AM). +The default value is 8 (8 AM). **Update/AllowAutoUpdate** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. -
Enables the IT admin to manage automatic update behavior to scan, download, and install updates. +Enables the IT admin to manage automatic update behavior to scan, download, and install updates. -
Supported operations are Get and Replace. +Supported operations are Get and Replace. -
The following list shows the supported values: +The following list shows the supported values: -- 0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel. -- 1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that do not shutdown properly on restart. -- 2 (default) – Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that does not shutdown properly on restart. +- 0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end users to manage data usage. With this option, users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel. +- 1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks. They're installed during "Automatic Maintenance" when the device isn't in use, and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end user is prompted to schedule the restart time. The end user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end user to control the start time reduces the risk of accidental data loss caused by applications that don't shutdown properly on restart. +- 2 (default) – Auto install and restart. Updates are downloaded automatically on non-metered networks. They're installed during "Automatic Maintenance" when the device isn't in use, and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. This behavior is the default behavior for unmanaged devices. Devices are updated quickly. But, it increases the risk of accidental data loss caused by an application that doesn't shutdown properly on restart. - 3 – Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart. -- 4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only. +- 4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks. They're installed during "Automatic Maintenance" when the device isn't in use, and isn't running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device isn't actively being used. This setting option also sets the end-user control panel to read-only. - 5 – Turn off automatic updates. > [!IMPORTANT] > This option should be used only for systems under regulatory compliance, as you will not get security updates as well. -
If the policy is not configured, end-users get the default behavior (Auto install and restart). +If the policy isn't configured, end users get the default behavior (Auto install and restart). **Update/AllowMUUpdateService** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education -
Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update. +Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed or not configured. - 1 – Allowed. Accepts updates received through Microsoft Update. @@ -221,31 +258,31 @@ The following diagram shows the Update policies in a tree format. > This policy is available on Windows 10 Pro, Windows 10 Enterprise and Windows 10 Education. -
Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for third party software and patch distribution. +Allows the IT admin to manage if Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for third-party software and patch distribution. -
Supported operations are Get and Replace. +Supported operations are Get and Replace. -
The following list shows the supported values: +The following list shows the supported values: - 0 – Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft. -- 1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer. +- 1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they're signed by a certificate in the "Trusted Publishers" certificate store of the local computer. -
This policy is specific to desktop and local publishing via WSUS for third party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. +This policy is specific to desktop and local publishing using WSUS for third-party updates (binaries and updates not hosted on Microsoft Update). It allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location. **Update/AllowUpdateService** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education -
Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft. +Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft. -
Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Microsoft +Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update. -
Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft to stop working. +Enabling this policy will disable that functionality, and may cause connection to public services such as the Microsoft to stop working. -
The following list shows the supported values: +The following list shows the supported values: -- 0 – Update service is not allowed. +- 0 – Update service isn't allowed. - 1 (default) – Update service is allowed. > [!NOTE] @@ -257,20 +294,20 @@ The following diagram shows the Update policies in a tree format. > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education -
Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications. +Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications. -
Supported values are 15, 30, 60, 120, and 240 (minutes). +Supported values are 15, 30, 60, 120, and 240 (minutes). -
The default value is 15 (minutes). +The default value is 15 (minutes). **Update/AutoRestartRequiredNotificationDismissal** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education -
Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto restart required notification is dismissed. +Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto restart required notification is dismissed. -
The following list shows the supported values: +The following list shows the supported values: - 1 (default) – Auto Dismissal. - 2 – User Dismissal. @@ -280,9 +317,9 @@ The following diagram shows the Update policies in a tree format. > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education -
Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from. +Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from. -
The following list shows the supported values: +The following list shows the supported values: - 16 (default) – User gets all applicable upgrades from Current Branch (CB). - 32 – User gets upgrades from Current Branch for Business (CBB). @@ -291,18 +328,18 @@ The following diagram shows the Update policies in a tree format. > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education. -
Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days. +Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days. -
Supported values are 0-180. +Supported values are 0-180. **Update/DeferQualityUpdatesPeriodInDays** > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education -
Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days. +Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days. -
Supported values are 0-30. +Supported values are 0-30. **Update/DeferUpdatePeriod** > [!NOTE] @@ -311,13 +348,13 @@ The following diagram shows the Update policies in a tree format. > Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices. -
Allows IT Admins to specify update delays for up to four weeks. +Allows IT Admins to specify update delays for up to four weeks. -
Supported values are 0-4, which refers to the number of weeks to defer updates. +Supported values are 0-4, which refers to the number of weeks to defer updates. -
If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +If the **Specify intranet Microsoft update service location** policy is enabled, then the **Defer upgrades by**, **Defer updates by**; and **Pause Updates and Upgrades** settings have no effect. -
If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect. +If the **Allow Telemetry** policy is enabled and the Options value is set to 0, then the **Defer upgrades by**, **Defer updates by** and **Pause Updates and Upgrades** settings have no effect.
| Starting SKU | -Upgrade to Windows 10 Mobile | -
|---|---|
Windows Mobile 6.5 |
-No |
-
Windows Phone 8 |
-No |
-
Windows Phone 8.1 |
-Yes |
-
| Term | -Description | -
|---|---|
DUControlledUpdates.xml |
-This is the same file as the report XML retrieved in Step 2 with a different name. This file tells the device the specific update packages to download. See Appendix for example - |
-
DUCustomContentUris.xml |
-This file maps the update packages in DUControlledUpdates.xml to the internal share location. |
-
TPM is a specialized hardware-protected logic that performs a series of hardware protected security operations including providing protected storage, random number generation, encryption, and signing.
+ +**DHA (Device HealthAttestation) feature** +The Device HealthAttestation (DHA) feature enables enterprise IT administrators to monitor the security posture of managed devices remotely by using hardware (TPM) protected and attested data via a tamper-resistant and tamper-evident communication channel.
+ +**MAA-Session (Microsoft Azure Attestation service based device HealthAttestation session)** +The Microsoft Azure Attestation service-based device HealthAttestation session (MAA-Session) describes the end-to-end communication flow that is performed in one device health attestation session.
+ +**MAA-CSP Nodes (Microsoft Azure Attestation based Configuration Service Provider)** +The Configuration Service Provider nodes added to Windows 11 to integrate with Microsoft Azure Attestation Service.
+The following list of operations is performed by MAA-CSP:
+-
+
- Receives attestation trigger requests from a HealthAttestation enabled MDM provider. +
- The device collects Attestation Evidence (device boot logs, TPM audit trails and the TPM certificate) from a managed device. +
- Forwards the Attestation Evidence to the Azure Attestation Service instance as configured by the MDM provider. +
- Receives a signed report from the Azure Attestation Service instance and stores it in a local cache on the device. +
+
Attestation flow can be broadly in three main steps:
+-
+
- An instance of the Azure Attestation service is set up with an appropriate attestation policy. The attestation policy allows the MDM provider to attest to particular events in the boot as well security features. +
- The MDM provider triggers a call to the attestation service, the device then performs an attestation check keeping the report ready to be retrieved. +
- The MDM provider after verifying the token is coming from the attestation service it can parse the attestation token to reflect on the attested state of the device. +
The root node for the device HealthAttestation configuration service provider.
+ +**TriggerAttestation** (Required) +Node type: EXECUTE +This node will trigger attestation flow by launching an attestation process. If the attestation process is launched successfully, this node will return code 202 indicating the request is received and being processed. Otherwise, an error will be returned. +
+ +Templated SyncML Call:
+ +```xml +Data fields:
+-
+
- rpID (Relying Party Identifier): This field contains an identifier that can be used to help determine the caller. +
- serviceEndpoint : This field contains the complete URL of the Microsoft Azure Attestation provider instance to be used for evaluation. +
- nonce : This field contains an arbitrary number that can be used just once in a cryptographic communication. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks. +
- aadToken: The AAD token to be used for authentication against the Microsoft Azure Attestation service. +
- cv: This field contains an identifier(Correlation Vector) that will passed in to the service call, that can be used for diagnostics purposes. +
Sample Data:
+ +```json + +{ +"rpid" : "https://www.contoso.com/attestation", +"endpoint" : "https://contoso.eus.attest.azure.net/attest/tpm?api-version=2020-10-01", +"nonce" : "5468697320697320612054657374204e6f6e6365", +"aadToken" : "dummytokenstring", +"cv" : "testonboarded" +} + +``` + +**AttestStatus** +Node type: GET +This node will retrieve the status(HRESULT value) stored in registry updated by the attestation process triggered in the previous step. +The status is always cleared prior to making the attest service call. +
+ +Templated SyncML Call:
+ +```xml +Sample Data:
+ +``` +If Successful: 0 +If Failed: A corresponding HRESULT error code +Example: 0x80072efd, WININET_E_CANNOT_CONNECT +``` + +**GetAttestReport** +Node type: GET +This node will retrieve the attestation report per the call made by the TriggerAttestation, if there is any, for the given MDM provider. The report is stored in a registry key in the respective MDM enrollment store. +
+ +Templated SyncML Call:
+ +```xml +Sample data:
+ +``` +If Success: +JWT token: aaaaaaaaaaaaa.bbbbbbbbbbbbb.cccccccccc +If failed: +Previously cached report if available (the token may have already expired per the attestation policy). +OR Sync ML 404 error if not cached report available. +``` + +**GetServiceCorrelationIDs** +Node type: GET +This node will retrieve the service-generated correlation IDs for the given MDM provider. If there are more than one correlation IDs, they are separated by “;” in the string. +
+Templated SyncML Call:
+ +```xml +Sample data:
+ +> If success: +> GUID returned by the attestation service: 1k9+vQOn00S8ZK33;CMc969r1JEuHwDpM +> If Trigger Attestation call failed and no previous data is present. The field remains empty. +> Otherwise, the last service correlation id will be returned. In a successful attestation there are two +> calls between client and MAA and for each call the GUID is separated by semicolon. + +> **_Note:_** MAA CSP nodes are available on arm64 but is not currently supported. + + +### MAA CSP Integration Steps +-
+
- Set up a MAA provider instance:
+MAA instance can be created following the steps here Quickstart: Set up Azure Attestation by using the Azure portal | Microsoft Docs.
+ - Update the provider with an appropriate policy:
+The MAA instance should be updated with an appropriate policy. How to author an Azure Attestation policy | Microsoft Docs +
A Sample attestation policy: + +``` +version=1.2; + +configurationrules{ +}; + +authorizationrules { + => permit(); +}; + +issuancerules{ + +// SecureBoot enabled +c:[type == "events", issuer=="AttestationService"] => add(type = "efiConfigVariables", value = JmesPath(c.value, "Events[?EventTypeString == 'EV_EFI_VARIABLE_DRIVER_CONFIG' && ProcessedData.VariableGuid == '8BE4DF61-93CA-11D2-AA0D-00E098032B8C']")); +c:[type == "efiConfigVariables", issuer=="AttestationPolicy"]=> issue(type = "secureBootEnabled", value = JsonToClaimValue(JmesPath(c.value, "[?ProcessedData.UnicodeName == 'SecureBoot'] | length(@) == `1` && @[0].ProcessedData.VariableData == 'AQ'"))); +![type=="secureBootEnabled", issuer=="AttestationPolicy"] => issue(type="secureBootEnabled", value=false); + +// Retrieve bool properties +c:[type=="events", issuer=="AttestationService"] => add(type="boolProperties", value=JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && (PcrIndex == `12` || PcrIndex == `13` || PcrIndex == `19` || PcrIndex == `20`)].ProcessedData.EVENT_TRUSTBOUNDARY")); +c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="codeIntegrityEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_CODEINTEGRITY"))); +c:[type=="codeIntegrityEnabledSet", issuer=="AttestationPolicy"] => issue(type="codeIntegrityEnabled", value=ContainsOnlyValue(c.value, true)); +![type=="codeIntegrityEnabled", issuer=="AttestationPolicy"] => issue(type="codeIntegrityEnabled", value=false); + +// Bitlocker Boot Status, The first non zero measurement or zero. +c:[type=="events", issuer=="AttestationService"] => add(type="srtmDrtmEventPcr", value=JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && (PcrIndex == `12` || PcrIndex == `19`)].ProcessedData.EVENT_TRUSTBOUNDARY")); +c:[type=="srtmDrtmEventPcr", issuer=="AttestationPolicy"] => issue(type="bitlockerEnabledValue", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_BITLOCKER_UNLOCK | @[? Value != `0`].Value | @[0]"))); +[type=="bitlockerEnabledValue"] => issue(type="bitlockerEnabled", value=true); +![type=="bitlockerEnabledValue"] => issue(type="bitlockerEnabled", value=false); + +// Elam Driver (windows defender) Loaded +c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="elamDriverLoaded", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_LOADEDMODULE_AGGREGATION[] | [? EVENT_IMAGEVALIDATED == `true` && (equals_ignore_case(EVENT_FILEPATH, '\\windows\\system32\\drivers\\wdboot.sys') || equals_ignore_case(EVENT_FILEPATH, '\\windows\\system32\\drivers\\wd\\wdboot.sys'))] | @ != `null`"))); +[type=="elamDriverLoaded", issuer=="AttestationPolicy"] => issue(type="WindowsDefenderElamDriverLoaded", value=true); +![type=="elamDriverLoaded", issuer=="AttestationPolicy"] => issue(type="WindowsDefenderElamDriverLoaded", value=false); + +// Boot debugging +c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="bootDebuggingEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_BOOTDEBUGGING"))); +c:[type=="bootDebuggingEnabledSet", issuer=="AttestationPolicy"] => issue(type="bootDebuggingDisabled", value=ContainsOnlyValue(c.value, false)); +![type=="bootDebuggingDisabled", issuer=="AttestationPolicy"] => issue(type="bootDebuggingDisabled", value=false); + +// Kernel Debugging +c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="osKernelDebuggingEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_OSKERNELDEBUG"))); +c:[type=="osKernelDebuggingEnabledSet", issuer=="AttestationPolicy"] => issue(type="osKernelDebuggingDisabled", value=ContainsOnlyValue(c.value, false)); +![type=="osKernelDebuggingDisabled", issuer=="AttestationPolicy"] => issue(type="osKernelDebuggingDisabled", value=false); + +// DEP Policy +c:[type=="boolProperties", issuer=="AttestationPolicy"] => issue(type="depPolicy", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_DATAEXECUTIONPREVENTION.Value | @[-1]"))); +![type=="depPolicy"] => issue(type="depPolicy", value=0); + +// Test Signing +c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="testSigningEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_TESTSIGNING"))); +c:[type=="testSigningEnabledSet", issuer=="AttestationPolicy"] => issue(type="testSigningDisabled", value=ContainsOnlyValue(c.value, false)); +![type=="testSigningDisabled", issuer=="AttestationPolicy"] => issue(type="testSigningDisabled", value=false); + +// Flight Signing +c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="flightSigningEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_FLIGHTSIGNING"))); +c:[type=="flightSigningEnabledSet", issuer=="AttestationPolicy"] => issue(type="flightSigningNotEnabled", value=ContainsOnlyValue(c.value, false)); +![type=="flightSigningNotEnabled", issuer=="AttestationPolicy"] => issue(type="flightSigningNotEnabled", value=false); + +// VSM enabled +c:[type=="events", issuer=="AttestationService"] => add(type="srtmDrtmEventPcr", value=JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && (PcrIndex == `12` || PcrIndex == `19`)].ProcessedData.EVENT_TRUSTBOUNDARY")); +c:[type=="srtmDrtmEventPcr", issuer=="AttestationPolicy"] => add(type="vbsEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_VBS_VSM_REQUIRED"))); +c:[type=="srtmDrtmEventPcr", issuer=="AttestationPolicy"] => add(type="vbsEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_VBS_MANDATORY_ENFORCEMENT"))); +c:[type=="vbsEnabledSet", issuer=="AttestationPolicy"] => issue(type="vbsEnabled", value=ContainsOnlyValue(c.value, true)); +![type=="vbsEnabled", issuer=="AttestationPolicy"] => issue(type="vbsEnabled", value=false); +c:[type=="vbsEnabled", issuer=="AttestationPolicy"] => issue(type="vbsEnabled", value=c.value); + +// HVCI +c:[type=="srtmDrtmEventPcr", issuer=="AttestationPolicy"] => add(type="hvciEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_VBS_HVCI_POLICY | @[?String == 'HypervisorEnforcedCodeIntegrityEnable'].Value"))); +c:[type=="hvciEnabledSet", issuer=="AttestationPolicy"] => issue(type="hvciEnabled", value=ContainsOnlyValue(c.value, 1)); +![type=="hvciEnabled", issuer=="AttestationPolicy"] => issue(type="hvciEnabled", value=false); + +// IOMMU +c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="iommuEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_VBS_IOMMU_REQUIRED"))); +c:[type=="iommuEnabledSet", issuer=="AttestationPolicy"] => issue(type="iommuEnabled", value=ContainsOnlyValue(c.value, true)); +![type=="iommuEnabled", issuer=="AttestationPolicy"] => issue(type="iommuEnabled", value=false); + +// Find the Boot Manager SVN, this is measured as part of a sequence and find the various measurements +// Find the first EV_SEPARATOR in PCR 12, 13, Or 14 +c:[type=="events", issuer=="AttestationService"] => add(type="evSeparatorSeq", value=JmesPath(c.value, "Events[? EventTypeString == 'EV_SEPARATOR' && (PcrIndex == `12` || PcrIndex == `13` || PcrIndex == `14`)] | @[0].EventSeq")); +c:[type=="evSeparatorSeq", value != "null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value=AppendString(AppendString("Events[? EventSeq < `", c.value), "`")); +[type=="evSeparatorSeq", value=="null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value="Events[? `true` "); + +// Find the first EVENT_APPLICATION_SVN. +c:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] => add(type="bootMgrSvnSeqQuery", value=AppendString(c.value, " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `12` && ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_APPLICATION_SVN] | @[0].EventSeq")); +c1:[type=="bootMgrSvnSeqQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => add(type="bootMgrSvnSeq", value=JmesPath(c2.value, c1.value)); +c:[type=="bootMgrSvnSeq", value!="null", issuer=="AttestationPolicy"] => add(type="bootMgrSvnQuery", value=AppendString(AppendString("Events[? EventSeq == `", c.value), "`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_APPLICATION_SVN | @[0]")); + +// The first EVENT_APPLICATION_SVN. That value is the Boot Manager SVN +c1:[type=="bootMgrSvnQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => issue(type="bootMgrSvn", value=JsonToClaimValue(JmesPath(c2.value, c1.value))); + +// OS Rev List Info +c:[type=="events", issuer=="AttestationService"] => issue(type="osRevListInfo", value=JsonToClaimValue(JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `13`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_OS_REVOCATION_LIST.RawData | @[0]"))); + +// Safe mode +c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="safeModeEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_SAFEMODE"))); +c:[type=="safeModeEnabledSet", issuer=="AttestationPolicy"] => issue(type="notSafeMode", value=ContainsOnlyValue(c.value, false)); +![type=="notSafeMode", issuer=="AttestationPolicy"] => issue(type="notSafeMode", value=true); + +// Win PE +c:[type=="boolProperties", issuer=="AttestationPolicy"] => add(type="winPEEnabledSet", value=JsonToClaimValue(JmesPath(c.value, "[*].EVENT_WINPE"))); +c:[type=="winPEEnabledSet", issuer=="AttestationPolicy"] => issue(type="notWinPE", value=ContainsOnlyValue(c.value, false)); +![type=="notWinPE", issuer=="AttestationPolicy"] => issue(type="notWinPE", value=true); + +// CI Policy +c:[type=="events", issuer=="AttestationService"] => issue(type="codeIntegrityPolicy", value=JsonToClaimValue(JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `13`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_SI_POLICY[].RawData"))); + +// Secure Boot Custom Policy +c:[type=="events", issuer=="AttestationService"] => issue(type="secureBootCustomPolicy", value=JsonToClaimValue(JmesPath(c.value, "Events[? EventTypeString == 'EV_EFI_VARIABLE_DRIVER_CONFIG' && PcrIndex == `7` && ProcessedData.UnicodeName == 'CurrentPolicy' && ProcessedData.VariableGuid == '77FA9ABD-0359-4D32-BD60-28F4E78F784B'].ProcessedData.VariableData | @[0]"))); + +// Find the first EV_SEPARATOR in PCR 12, 13, Or 14 +c:[type=="events", issuer=="AttestationService"] => add(type="evSeparatorSeq", value=JmesPath(c.value, "Events[? EventTypeString == 'EV_SEPARATOR' && (PcrIndex == `12` || PcrIndex == `13` || PcrIndex == `14`)] | @[0].EventSeq")); +c:[type=="evSeparatorSeq", value != "null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value=AppendString(AppendString("Events[? EventSeq < `", c.value), "`")); +[type=="evSeparatorSeq", value=="null", issuer=="AttestationPolicy"] => add(type="beforeEvSepClause", value="Events[? `true` "); // No restriction of EV_SEPARATOR in case it is not present + +//Finding the Boot App SVN +// Find the first EVENT_TRANSFER_CONTROL with value 1 or 2 in PCR 12 which is before the EV_SEPARATOR +c1:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] && c2:[type=="bootMgrSvnSeq", value != "null", issuer=="AttestationPolicy"] => add(type="beforeEvSepAfterBootMgrSvnClause", value=AppendString(AppendString(AppendString(c1.value, "&& EventSeq >= `"), c2.value), "`")); +c:[type=="beforeEvSepAfterBootMgrSvnClause", issuer=="AttestationPolicy"] => add(type="tranferControlQuery", value=AppendString(c.value, " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `12`&& (ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_TRANSFER_CONTROL.Value == `1` || ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_TRANSFER_CONTROL.Value == `2`)] | @[0].EventSeq")); +c1:[type=="tranferControlQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => add(type="tranferControlSeq", value=JmesPath(c2.value, c1.value)); + +// Find the first non-null EVENT_MODULE_SVN in PCR 13 after the transfer control. +c:[type=="tranferControlSeq", value!="null", issuer=="AttestationPolicy"] => add(type="afterTransferCtrlClause", value=AppendString(AppendString(" && EventSeq > `", c.value), "`")); +c1:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] && c2:[type=="afterTransferCtrlClause", issuer=="AttestationPolicy"] => add(type="moduleQuery", value=AppendString(AppendString(c1.value, c2.value), " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `13` && ((ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_LOADEDMODULE_AGGREGATION[].EVENT_MODULE_SVN | @[0]) || (ProcessedData.EVENT_LOADEDMODULE_AGGREGATION[].EVENT_MODULE_SVN | @[0]))].EventSeq | @[0]")); +c1:[type=="moduleQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => add(type="moduleSeq", value=JmesPath(c2.value, c1.value)); + +// Find the first EVENT_APPLICATION_SVN after EV_EVENT_TAG in PCR 12. +c:[type=="moduleSeq", value!="null", issuer=="AttestationPolicy"] => add(type="applicationSvnAfterModuleClause", value=AppendString(AppendString(" && EventSeq > `", c.value), "`")); +c1:[type=="beforeEvSepClause", issuer=="AttestationPolicy"] && c2:[type=="applicationSvnAfterModuleClause", issuer=="AttestationPolicy"] => add(type="bootAppSvnQuery", value=AppendString(AppendString(c1.value, c2.value), " && EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `12`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_APPLICATION_SVN | @[0]")); +c1:[type=="bootAppSvnQuery", issuer=="AttestationPolicy"] && c2:[type=="events", issuer=="AttestationService"] => issue(type="bootAppSvn", value=JsonToClaimValue(JmesPath(c2.value, c1.value))); + +// Finding the Boot Rev List Info +c:[type=="events", issuer=="AttestationService"] => issue(type="bootRevListInfo", value=JsonToClaimValue(JmesPath(c.value, "Events[? EventTypeString == 'EV_EVENT_TAG' && PcrIndex == `13`].ProcessedData.EVENT_TRUSTBOUNDARY.EVENT_BOOT_REVOCATION_LIST.RawData | @[0]"))); + +}; +``` + +
+ - Call TriggerAttestation with your rpid, AAD token and the attestURI:
+Use the Attestation URL generated in step 1, and append the appropriate api version you want to hit. More information about the api version can be found here Attestation - Attest Tpm - REST API (Azure Attestation) | Microsoft Docs
+ - Call GetAttestReport and decode and parse the report to ensure the attested report contains the required properties:
+GetAttestReport return the signed attestation token as a JWT. The JWT can be decoded to parse the information per the attestation policy. +
+ +```json + { + "typ": "JWT", + "alg": "RS256", + "x5c": [ + "MIIE.....=", + "MIIG.....=", + "MIIF.....=" + ], + "kid": "8FUer20z6wzf1rod044wOAFdjsg" + }.{ + "nbf": 1633664812, + "exp": 1634010712, + "iat": 1633665112, + "iss": "https://contosopolicy.eus.attest.azure.net", + "jti": "2b63663acbcafefa004d20969991c0b1f063c9be", + "ver": "1.0", + "x-ms-ver": "1.0", + "rp_data": "AQIDBA", + "nonce": "AQIDBA", + "cnf": { + "jwk": { + "kty": "RSA", + "n": "yZGC3-1rFZBt6n6vRHjRjvrOYlH69TftIQWOXiEHz__viQ_Z3qxWVa4TfrUxiQyDQnxJ8-f8tBRmlunMdFDIQWhnew_rc3-UYMUPNcTQ0IkrLBDG6qDjFFeEAMbn8gqr0rRWu_Qt7Cb_Cq1upoEBkv0RXk8yR6JXmFIvLuSdewGs-xCWlHhd5w3n1rVk0hjtRk9ZErlbPXt74E5l-ZZQUIyeYEZ1FmbivOIL-2f6NnKJ-cR4cdhEU8i9CH1YV0r578ry89nGvBJ5u4_3Ib9Ragdmxm259npH53hpnwf0I6V-_ZhGPyF6LBVUG_7x4CyxuHCU20uI0vXKXJNlbj1wsQ", + "e": "AQAB" + } + }, + "x-ms-policy-hash": "GiGQCTOylCohHt4rd3pEppD9arh5mXC3ifF1m1hONh0", + "WindowsDefenderElamDriverLoaded": true, + "bitlockerEnabled": true, + "bitlockerEnabledValue": 4, + "bootAppSvn": 1, + "bootDebuggingDisabled": true, + "bootMgrSvn": 1, + "bootRevListInfo": "gHWqR2F-1wEgAAAACwBxrZXHbaiuTuO0PSaJ7WQMF8yz37Z2ATgSNTTlRkwcTw", + "codeIntegrityEnabled": true, + "codeIntegrityPolicy": [ + "AAABAAAAAQBWAAsAIAAAAHsAOABmAGIANAA4ADYANQBlAC0AZQA5ADAAYgAtADQANAA0AGYALQBiADUAYgA1AC0AZQAyAGEAYQA1ADEAZAA4ADkAMABmAGQAfQAuAEMASQBQAAAAVnW86ERqAg5n9QT1UKFr-bOP2AlNtBaaHXjZODnNLlk", + "AAAAAAAACgBWAAsAIAAAAHsAYgBjADQAYgBmADYAZAA3AC0AYwBjADYAMAAtADQAMABmADAALQA4ADYANAA0AC0AMQBlADYANAA5ADEANgBmADgAMQA4ADMAfQAuAEMASQBQAAAAQ7vOXuAbBRIMglSSg7g_LHNeHoR4GrY-M-2W5MNvf0o", + "AAAAAAAACgBWAAsAIAAAAHsAYgAzADEAOAA5ADkAOQBhAC0AYgAxADMAZQAtADQANAA3ADUALQBiAGMAZgBkAC0AMQBiADEANgBlADMAMABlADYAMAAzADAAfQAuAEMASQBQAAAALTmwU3eadNtg0GyAyKIAkYed127RJCSgmfFmO1jN_aI", + "AAAAAAAACgBWAAsAIAAAAHsAZgBlADgAMgBkADUAOAA5AC0ANwA3AGQAMQAtADQAYwA3ADYALQA5AGEANABhAC0AZQA0ADUANQA0ADYAOAA4ADkANAAxAGIAfQAuAEMASQBQAAAA8HGUwA85gHN_ThItTYtu6sw657gVuOb4fOhYl-YJRoc", + "AACRVwAACgAmAAsAIAAAAEQAcgBpAHYAZQByAFMAaQBQAG8AbABpAGMAeQAuAHAANwBiAAAAYcVuY0HdW4Iqr5B-6Sl85kwIXRG9bqr43pVhkirg4qM" + ], + "depPolicy": 0, + "flightSigningNotEnabled": false, + "hvciEnabled": true, + "iommuEnabled": true, + "notSafeMode": true, + "notWinPE": true, + "osKernelDebuggingDisabled": true, + "osRevListInfo": "gHLuW2F-1wEgAAAACwDLyDTUQILjdz_RfNlShVgNYT9EghL7ceMReWg9TuwdKA", + "secureBootEnabled": true, + "testSigningDisabled": true, + "vbsEnabled": true + }.[Signature] +``` +
+
TPM is a specialized hardware-protected logic that performs a series of hardware protected security operations including providing protected storage, random number generation, encryption and signing.
+TPM is a specialized hardware-protected logic that performs a series of hardware protected security operations including providing protected storage, random number generation, encryption, and signing.
**DHA (Device HealthAttestation) feature**The Device HealthAttestation (DHA) feature enables enterprise IT administrators to monitor the security posture of managed devices remotely by using hardware (TPM) protected and attested data via a tamper-resistant and tamper-evident communication channel.
@@ -59,10 +504,10 @@ The following is a list of functions performed by the Device HealthAttestation C DHA session data (Device HealthAttestation session data)The following list of data is produced or consumed in one DHA-Transaction:
-
-
- DHA-BootData: the device boot data (TCG logs, PCR values, device/TPM certificate, boot and TPM counters) that are required for validating device boot health. +
- DHA-BootData: the device boot data (TCG logs, PCR values, device/TPM certificate, boot, and TPM counters) that are required for validating device boot health.
- DHA-EncBlob: an encrypted summary report that DHA-Service issues to a device after reviewing the DHA-BootData it receives from devices.
- DHA-SignedBlob: it is a signed snapshot of the current state of a device’s runtime that is captured by DHA-CSP at device health attestation time. -
- DHA-Data: an XML formatted data blob that devices forward for device health validation to DHA-Service via MDM-Server. DHA-Data has 2 parts: +
- DHA-Data: an XML formatted data blob that devices forward for device health validation to DHA-Service via MDM-Server. DHA-Data has two parts:
- DHA-EncBlob: the encrypted data blob that the device receives from DHA-Service
- DHA-SignedBlob: a current snapshot of the current security state of the device that is generated by DHA-CSP @@ -96,7 +541,7 @@ The following is a list of functions performed by the Device HealthAttestation C DHA-Service (Device HealthAttestation Service)
Device HealthAttestation Service (DHA-Service) validates the data it receives from DHA-CSP and issues a highly trusted hardware (TPM) protected report (DHA-Report) to DHA-Enabled device management solutions through a tamper resistant and tamper evident communication channel.
-DHA-Service is available in 2 flavors: “DHA-Cloud” and “DHA-Server2016”. DHA-Service supports a variety of implementation scenarios including cloud, on premises, air-gapped, and hybrid scenarios.
+DHA-Service is available in two flavors: “DHA-Cloud” and “DHA-Server2016”. DHA-Service supports various implementation scenarios including cloud, on premises, air-gapped, and hybrid scenarios.
The following list of operations is performed by DHA-Service:
- Receives device boot data (DHA-BootData) from a DHA-Enabled device
@@ -173,7 +618,7 @@ The following is a list of functions performed by the Device HealthAttestation C
The supported operation is Get.
-The following list shows some examples of supported values. For the complete list of status see Device HealthAttestation CSP status and error codes.
+The following list shows some examples of supported values. For the complete list of status, see Device HealthAttestation CSP status and error codes.
- 0 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_UNINITIALIZED): DHA-CSP is preparing a request to get a new DHA-EncBlob from DHA-Service - 1 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_REQUESTED): DHA-CSP is waiting for the DHA-Service to respond back, and issue a DHA-EncBlob to the device - 2 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_FAILED): A valid DHA-EncBlob could not be retrieved from the DHA-Service for reasons other than discussed in the DHA error/status codes -- 3 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_COMPLETE): DHA-Data is ready for pick up +- 3 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_COMPLETE): DHA-Data is ready for pickup **ForceRetrieve** (Optional)Instructs the client to initiate a new request to DHA-Service, and get a new DHA-EncBlob (a summary of the boot state that is issued by DHA-Service). This option should only be used if the MDM server enforces a certificate freshness policy, which needs to force a device to get a fresh encrypted blob from DHA-Service.
@@ -220,7 +665,7 @@ HealthAttestation **Certificate** (Required)Instructs the DHA-CSP to forward DHA-Data to the MDM server.
-Value type is b64.The supported operation is Get.
+Value type is b64. The supported operation is Get.
**Nonce** (Required)Enables MDMs to protect the device health attestation communications from man-in-the-middle type (MITM) attacks with a crypt-protected random value that is generated by the MDM Server.
@@ -243,7 +688,7 @@ HealthAttestationAdded in Windows 10, version 1607 March service release. Returns a bitmask of information describing the state of TPM. It indicates whether the TPM of the device is in a ready and trusted state.
Value type is integer. The supported operation is Get.
-## **DHA-CSP integration steps** +### **DHA-CSP integration steps** The following list of validation and development tasks are required for integrating the Microsoft Device Health Attestation feature with a Windows Mobile device management solution (MDM): @@ -260,7 +705,7 @@ The following list of validation and development tasks are required for integrat Each step is described in detail in the following sections of this topic. -## **Step 1: Verify HTTPS access** +### **Step 1: Verify HTTPS access** Validate that both the MDM server and the device (MDM client) can access has.spserv.microsoft.com using the TCP protocol over port 443 (HTTPS). @@ -313,7 +758,7 @@ SSL-Session: ``` -## **Step 2: Assign an enterprise trusted DHA-Service** +### **Step 2: Assign an enterprise trusted DHA-Service** There are three types of DHA-Service: - Device Health Attestation – Cloud (owned and operated by Microsoft) @@ -339,7 +784,7 @@ The following example shows a sample call that instructs a managed device to com ``` -## **Step 3: Instruct client to prepare health data for verification** +### **Step 3: Instruct client to prepare health data for verification** Send a SyncML call to start collection of the DHA-Data. @@ -366,7 +811,7 @@ The following example shows a sample call that triggers collection and verificat ``` -## **Step 4: Take action based on the clients response** +### **Step 4: Take action based on the clients response** After the client receives the health attestation request, it sends a response. The following list describes the responses, along with a recommended action to take. @@ -392,9 +837,9 @@ Here is a sample alert that is issued by DHA_CSP:This attribute indicates the version of the code that is performing integrity checks during the boot sequence. Using this attribute can help you detect if the device is running the latest version of the code that performs integrity checks, or if it is exposed to security risks (revoked) and enforce an appropriate policy action.
@@ -585,7 +1030,7 @@ Each of these are described in further detail in the following sections, along w - Disallow all access - Disallow access to HBI and MBI assets - Place the device in a watch list to monitor the device more closely for potential risks. -- Trigger a corrective action, such as such as informing the technical support team to contact the owner investigate the issue. +- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue. **SecureBootEnabled**When Secure Boot is enabled the core components used to boot the machine must have correct cryptographic signatures that are trusted by the organization that manufactured the device. The UEFI firmware verifies this before it lets the machine start. If any files have been tampered with, breaking their signature, the system will not boot.
@@ -596,11 +1041,11 @@ Each of these are described in further detail in the following sections, along w - Disallow all access - Disallow access to HBI assets -- Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a devices past activities and trust history. +- Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history. - Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks. **BootDebuggingEnabled** -Boot debug enabled points to a device that is used in development and testing. Devices that are used for test and development typically are less secure: the device may run unstable code, or be configured with fewer security restrictions that is required for testing and development.
+Boot debug-enabled points to a device that is used in development and testing. Devices that are used for test and development typically are less secure: the device may run unstable code, or be configured with fewer security restrictions that is required for testing and development.
Boot debugging can be disabled or enabled by using the following commands in WMI or a PowerShell script:
@@ -626,7 +1071,7 @@ Each of these are described in further detail in the following sections, along w - Disallow all access - Disallow access to HBI assets - Place the device in a watch list to monitor the device more closely for potential risks. -- Trigger a corrective action, such as such as informing the technical support team to contact the owner investigate the issue. +- Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue. **CodeIntegrityEnabled**When code integrity is enabled, code execution is restricted to integrity verified code.
@@ -641,7 +1086,7 @@ Each of these are described in further detail in the following sections, along w - Disallow all access - Disallow access to HBI assets -- Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a devices past activities and trust history. +- Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history. - Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks. **TestSigningEnabled** @@ -680,11 +1125,11 @@ Each of these are described in further detail in the following sections, along wIf WinPE = 1 (True), then limit access to remote resources that are required for Windows OS installation.
**ELAMDriverLoaded** (Windows Defender) -To use this reporting feature you must disable "Hybrid Resume" on the device. Early launch anti-malware (ELAM) provides protection for the computers in your network when they start up and before third-party drivers initialize.
+To use this reporting feature, you must disable "Hybrid Resume" on the device. Early launch anti-malware (ELAM) provides protection for the computers in your network when they start up and before third-party drivers initialize.
-In the current release, this attribute only monitors/reports if a Microsoft 1st party ELAM (Windows Defender) was loaded during initial boot.
+In the current release, this attribute only monitors/reports if a Microsoft first-party ELAM (Windows Defender) was loaded during initial boot.
-If a device is expected to use a 3rd party antivirus program, ignore the reported state.
+If a device is expected to use a third-party antivirus program, ignore the reported state.
If a device is expected to use Windows Defender and ELAMDriverLoaded = 1 (True), then allow access.
@@ -705,7 +1150,7 @@ Each of these are described in further detail in the following sections, along w - Trigger a corrective action, such as informing the technical support team to contact the owner investigate the issue. **VSMEnabled** -Virtual Secure Mode (VSM) is a container that protects high value assets from a compromised kernel. VSM requires about 1GB of memory – it has just enough capability to run the LSA service that is used for all authentication brokering.
+Virtual Secure Mode (VSM) is a container that protects high value assets from a compromised kernel. VSM requires about 1 GB of memory – it has enough capability to run the LSA service that is used for all authentication brokering.
VSM can be enabled by using the following command in WMI or a PowerShell script:
@@ -760,7 +1205,7 @@ Each of these are described in further detail in the following sections, along w **PCR0**The measurement that is captured in PCR[0] typically represents a consistent view of the Host Platform between boot cycles. It contains a measurement of components that are provided by the host platform manufacturer.
-Enterprise managers can create a allow list of trusted PCR[0] values, compare the PCR[0] value of the managed devices (the value that is verified and reported by HAS) with the allow list, and then make a trust decision based on the result of the comparison.
+Enterprise managers can create an allow list of trusted PCR[0] values, compare the PCR[0] value of the managed devices (the value that is verified and reported by HAS) with the allow list, and then make a trust decision based on the result of the comparison.
If your enterprise does not have a allow list of accepted PCR[0] values, then take no action.
@@ -776,7 +1221,7 @@ Each of these are described in further detail in the following sections, along wIf SBCPHash is not present, or is an accepted allow-listed value, then allow access. -
If SBCPHash is present in DHA-Report, and is not a allow-listed value, then take one of the following actions that align with your enterprise policies:
+If SBCPHash is present in DHA-Report, and is not an allow-listed value, then take one of the following actions that align with your enterprise policies:
- Disallow all access - Place the device in a watch list to monitor the device more closely for potential risks. @@ -786,7 +1231,7 @@ Each of these are described in further detail in the following sections, along wIf CIPolicy is not present, or is an accepted allow-listed value, then allow access.
-If CIPolicy is present and is not a allow-listed value, then take one of the following actions that align with your enterprise policies:
+If CIPolicy is present and is not an allow-listed value, then take one of the following actions that align with your enterprise policies:
- Disallow all access - Place the device in a watch list to monitor the device more closely for potential risks. @@ -816,7 +1261,7 @@ Each of these are described in further detail in the following sections, along wIn case of a detected issue a list of impacted DHA-report elements will be listed under the HealthStatusMismatchFlags attribute.
-## **Device HealthAttestation CSP status and error codes** +### **Device HealthAttestation CSP status and error codes**| 27 | HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_CREATE_HTTPHANDLE | -DHA-CSP failed to create a HTTP request handle. | +DHA-CSP failed to create an HTTP request handle. |
| 28 | @@ -997,7 +1442,7 @@ Each of these are described in further detail in the following sections, along w|||
| 34 | HEALTHATTESTATION_CERT_RETRIEVAL_FAILED_MISSING_RESPONSE | -DHA-CSP received an empty response along with a HTTP error code from DHA-Service. | +DHA-CSP received an empty response along with an HTTP error code from DHA-Service. |
| 35 | @@ -1027,7 +1472,7 @@ Each of these are described in further detail in the following sections, along w
s:
MessageFormat
MENROLL_E_DEVICE_MESSAGE_FORMAT_ERROR
Message format is bad
Invalid message from the Mobile Device Management (MDM) server.
80180001
s:
Authentication
MENROLL_E_DEVICE_AUTHENTICATION_ERROR
User not recognized
The Mobile Device Management (MDM) server failed to authenticate the user. Try again or contact your system administrator.
80180002
s:
Authorization
MENROLL_E_DEVICE_AUTHORIZATION_ERROR
User not allowed to enroll
The user is not authorized to enroll to Mobile Device Management (MDM). Try again or contact your system administrator.
80180003
s:
CertificateRequest
MENROLL_E_DEVICE_CERTIFCATEREQUEST_ERROR
Failed to get certificate
MENROLL_E_DEVICE_CERTIFICATEREQUEST_ERROR
The user has no permission for the certificate template or the certificate authority is unreachable. Try again or contact your system administrator.
80180004
s:
EnrollmentServer
MENROLL_E_DEVICE_CONFIGMGRSERVER_ERROR
80180005
a:
InternalServiceFault
MENROLL_E_DEVICE_INTERNALSERVICE_ERROR
The server hit an unexpected issue
There was an unhandled exception on the Mobile Device Management (MDM) server. Try again or contact your system administrator.
80180006
a:
InvalidSecurity
MENROLL_E_DEVICE_INVALIDSECURITY_ERROR
Cannot parse the security header
The Mobile Device Management (MDM) server was not able to validate your account. Try again or contact your system administrator.
80180007
DeviceCapReached
MENROLL_E_DEVICECAPREACHED
User already enrolled in too many devices. Delete or unenroll old ones to fix this error. The user can fix it without admin help.
The account has too many devices enrolled to Mobile Device Management (MDM). Delete or unenroll old devices to fix this error.
80180013
DeviceNotSupported
MENROLL_E_DEVICENOTSUPPORTED
Specific platform (e.g. Windows) or version is not supported. There is no point retrying or calling admin. User could upgrade device.
The Mobile Device Management (MDM) server doesn't support this platform or version, consider upgrading your device.
80180014
NotSupported
MENROLL_E_NOTSUPPORTED
Mobile device management generally not supported (would save an admin call)
MENROLL_E_NOT_SUPPORTED
Mobile Device Management (MDM) is generally not supported for this device.
80180015
NotEligibleToRenew
MENROLL_E_NOTELIGIBLETORENEW
Device is trying to renew but server rejects the request. Client might show notification for this if Robo fails. Check time on device. The user can fix it by re-enrolling.
The device is attempting to renew the Mobile Device Management (MDM) certificate, but the server rejected the request. Check renew schedule on the device.
80180016
InMaintenance
MENROLL_E_INMAINTENANCE
Account is in maintenance, retry later. The user can retry later, but they may need to contact the admin because they would not know when problem is solved.
The Mobile Device Management (MDM) server states your account is in maintenance, try again later.
80180017
UserLicense
MENROLL_E_USERLICENSE
License of user is in bad state and blocking the enrollment. The user needs to call the admin.
MENROLL_E_USER_LICENSE
There was an error with your Mobile Device Management (MDM) user license. Contact your system administrator.
80180018
InvalidEnrollmentData
MENROLL_E_ENROLLMENTDATAINVALID
The server rejected the enrollment data. The server may not be configured correctly.
The Mobile Device Management (MDM) server rejected the enrollment data. The server may not be configured correctly.
80180019
parm-query
Parm-query
Yes
Note that some GPRS parameters will not necessarily contain the exact same value as was set.
noparm
Noparm
Yes
nocharacteristic
Nocharacteristic
Yes
characteristic-query
Characteristic-query
Yes
- [Experience/DisableCloudOptimizedContent](policy-csp-experience.md#experience-disablecloudoptimizedcontent)
- [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
- [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
- [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
- [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
- [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
- [Multitasking/BrowserAltTabBlowout](policy-csp-multitasking.md#multitasking-browseralttabblowout) | -| [SurfaceHub CSP](surfacehub-csp.md) | Added the following new node:
-Properties/SleepMode | -| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Updated the description of the following node:
- Settings/AllowWindowsDefenderApplicationGuard | +| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 11, version 21H2:
- NewsAndInterests/AllowNewsAndInterests
- Experiences/ConfigureChatIcon
- Start/ConfigureStartPins
- Virtualizationbasedtechnology/HypervisorEnforcedCodeIntegrity
- Virtualizationbasedtechnology/RequireUEFIMemoryAttributesTable | +| [DMClient CSP](dmclient-csp.md) | Updated the description of the following node:
- Provider/ProviderID/ConfigLock/Lock
- Provider/ProviderID/ConfigLock/UnlockDuration
- Provider/ProviderID/ConfigLock/SecuredCore | -## What’s new in MDM for Windows 10, version 2004 - -| New or updated article | Description | -|-----|-----| -| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 2004:
- [ApplicationManagement/BlockNonAdminUserInstall](policy-csp-applicationmanagement.md#applicationmanagement-blocknonadminuserinstall)
- [Bluetooth/SetMinimumEncryptionKeySize](policy-csp-bluetooth.md#bluetooth-setminimumencryptionkeysize)
- [DeliveryOptimization/DOCacheHostSource](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehostsource)
- [DeliveryOptimization/DOMaxBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOMaxForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxforegrounddownloadbandwidth)
- [Education/AllowGraphingCalculator](policy-csp-education.md#education-allowgraphingcalculator)
- [TextInput/ConfigureJapaneseIMEVersion](policy-csp-textinput.md#textinput-configurejapaneseimeversion)
- [TextInput/ConfigureSimplifiedChineseIMEVersion](policy-csp-textinput.md#textinput-configuresimplifiedchineseimeversion)
- [TextInput/ConfigureTraditionalChineseIMEVersion](policy-csp-textinput.md#textinput-configuretraditionalchineseimeversion)
Updated the following policy in Windows 10, version 2004:
- [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)
Deprecated the following policies in Windows 10, version 2004:
- [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
- [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth) | -| [DevDetail CSP](devdetail-csp.md) | Added the following new node:
- Ext/Microsoft/DNSComputerName | -| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added the following new node:
- IsStub | -| [SUPL CSP](supl-csp.md) | Added the following new node:
- FullVersion | - -## What’s new in MDM for Windows 10, version 1909 - -| New or updated article | Description | -|-----|-----| -| [BitLocker CSP](bitlocker-csp.md) | Added the following new nodes in Windows 10, version 1909:
- ConfigureRecoveryPasswordRotation
- RotateRecoveryPasswords
- RotateRecoveryPasswordsStatus
- RotateRecoveryPasswordsRequestID| - -## What’s new in MDM for Windows 10, version 1903 - -| New or updated article | Description | -|-----|-----| -|[Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 1903:
- [DeliveryOptimization/DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground)
- [DeliveryOptimization/DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground)
- [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-allowdevicehealthmonitoring)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringscope)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdeviceinstanceids)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdeviceinstanceids)
- [Experience/ShowLockOnUserTile](policy-csp-experience.md#experience-showlockonusertile)
- [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar)
- [InternetExplorer/DisableActiveXVersionListAutoDownload](policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload)
- [InternetExplorer/DisableCompatView](policy-csp-internetexplorer.md#internetexplorer-disablecompatview)
- [InternetExplorer/DisableFeedsBackgroundSync](policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync)
- [InternetExplorer/DisableGeolocation](policy-csp-internetexplorer.md#internetexplorer-disablegeolocation)
- [InternetExplorer/DisableWebAddressAutoComplete](policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete)
- [InternetExplorer/NewTabDefaultPage](policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage)
- [Power/EnergySaverBatteryThresholdOnBattery](policy-csp-power.md#power-energysaverbatterythresholdonbattery)
- [Power/EnergySaverBatteryThresholdPluggedIn](policy-csp-power.md#power-energysaverbatterythresholdpluggedin)
- [Power/SelectLidCloseActionOnBattery](policy-csp-power.md#power-selectlidcloseactiononbattery)
- [Power/SelectLidCloseActionPluggedIn](policy-csp-power.md#power-selectlidcloseactionpluggedin)
- [Power/SelectPowerButtonActionOnBattery](policy-csp-power.md#power-selectpowerbuttonactiononbattery)
- [Power/SelectPowerButtonActionPluggedIn](policy-csp-power.md#power-selectpowerbuttonactionpluggedin)
- [Power/SelectSleepButtonActionOnBattery](policy-csp-power.md#power-selectsleepbuttonactiononbattery)
- [Power/SelectSleepButtonActionPluggedIn](policy-csp-power.md#power-selectsleepbuttonactionpluggedin)
- [Power/TurnOffHybridSleepOnBattery](policy-csp-power.md#power-turnoffhybridsleeponbattery)
- [Power/TurnOffHybridSleepPluggedIn](policy-csp-power.md#power-turnoffhybridsleeppluggedin)
- [Power/UnattendedSleepTimeoutOnBattery](policy-csp-power.md#power-unattendedsleeptimeoutonbattery)
- [Power/UnattendedSleepTimeoutPluggedIn](policy-csp-power.md#power-unattendedsleeptimeoutpluggedin)
- [Privacy/LetAppsActivateWithVoice](policy-csp-privacy.md#privacy-letappsactivatewithvoice)
- [Privacy/LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock)
- [Search/AllowFindMyFiles](policy-csp-search.md#search-allowfindmyfiles)
- [ServiceControlManager/SvchostProcessMitigation](policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation)
- [System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline)
- [System/TurnOffFileHistory](policy-csp-system.md#system-turnofffilehistory)
- [TimeLanguageSettings/ConfigureTimeZone](policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone)
- [Troubleshooting/AllowRecommendations](policy-csp-troubleshooting.md#troubleshooting-allowrecommendations)
- [Update/AutomaticMaintenanceWakeUp](policy-csp-update.md#update-automaticmaintenancewakeup)
- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates)
- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates)
- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod)
- [WindowsLogon/AllowAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon)
- [WindowsLogon/ConfigAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon)
- [WindowsLogon/EnableFirstLogonAnimation](policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation)| -| [Policy CSP - Audit](policy-csp-audit.md) | Added the new Audit policy CSP. | -| [ApplicationControl CSP](applicationcontrol-csp.md) | Added the new CSP. | -| [Defender CSP](defender-csp.md) | Added the following new nodes:
- Health/TamperProtectionEnabled
- Health/IsVirtualMachine
- Configuration
- Configuration/TamperProtection
- Configuration/EnableFileHashComputation | -| [DiagnosticLog CSP](diagnosticlog-csp.md)
[DiagnosticLog DDF](diagnosticlog-ddf.md) | Added version 1.4 of the CSP in Windows 10, version 1903.
Added the new 1.4 version of the DDF.
Added the following new nodes:
- Policy
- Policy/Channels
- Policy/Channels/ChannelName
- Policy/Channels/ChannelName/MaximumFileSize
- Policy/Channels/ChannelName/SDDL
- Policy/Channels/ChannelName/ActionWhenFull
- Policy/Channels/ChannelName/Enabled
- DiagnosticArchive
- DiagnosticArchive/ArchiveDefinition
- DiagnosticArchive/ArchiveResults | -| [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) | Added the new CSP. | -| [PassportForWork CSP](passportforwork-csp.md) | Added the following new nodes:
- SecurityKey
- SecurityKey/UseSecurityKeyForSignin | - - -## What’s new in MDM for Windows 10, version 1809 - -| New or updated article | Description | -|-----|-----| -|[Policy CSP](policy-configuration-service-provider.md) | Added the following new policy settings in Windows 10, version 1809:
- ApplicationManagement/LaunchAppAfterLogOn
- ApplicationManagement/ScheduleForceRestartForUpdateFailures
- Authentication/EnableFastFirstSignIn (Preview mode only)
- Authentication/EnableWebSignIn (Preview mode only)
- Authentication/PreferredAadTenantDomainName
- Browser/AllowFullScreenMode
- Browser/AllowPrelaunch
- Browser/AllowPrinting
- Browser/AllowSavingHistory
- Browser/AllowSideloadingOfExtensions
- Browser/AllowTabPreloading
- Browser/AllowWebContentOnNewTabPage
- Browser/ConfigureFavoritesBar
- Browser/ConfigureHomeButton
- Browser/ConfigureKioskMode
- Browser/ConfigureKioskResetAfterIdleTimeout
- Browser/ConfigureOpenMicrosoftEdgeWith
- Browser/ConfigureTelemetryForMicrosoft365Analytics
- Browser/PreventCertErrorOverrides
- Browser/SetHomeButtonURL
- Browser/SetNewTabPageURL
- Browser/UnlockHomeButton
- Defender/CheckForSignaturesBeforeRunningScan
- Defender/DisableCatchupFullScan
- Defender/DisableCatchupQuickScan
- Defender/EnableLowCPUPriority
- Defender/SignatureUpdateFallbackOrder
- Defender/SignatureUpdateFileSharesSources
- DeviceGuard/ConfigureSystemGuardLaunch
- DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
- DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
- DeviceInstallation/PreventDeviceMetadataFromNetwork
- DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
- DmaGuard/DeviceEnumerationPolicy
- Experience/AllowClipboardHistory
- Experience/DoNotSyncBrowserSettings
- Experience/PreventUsersFromTurningOnBrowserSyncing
- Kerberos/UPNNameHints
- Privacy/AllowCrossDeviceClipboard
- Privacy/DisablePrivacyExperience
- Privacy/UploadUserActivities
- Security/RecoveryEnvironmentAuthentication
- System/AllowDeviceNameInDiagnosticData
- System/ConfigureMicrosoft365UploadEndpoint
- System/DisableDeviceDelete
- System/DisableDiagnosticDataViewer
- Storage/RemovableDiskDenyWriteAccess
- TaskManager/AllowEndTask
- Update/DisableWUfBSafeguards
- Update/EngagedRestartDeadlineForFeatureUpdates
- Update/EngagedRestartSnoozeScheduleForFeatureUpdates
- Update/EngagedRestartTransitionScheduleForFeatureUpdates
- Update/SetDisablePauseUXAccess
- Update/SetDisableUXWUAccess
- WindowsDefenderSecurityCenter/DisableClearTpmButton
- WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
- WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
- WindowsLogon/DontDisplayNetworkSelectionUI | -| [BitLocker CSP](bitlocker-csp.md) | Added a new node AllowStandardUserEncryption in Windows 10, version 1809. Added support for Windows 10 Pro. | -| [Defender CSP](defender-csp.md) | Added a new node Health/ProductStatus in Windows 10, version 1809. | -| [DevDetail CSP](devdetail-csp.md) | Added a new node SMBIOSSerialNumber in Windows 10, version 1809. | -| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added NonRemovable setting under AppManagement node in Windows 10, version 1809. | -| [Office CSP](office-csp.md) | Added FinalStatus setting in Windows 10, version 1809. | -| [PassportForWork CSP](passportforwork-csp.md) | Added new settings in Windows 10, version 1809. | -| [RemoteWipe CSP](remotewipe-csp.md) | Added new settings in Windows 10, version 1809. | -| [SUPL CSP](supl-csp.md) | Added 3 new certificate nodes in Windows 10, version 1809. | -| [TenantLockdown CSP](tenantlockdown-csp.md) | Added new CSP in Windows 10, version 1809. | -| [Wifi CSP](wifi-csp.md) | Added a new node WifiCost in Windows 10, version 1809. | -| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Added new settings in Windows 10, version 1809. | -| [WindowsLicensing CSP](windowslicensing-csp.md) | Added S mode settings and SyncML examples in Windows 10, version 1809. | -| [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md) | Added new configuration service provider in Windows 10, version 1809. | - - -## What’s new in MDM for Windows 10, version 1803 - -| New or updated article | Description | -|-----|-----| -|[Policy CSP](policy-configuration-service-provider.md) | Added the following new policies for Windows 10, version 1803:
- ApplicationDefaults/EnableAppUriHandlers
- ApplicationManagement/MSIAllowUserControlOverInstall
- ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
- Bluetooth/AllowPromptedProximalConnections
- Browser/AllowConfigurationUpdateForBooksLibrary
- Browser/AlwaysEnableBooksLibrary
- Browser/EnableExtendedBooksTelemetry
- Browser/UseSharedFolderForBooks
- Connectivity/AllowPhonePCLinking
- DeliveryOptimization/DODelayBackgroundDownloadFromHttp
- DeliveryOptimization/DODelayForegroundDownloadFromHttp
- DeliveryOptimization/DOGroupIdSource
- DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth
- DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth
- DeliveryOptimization/DORestrictPeerSelectionBy
- DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
- DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth
- Display/DisablePerProcessDpiForApps
- Display/EnablePerProcessDpi
- Display/EnablePerProcessDpiForApps
- Experience/AllowWindowsSpotlightOnSettings
- KioskBrowser/BlockedUrlExceptions
- KioskBrowser/BlockedUrls
- KioskBrowser/DefaultURL
- KioskBrowser/EnableEndSessionButton
- KioskBrowser/EnableHomeButton
- KioskBrowser/EnableNavigationButtons
- KioskBrowser/RestartOnIdleTime
- LanmanWorkstation/EnableInsecureGuestLogons
- LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
- LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
- LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
- LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
- LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
- LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
- LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
- LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
- LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
- LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
- LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
- LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
- LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
- LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
- LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
- LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
- LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication
- LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic
- LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic
- LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers
- LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
- LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
- LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
- Notifications/DisallowCloudNotification
- RestrictedGroups/ConfigureGroupMembership
- Search/AllowCortanaInAAD
- Search/DoNotUseWebResults
- Security/ConfigureWindowsPasswords
- Start/DisableContextMenus
- System/FeedbackHubAlwaysSaveDiagnosticsLocally
- SystemServices/ConfigureHomeGroupListenerServiceStartupMode
- SystemServices/ConfigureHomeGroupProviderServiceStartupMode
- SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
- SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
- SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
- SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
- TaskScheduler/EnableXboxGameSaveTask
- TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
- TextInput/ForceTouchKeyboardDockedState
- TextInput/TouchKeyboardDictationButtonAvailability
- TextInput/TouchKeyboardEmojiButtonAvailability
- TextInput/TouchKeyboardFullModeAvailability
- TextInput/TouchKeyboardHandwritingModeAvailability
- TextInput/TouchKeyboardNarrowModeAvailability
- TextInput/TouchKeyboardSplitModeAvailability
- TextInput/TouchKeyboardWideModeAvailability
- Update/ConfigureFeatureUpdateUninstallPeriod
- Update/TargetReleaseVersion
- UserRights/AccessCredentialManagerAsTrustedCaller
- UserRights/AccessFromNetwork
- UserRights/ActAsPartOfTheOperatingSystem
- UserRights/AllowLocalLogOn
- UserRights/BackupFilesAndDirectories
- UserRights/ChangeSystemTime
- UserRights/CreateGlobalObjects
- UserRights/CreatePageFile
- UserRights/CreatePermanentSharedObjects
- UserRights/CreateSymbolicLinks
- UserRights/CreateToken
- UserRights/DebugPrograms
- UserRights/DenyAccessFromNetwork
- UserRights/DenyLocalLogOn
- UserRights/DenyRemoteDesktopServicesLogOn
- UserRights/EnableDelegation
- UserRights/GenerateSecurityAudits
- UserRights/ImpersonateClient
- UserRights/IncreaseSchedulingPriority
- UserRights/LoadUnloadDeviceDrivers
- UserRights/LockMemory
- UserRights/ManageAuditingAndSecurityLog
- UserRights/ManageVolume
- UserRights/ModifyFirmwareEnvironment
- UserRights/ModifyObjectLabel
- UserRights/ProfileSingleProcess
- UserRights/RemoteShutdown
- UserRights/RestoreFilesAndDirectories
- UserRights/TakeOwnership
- WindowsDefenderSecurityCenter/DisableAccountProtectionUI
- WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
- WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
- WindowsDefenderSecurityCenter/HideSecureBoot
- WindowsDefenderSecurityCenter/HideTPMTroubleshooting
- Security/RequireDeviceEncryption - updated to show it is supported in desktop. | -| [Accounts CSP](accounts-csp.md) | Added a new CSP in Windows 10, version 1803. | -| [AccountManagement CSP](accountmanagement-csp.md) | Added a new CSP in Windows 10, version 1803. | -| [AssignedAccess CSP](assignedaccess-csp.md) | Added the following nodes in Windows 10, version 1803:
- Status
- ShellLauncher
- StatusConfiguration
Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite. | -| [BitLocker CSP](bitlocker-csp.md) | Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803. | -| [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download) | Added the DDF download of Windows 10, version 1803 configuration service providers. | -| [Defender CSP](defender-csp.md) | Added new node (OfflineScan) in Windows 10, version 1803. | -| [DeviceStatus CSP](devicestatus-csp.md) | Added the following node in Windows 10, version 1803:
- OS/Mode | -| [DMClient CSP](dmclient-csp.md) | Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:
- AADSendDeviceToken
- BlockInStatusPage
- AllowCollectLogsButton
- CustomErrorText
- SkipDeviceStatusPage
- SkipUserStatusPage | -| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added the following node in Windows 10, version 1803:
- MaintainProcessorArchitectureOnUpdate | -| [eUICCs CSP](euiccs-csp.md) | Added the following node in Windows 10, version 1803:
- IsEnabled | -| [MDM Migration Analysis Too (MMAT)](https://aka.ms/mmat) | MDM Migration Analysis Too (MMAT)
Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies. | -| [MultiSIM CSP](multisim-csp.md) | Added a new CSP in Windows 10, version 1803. | -| [NetworkProxy CSP](networkproxy-csp.md) | Added the following node in Windows 10, version 1803:
- ProxySettingsPerUser | -| [RootCATrustedCertificates CSP](rootcacertificates-csp.md) | Added the following node in Windows 10, version 1803:
- UntrustedCertificates | -| [UEFI CSP](uefi-csp.md) | Added a new CSP in Windows 10, version 1803. | -| [Update CSP](update-csp.md) | Added the following nodes in Windows 10, version 1803:
- Rollback
- Rollback/FeatureUpdate
- Rollback/QualityUpdateStatus
- Rollback/FeatureUpdateStatus | - -## What’s new in MDM for Windows 10, version 1709 - -| New or updated article | Description | -|-----|-----| -| The [The [MS-MDE2]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692) | The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:
- UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
-ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
- DomainName - fully qualified domain name if the device is domain-joined. | -| [Firewall CSP](firewall-csp.md) | Added new CSP in Windows 10, version 1709. | -| [eUICCs CSP](euiccs-csp.md) | Added new CSP in Windows 10, version 1709. | -| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)
[WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md) | New CSP added in Windows 10, version 1709. Also added the DDF topic. | -| [CM_ProxyEntries CSP](cm-proxyentries-csp.md) and [CMPolicy CSP](cmpolicy-csp.md) | In Windows 10, version 1709, support for desktop SKUs were added to these CSPs. | -| [VPNv2 CSP](vpnv2-csp.md) | Added DeviceTunnel and RegisterDNS settings in Windows 10, version 1709. | -| [DeviceStatus CSP](devicestatus-csp.md) | Added the following settings in Windows 10, version 1709:
- DeviceStatus/DomainName
- DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq
- DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus
- DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus | -| [AssignedAccess CSP](assignedaccess-csp.md) | Added the following setting in Windows 10, version 1709:
- Configuration
Starting in Windows 10, version 1709, AssignedAccess CSP is supported in Windows 10 Pro. | -| [DeviceManageability CSP](devicemanageability-csp.md) | Added the following settings in Windows 10, version 1709:
- Provider/_ProviderID_/ConfigInfo
- Provider/_ProviderID_/EnrollmentInfo | -| [Office CSP](office-csp.md) | Added the following setting in Windows 10, version 1709:
- Installation/CurrentStatus | -| [DMClient CSP](dmclient-csp.md) | Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF articles. | -| [Bitlocker CSP](bitlocker-csp.md) | Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709. | -| [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md) | Added new policies. | -| Microsoft Store for Business and Microsoft Store | Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store. | -| [MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md) | New features in the Settings app:
- User sees installation progress of critical policies during MDM enrollment.
- User knows what policies, profiles, apps MDM has configured
- IT helpdesk can get detailed MDM diagnostic information using client tools
For details, see [Managing connection](./mdm-enrollment-of-windows-devices.md#manage-connections) and [Collecting diagnostic logs](./mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs).| -| [Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md) | Added new topic to introduce a new Group Policy for automatic MDM enrollment. | -| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies for Windows 10, version 1709:
- Authentication/AllowAadPasswordReset
- Authentication/AllowFidoDeviceSignon
- Browser/LockdownFavorites
- Browser/ProvisionFavorites
- Cellular/LetAppsAccessCellularData
- Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
- Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
- Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
- CredentialProviders/DisableAutomaticReDeploymentCredentials
- DeviceGuard/EnableVirtualizationBasedSecurity
- DeviceGuard/RequirePlatformSecurityFeatures
- DeviceGuard/LsaCfgFlags
- DeviceLock/MinimumPasswordAge
- ExploitGuard/ExploitProtectionSettings
- Games/AllowAdvancedGamingServices
- Handwriting/PanelDefaultModeDocked
- LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
- LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
- LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
- LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
- LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
- LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn
- LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn
- LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL
- LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
- LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
- LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
- LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM
- LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
- LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
- LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
- LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
- LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
- LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
- LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
- LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
- LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
- LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
- Power/DisplayOffTimeoutOnBattery
- Power/DisplayOffTimeoutPluggedIn
- Power/HibernateTimeoutOnBattery
- Power/HibernateTimeoutPluggedIn
- Power/StandbyTimeoutOnBattery
- Power/StandbyTimeoutPluggedIn
- Privacy/EnableActivityFeed
- Privacy/PublishUserActivities
- Defender/AttackSurfaceReductionOnlyExclusions
- Defender/AttackSurfaceReductionRules
- Defender/CloudBlockLevel
- Defender/CloudExtendedTimeout
- Defender/ControlledFolderAccessAllowedApplications
- Defender/ControlledFolderAccessProtectedFolders
- Defender/EnableControlledFolderAccess
- Defender/EnableNetworkProtection
- Education/DefaultPrinterName
- Education/PreventAddingNewPrinters
- Education/PrinterNames
- Search/AllowCloudSearch
- Security/ClearTPMIfNotReady
- Settings/AllowOnlineTips
- Start/HidePeopleBar
- Storage/AllowDiskHealthModelUpdates
- System/DisableEnterpriseAuthProxy
- System/LimitEnhancedDiagnosticDataWindowsAnalytics
- Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork
- Update/DisableDualScan
- Update/ManagePreviewBuilds
- Update/ScheduledInstallEveryWeek
- Update/ScheduledInstallFirstWeek
- Update/ScheduledInstallFourthWeek
- Update/ScheduledInstallSecondWeek
- Update/ScheduledInstallThirdWeek
- WindowsDefenderSecurityCenter/CompanyName
- WindowsDefenderSecurityCenter/DisableAppBrowserUI
- WindowsDefenderSecurityCenter/DisableEnhancedNotifications
- WindowsDefenderSecurityCenter/DisableFamilyUI
- WindowsDefenderSecurityCenter/DisableHealthUI
- WindowsDefenderSecurityCenter/DisableNetworkUI
- WindowsDefenderSecurityCenter/DisableNotifications
- WindowsDefenderSecurityCenter/DisableVirusUI
- WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride
- WindowsDefenderSecurityCenter/Email
- WindowsDefenderSecurityCenter/EnableCustomizedToasts
- WindowsDefenderSecurityCenter/EnableInAppCustomization
- WindowsDefenderSecurityCenter/Phone
- WindowsDefenderSecurityCenter/URL
- WirelessDisplay/AllowMdnsAdvertisement
- WirelessDisplay/AllowMdnsDiscovery | - - -## What’s new in MDM for Windows 10, version 1703 - -| New or updated article | Description | -|-----|-----| -| [Update CSP](update-csp.md) | Added the following nodes:
- FailedUpdates/_Failed Update Guid_/RevisionNumber
- InstalledUpdates/_Installed Update Guid_/RevisionNumber
- PendingRebootUpdates/_Pending Reboot Update Guid_/RevisionNumber | -| [CM_CellularEntries CSP](cm-cellularentries-csp.md) | To PurposeGroups setting, added the following values:
- Purchase - 95522B2B-A6D1-4E40-960B-05E6D3F962AB
- Administrative - 2FFD9261-C23C-4D27-8DCF-CDE4E14A3364 | -| [CertificateStore CSP](certificatestore-csp.md) | Added the following setting:
- My/WSTEP/Renew/RetryAfterExpiryInterval | -| [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) | Added the following setting:
- SCEP/UniqueID/Install/AADKeyIdentifierList | -| [DMAcc CSP](dmacc-csp.md) | Added the following setting:
- AccountUID/EXT/Microsoft/InitiateSession | -| [DMClient CSP](dmclient-csp.md) | Added the following nodes and settings:
- HWDevID
- Provider/ProviderID/ManagementServerToUpgradeTo
- Provider/ProviderID/CustomEnrollmentCompletePage
- Provider/ProviderID/CustomEnrollmentCompletePage/Title
- Provider/ProviderID/CustomEnrollmentCompletePage/BodyText
- Provider/ProviderID/CustomEnrollmentCompletePage/HyperlinkHref
- Provider/ProviderID/CustomEnrollmentCompletePage/HyperlinkText | -| [CellularSettings CSP](cellularsettings-csp.md)
[CM_CellularEntries CSP](cm-cellularentries-csp.md)
[EnterpriseAPN CSP](enterpriseapn-csp.md) | For these CSPs, support was added for Windows 10 Home, Pro, Enterprise, and Education editions. | -| [SecureAssessment CSP](secureassessment-csp.md) | Added the following settings:
- AllowTextSuggestions
- RequirePrinting | -| [EnterpriseAPN CSP](enterpriseapn-csp.md) | Added the following setting:
- Roaming | -| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies:
- Accounts/AllowMicrosoftAccountSignInAssistant
- ApplicationDefaults/DefaultAssociationsConfiguration
- Browser/AllowAddressBarDropdown
- Browser/AllowFlashClickToRun
- Browser/AllowMicrosoftCompatibilityList
- Browser/AllowSearchEngineCustomization
- Browser/ClearBrowsingDataOnExit
- Browser/ConfigureAdditionalSearchEngines
- Browser/DisableLockdownOfStartPages
- Browser/PreventFirstRunPage
- Browser/PreventLiveTileDataCollection
- Browser/SetDefaultSearchEngine
- Browser/SyncFavoritesBetweenIEAndMicrosoftEdge
- Connectivity/AllowConnectedDevices
- DeliveryOptimization/DOAllowVPNPeerCaching
- DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload
- DeliveryOptimization/DOMinDiskSizeAllowedToPeer
- DeliveryOptimization/DOMinFileSizeToCache
- DeliveryOptimization/DOMinRAMAllowedToPeer
- DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay
- Display/TurnOffGdiDPIScalingForApps
- Display/TurnOnGdiDPIScalingForApps
- EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint
- EnterpriseCloudPrint/CloudPrintOAuthAuthority
- EnterpriseCloudPrint/CloudPrintOAuthClientId
- EnterpriseCloudPrint/CloudPrintResourceId
- EnterpriseCloudPrint/DiscoveryMaxPrinterLimit
- EnterpriseCloudPrint/MopriaDiscoveryResourceId
- Experience/AllowFindMyDevice
- Experience/AllowTailoredExperiencesWithDiagnosticData
- Experience/AllowWindowsSpotlightOnActionCenter
- Experience/AllowWindowsSpotlightWindowsWelcomeExperience
- Location/EnableLocation
- Messaging/AllowMMS
- Messaging/AllowRCS
- Privacy/LetAppsAccessTasks
- Privacy/LetAppsAccessTasks_ForceAllowTheseApps
- Privacy/LetAppsAccessTasks_ForceDenyTheseApps
- Privacy/LetAppsAccessTasks_UserInControlOfTheseApps
- Privacy/LetAppsGetDiagnosticInfo
- Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps
- Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps
- Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps
- Privacy/LetAppsRunInBackground
- Privacy/LetAppsRunInBackground_ForceAllowTheseApps
- Privacy/LetAppsRunInBackground_ForceDenyTheseApps
- Privacy/LetAppsRunInBackground_UserInControlOfTheseApps
- Settings/ConfigureTaskbarCalendar
- Settings/PageVisibilityList
- SmartScreen/EnableAppInstallControl
- SmartScreen/EnableSmartScreenInShell
- SmartScreen/PreventOverrideForFilesInShell
- Start/AllowPinnedFolderDocuments
- Start/AllowPinnedFolderDownloads
- Start/AllowPinnedFolderFileExplorer
- Start/AllowPinnedFolderHomeGroup
- Start/AllowPinnedFolderMusic
- Start/AllowPinnedFolderNetwork
- Start/AllowPinnedFolderPersonalFolder
- Start/AllowPinnedFolderPictures
- Start/AllowPinnedFolderSettings
- Start/AllowPinnedFolderVideos
- Start/HideAppList
- Start/HideChangeAccountSettings
- Start/HideFrequentlyUsedApps
- Start/HideHibernate
- Start/HideLock
- Start/HidePowerButton
- Start/HideRecentJumplists
- Start/HideRecentlyAddedApps
- Start/HideRestart
- Start/HideShutDown
- Start/HideSignOut
- Start/HideSleep
- Start/HideSwitchAccount
- Start/HideUserTile
- Start/ImportEdgeAssets
- Start/NoPinningToTaskbar
- System/AllowFontProviders
- System/DisableOneDriveFileSync
- TextInput/AllowKeyboardTextSuggestions
- TimeLanguageSettings/AllowSet24HourClock
- Update/ActiveHoursMaxRange
- Update/AutoRestartDeadlinePeriodInDays
- Update/AutoRestartNotificationSchedule
- Update/AutoRestartRequiredNotificationDismissal
- Update/DetectionFrequency
- Update/EngagedRestartDeadline
- Update/EngagedRestartSnoozeSchedule
- Update/EngagedRestartTransitionSchedule
- Update/IgnoreMOAppDownloadLimit
- Update/IgnoreMOUpdateDownloadLimit
- Update/PauseFeatureUpdatesStartTime
- Update/PauseQualityUpdatesStartTime
- Update/SetAutoRestartNotificationDisable
- Update/SetEDURestart
- WiFi/AllowWiFiDirect
- WindowsLogon/HideFastUserSwitching
- WirelessDisplay/AllowProjectionFromPC
- WirelessDisplay/AllowProjectionFromPCOverInfrastructure
- WirelessDisplay/AllowProjectionToPCOverInfrastructure
- WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver
Removed TextInput/AllowLinguisticDataCollection
Starting in Windows 10, version 1703, Update/UpdateServiceUrl is not supported in IoT Enterprise
Starting in Windows 10, version 1703, the maximum value of Update/DeferFeatureUpdatesPeriodInDays has been increased from 180 days, to 365 days.
Starting in Windows 10, version 1703, in Browser/HomePages you can use the "<about:blank>" value if you don’t want to send traffic to Microsoft.
Starting in Windows 10, version 1703, Start/StartLayout can now be set on a per-device basis in addition to the pre-existing per-user basis.
Added the ConfigOperations/ADMXInstall node and setting, which is used to ingest ADMX files. | -| [DevDetail CSP](devdetail-csp.md) | Added the following setting:
- DeviceHardwareData | -| [CleanPC CSP](cleanpc-csp.md) | Added the new CSP. | -| [DeveloperSetup CSP](developersetup-csp.md) | Added the new CSP. | -| [NetworkProxy CSP](networkproxy-csp.md) | Added the new CSP. | -| [BitLocker CSP](bitlocker-csp.md) | Added the new CSP.
Added the following setting:
- AllowWarningForOtherDiskEncryption |
-| [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) | Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported.
Added the following settings:
- RevokeOnMDMHandoff
- SMBAutoEncryptedFileExtensions |
-| [DynamicManagement CSP](dynamicmanagement-csp.md) | Added the new CSP. |
-| [Implement server-side support for mobile application management on Windows](./implement-server-side-mobile-application-management.md) | New mobile application management (MAM) support added in Windows 10, version 1703. |
-| [PassportForWork CSP](passportforwork-csp.md) | Added the following new node and settings:
- _TenantId_/Policies/ExcludeSecurityDevices (only for ./Device/Vendor/MSFT)
- _TenantId_/Policies/ExcludeSecurityDevices/TPM12 (only for ./Device/Vendor/MSFT)
- _TenantId_/Policies/EnablePinRecovery |
-| [Office CSP](office-csp.md) | Added the new CSP. |
-| [Personalization CSP](personalization-csp.md) | Added the new CSP. |
-| [EnterpriseAppVManagement CSP](enterpriseappvmanagement-csp.md) | Added the new CSP. |
-| [HealthAttestation CSP](healthattestation-csp.md) | Added the following settings:
- HASEndpoint - added in Windows 10, version 1607, but not documented
- TpmReadyStatus - added in the March service release of Windows 10, version 1607 |
-| [SurfaceHub CSP](surfacehub-csp.md) | Added the following nodes and settings:
- InBoxApps/SkypeForBusiness
- InBoxApps/SkypeForBusiness/DomainName
- InBoxApps/Connect
- InBoxApps/Connect/AutoLaunch
- Properties/DefaultVolume
- Properties/ScreenTimeout
- Properties/SessionTimeout
- Properties/SleepTimeout
- Properties/AllowSessionResume
- Properties/AllowAutoProxyAuth
- Properties/DisableSigninSuggestions
- Properties/DoNotShowMyMeetingsAndFiles |
-| [NetworkQoSPolicy CSP](networkqospolicy-csp.md) | Added the new CSP. |
-| [WindowsLicensing CSP](windowslicensing-csp.md) | Added the following setting:
- ChangeProductKey |
-| [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md) | Added the following setting:
- Configuration/TelemetryReportingFrequency |
-| [DMSessionActions CSP](dmsessionactions-csp.md) | Added the new CSP. |
-| [SharedPC CSP](dmsessionactions-csp.md) | Added new settings in Windows 10, version 1703:
- RestrictLocalStorage
- KioskModeAUMID
- KioskModeUserTileDisplayText
- InactiveThreshold
- MaxPageFileSizeMB
The default value for SetEduPolicies changed to false. The default value for SleepTimeout changed to 300. |
-| [RemoteLock CSP](remotelock-csp.md) | Added following setting:
- LockAndRecoverPIN |
-| [NodeCache CSP](nodecache-csp.md) | Added following settings:
- ChangedNodesData
- AutoSetExpectedValue |
-| [Download all the DDF files for Windows 10, version 1703](https://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip) | Added a zip file containing the DDF XML files of the CSPs. The link to the download is available in the DDF articles of various CSPs. |
-| [RemoteWipe CSP](remotewipe-csp.md) | Added new setting in Windows 10, version 1703:
- doWipeProtected |
-| [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) | Added new classes and properties. |
-| [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md) | Added a section describing SyncML examples of various ADMX elements. |
-| [Win32 and Desktop Bridge app policy configuration](./win32-and-centennial-app-policy-configuration.md) | New article. |
-| [Deploy and configure App-V apps using MDM](./appv-deploy-and-config.md) | Added a new article describing how to deploy and configure App-V apps using MDM. |
-| [EnterpriseDesktopAppManagement CSP](enterprisedesktopappmanagement-csp.md) | Added new setting in the March service release of Windows 10, version 1607.
- MSI/UpgradeCode/[Guid] |
-| [Reporting CSP](reporting-csp.md) | Added new settings in Windows 10, version 1703.
- EnterpriseDataProtection/RetrieveByTimeRange/Type
- EnterpriseDataProtection/RetrieveByCount/Type |
-| [Connect your Windows 10-based device to work using a deep link](./mdm-enrollment-of-windows-devices.md#connect-your-windows-10-based-device-to-work-using-a-deep-link) | Added following deep link parameters to the table:
- Username
- Servername
- Accesstoken
- Deviceidentifier
- Tenantidentifier
- Ownership |
-| MDM support for Windows 10 S | Updated the following articles to indicate MDM support in Windows 10 S.
- [Configuration service provider reference](configuration-service-provider-reference.md)
- [Policy CSP](policy-configuration-service-provider.md) |
-| [TPMPolicy CSP](tpmpolicy-csp.md) | Added the new CSP. |
-
-## What’s new in MDM for Windows 10, version 1607
-
-| New or updated article | Description |
-|-----|-----|
-| Sideloading of apps | Starting in Windows 10, version 1607, sideloading of apps is only allowed through [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md). Product keys (5x5) will no longer be supported to enable sideloading on Windows 10, version 1607 devices. |
-| [NodeCache CSP](nodecache-csp.md) | The value of NodeCache root node starting in Windows 10, version 1607 is com.microsoft/1.0/MDM/NodeCache. |
-| [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) | New CSP. |
-| [Policy CSP](policy-configuration-service-provider.md) | Removed the following policies:
- DataProtection/AllowAzureRMSForEDP - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
- DataProtection/AllowUserDecryption - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
- DataProtection/EDPEnforcementLevel - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
- DataProtection/RequireProtectionUnderLockConfig - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
- DataProtection/RevokeOnUnenroll - moved this policy to [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)
- DataProtection/EnterpriseCloudResources - moved this policy to NetworkIsolation policy
- DataProtection/EnterpriseInternalProxyServers - moved this policy to NetworkIsolation policy
- DataProtection/EnterpriseIPRange - moved this policy to NetworkIsolation policy
- DataProtection/EnterpriseNetworkDomainNames - moved this policy to NetworkIsolation policy
- DataProtection/EnterpriseProxyServers - moved this policy to NetworkIsolation policy
- Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices - this policy has been deprecated.
Added the WiFi/AllowManualWiFiConfiguration and WiFi/AllowWiFi policies for Windows 10, version 1607:
- Windows 10 Pro
- Windows 10 Enterprise
- Windows 10 Education
Added the following new policies:
- AboveLock/AllowCortanaAboveLock
- ApplicationManagement/DisableStoreOriginatedApps
- Authentication/AllowSecondaryAuthenticationDevice
- Bluetooth/AllowPrepairing
- Browser/AllowExtensions
- Browser/PreventAccessToAboutFlagsInMicrosoftEdge
- Browser/ShowMessageWhenOpeningSitesInInternetExplorer
- DeliveryOptimization/DOAbsoluteMaxCacheSize
- DeliveryOptimization/DOMaxDownloadBandwidth
- DeliveryOptimization/DOMinBackgroundQoS
- DeliveryOptimization/DOModifyCacheDrive
- DeliveryOptimization/DOMonthlyUploadDataCap
- DeliveryOptimization/DOPercentageMaxDownloadBandwidth
- DeviceLock/EnforceLockScreenAndLogonImage
- DeviceLock/EnforceLockScreenProvider
- Defender/PUAProtection
- Experience/AllowThirdPartySuggestionsInWindowsSpotlight
- Experience/AllowWindowsSpotlight
- Experience/ConfigureWindowsSpotlightOnLockScreen
- Experience/DoNotShowFeedbackNotifications
- Licensing/AllowWindowsEntitlementActivation
- Licensing/DisallowKMSClientOnlineAVSValidation
- LockDown/AllowEdgeSwipe
- Maps/EnableOfflineMapsAutoUpdate
- Maps/AllowOfflineMapsDownloadOverMeteredConnection
- Messaging/AllowMessageSync
- NetworkIsolation/EnterpriseCloudResources
- NetworkIsolation/EnterpriseInternalProxyServers
- NetworkIsolation/EnterpriseIPRange
- NetworkIsolation/EnterpriseIPRangesAreAuthoritative
- NetworkIsolation/EnterpriseNetworkDomainNames
- NetworkIsolation/EnterpriseProxyServers
- NetworkIsolation/EnterpriseProxyServersAreAuthoritative
- NetworkIsolation/NeutralResources
- Notifications/DisallowNotificationMirroring
- Privacy/DisableAdvertisingId
- Privacy/LetAppsAccessAccountInfo
- Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps
- Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps
- Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps
- Privacy/LetAppsAccessCalendar
- Privacy/LetAppsAccessCalendar_ForceAllowTheseApps
- Privacy/LetAppsAccessCalendar_ForceDenyTheseApps
- Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps
- Privacy/LetAppsAccessCallHistory
- Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps
- Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps
- Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps
- Privacy/LetAppsAccessCamera
- Privacy/LetAppsAccessCamera_ForceAllowTheseApps
- Privacy/LetAppsAccessCamera_ForceDenyTheseApps
- Privacy/LetAppsAccessCamera_UserInControlOfTheseApps
- Privacy/LetAppsAccessContacts
- Privacy/LetAppsAccessContacts_ForceAllowTheseApps
- Privacy/LetAppsAccessContacts_ForceDenyTheseApps
- Privacy/LetAppsAccessContacts_UserInControlOfTheseApps
- Privacy/LetAppsAccessEmail
- Privacy/LetAppsAccessEmail_ForceAllowTheseApps
- Privacy/LetAppsAccessEmail_ForceDenyTheseApps
- Privacy/LetAppsAccessEmail_UserInControlOfTheseApps
- Privacy/LetAppsAccessLocation
- Privacy/LetAppsAccessLocation_ForceAllowTheseApps
- Privacy/LetAppsAccessLocation_ForceDenyTheseApps
- Privacy/LetAppsAccessLocation_UserInControlOfTheseApps
- Privacy/LetAppsAccessMessaging
- Privacy/LetAppsAccessMessaging_ForceAllowTheseApps
- Privacy/LetAppsAccessMessaging_ForceDenyTheseApps
- Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps
- Privacy/LetAppsAccessMicrophone
- Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps
- Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps
- Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps
- Privacy/LetAppsAccessMotion
- Privacy/LetAppsAccessMotion_ForceAllowTheseApps
- Privacy/LetAppsAccessMotion_ForceDenyTheseApps
- Privacy/LetAppsAccessMotion_UserInControlOfTheseApps
- Privacy/LetAppsAccessNotifications
- Privacy/LetAppsAccessNotifications_ForceAllowTheseApps
- Privacy/LetAppsAccessNotifications_ForceDenyTheseApps
- Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps
- Privacy/LetAppsAccessPhone
- Privacy/LetAppsAccessPhone_ForceAllowTheseApps
- Privacy/LetAppsAccessPhone_ForceDenyTheseApps
- Privacy/LetAppsAccessPhone_UserInControlOfTheseApps
- Privacy/LetAppsAccessRadios
- Privacy/LetAppsAccessRadios_ForceAllowTheseApps
- Privacy/LetAppsAccessRadios_ForceDenyTheseApps
- Privacy/LetAppsAccessRadios_UserInControlOfTheseApps
- Privacy/LetAppsAccessTrustedDevices
- Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps
- Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps
- Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps
- Privacy/LetAppsSyncWithDevices
- Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps
- Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps
- Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps
- Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices
- Settings/AllowEditDeviceName
- Speech/AllowSpeechModelUpdate
- System/TelemetryProxy
- Update/ActiveHoursStart
- Update/ActiveHoursEnd
- Update/AllowMUUpdateService
- Update/BranchReadinessLevel
- Update/DeferFeatureUpdatesPeriodInDays
- Update/DeferQualityUpdatesPeriodInDays
- Update/ExcludeWUDriversInQualityUpdate
- Update/PauseFeatureUpdates
- Update/PauseQualityUpdates
- Update/SetProxyBehaviorForUpdateDetection
- Update/UpdateServiceUrlAlternate (Added in the January service release of Windows 10, version 1607)
- WindowsInkWorkspace/AllowWindowsInkWorkspace
- WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace
- WirelessDisplay/AllowProjectionToPC
- WirelessDisplay/RequirePinForPairing
Updated the Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts description to remove outdated information.
Updated DeliveryOptimization/DODownloadMode to add new values.
Updated Experience/AllowCortana description to clarify what each supported value does.
Updated Security/AntiTheftMode description to clarify what each supported value does. |
-| [DMClient CSP](dmclient-csp.md) | Added the following settings:
- ManagementServerAddressList
- AADDeviceID
- EnrollmentType
- HWDevID
- CommercialID
Removed the EnrollmentID setting. |
-| [DeviceManageability CSP](devicemanageability-csp.md) | New CSP. |
-| [DeviceStatus CSP](devicestatus-csp.md) | Added the following new settings:
- DeviceStatus/TPM/SpecificationVersion
- DeviceStatus/OS/Edition
- DeviceStatus/Antivirus/SignatureStatus
- DeviceStatus/Antivirus/Status
- DeviceStatus/Antispyware/SignatureStatus
- DeviceStatus/Antispyware/Status
- DeviceStatus/Firewall/Status
- DeviceStatus/UAC/Status
- DeviceStatus/Battery/Status
- DeviceStatus/Battery/EstimatedChargeRemaining
- DeviceStatus/Battery/EstimatedRuntime |
-| [AssignedAccess CSP](assignedaccess-csp.md) | Added SyncML examples. |
-| [EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md) | Added a new Folder table entry in the AssignedAccess/AssignedAccessXml description.
Updated the DDF and XSD file sections. |
-| [SecureAssessment CSP](secureassessment-csp.md) | New CSP. |
-| [DiagnosticLog CSP](diagnosticlog-csp.md)
[DiagnosticLog DDF](diagnosticlog-ddf.md) | Added version 1.3 of the CSP with two new settings.
Added the new 1.3 version of the DDF.
Added the following new settings in Windows 10, version 1607
- DeviceStateData
- DeviceStateData/MdmConfiguration |
-| [Reboot CSP](reboot-csp.md) | New CSP. |
-| [CMPolicyEnterprise CSP](cmpolicyenterprise-csp.md) | New CSP. |
-| [VPNv2 CSP](vpnv2-csp.md) | Added the following settings for Windows 10, version 1607:
- _ProfileName_/RouteList/routeRowId/ExclusionRoute
- _ProfileName_/DomainNameInformationList/_dniRowId_/AutoTrigger
- _ProfileName_/DomainNameInformationList/dniRowId/Persistent
- _ProfileName_/ProfileXML
- _ProfileName_/DeviceCompliance/Enabled
- _ProfileName_/DeviceCompliance/Sso
- _ProfileName_/DeviceCompliance/Sso/Enabled
- _ProfileName_/DeviceCompliance/Sso/IssuerHash
- _ProfileName_/DeviceCompliance/Sso/Eku
- _ProfileName_/NativeProfile/CryptographySuite
- _ProfileName_/NativeProfile/CryptographySuite/AuthenticationTransformConstants
- _ProfileName_/NativeProfile/CryptographySuite/CipherTransformConstants
- _ProfileName_/NativeProfile/CryptographySuite/EncryptionMethod
- _ProfileName_/NativeProfile/CryptographySuite/IntegrityCheckMethod
- _ProfileName_/NativeProfile/CryptographySuite/DHGroup
- _ProfileName_/NativeProfile/CryptographySuite/PfsGroup
- _ProfileName_/NativeProfile/L2tpPsk |
-| [Win32AppInventory CSP](win32appinventory-csp.md) | New CSP. |
-| [SharedPC CSP](sharedpc-csp.md) | New CSP. |
-| [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md) | New CSP. |
-| [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) | Added new classes for Windows 10, version 1607. |
-| [MDM enrollment of Windows devices](mdm-enrollment-of-windows-devices.md) | Article renamed from "Enrollment UI".
Completely updated enrollment procedures and screenshots. |
-| [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md)
[UnifiedWriteFilter DDF File](unifiedwritefilter-ddf.md) | Added the following new setting for Windows 10, version 1607:
- NextSession/HORMEnabled |
-| [CertificateStore CSP](certificatestore-csp.md)
[CertificateStore DDF file](certificatestore-ddf-file.md) | Added the following new settings in Windows 10, version 1607:
- My/WSTEP/Renew/LastRenewalAttemptTime
- My/WSTEP/Renew/RenewNow |
-| [WindowsLicensing CSP](windowslicensing-csp.md) | Added the following new node and settings in Windows 10, version 1607, but not documented:
- Subscriptions
- Subscriptions/SubscriptionId
- Subscriptions/SubscriptionId/Status
- Subscriptions/SubscriptionId/Name |
-| [WiFi CSP](wifi-csp.md) | Deprecated the following node in Windows 10, version 1607:
- DisableInternetConnectivityChecks |
-
-## What’s new in MDM for Windows 10, version 1511
-
-| New or updated article | Description |
-|-----|-----|
-| New configuration service providers added in Windows 10, version 1511 | - [AllJoynManagement CSP](alljoynmanagement-csp.md)
- [Maps CSP](maps-csp.md)
- [Reporting CSP](reporting-csp.md)
- [SurfaceHub CSP](surfacehub-csp.md)
- [WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md) |
-| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policy settings:
- ApplicationManagement/AllowWindowsBridgeForAndroidAppsExecution
- Bluetooth/ServicesAllowedList
- DataProtection/AllowAzureRMSForEDP
- DataProtection/RevokeOnUnenroll
- DeviceLock/DevicePasswordExpiration
- DeviceLock/DevicePasswordHistory
- TextInput/AllowInputPanel
- Update/PauseDeferrals
- Update/RequireDeferUpdate
- Update/RequireUpdateApproval
Updated the following policy settings:
- System/AllowLocation
- Update/RequireDeferUpgrade
Deprecated the following policy settings:
- TextInput/AllowKoreanExtendedHanja
- WiFi/AllowWiFiHotSpotReporting |
-| Management tool for the Microsoft Store for Business | New articles. The Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk. It enables several capabilities that are required for the enterprise to manage the lifecycle of applications from acquisition to updates. |
-| Custom header for generic alert | The MDM-GenericAlert is a new custom header that hosts one or more alert information provided in the http messages sent by the device to the server during an OMA DM session. The generic alert is sent if the session is triggered by the device due to one or more critical or fatal alerts. Here is alert format: `MDM-GenericAlert:
If present, the MDM-GenericAlert is presented in every the outgoing MDM message in the same OMA DM session. For more information about generic alerts, see section 8.7 in the OMA Device Management Protocol, Approved Version 1.2.1 in this [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=267526). |
-| Alert message for slow client response | When the MDM server sends a configuration request, sometimes it takes the client longer than the HTTP timeout to get all information together and then the session ends unexpectedly due to timeout. By default, the MDM client does not send an alert that a DM request is pending.
To work around the timeout, you can use EnableOmaDmKeepAliveMessage setting to keep the session alive by sending a heartbeat message back to the server. This is achieved by sending a SyncML message with a specific device alert element in the body until the client is able to respond back to the server with the requested information. For details, see EnableOmaDmKeepAliveMessage node in the [DMClient CSP](dmclient-csp.md). |
-| [DMClient CSP](dmclient-csp.md) | Added a new node EnableOmaDmKeepAliveMessage to the [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) and updated the ManagementServerAddress to indicate that it can contain a list of URLs. |
-| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added the following new nodes:
- AppManagement/GetInventoryQuery
- AppManagement/GetInventoryResults
- .../_PackageFamilyName_/AppSettingPolicy/_SettingValue_
- AppLicenses/StoreLicenses/_LicenseID_/LicenseCategory
- AppLicenses/StoreLicenses/_LicenseID_/LicenseUsage
- AppLicenses/StoreLicenses/_LicenseID_/RequesterID
- AppLicenses/StoreLicenses/_LicenseID_/GetLicenseFromStore |
-| [EnterpriseExt CSP](enterpriseext-csp.md) | Added the following new nodes:
- DeviceCustomData (CustomID, CustomeString)
- Brightness (Default, MaxAuto)
- LedAlertNotification (State, Intensity, Period, DutyCycle, Cyclecount) |
-| [EnterpriseExtFileSystem CSP](enterpriseextfilessystem-csp.md) | Added the OemProfile node.
-| [PassportForWork CSP](passportforwork-csp.md) | Added the following new nodes:
- TenantId/Policies/PINComplexity/History
- TenantId/Policies/PINComplexity/Expiration
- TenantId/Policies/Remote/UseRemotePassport (only for ./Device/Vendor/MSFT)
- Biometrics/UseBiometrics (only for ./Device/Vendor/MSFT)
- Biometrics/FacialFeaturesUseEnhancedAntiSpoofing (only for ./Device/Vendor/MSFT) |
-| [EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md) | The following updates are done to the [EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md):
- In AssignedAccessXML node, added new page settings and quick action settings.
- In AssignedAccessXML node, added an example about how to pin applications in multiple app packages using the AUMID.
- Updated the [EnterpriseAssignedAccess XSD](enterpriseassignedaccess-xsd.md) article. |
-| [DevDetail CSP](devdetail-csp.md) | The following updates are done to [DevDetail CSP](devdetail-csp.md):
- Added TotalStore and TotalRAM settings.
- Added support for Replace command for the DeviceName setting. |
-| Handling large objects | Added support for the client to handle uploading of large objects to the server. |
## Breaking changes and known issues
### Get command inside an atomic command is not supported
-In Windows 10, a Get command inside an atomic command is not supported. This was allowed in Windows Phone 8 and Windows Phone 8.1.
-
-### Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10
-
-During an upgrade from Windows 8.1 to Windows 10, the notification channel URI information is not preserved. In addition, the MDM client loses the PFN, AppID, and client secret.
-
-After upgrading to Windows 10, you should call MDM\_WNSConfiguration class to recreate the notification channel URI.
+In Windows 10 and Windows 11, a Get command inside an atomic command is not supported.
### Apps installed using WMI classes are not removed
@@ -234,17 +43,17 @@ Applications installed using WMI classes are not removed when the MDM account is
### Passing CDATA in SyncML does not work
-Passing CDATA in data in SyncML to ConfigManager and CSPs does not work in Windows 10. It worked in Windows Phone 8.
+Passing CDATA in data in SyncML to ConfigManager and CSPs does not work in Windows 10 and Windows 11.
### SSL settings in IIS server for SCEP must be set to "Ignore"
-The certificate setting under "SSL Settings" in the IIS server for SCEP must be set to "Ignore" in Windows 10. In Windows Phone 8.1, when you set the client certificate to "Accept," it works fine.
+The certificate setting under "SSL Settings" in the IIS server for SCEP must be set to "Ignore" in Windows 10 and Windows 11.
-### MDM enrollment fails on the mobile device when traffic is going through proxy
+### MDM enrollment fails on the Windows device when traffic is going through proxy
-When the mobile device is configured to use a proxy that requires authentication, the enrollment will fail. To work around this issue, the user can use a proxy that does not require authentication or remove the proxy setting from the connected network.
+When the Windows device is configured to use a proxy that requires authentication, the enrollment will fail. To work around this issue, the user can use a proxy that does not require authentication or remove the proxy setting from the connected network.
### Server-initiated unenrollment failure
@@ -254,41 +63,13 @@ Remote server unenrollment is disabled for mobile devices enrolled via Azure Act
### Certificates causing issues with Wi-Fi and VPN
-Currently in Windows 10, version 1511, when using the ClientCertificateInstall to install certificates to the device store and the user store and both certificates are sent to the device in the same MDM payload, the certificate intended for the device store will also get installed in the user store. This may cause issues with Wi-Fi or VPN when choosing the correct certificate to establish a connection. We are working to fix this issue.
+In Windows 10 and Windows 11, when using the ClientCertificateInstall to install certificates to the device store and the user store and both certificates are sent to the device in the same MDM payload, the certificate intended for the device store will also get installed in the user store. This may cause issues with Wi-Fi or VPN when choosing the correct certificate to establish a connection. We are working to fix this issue.
-### Version information for mobile devices
+### Version information for Windows 11
-The software version information from **DevDetail/SwV** does not match the version in **Settings** under **System/About**.
+The software version information from **DevDetail/Ext/Microsoft/OSPlatform** does not match the version in **Settings** under **System/About**.
-### Upgrading Windows Phone 8.1 devices with app allow-listing using ApplicationRestriction policy has issues
-
-- When you upgrade Windows Phone 8.1 devices to Windows 10 Mobile using ApplicationRestrictions with a list of allowed apps, some Windows inbox apps get blocked causing unexpected behavior. To work around this issue, you must include the [inbox apps](applocker-csp.md#inboxappsandcomponents) that you need to your list of allowed apps.
-
- Here's additional guidance for the upgrade process:
-
- - Use Windows 10 product IDs for the apps listed in [inbox apps](applocker-csp.md#inboxappsandcomponents).
- - Use the new Microsoft publisher name (PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") and Publisher="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" if you are using the publisher policy. Do not remove the Windows Phone 8.1 publisher rule if you are using it.
- - In the SyncML, you must use lowercase product ID.
- - Do not duplicate a product ID. Messaging and Skype Video use the same product ID. Duplicates cause an error.
-
-
-- Silverlight xaps may not install even if publisher policy is specified using Windows Phone 8.1 publisher rule. For example, Silverlight app "Level" will not install even if you specify <Publisher PublisherName=”Microsoft Corporation” />.
-
- To workaround this issue, remove the Windows Phone 8.1 publisher rule and add the specific product ID for each Silverlight app you want to allow to the allowed app list.
-
-- Some apps (specifically those that are published in Microsoft Store as AppX Bundles) are blocked from installing even when they are included in the app list.
-
- No workaround is available at this time. An OS update to fix this issue is coming soon.
-
-### Apps dependent on Microsoft Frameworks may get blocked in phones prior to build 10586.218
-
-Applies only to phone prior to build 10586.218: When ApplicationManagement/ApplicationRestrictions policy is deployed to Windows 10 Mobile, installation and update of apps dependent on Microsoft Frameworks may get blocked with error 0x80073CF9. To work around this issue, you must include the Microsoft Framework ID to your list of allowed apps.
-
-```xml
-
- [Experience/DisableCloudOptimizedContent](policy-csp-experience.md#experience-disablecloudoptimizedcontent)
- [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
- [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
- [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
- [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
- [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
- [Multitasking/BrowserAltTabBlowout](policy-csp-multitasking.md#multitasking-browseralttabblowout) |
+| [SurfaceHub CSP](surfacehub-csp.md) | Added the following new node:
- Properties/SleepMode |
+| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Updated the description of the following node:
- Settings/AllowWindowsDefenderApplicationGuard |
+
+## What’s new in MDM for Windows 10, version 2004
+
+| New or updated article | Description |
+|-----|-----|
+| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 2004:
- [ApplicationManagement/BlockNonAdminUserInstall](policy-csp-applicationmanagement.md#applicationmanagement-blocknonadminuserinstall)
- [Bluetooth/SetMinimumEncryptionKeySize](policy-csp-bluetooth.md#bluetooth-setminimumencryptionkeysize)
- [DeliveryOptimization/DOCacheHostSource](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehostsource)
- [DeliveryOptimization/DOMaxBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxbackgrounddownloadbandwidth)
- [DeliveryOptimization/DOMaxForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxforegrounddownloadbandwidth)
- [Education/AllowGraphingCalculator](policy-csp-education.md#education-allowgraphingcalculator)
- [TextInput/ConfigureJapaneseIMEVersion](policy-csp-textinput.md#textinput-configurejapaneseimeversion)
- [TextInput/ConfigureSimplifiedChineseIMEVersion](policy-csp-textinput.md#textinput-configuresimplifiedchineseimeversion)
- [TextInput/ConfigureTraditionalChineseIMEVersion](policy-csp-textinput.md#textinput-configuretraditionalchineseimeversion)
Updated the following policy in Windows 10, version 2004:
- [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)
Deprecated the following policies in Windows 10, version 2004:
- [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
- [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth) |
+| [DevDetail CSP](devdetail-csp.md) | Added the following new node:
- Ext/Microsoft/DNSComputerName |
+| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added the following new node:
- IsStub |
+| [SUPL CSP](supl-csp.md) | Added the following new node:
- FullVersion |
+
+## What’s new in MDM for Windows 10, version 1909
+
+| New or updated article | Description |
+|-----|-----|
+| [BitLocker CSP](bitlocker-csp.md) | Added the following new nodes in Windows 10, version 1909:
- ConfigureRecoveryPasswordRotation
- RotateRecoveryPasswords
- RotateRecoveryPasswordsStatus
- RotateRecoveryPasswordsRequestID|
+
+## What’s new in MDM for Windows 10, version 1903
+
+| New or updated article | Description |
+|-----|-----|
+|[Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 1903:
- [DeliveryOptimization/DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground)
- [DeliveryOptimization/DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground)
- [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-allowdevicehealthmonitoring)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringscope)
- [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination)
- [DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdeviceinstanceids)
- [DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdeviceinstanceids)
- [Experience/ShowLockOnUserTile](policy-csp-experience.md#experience-showlockonusertile)
- [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar)
- [InternetExplorer/DisableActiveXVersionListAutoDownload](policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload)
- [InternetExplorer/DisableCompatView](policy-csp-internetexplorer.md#internetexplorer-disablecompatview)
- [InternetExplorer/DisableFeedsBackgroundSync](policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync)
- [InternetExplorer/DisableGeolocation](policy-csp-internetexplorer.md#internetexplorer-disablegeolocation)
- [InternetExplorer/DisableWebAddressAutoComplete](policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete)
- [InternetExplorer/NewTabDefaultPage](policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage)
- [Power/EnergySaverBatteryThresholdOnBattery](policy-csp-power.md#power-energysaverbatterythresholdonbattery)
- [Power/EnergySaverBatteryThresholdPluggedIn](policy-csp-power.md#power-energysaverbatterythresholdpluggedin)
- [Power/SelectLidCloseActionOnBattery](policy-csp-power.md#power-selectlidcloseactiononbattery)
- [Power/SelectLidCloseActionPluggedIn](policy-csp-power.md#power-selectlidcloseactionpluggedin)
- [Power/SelectPowerButtonActionOnBattery](policy-csp-power.md#power-selectpowerbuttonactiononbattery)
- [Power/SelectPowerButtonActionPluggedIn](policy-csp-power.md#power-selectpowerbuttonactionpluggedin)
- [Power/SelectSleepButtonActionOnBattery](policy-csp-power.md#power-selectsleepbuttonactiononbattery)
- [Power/SelectSleepButtonActionPluggedIn](policy-csp-power.md#power-selectsleepbuttonactionpluggedin)
- [Power/TurnOffHybridSleepOnBattery](policy-csp-power.md#power-turnoffhybridsleeponbattery)
- [Power/TurnOffHybridSleepPluggedIn](policy-csp-power.md#power-turnoffhybridsleeppluggedin)
- [Power/UnattendedSleepTimeoutOnBattery](policy-csp-power.md#power-unattendedsleeptimeoutonbattery)
- [Power/UnattendedSleepTimeoutPluggedIn](policy-csp-power.md#power-unattendedsleeptimeoutpluggedin)
- [Privacy/LetAppsActivateWithVoice](policy-csp-privacy.md#privacy-letappsactivatewithvoice)
- [Privacy/LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock)
- [Search/AllowFindMyFiles](policy-csp-search.md#search-allowfindmyfiles)
- [ServiceControlManager/SvchostProcessMitigation](policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation)
- [System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline)
- [System/TurnOffFileHistory](policy-csp-system.md#system-turnofffilehistory)
- [TimeLanguageSettings/ConfigureTimeZone](policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone)
- [Troubleshooting/AllowRecommendations](policy-csp-troubleshooting.md#troubleshooting-allowrecommendations)
- [Update/AutomaticMaintenanceWakeUp](policy-csp-update.md#update-automaticmaintenancewakeup)
- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates)
- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates)
- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod)
- [WindowsLogon/AllowAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon)
- [WindowsLogon/ConfigAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon)
- [WindowsLogon/EnableFirstLogonAnimation](policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation)|
+| [Policy CSP - Audit](policy-csp-audit.md) | Added the new Audit policy CSP. |
+| [ApplicationControl CSP](applicationcontrol-csp.md) | Added the new CSP. |
+| [Defender CSP](defender-csp.md) | Added the following new nodes:
- Health/TamperProtectionEnabled
- Health/IsVirtualMachine
- Configuration
- Configuration/TamperProtection
- Configuration/EnableFileHashComputation |
+| [DiagnosticLog CSP](diagnosticlog-csp.md)
[DiagnosticLog DDF](diagnosticlog-ddf.md) | Added version 1.4 of the CSP in Windows 10, version 1903.
Added the new 1.4 version of the DDF.
Added the following new nodes:
- Policy
- Policy/Channels
- Policy/Channels/ChannelName
- Policy/Channels/ChannelName/MaximumFileSize
- Policy/Channels/ChannelName/SDDL
- Policy/Channels/ChannelName/ActionWhenFull
- Policy/Channels/ChannelName/Enabled
- DiagnosticArchive
- DiagnosticArchive/ArchiveDefinition
- DiagnosticArchive/ArchiveResults |
+| [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) | Added the new CSP. |
+| [PassportForWork CSP](passportforwork-csp.md) | Added the following new nodes:
- SecurityKey
- SecurityKey/UseSecurityKeyForSignin |
+
+
+## What’s new in MDM for Windows 10, version 1809
+
+| New or updated article | Description |
+|-----|-----|
+|[Policy CSP](policy-configuration-service-provider.md) | Added the following new policy settings in Windows 10, version 1809:
- ApplicationManagement/LaunchAppAfterLogOn
- ApplicationManagement/ScheduleForceRestartForUpdateFailures
- Authentication/EnableFastFirstSignIn (Preview mode only)
- Authentication/EnableWebSignIn (Preview mode only)
- Authentication/PreferredAadTenantDomainName
- Browser/AllowFullScreenMode
- Browser/AllowPrelaunch
- Browser/AllowPrinting
- Browser/AllowSavingHistory
- Browser/AllowSideloadingOfExtensions
- Browser/AllowTabPreloading
- Browser/AllowWebContentOnNewTabPage
- Browser/ConfigureFavoritesBar
- Browser/ConfigureHomeButton
- Browser/ConfigureKioskMode
- Browser/ConfigureKioskResetAfterIdleTimeout
- Browser/ConfigureOpenMicrosoftEdgeWith
- Browser/ConfigureTelemetryForMicrosoft365Analytics
- Browser/PreventCertErrorOverrides
- Browser/SetHomeButtonURL
- Browser/SetNewTabPageURL
- Browser/UnlockHomeButton
- Defender/CheckForSignaturesBeforeRunningScan
- Defender/DisableCatchupFullScan
- Defender/DisableCatchupQuickScan
- Defender/EnableLowCPUPriority
- Defender/SignatureUpdateFallbackOrder
- Defender/SignatureUpdateFileSharesSources
- DeviceGuard/ConfigureSystemGuardLaunch
- DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
- DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
- DeviceInstallation/PreventDeviceMetadataFromNetwork
- DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
- DmaGuard/DeviceEnumerationPolicy
- Experience/AllowClipboardHistory
- Experience/DoNotSyncBrowserSettings
- Experience/PreventUsersFromTurningOnBrowserSyncing
- Kerberos/UPNNameHints
- Privacy/AllowCrossDeviceClipboard
- Privacy/DisablePrivacyExperience
- Privacy/UploadUserActivities
- Security/RecoveryEnvironmentAuthentication
- System/AllowDeviceNameInDiagnosticData
- System/ConfigureMicrosoft365UploadEndpoint
- System/DisableDeviceDelete
- System/DisableDiagnosticDataViewer
- Storage/RemovableDiskDenyWriteAccess
- TaskManager/AllowEndTask
- Update/DisableWUfBSafeguards
- Update/EngagedRestartDeadlineForFeatureUpdates
- Update/EngagedRestartSnoozeScheduleForFeatureUpdates
- Update/EngagedRestartTransitionScheduleForFeatureUpdates
- Update/SetDisablePauseUXAccess
- Update/SetDisableUXWUAccess
- WindowsDefenderSecurityCenter/DisableClearTpmButton
- WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
- WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
- WindowsLogon/DontDisplayNetworkSelectionUI |
+| [BitLocker CSP](bitlocker-csp.md) | Added a new node AllowStandardUserEncryption in Windows 10, version 1809. Added support for Windows 10 Pro. |
+| [Defender CSP](defender-csp.md) | Added a new node Health/ProductStatus in Windows 10, version 1809. |
+| [DevDetail CSP](devdetail-csp.md) | Added a new node SMBIOSSerialNumber in Windows 10, version 1809. |
+| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added NonRemovable setting under AppManagement node in Windows 10, version 1809. |
+| [Office CSP](office-csp.md) | Added FinalStatus setting in Windows 10, version 1809. |
+| [PassportForWork CSP](passportforwork-csp.md) | Added new settings in Windows 10, version 1809. |
+| [RemoteWipe CSP](remotewipe-csp.md) | Added new settings in Windows 10, version 1809. |
+| [SUPL CSP](supl-csp.md) | Added 3 new certificate nodes in Windows 10, version 1809. |
+| [TenantLockdown CSP](tenantlockdown-csp.md) | Added new CSP in Windows 10, version 1809. |
+| [Wifi CSP](wifi-csp.md) | Added a new node WifiCost in Windows 10, version 1809. |
+| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Added new settings in Windows 10, version 1809. |
+| [WindowsLicensing CSP](windowslicensing-csp.md) | Added S mode settings and SyncML examples in Windows 10, version 1809. |
+| [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md) | Added new configuration service provider in Windows 10, version 1809. |
+
+
## Change history for MDM documentation
-To know what's changed in MDM documentation, see [Change history for MDM documentation](change-history-for-mdm-documentation.md).
\ No newline at end of file
+To know what's changed in MDM documentation, see [Change history for MDM documentation](change-history-for-mdm-documentation.md).
diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md
index 84ff8f5e34..028da43967 100644
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@@ -21,15 +21,68 @@ The PassportForWork configuration service provider is used to provision Windows
### User configuration diagram
-The following diagram shows the PassportForWork configuration service provider in tree format.
+The following shows the PassportForWork configuration service provider in tree format.
-
+```console
+./User/Vendor/MSFT
+PassportForWork
+-------TenantId
+----------Policies
+-------------UsePassportForWork
+-------------RequireSecurityDevice
+-------------EnablePinRecovery
+-------------PINComplexity
+----------------MinimumPINLength
+----------------MaximumPINLength
+----------------UppercaseLetters
+----------------LowercaseLetters
+----------------SpecialCharecters
+----------------Digits
+----------------History
+----------------Expiration
+```
### Device configuration diagram
-The following diagram shows the PassportForWork configuration service provider in tree format.
+The following shows the PassportForWork configuration service provider in tree format.
-
+```console
+./Device/Vendor/MSFT
+PassportForWork
+-------TenantId
+----------Policies
+-------------UsePassportForWork
+-------------RequireSecurityDevice
+-------------ExcludeSecurityDevices
+----------------TPM12
+-------------EnablePinRecovery
+-------------UserCertificateForOnPremAuth
+-------------PINComplexity
+----------------MinimumPINLength
+----------------MaximumPINLength
+----------------UppercaseLetters
+----------------LowercaseLetters
+----------------SpecialCharacters
+----------------Digits
+----------------History
+----------------Expiration
+-------------Remote
+----------------UseRemotePassport
+-------------UseHelloCertificatesAsSmartCardCertificates
+-------UseBiometrics
+-------Biometrics
+----------UseBiometrics
+----------FacialFeatureUse
+-------DeviceUnlock
+----------GroupA
+----------GroupB
+----------Plugins
+-------DynamicLock
+----------DynamicLock
+----------Plugins
+-------SecurityKey
+----------UseSecurityKeyForSignin
+```
**PassportForWork**
Root node for PassportForWork configuration service provider.
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index 507b737aa0..b312ee27f9 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -9,7 +9,7 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
-ms.date: 10/08/2020
+ms.date: 10/11/2021
---
# Policies in Policy CSP supported by HoloLens 2
@@ -51,6 +51,7 @@ ms.date: 10/08/2020
- [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
- [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) 9
+- [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) 10
- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) 9
- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) 9
- [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) 9
@@ -101,7 +102,13 @@ ms.date: 10/08/2020
- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) 9
- [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
- [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
+- [Update/AutoRestartNotificationSchedule](policy-csp-update.md#update-autorestartnotificationschedule) 10
+- [Update/AutoRestartRequiredNotificationDismissal](policy-csp-update.md#update-autorestartrequirednotificationdismissal) 10
- [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel)
+- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates) 10
+- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates) 10
+- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod) 10
+- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot) 10
- [Update/DeferFeatureUpdatesPeriodInDays](policy-csp-update.md#update-deferfeatureupdatesperiodindays)
- [Update/DeferQualityUpdatesPeriodInDays](policy-csp-update.md#update-deferqualityupdatesperiodindays)
- [Update/ManagePreviewBuilds](policy-csp-update.md#update-managepreviewbuilds)
@@ -109,7 +116,10 @@ ms.date: 10/08/2020
- [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates)
- [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
- [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
+- [Update/ScheduleImminentRestartWarning](policy-csp-update.md#update-scheduleimminentrestartwarning) 10
+- [Update/ScheduleRestartWarning](policy-csp-update.md#update-schedulerestartwarning) 10
- [Update/SetDisablePauseUXAccess](policy-csp-update.md#update-setdisablepauseuxaccess)
+- [Update/UpdateNotificationLevel](policy-csp-update.md#update-updatenotificationlevel) 10
- [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl)
- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
- [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) 8
@@ -125,6 +135,7 @@ Footnotes:
- 7 - Available in Windows 10, version 1909.
- 8 - Available in Windows 10, version 2004.
- 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes#windows-holographic-version-20h2)
+- 10 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2)
## Related topics
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
index 13c000e4f5..57cbee7b16 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
@@ -29,7 +29,6 @@ ms.date: 07/22/2020
- [Defender/AllowFullScanOnMappedNetworkDrives](policy-csp-defender.md#defender-allowfullscanonmappednetworkdrives)
- [Defender/AllowFullScanRemovableDriveScanning](policy-csp-defender.md#defender-allowfullscanremovabledrivescanning)
- [Defender/AllowIOAVProtection](policy-csp-defender.md#defender-allowioavprotection)
-- [Defender/AllowIntrusionPreventionSystem](policy-csp-defender.md#defender-allowintrusionpreventionsystem)
- [Defender/AllowOnAccessProtection](policy-csp-defender.md#defender-allowonaccessprotection)
- [Defender/AllowRealtimeMonitoring](policy-csp-defender.md#defender-allowrealtimemonitoring)
- [Defender/AllowScanningNetworkFiles](policy-csp-defender.md#defender-allowscanningnetworkfiles)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 18c2823552..bbd3101f94 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -42,9 +42,25 @@ The Policy configuration service provider has the following sub-categories:
> - **./Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
> - **./Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
-The following diagram shows the Policy configuration service provider in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
+The following shows the Policy configuration service provider in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
-
+```console
+./Vendor/MSFT
+Policy
+-------Config
+----------AreaName
+-------------PolicyName
+-------Result
+----------AreaName
+-------------PolicyName
+-------ConfigOperations
+----------ADMXInstall
+-------------AppName
+----------------Policy
+------------------UniqueID
+----------------Preference
+------------------UniqueID
+```
**./Vendor/MSFT/Policy**
@@ -5825,9 +5841,6 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
Home
- No
+ No
Pro
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 83bbd6d38f..b30980d636 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -517,7 +517,7 @@ Specifies the list of domains that are allowed to be navigated to in AAD PIN res
> [!Warning]
-> This policy is in preview mode only and therefore not meant or recommended for production purposes.
+> The Web Sign-in feature is in preview mode only and therefore not meant or recommended for production purposes.
This policy is intended for use on Shared PCs to enable a quick first sign-in experience for a user. It works by automatically connecting new non-admin Azure Active Directory (Azure AD) accounts to the pre-configured candidate local accounts.
@@ -596,7 +596,7 @@ Value type is integer. Supported values:
> [!Warning]
-> This policy is in preview mode only and therefore not meant or recommended for production purposes.
+> The Web Sign-in feature is in preview mode only and therefore not meant or recommended for production purposes.
"Web Sign-in" is a new way of signing into a Windows PC. It enables Windows logon support for new Azure AD credentials, like Temporary Access Pass.
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index adb1bec8af..52ab4dd052 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -213,22 +213,22 @@ ms.localizationpriority: medium
Pro
Yes
- Yes
+ No
Business
Yes
- Yes
+ No
Enterprise
Yes
- Yes
+ No
Education
Yes
- Yes
+ No
- -**Defender/AllowIntrusionPreventionSystem** - - -
| Edition | -Windows 10 | -Windows 11 | -
|---|---|---|
| Home | -Yes | -Yes | -
| Pro | -Yes | -Yes | -
| Business | -Yes | -Yes | -
| Enterprise | -Yes | -Yes | -
| Education | -Yes | -Yes | -
- - -[Scope](./policy-configuration-service-provider.md#policy-scope): - -> [!div class = "checklist"] -> * Device - -
- - - -> [!NOTE] -> This policy is only enforced in Windows 10 for desktop. - - -Allows or disallows Windows Defender Intrusion Prevention functionality. - - - -The following list shows the supported values: - -- 0 – Not allowed. -- 1 (default) – Allowed. - - - - -
- **Defender/AllowOnAccessProtection** @@ -3400,4 +3328,4 @@ ADMX Info: - \ No newline at end of file + diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 42e192202e..d08161c676 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -7,7 +7,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 10/06/2020 +ms.date: 10/12/2021 ms.reviewer: manager: dansimp --- @@ -23,6 +23,9 @@ manager: dansimp
9+ +**MixedReality/AutoLogonUser** + + +
| Windows Edition | +Supported? | +
|---|---|
| HoloLens (1st gen) Development Edition | +❌ | +
| HoloLens (1st gen) Commercial Suite | +❌ | +
| HoloLens 2 | +✔️ | +
+ [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -114,15 +161,15 @@ Supported values are 0-60. The default value is 0 (day) and maximum value is 60
9999- diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md index dc8d037b70..792dab97f1 100644 --- a/windows/client-management/mdm/policy-csp-security.md +++ b/windows/client-management/mdm/policy-csp-security.md @@ -123,51 +123,11 @@ The following list shows the supported values: **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices** - -
| Edition | -Windows 10 | -Windows 11 | -
|---|---|---|
| Home | -No | -No | -
| Pro | -Yes | -Yes | -
| Business | - -||
| Enterprise | -Yes | -Yes | -
| Education | -Yes | -Yes | -
- > [!NOTE] -> This policy has been deprecated in Windows 10, version 1607 - -
- -> [!NOTE] -> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. - +> +> - This policy is deprecated in Windows 10, version 1607.
+> - This policy is only enforced in Windows 10 for desktop. Specifies whether to allow automatic [device encryption](/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) during OOBE when the device is Azure AD joined. @@ -764,4 +724,4 @@ The following list shows the supported values:
- \ No newline at end of file + diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 908deebcb4..69c7b52c83 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -927,18 +927,18 @@ The following list shows the supported values: -Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:". Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth". Multiple page identifiers are separated by semicolons. +Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:". Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth". Multiple page identifiers are separated by semicolons. For additional information on the URI reference scheme used for the various pages of the System Settings app, see [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference). The following example illustrates a policy that would allow access only to the about and bluetooth pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively: showonly:about;bluetooth -If the policy is not specified, the behavior will be that no pages are affected. If the policy string is formatted incorrectly, it will be ignored entirely (i.e. treated as not set) to prevent the machine from becoming unserviceable if data corruption occurs. Note that if a page is already hidden for another reason, then it will remain hidden even if it is in a "showonly:" list. +If the policy is not specified, the behavior will be that no pages are affected. If the policy string is formatted incorrectly, it will be ignored entirely (that is, treated as not set) to prevent the machine from becoming unserviceable if data corruption occurs. Note that if a page is already hidden for another reason, then it will remain hidden even if it is in a "showonly:" list. The format of the PageVisibilityList value is as follows: - The value is a unicode string up to 10,000 characters long, which will be used without case sensitivity. -- There are two variants: one that shows only the given pages and one which hides the given pages. +- There are two variants: one that shows only the given pages and one that hides the given pages. - The first variant starts with the string "showonly:" and the second with the string "hide:". - Following the variant identifier is a semicolon-delimited list of page identifiers, which must not have any extra whitespace. - Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:network-wifi" would be just "network-wifi". @@ -964,7 +964,7 @@ ADMX Info: -To validate on Desktop, do the following: +To validate on Desktop, use the following steps: 1. Open System Settings and verify that the About page is visible and accessible. 2. Configure the policy with the following string: "hide:about". diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index d4dcbc0b56..588586543f 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -2215,22 +2215,22 @@ To validate on Desktop, do the following:
- \ No newline at end of file + diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index b5378a0265..91ba6acd2b 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -3494,22 +3494,22 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd
4104
-Hex:1008
Hex: 1008
TPS Policy
This setting indicates whether mobile operators can be assigned the Trusted Provisioning Server (TPS) SECROLE_OPERATOR_TPS role.
Default value: 1
@@ -58,7 +62,7 @@ The following security policies are supported.4105
-Hex:1009
Hex: 1009
Message Authentication Retry Policy
This setting specifies the maximum number of times the user is allowed to try authenticating a Wireless Application Protocol (WAP) PIN-signed message.
Default value: 3
@@ -66,7 +70,7 @@ The following security policies are supported.4108
-Hex:100c
Hex: 100c
Service Loading Policy
This setting indicates whether SL messages are accepted, by specifying the security roles that can accept SL messages. An SL message downloads new services or provisioning XML to the device.
Default value: 256 (SECROLE_KNOWN_PPG)
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 9472789042..7a1fa1b52f 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -48,6 +48,8 @@ items: href: device-update-management.md - name: Bulk enrollment href: bulk-enrollment-using-windows-provisioning-tool.md + - name: Secured-Core PC Configuration Lock + href: config-lock.md - name: Management tool for the Microsoft Store for Business href: management-tool-for-windows-store-for-business.md items: @@ -80,8 +82,6 @@ items: href: bulk-assign-and-reclaim-seats-from-user.md - name: Get seats assigned to a user href: get-seats-assigned-to-a-user.md - - name: Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices - href: enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md - name: Certificate renewal href: certificate-renewal-windows-mdm.md - name: Disconnecting from the management infrastructure (unenrollment) @@ -149,8 +149,6 @@ items: items: - name: BitLocker DDF file href: bitlocker-ddf-file.md - - name: BOOTSTRAP CSP - href: bootstrap-csp.md - name: BrowserFavorite CSP href: browserfavorite-csp.md - name: CellularSettings CSP @@ -172,8 +170,6 @@ items: href: clientcertificateinstall-ddf-file.md - name: CM_CellularEntries CSP href: cm-cellularentries-csp.md - - name: CM_ProxyEntries CSP - href: cm-proxyentries-csp.md - name: CMPolicy CSP href: cmpolicy-csp.md - name: CMPolicyEnterprise CSP @@ -201,8 +197,6 @@ items: items: - name: DeveloperSetup DDF href: developersetup-ddf.md - - name: DeviceInstanceService CSP - href: deviceinstanceservice-csp.md - name: DeviceLock CSP href: devicelock-csp.md items: diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md index 42a6882673..80121f22ea 100644 --- a/windows/client-management/mdm/vpn-csp.md +++ b/windows/client-management/mdm/vpn-csp.md @@ -23,7 +23,7 @@ The VPN configuration service provider allows the MDM server to configure the VP Important considerations: -- For a VPN that requires a client certificate, the server must first enroll the needed client certificate before deploying a VPN profile to ensure that there is a functional VPN profile at the device. This is particularly critical for forced tunnel VPN. +- For a VPN that requires a client certificate, the server must first enroll the needed client certificate before deploying a VPN profile to ensure that there is a functional VPN profile at the device. This is critical for forced tunnel VPN. - VPN configuration commands must be wrapped with an Atomic command as shown in the example below. @@ -31,9 +31,61 @@ Important considerations: - For the VPN CSP, you cannot use the Replace command unless the node already exists. -The following diagram shows the VPN configuration service provider in tree format. +The following shows the VPN configuration service provider in tree format. - +```console +./Vendor/MSFT +VPN +-----ProfileName +---------Server +---------TunnelType +---------ThirdParty +-------------Name +-------------AppID +-------------CustomStoreURL +-------------CustomConfiguration +---------RoleGroup +---------Authentication +-------------Method +-------------Certificate +---------------Issuer +---------------EKU +---------------CacheLifeTimeProtectedCert +-------------MultiAuth +---------------StartURL +---------------EndURL +-------------EAP +---------Proxy +-------------Automatic +-------------Manual +---------------Server +---------------Port +-------------BypassProxyforLocal +---------SecuredResources +-------------AppPublisherNameList +---------------AppPublisherName +-------------AppAllowedList +---------------AppAllowedList +-------------NetworkAllowedList +---------------NetworkAllowedList +-------------NameSapceAllowedList +---------------NameSapceAllowedList +-------------ExcudedAppList +---------------ExcudedAppList +-------------ExcludedNetworkList +---------------ExcludedNetworkList +-------------ExcludedNameSpaceList +---------------ExcludedNameSpaceList +-------------DNSSuffixSearchList +---------------DNSSuffixSearchList +---------Policies +-------------RememberCredentials +-------------SplitTunnel +-------------BypassforLocal +-------------TrustedNetworkDetection +-------------ConnectionType +---------DNSSuffix +``` ***ProfileName*** Unique alpha numeric Identifier for the profile. The profile name must not include a forward slash (/). @@ -48,12 +100,12 @@ Supported operations are Get, Add, and Replace. Value type is chr. Some examples are 208.23.45.130 or vpn.contoso.com. **TunnelType** -Optional, but required when deploying a 3rd party IKEv2 VPN profile. Only a value of IKEv2 is supported for this release. +Optional, but required when deploying a third-party IKEv2 VPN profile. Only a value of IKEv2 is supported for this release. Value type is chr. Supported operations are Get and Add. **ThirdParty** -Optional, but required if deploying 3rd party SSL-VPN plugin profile. Defines a group of setting applied to SSL-VPN profile provisioning. +Optional, but required if deploying third-party SSL-VPN plugin profile. Defines a group of setting applied to SSL-VPN profile provisioning. Supported operations are Get and Add. @@ -73,17 +125,17 @@ Valid values: - Checkpoint Mobile VPN **ThirdParty/AppID** -Optional, but required when deploying a 3rd party SSL-VPN plugin app from a private enterprise storefront. This is the ProductID associated with the store application. The client will use this ProductID to ensure that only the enterprise approved plugin is initialized. +Optional, but required when deploying a third-party SSL-VPN plugin app from a private enterprise storefront. This is the ProductID associated with the store application. The client will use this ProductID to ensure that only the enterprise approved plugin is initialized. Value type is chr. Supported operations are Get, Add, Replace, and Delete. **ThirdParty/CustomStoreURL** -Optional, but required if an enterprise is deploying a 3rd party SSL-VPN plugin app from the private enterprise storefront. This node specifies the URL of the 3rd party SSL-VPN plugin app. +Optional, but required if an enterprise is deploying a third-party SSL-VPN plugin app from the private enterprise storefront. This node specifies the URL of the third-party SSL-VPN plugin app. Value type is chr. Supported operations are Get, Add, Replace, and Delete. **ThirdParty/CustomConfiguration** -Optional. This is an HTML encoded XML blob for SSL-VPN plugin specific configuration that is deployed to the device to make it available for SSL-VPN plugins. +Optional. This is an HTML encoded XML blob for SSL-VPN plugin-specific configuration that is deployed to the device to make it available for SSL-VPN plugins. Value type is char. Supported operations are Get, Add, Replace, and Delete. @@ -98,7 +150,7 @@ Optional node for ThirdParty VPN profiles, but required for IKEv2. This is a col Supported operations are Get and Add. **Authentication/Method** -Required for IKEv2 profiles and optional for third party profiles. This specifies the authentication provider to use for VPN client authentication. Only the EAP method is supported for IKEv2 profiles. +Required for IKEv2 profiles and optional for third-party profiles. This specifies the authentication provider to use for VPN client authentication. Only the EAP method is supported for IKEv2 profiles. Supported operations are Get and Add. @@ -114,7 +166,7 @@ Optional node. A collection of nodes that enables simpler authentication experie Supported operations are Get and Add. **Authentication/Certificate/Issuer** -Optional. Filters out the installed certificates with private keys stored in registry or TPM. This can be used in conjunction with EKU for more granular filtering. +Optional. Filters out the installed certificates with private keys stored in registry or TPM. This can be used with EKU for more granular filtering. Value type is chr. Supported operations are Get, Add, Delete, and Replace. @@ -123,7 +175,7 @@ Value type is chr. Supported operations are Get, Add, Delete, and Replace. **Authentication/Certificate/EKU** -Optional. This Extended Key Usage (EKU) element is used to filter out the installed certificates with private keys stored in the registry or TPM. You can use this in conjunction with ISSUER for a more granular filtering. +Optional. This Extended Key Usage (EKU) element is used to filter out the installed certificates with private keys stored in the registry or TPM. You can use this with ISSUER for a more granular filtering. Value type is chr. Supported operations are Get, Add, Delete, and Replace. @@ -175,16 +227,16 @@ Default is False. Optional node. A collection of configuration objects that define the inclusion resource lists for what can be secured over VPN. Allowed lists are applied only when Policies/SplitTunnel element is set to True. VPN exclusions are not supported.. **SecuredResources/AppAllowedList/AppAllowedList** -Optional. Specifies one or more ProductIDs for the enterprise line of business applications built for Windows. When this element is defined, then all traffic sourced from specified apps will be secured over VPN (assuming protected networks defined allows access). They will not be able to connect directly bypassing the VPN connection. When the profile is auto-triggered, VPN is triggered automatically by these apps. +Optional. Specifies one or more ProductIDs for the enterprise line-of-business applications built for Windows. When this element is defined, then all traffic sourced from specified apps will be secured over VPN (assuming protected networks defined allows access). They will not be able to connect directly bypassing the VPN connection. When the profile is autotriggered, VPN is triggered automatically by these apps. -Supported operations are Get, Add, Replace and Delete. +Supported operations are Get, Add, Replace, and Delete. Value type is chr. Examples are {F05DC613-E223-40AD-ABA9-CCCE04277CD9} and ContosoApp.ContosoCorp\_jlsnulm3s397u. **SecuredResources/NetworkAllowedList/NetworkAllowedList** -Optional, but required when Policies/SplitTunnel is set to true for IKEv2 profile. Specifies one or more IP ranges that you want secured over VPN. Applications connecting to protected resources that match this list will be secured over VPN. Otherwise, they’ll continue to connect directly. The IP ranges are defined in the format 10.0.0.0/8. When the profile is auto-triggered, the VPN is triggered automatically by these protected networks. +Optional, but required when Policies/SplitTunnel is set to true for IKEv2 profile. Specifies one or more IP ranges that you want secured over VPN. Applications connecting to protected resources that match this list will be secured over VPN. Otherwise, they’ll continue to connect directly. The IP ranges are defined in the format 10.0.0.0/8. When the profile is autotriggered, the VPN is triggered automatically by these protected networks. Supported operations are Get, Add, Replace, and Delete. @@ -202,7 +254,7 @@ Value type is chr. An example is \*.corp.contoso.com. **SecuredResources/ExcluddedAppList/ExcludedAppList** -Optional. Specifies one or more ProductIDs for enterprise line of business applications built for Windows. When the element is defined, these apps will never use VPN. They will connect directly and bypass the VPN connection. +Optional. Specifies one or more ProductIDs for enterprise line-of-business applications built for Windows. When the element is defined, these apps will never use VPN. They will connect directly and bypass the VPN connection. Supported operations are Get, Add, Replace, and Delete. diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md index e7321b1888..de649eb77b 100644 --- a/windows/client-management/mdm/w4-application-csp.md +++ b/windows/client-management/mdm/w4-application-csp.md @@ -21,11 +21,17 @@ The default security roles are defined in the root characteristic, and map to ea > **Note** This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_CSP\_W4\_APPLICATION capabilities to be accessed from a network configuration application. - +The following shows the configuration service provider in tree format as used by OMA Client Provisioning. -The following diagram shows the configuration service provider in tree format as used by OMA Client Provisioning. - - +```console +APPLICATION +----APPID +----NAME +----TO-PROXY +----TO-NAPID +----ADDR +----MS +``` **APPID** Required. This parameter takes a string value. The only supported value for configuring MMS is "w4". diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md index 7aaa801796..7745749716 100644 --- a/windows/client-management/mdm/w7-application-csp.md +++ b/windows/client-management/mdm/w7-application-csp.md @@ -19,11 +19,37 @@ The APPLICATION configuration service provider that has an APPID of w7 is used f > **Note** This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application. - -The following image shows the configuration service provider in tree format as used by OMA Client Provisioning. +The following shows the configuration service provider in tree format as used by OMA Client Provisioning. - +```console +APPLICATION +---APPADDR +------ADDR +------ADDRTYPE +------PORT +---------PORTNBR +---APPAUTH +------AAUTHDATA +------AAUTHLEVEL +------AAUTHNAME +------AAUTHSECRET +------AAUTHTYPE +---AppID +---BACKCOMPATRETRYDISABLED +---CONNRETRYFREQ +---DEFAULTENCODING +---INIT +---INITIALBACKOFTIME +---MAXBACKOFTIME +---NAME +---PROTOVER +---PROVIDER-ID +---ROLE +---TO-NAPID +---USEHWDEVID +---SSLCLIENTCERTSEARCHCRITERIA +``` > **Note** All parm names and characteristic types are case sensitive and must use all uppercase. Both APPSRV and CLIENT credentials must be provided in provisioning XML. diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md index e867ae66ef..e6864ea72c 100644 --- a/windows/client-management/mdm/wifi-csp.md +++ b/windows/client-management/mdm/wifi-csp.md @@ -29,9 +29,22 @@ Programming considerations: - For the WiFi CSP, you cannot use the Replace command unless the node already exists. - Using Proxyis only supported in Windows 10 Mobile. Using this configuration in Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) will result in failure. -The following image shows the WiFi configuration service provider in tree format. +The following shows the WiFi configuration service provider in tree format. + +```console +./Device/Vendor/MSFT +or +./User/Vendor/MSFT +WiFi +---Profile +------SSID +---------WlanXML +---------Proxy +---------ProxyPacUrl +---------ProxyWPAD +---------WiFiCost +``` - The following list shows the characteristics and parameters. diff --git a/windows/client-management/mdm/windows-mdm-enterprise-settings.md b/windows/client-management/mdm/windows-mdm-enterprise-settings.md index e5e7511669..bb12be25b3 100644 --- a/windows/client-management/mdm/windows-mdm-enterprise-settings.md +++ b/windows/client-management/mdm/windows-mdm-enterprise-settings.md @@ -12,12 +12,12 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: manikadhiman -ms.date: 06/26/2017 +ms.date: 11/02/2021 --- # Enterprise settings, policies, and app management -The actual management interaction between the device and server is done via the DM client. The DM client communicates with the enterprise management server via DM v1.2 SyncML syntax. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=267526). +The actual management interaction between the device and server is done via the DM client. The DM client communicates with the enterprise management server via DM v1.2 SyncML syntax. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](https://www.openmobilealliance.org/release/DM/V1_2-20070209-A/OMA-TS-DM_Protocol-V1_2-20070209-A.pdf). Windows currently supports one MDM server. The DM client that is configured via the enrollment process is granted access to enterprise related settings. Enterprise MDM settings are exposed via various configuration service providers to the DM client. For the list of available configuration service providers, see [Configuration service provider reference](configuration-service-provider-reference.md). diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md index 4f22b0b48c..bba543313e 100644 --- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md +++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md @@ -17,9 +17,25 @@ ms.date: 11/01/2017 The Windows Defender Advanced Threat Protection (WDATP) configuration service provider (CSP) allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP. -The following diagram shows the WDATP configuration service provider in tree format as used by the Open Mobile Alliance (OMA) Device Management (DM). +The following shows the WDATP configuration service provider in tree format as used by the Open Mobile Alliance (OMA) Device Management (DM). - +```console +./Device/Vendor/MSFT +WindowsAdvancedThreatProtection +----Onboarding +----HealthState +--------LastConnected +--------SenseIsRunning +--------OnboardingState +--------OrgId +----Configuration +--------SampleSharing +--------TelemetryReportingFrequency +----Offboarding +----DeviceTagging +--------Group +--------Criticality +``` The following list describes the characteristics and parameters. diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md index 468313fb87..cc5b2bff12 100644 --- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md +++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md @@ -5,8 +5,8 @@ ms.author: dansimp ms.topic: article ms.prod: w10 ms.technology: windows -author: manikadhiman -ms.date: 07/07/2020 +author: dansimp +ms.date: 11/02/2021 ms.reviewer: manager: dansimp --- @@ -50,8 +50,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete. The following list shows the supported values: - 0 - Disable Microsoft Defender Application Guard - 1 - Enable Microsoft Defender Application Guard for Microsoft Edge ONLY -- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY -- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments +- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY (added in Windows 10, version 2004) +- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments (added in Windows 10, version 2004) **Settings/ClipboardFileType** Determines the type of content that can be copied from the host to Application Guard environment and vice versa. @@ -266,7 +266,7 @@ ADMX Info: **Status** -Returns bitmask that indicates status of Application Guard installation and pre-requisites on the device. +Returns bitmask that indicates status of Application Guard installation for Microsoft Edge and prerequisites on the device. Value type is integer. Supported operation is Get. @@ -275,11 +275,13 @@ Value type is integer. Supported operation is Get. - Bit 2 - Set to 1 when the client machine has a valid OS license and SKU. - Bit 3 - Set to 1 when Application Guard installed on the client machine. - Bit 4 - Set to 1 when required Network Isolation Policies are configured. + > [!IMPORTANT] + > If you are deploying Application Guard via Intune, Network Isolation Policy must be configured to enable Application Guard for Microsoft Edge. - Bit 5 - Set to 1 when the client machine meets minimum hardware requirements. -- Bit 6 - Set to 1 when system reboot is required. +- Bit 6 - Set to 1 when system reboot is required. **PlatformStatus** -Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. +Added in Windows 10, version 2004. Applies to Microsoft Office/Generic platform. Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. Value type is integer. Supported operation is Get. diff --git a/windows/client-management/mdm/wmi-providers-supported-in-windows.md b/windows/client-management/mdm/wmi-providers-supported-in-windows.md index 2fe71b5e76..7dfbe89239 100644 --- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md +++ b/windows/client-management/mdm/wmi-providers-supported-in-windows.md @@ -86,19 +86,19 @@ For links to these classes, see [**MDM Bridge WMI Provider**](/windows/win32/dmw- Windows 10, version 2004 (recommended)
- Windows 10, version 1703 (legacy version of Cortana)
Mobile: Windows 10 mobile, version 1703 (legacy version of Cortana)
For more information on the differences between Cortana in Windows 10, version 2004 and earlier versions, see [**How is my data processed by Cortana**](#how-is-my-data-processed-by-cortana) below. | +|Client operating system | - Windows 10, version 2004 (recommended)
- Windows 10, version 1703 (legacy version of Cortana)
For more information on the differences between Cortana in Windows 10, version 2004 and earlier versions, see [**How is my data processed by Cortana**](#how-is-my-data-processed-by-cortana) below. | |Azure Active Directory (Azure AD) | While all employees signing into Cortana need an Azure AD account, an Azure AD premium tenant isn't required. | |Additional policies (Group Policy and Mobile Device Management (MDM)) |There is a rich set of policies that can be used to manage various aspects of Cortana. Most of these policies will limit the abilities of Cortana but won't turn Cortana off. For example, if you turn **Speech** off, your employees won't be able to use the wake word ("Cortana") for hands-free activation or voice commands to easily ask for help. | @@ -51,7 +51,7 @@ Cortana's approach to integration with Microsoft 365 has changed with Windows 10 ### Cortana in Windows 10, version 2004 and later, or Windows 11 -Cortana enterprise services that can be accessed using Azure AD through Cortana in Windows 10, version 2004 and later, or Windows 11, meet the same enterprise-level privacy, security, and compliance promises as reflected in the [Online Services Terms (OST)](https://www.microsoft.com/en-us/licensing/product-licensing/products). To learn more, see [Cortana in Microsoft 365](/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide#what-data-is-processed-by-cortana-in-office-365&preserve-view=true). +Cortana enterprise services that can be accessed using Azure AD through Cortana meet the same enterprise-level privacy, security, and compliance promises as reflected in the [Online Services Terms (OST)](https://www.microsoft.com/en-us/licensing/product-licensing/products). To learn more, see [Cortana in Microsoft 365](/microsoft-365/admin/misc/cortana-integration?view=o365-worldwide#what-data-is-processed-by-cortana-in-office-365&preserve-view=true). #### How does Microsoft store, retain, process, and use Customer Data in Cortana? @@ -77,7 +77,7 @@ First, the user must enable the wake word from within Cortana settings. Once it The first decision is made by the Windows Multiple Voice Assistant platform leveraging hardware optionally included in the user's PC for power savings. If the wake word is detected, Windows will show a microphone icon in the system tray indicating an assistant app is listening. -:::image type="content" source="../screenshot2.png" alt-text="Screenshot: Microphone icon in the system tray indicating an assistant app is listening"::: +:::image type="content" source="./images/screenshot2.png" alt-text="Screenshot: Microphone icon in the system tray indicating an assistant app is listening"::: At that point, the Cortana app will receive the audio, run a second, more accurate wake word detector, and optionally send it to a Microsoft cloud service where a third wake word detector will confirm. If the service does not confirm that the activation was valid, the audio will be discarded and deleted from any further processing or server logs. On the user's PC, the Cortana app will be silently dismissed, and no query will be shown in conversation history because the query was discarded. diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md index a43fafd84b..0a26a17390 100644 --- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md +++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md @@ -7,46 +7,78 @@ ms.sitesec: library author: greg-lindsay ms.localizationpriority: medium ms.author: greglin -ms.date: 10/05/2017 ms.reviewer: manager: dansimp --- # Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization ->[!NOTE] ->For specific info about how to set, manage, and use each of these MDM policies to configure Cortana in your enterprise, see the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) topic, located in the configuration service provider reference topics. +For specific info about how to set, manage, and use each of these MDM policies to configure Cortana in your enterprise, see the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider). +- **Allow Cortana** + - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana` + - **MDM policy CSP**: [Experience/AllowCortana](/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) + - **Description**: Specifies if users can use Cortana. -|**Group policy** |**MDM policy** |**Description** | -|---------|---------|---------| -|Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana |Experience/AllowCortana |Specifies whether employees can use Cortana.
-> [!IMPORTANT] -> Cortana won’t work if this setting is turned off (disabled). However, on Windows 10, version 1809 and below, employees can still perform local searches even with Cortana turned off. | -|Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortanaAboveLock |AboveLock/AllowCortanaAboveLock |Specifies whether an employee can interact with Cortana using voice commands when the system is locked.
-> [!NOTE] -> Cortana in Windows 10, versions 2004 and later, or Windows 11 do not currently support Above Lock. | -|Computer Configuration\Administrative Templates\Windows Components\App Privacy\LetAppsActivateWithVoice |[Privacy/LetAppsActivateWithVoice](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsactivatewithvoice) |Specifies whether apps (such as Cortana or other voice assistants) can activate using a wake word (e.g. “Hey Cortana”).
-> [!NOTE] -> This setting only applies to Windows 10 versions 2004 and later, or Windows 11. To disable wake word activation on Windows 10 versions 1909 and earlier, you will need to disable voice commands using Privacy/AllowInputPersonalization. | -|Computer Configuration\Administrative Templates\Windows Components\App Privacy\LetAppsAccessMicrophone |[Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone-forcedenytheseapps) | Use this to disable Cortana’s access to the microphone. To do so, specify Cortana’s Package Family Name: Microsoft.549981C3F5F10_8wekyb3d8bbwe
-Users will still be able to type queries to Cortana. | -|Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow users to enable online speech recognition services |Privacy/AllowInputPersonalization |Specifies whether an employee can use voice commands with Cortana in your organization.
-**In Windows 10, version 1511**
Cortana won’t work if this setting is turned off (disabled).
**In Windows 10, version 1607 and later**
Non-speech aspects of Cortana will still work if this setting is turned off (disabled).
**In Windows 10, version 2004 and later**
Cortana will work, but voice input will be disabled. | -|None |System/AllowLocation |Specifies whether to allow app access to the Location service.
-**In Windows 10, version 1511**
Cortana won’t work if this setting is turned off (disabled).
-**In Windows 10, version 1607 and later**
-Cortana still works if this setting is turned off (disabled).
-**In Windows 10, version 2004 and later**
-Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later, or Windows 11 do not currently use the Location service. | -|None |Accounts/AllowMicrosoftAccountConnection |Specifies whether to allow employees to sign in using a Microsoft account (MSA) from Windows apps.
-Disable this setting if you only want to allow users to sign in with their Azure AD account. | -|Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location |Search/AllowSearchToUseLocation |Specifies whether Cortana can use your current location during searches and for location reminders.
-**In Windows 10, version 2004 and later**
Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later, or Windows 11, do not currently use the Location service. | -|Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results |Search/DoNotUseWebResults |Specifies whether search can perform queries on the web and if the web results are displayed in search.
-**In Windows 10 Pro edition**
This setting can’t be managed.
-**In Windows 10 Enterprise edition**
Cortana won't work if this setting is turned off (disabled).
-**In Windows 10, version 2004 and later**
This setting no longer affects Cortana.
| -|Computer Configuration\Administrative Templates\Windows Components\Search\Set the SafeSearch setting for Search |Search/SafeSearchPermissions |Specifies what level of safe search (filtering adult content) is required.
-> [!NOTE] -> This setting only applies to Windows 10 Mobile. Other versions of Windows should use Don't search the web or display web results. | \ No newline at end of file + Cortana won’t work if this setting is turned off (disabled). On Windows 10, version 1809 and below, users can still do local searches, even with Cortana turned off. + +- **AllowCortanaAboveLock** + - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortanaAboveLock` + - **MDM policy CSP**: [AboveLock/AllowCortanaAboveLock](/windows/client-management/mdm/policy-csp-abovelock#abovelock-allowcortanaabovelock) + - **Description**: Specifies whether users can interact with Cortana using voice commands when the system is locked. + + This setting: + + - Doesn't apply to Windows 10, versions 2004 and later + - Doesn't apply to Windows 11 + +- **LetAppsActivateWithVoice** + - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\App Privacy\LetAppsActivateWithVoice` + - **MDM policy CSP**: [Privacy/LetAppsActivateWithVoice](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsactivatewithvoice) + - **Description**: Specifies if apps, like Cortana or other voice assistants, can activate using a wake word, like “Hey Cortana”. + + This setting applies to: + + - Windows 10 versions 2004 and later + - Windows 11 + + To disable wake word activation on Windows 10 versions 1909 and earlier, disable voice commands using the [Privacy/AllowInputPersonalization CSP](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization). + +- **LetAppsAccessMicrophone** + - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\App Privacy\LetAppsAccessMicrophone` + - **MDM policy CSP**: [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone-forcedenytheseapps) + - **Description**: Disables Cortana’s access to the microphone. To use this setting, enter Cortana’s Package Family Name: `Microsoft.549981C3F5F10_8wekyb3d8bbwe`. Users can still type queries to Cortana. + +- **Allow users to enable online speech recognition services** + - **Group policy**: `Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow users to enable online speech recognition services` + - **MDM policy CSP**: [Privacy/AllowInputPersonalization](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) + - **Description**: Specifies whether users can use voice commands with Cortana in your organization. + - **Windows 10, version 1511**: Cortana won’t work if this setting is turned off (disabled). + - **Windows 10, version 1607 and later**: Non-speech aspects of Cortana will still work if this setting is turned off (disabled). + - **Windows 10, version 2004 and later**: Cortana will work, but voice input will be disabled. + +- **AllowLocation** + - **Group policy**: None + - **MDM policy CSP**: [System/AllowLocation](/windows/client-management/mdm/policy-csp-system#system-allowlocation) + - **Description**: Specifies whether to allow app access to the Location service. + - **Windows 10, version 1511**: Cortana won’t work if this setting is turned off (disabled). + - **Windows 10, version 1607 and later**: Cortana still works if this setting is turned off (disabled). + - **Windows 10, version 2004 and later**: Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later, or Windows 11 don't use the Location service. + +- **AllowMicrosoftAccountConnection** + - **Group policy**: None + - **MDM policy CSP**: [Accounts/AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection) + - **Description**: Specifies whether to allow users to sign in using a Microsoft account (MSA) from Windows apps. If you only want to allow users to sign in with their Azure AD account, then disable this setting. + +- **Allow search and Cortana to use location** + - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location` + - **MDM policy CSP**: [Search/AllowSearchToUseLocation](/windows/client-management/mdm/policy-csp-search#search-allowsearchtouselocation) + - **Description**: Specifies whether Cortana can use your current location during searches and for location reminders. In **Windows 10, version 2004 and later**, Cortana still works if this setting is turned off (disabled). Cortana in Windows 10, versions 2004 and later, or Windows 11, don't use the Location service. + +- **Don't search the web or display web results** + - **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results` + - **MDM policy CSP**: [Search/DoNotUseWebResults](/windows/client-management/mdm/policy-csp-search#search-donotusewebresults) + - **Description**: Specifies if search can do queries on the web, and if the web results are shown in search. + - **Windows 10 Pro edition**: This setting can’t be managed. + - **Windows 10 Enterprise edition**: Cortana won't work if this setting is turned off (disabled). + - **Windows 10, version 2004 and later**: This setting no longer impacts Cortana. diff --git a/windows/configuration/cortana-at-work/images/screenshot1.png b/windows/configuration/cortana-at-work/images/screenshot1.png new file mode 100644 index 0000000000..ed62740e92 Binary files /dev/null and b/windows/configuration/cortana-at-work/images/screenshot1.png differ diff --git a/windows/configuration/cortana-at-work/images/screenshot2.png b/windows/configuration/cortana-at-work/images/screenshot2.png new file mode 100644 index 0000000000..fb7995600e Binary files /dev/null and b/windows/configuration/cortana-at-work/images/screenshot2.png differ diff --git a/windows/configuration/lockdown-features-windows-10.md b/windows/configuration/lockdown-features-windows-10.md index ac5d6ad1fd..df13bd302b 100644 --- a/windows/configuration/lockdown-features-windows-10.md +++ b/windows/configuration/lockdown-features-windows-10.md @@ -13,14 +13,13 @@ author: greg-lindsay ms.author: greglin ms.topic: article ms.localizationpriority: medium -ms.date: 07/27/2017 --- # Lockdown features from Windows Embedded 8.1 Industry **Applies to** -- Windows 10 +- Windows 10 Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10. This table maps Windows Embedded Industry 8.1 features to Windows 10 Enterprise features, along with links to documentation. @@ -90,7 +89,7 @@ Many of the lockdown features available in Windows Embedded 8.1 Industry have be
The USB Filter driver has been replaced by MDM and Group Policy settings for blocking the connection of USB devices.
Group Policy: Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions
-MDM policy name may vary depending on your MDM service. In Microsoft Intune, use Allow removable storage or Allow USB connection (Windows 10 Mobile only).
MDM policy name may vary depending on your MDM service. In Microsoft Intune, use Removable storage.
Assigned Access: launch a UWP app on sign-in and lock access to system
| App | -Product ID | -AUMID | -
|---|---|---|
| Alarms and clock | -44F7D2B4-553D-4BEC-A8B7-634CE897ED5F | -Microsoft.WindowsAlarms_8wekyb3d8bbwe!App | -
| Calculator | -B58171C6-C70C-4266-A2E8-8F9C994F4456 | -Microsoft.WindowsCalculator_8wekyb3d8bbwe!App | -
| Camera | -F0D8FEFD-31CD-43A1-A45A-D0276DB069F1 | -Microsoft.WindowsCamera_8wekyb3d8bbwe!App | -
| Contact Support | -0DB5FCFF-4544-458A-B320-E352DFD9CA2B | -Windows.ContactSupport_cw5n1h2txyewy!App | -
| Cortana | -FD68DCF4-166F-4C55-A4CA-348020F71B94 | -Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI | -
| Excel | -EAD3E7C0-FAE6-4603-8699-6A448138F4DC | -Microsoft.Office.Excel_8wekyb3d8bbwe!microsoft.excel | -
| 82A23635-5BD9-DF11-A844-00237DE2DB9E | -Microsoft.MSFacebook_8wekyb3d8bbwe!x82a236355bd9df11a84400237de2db9e | -|
| File Explorer | -C5E2524A-EA46-4F67-841F-6A9465D9D515 | -c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy!App | -
| FM Radio | -F725010E-455D-4C09-AC48-BCDEF0D4B626 | -N/A | -
| Get Started | -B3726308-3D74-4A14-A84C-867C8C735C3C | -Microsoft.Getstarted_8wekyb3d8bbwe!App | -
| Groove Music | -D2B6A184-DA39-4C9A-9E0A-8B589B03DEC0 | -Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic | -
| Maps | -ED27A07E-AF57-416B-BC0C-2596B622EF7D | -Microsoft.WindowsMaps_8wekyb3d8bbwe!App | -
| Messaging | -27E26F40-E031-48A6-B130-D1F20388991A | -Microsoft.Messaging_8wekyb3d8bbwe!x27e26f40ye031y48a6yb130yd1f20388991ax | -
| Microsoft Edge | -395589FB-5884-4709-B9DF-F7D558663FFD | -Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge | -
| Money | -1E0440F1-7ABF-4B9A-863D-177970EEFB5E | -Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance | -
| Movies and TV | -6AFFE59E-0467-4701-851F-7AC026E21665 | -Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo | -
| News | -9C3E8CAD-6702-4842-8F61-B8B33CC9CAF1 | -Microsoft.BingNews_8wekyb3d8bbwe!AppexNews | -
| OneDrive | -AD543082-80EC-45BB-AA02-FFE7F4182BA8 | -Microsoft.MicrosoftSkydrive_8wekyb3d8bbwe!App | -
| OneNote | -CA05B3AB-F157-450C-8C49-A1F127F5E71D | -Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim | -
| Outlook Calendar | -A558FEBA-85D7-4665-B5D8-A2FF9C19799B |
-Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar |
-
| Outlook Mail | -A558FEBA-85D7-4665-B5D8-A2FF9C19799B |
-Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail |
-
| People | -60BE1FB8-3291-4B21-BD39-2221AB166481 | -Microsoft.People_8wekyb3d8bbwe!xb94d6231y84ddy49a8yace3ybc955e769e85x | -
| Phone (dialer) | -F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7 | -Microsoft.CommsPhone_8wekyb3d8bbwe!App | -
| Photos | -FCA55E1B-B9A4-4289-882F-084EF4145005 | -Microsoft.Windows.Photos_8wekyb3d8bbwe!App | -
| Podcasts | -C3215724-B279-4206-8C3E-61D1A9D63ED3 | -Microsoft.MSPodcast_8wekyb3d8bbwe!xc3215724yb279y4206y8c3ey61d1a9d63ed3x | -
| Powerpoint | -B50483C4-8046-4E1B-81BA-590B24935798 | -Microsoft.Office.PowerPoint_8wekyb3d8bbwe!microsoft.pptim | -
| Settings | -2A4E62D8-8809-4787-89F8-69D0F01654FB | -2a4e62d8-8809-4787-89f8-69d0f01654fb_8wekyb3d8bbwe!App | -
| Skype | -C3F8E570-68B3-4D6A-BDBB-C0A3F4360A51 | -Microsoft.SkypeApp_kzf8qxf38zg5c!Skype.AppId | -
| Skype Video | -27E26F40-E031-48A6-B130-D1F20388991A | -Microsoft.Messaging_8wekyb3d8bbwe!App | -
| Sports | -0F4C8C7E-7114-4E1E-A84C-50664DB13B17 | -Microsoft.BingSports_8wekyb3d8bbwe!AppexSports | -
| Storage | -5B04B775-356B-4AA0-AAF8-6491FFEA564D | -N/A | -
| Store | -7D47D89A-7900-47C5-93F2-46EB6D94C159 | -Microsoft.WindowsStore_8wekyb3d8bbwe!App | -
| Voice recorder | -7311B9C5-A4E9-4C74-BC3C-55B06BA95AD0 | -Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe!App | -
| Wallet | -587A4577-7868-4745-A29E-F996203F1462 | -Microsoft.MicrosoftWallet_8wekyb3d8bbwe!App | -
| Weather | -63C2A117-8604-44E7-8CEF-DF10BE3A57C8 | -Microsoft.BingWeather_8wekyb3d8bbwe!App | -
| Windows Feedback | -7604089D-D13F-4A2D-9998-33FC02B63CE3 | -Microsoft.WindowsFeedback_8wekyb3d8bbwe!App | -
| Word | -258F115C-48F4-4ADB-9A68-1387E634459B | -Microsoft.Office.Word_8wekyb3d8bbwe!microsoft.word | -
| Xbox | -B806836F-EEBE-41C9-8669-19E243B81B83 | -Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp | -
  Enter a device name. Optionally, you can enter a product key to upgrade the device from Windows 10 Mobile to Windows 10 Mobile Enterprise. |  |
  Toggle On or Off for wireless network connectivity. If you select On, enter the SSID, network type (Open or WPA2-Personal), and (if WPA2-Personal) the password for the wireless network. |  |
  Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization. The maximum number of devices per user setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. Set an expiration date for the token (maximum is 180 days from the date you get the token). Click Get bulk token. In the Let's get you signed in window, enter an account that has permissions to join a device to Azure AD, and then the password. Click Accept to give Windows Configuration Designer the necessary permissions.Warning: You must run Windows Configuration Designer on Windows 10 to configure Azure Active Directory enrollment using any of the wizards. |  |
  You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device. |  |
The receiving device uses this information to understand information in the Data field. | -| **Data** | Tag data with small header in raw binary format that contains a chunk of the provisioning package to be transferred. | - - - -### NFC provisioning helper - -The NFC provisioning helper device must split the provisioning package raw content into multiple parts and publish these in order. Each part should follow the following format: - -
| Version(1 byte) | Leading (1 byte) | Order(1 byte) | Total(1 byte) | Chunk payload(N bytes) |
| Main menu | -Sub-menu | -Page name | -
|---|---|---|
| System | -- | SettingsPageGroupPCSystem | -
| - | Display | -SettingsPageDisplay | -
| - | Notifications & actions | -SettingsPageAppsNotifications | -
| - | Phone | -SettingsPageCalls | -
| - | Messaging | -SettingsPageMessaging | -
| - | Battery | -SettingsPageBatterySaver | -
| - | Apps for websites | -SettingsPageAppsForWebsites | -
| - | Storage | -SettingsPageStorageSenseStorageOverview | -
| - | Driving mode | -SettingsPageDrivingMode | -
| - | Offline maps | -SettingsPageMaps | -
| - | About | -SettingsPagePCSystemInfo | -
| Devices | -- | SettingsPageGroupDevices | -
| - | Default camera | -SettingsPagePhotos | -
| - | Bluetooth | -SettingsPagePCSystemBluetooth | -
| - | NFC | -SettingsPagePhoneNFC | -
| - | Mouse | -SettingsPageMouseTouchpad | -
| - | USB | -SettingsPageUsb | -
| Network and wireless | -- | SettingsPageGroupNetwork | -
| - | Cellular & SIM | -SettingsPageNetworkCellular | -
| - | Wi-Fi | -SettingsPageNetworkWiFi | -
| - | Airplane mode | -SettingsPageNetworkAirplaneMode | -
| - | Data usage | -SettingsPageDataSenseOverview | -
| - | Mobile hotspot | -SettingsPageNetworkMobileHotspot | -
| - | VPN | -SettingsPageNetworkVPN | -
| Personalization | -- | SettingsPageGroupPersonalization | -
| - | Start | -SettingsPageBackGround | -
| - | Colors | -SettingsPageColors | -
| - | Sounds | -SettingsPageSounds | -
| - | Lock screen | -SettingsPageLockscreen | -
| - | Glance screen | -SettingsPageGlance | -
| - | Navigation bar | -SettingsNagivationBar | -
| Accounts | -- | SettingsPageGroupAccounts | -
| - | Your info | -SettingsPageAccountsPicture | -
| - | Sign-in options | -SettingsPageAccountsSignInOptions | -
| - | Email & app accounts | -SettingsPageAccountsEmailApp | -
| - | Access work or school | -SettingsPageWorkAccess | -
| - | Sync your settings | -SettingsPageAccountsSync | -
| - | Apps corner -(disabled in Assigned Access) |
-SettingsPageAppsCorner | -
| Time & language | -- | SettingsPageGroupTimeRegion | -
| - | Date & time | -SettingsPageTimeRegionDateTime | -
| - | Language | -SettingsPageTimeLanguage | -
| - | Region | -SettingsPageTimeRegion | -
| - | Keyboard | -SettingsPageKeyboard | -
| - | Speech | -SettingsPageSpeech | -
| Ease of access | -- | SettingsPageGroupEaseOfAccess | -
| - | Narrator | -SettingsPageEaseOfAccessNarrator | -
| - | Magnifier | -SettingsPageEaseOfAccessMagnifier | -
| - | High contrast | -SettingsPageEaseOfAccessHighContrast | -
| - | Closed captions | -SettingsPageEaseOfAccessClosedCaptioning | -
| - | More options | -SettingsPageEaseOfAccessMoreOptions | -
| Privacy | -- | SettingsPageGroupPrivacy | -
| - | Location | -SettingsPagePrivacyLocation | -
| - | Camera | -SettingsPagePrivacyWebcam | -
| - | Microphone | -SettingsPagePrivacyMicrophone | -
| - | Motion | -SettingsPagePrivacyMotionData | -
| - | Notifications | -SettingsPagePrivacyNotifications | -
| - | Speech. inking, & typing | -SettingsPagePrivacyPersonalization | -
| - | Account info | -SettingsPagePrivacyAccountInfo | -
| - | Contacts | -SettingsPagePrivacyContacts | -
| - | Calendar | -SettingsPagePrivacyCalendar | -
| - | Phone calls | -SettingsPagePrivacyPhoneCall | -
| - | Call history | -SettingsPagePrivacyCallHistory | -
| - | SettingsPagePrivacyEmail | -|
| - | Messaging | -SettingsPagePrivacyMessaging | -
| - | Radios | -SettingsPagePrivacyRadios | -
| - | Continue App Experiences | -SettingsPagePrivacyCDP | -
| - | Background apps | -SettingsPagePrivacyBackgroundApps | -
| - | Accessory apps | -SettingsPageAccessories | -
| - | Advertising ID | -SettingsPagePrivacyAdvertisingId | -
| - | Other devices | -SettingsPagePrivacyCustomPeripherals | -
| - | Feedback and diagnostics | -SettingsPagePrivacySIUFSettings | -
| Update and security | -- | SettingsPageGroupRestore | -
| - | Phone update | -SettingsPageRestoreMusUpdate | -
| - | Windows Insider Program | -SettingsPageFlights | -
| - | Device encryption | -SettingsPageGroupPCSystemDeviceEncryption | -
| - | Backup | -SettingsPageRestoreOneBackup | -
| - | Find my phone | -SettingsPageFindMyDevice | -
| - | For developers | -SettingsPageSystemDeveloperOptions | -
| OEM | -- | SettingsPageGroupExtensibility | -
| - | Extensibility | -SettingsPageExtensibility | -
Parent:
start:Group | Name (in Windows 10, version 1809 and later only)
Size
Row
Column
LocalizedNameResourcetag | Use to specify a folder of icons; can include [Tile](#start-tile), [SecondaryTile](#start-secondarytile), and [DesktopApplicationTile](#start-desktopapplicationtile). -| start:DesktopApplicationTileParent:AppendGroup | DesktopApplicationIDDesktopApplicationLinkPathSizeRowColumn | Use to specify any of the following:- A Windows desktop application with a known AppUserModelID- An application in a known folder with a link in a legacy Start Menu folder- A Windows desktop application link in a legacy Start Menu folder- A Web link tile with an associated .url file that is in a legacy Start Menu folder | +| start:Folder
Parent:
start:Group | Name (in Windows 10, version 1809 and later only)
Size
Row
Column
LocalizedNameResourcetag | Use to specify a folder of icons; can include [Tile](#start-tile), [SecondaryTile](#start-secondarytile), and [DesktopApplicationTile](#start-desktopapplicationtile). | +| start:DesktopApplicationTileParent:AppendGroup | DesktopApplicationIDDesktopApplicationLinkPathSizeRowColumn | Use to specify any of the following:- A Windows desktop application with a known AppUserModelID- An application in a known folder with a link in a legacy Start Menu folder- A Windows desktop application link in a legacy Start Menu folder- A Web link tile with an associated `.url` file that is in a legacy Start Menu folder | | start:SecondaryTileParent:AppendGroup | AppUserModelIDTileIDArgumentsDisplayNameSquare150x150LogoUriShowNameOnSquare150x150LogoShowNameOnWide310x150LogoWide310x150LogoUriBackgroundColorForegroundTextIsSuggestedAppSizeRowColumn | Use to pin a Web link through a Microsoft Edge secondary tile. Note that AppUserModelID is case-sensitive. | -| TopMFUAppsParent:LayoutModificationTemplate | n/a | Use to add up to 3 default apps to the frequently used apps section in the system area.**Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. | +| TopMFUAppsParent:LayoutModificationTemplate | n/a | Use to add up to three default apps to the frequently used apps section in the system area.**Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. | | TileParent:TopMFUApps | AppUserModelID | Use with the TopMFUApps tags to specify an app with a known AppUserModelID. **Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. | | DesktopApplicationTileParent:TopMFUApps | LinkFilePath | Use with the TopMFUApps tags to specify an app without a known AppUserModelID.**Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. | -| AppendOfficeSuiteParent:LayoutModificationTemplate | n/a | Use to add the in-box installed Office suite to Start. For more information, see [Customize the Office suite of tiles](/windows-hardware/customize/desktop/customize-start-layout#customize-the-office-suite-of-tiles).Do not use this tag with AppendDownloadOfficeTile | +| AppendOfficeSuiteParent:LayoutModificationTemplate | n/a | Use to add the in-box installed Office suite to Start. For more information, see [Customize the Office suite of tiles](/windows-hardware/customize/desktop/customize-start-layout#customize-the-office-suite-of-tiles).Don't use this tag with AppendDownloadOfficeTile. | | AppendDownloadOfficeTileParent:LayoutModificationTemplate | n/a | Use to add a specific **Download Office** tile to a specific location in StartDo not use this tag with AppendOfficeSuite | ### LayoutOptions -New devices running Windows 10 for desktop editions will default to a Start menu with 2 columns of tiles unless boot to tablet mode is enabled. Devices with screens that are under 10" have boot to tablet mode enabled by default. For these devices, users see the full screen Start on the desktop. You can adjust the following features: +New devices running Windows 10 for desktop editions will default to a Start menu with two columns of tiles unless boot to tablet mode is enabled. Devices with screens that are under 10" have boot to tablet mode enabled by default. For these devices, users see the full screen Start on the desktop. You can adjust the following features: - Boot to tablet mode can be set on or off. - Set full screen Start on desktop to on or off. @@ -97,7 +97,7 @@ New devices running Windows 10 for desktop editions will default to a Start menu - Specify the number of columns in the Start menu to 1 or 2. To do this, add the LayoutOptions element in your LayoutModification.xml file and set the StartTileGroupsColumnCount attribute to 1 or 2. -The following example shows how to use the LayoutOptions element to specify full screen Start on the desktop and to use 1 column in the Start menu: +The following example shows how to use the LayoutOptions element to specify full screen Start on the desktop and to use one column in the Start menu: ```XML
The following items might not be available in a future release of Windows client:
- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**
- Command line parameter: [manage-bde -DiscoveryVolumeType](/windows-server/administration/windows-commands/manage-bde-on) (-dv)
- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**
- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files | 21H1 | +| BitLocker To Go Reader | **Note: BitLocker to Go as a feature is still supported.**
Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows 10/11.
The following items might not be available in a future release of Windows client:
- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**
- Command line parameter: [manage-bde -DiscoveryVolumeType](/windows-server/administration/windows-commands/manage-bde-on) (-dv)
- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**
- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files | 21H1 | | Internet Explorer (IE) 11 | The IE11 desktop application will end support for certain operating systems starting June 15, 2022. For more information, see [Internet Explorer 11](/lifecycle/products/internet-explorer-11). | 21H1 | | Personalization roaming | Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. | 21H1 | | Windows Management Instrumentation Command line (WMIC) tool. | The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 semi-annual channel release of Windows Server. This tool is superseded by [Windows PowerShell for WMI](/powershell/scripting/learn/ps101/07-working-with-wmi). Note: This deprecation only applies to the [command-line management tool](/windows/win32/wmisdk/wmic). WMI itself is not affected. | 21H1 | diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md index b842f08ba3..a790a1e83a 100644 --- a/windows/deployment/planning/windows-10-removed-features.md +++ b/windows/deployment/planning/windows-10-removed-features.md @@ -64,7 +64,6 @@ The following features and functionalities have been removed from the installed |TCP Offload Engine | Removing this legacy code. This functionality was previously transitioned to the Stack TCP Engine. For more information, see [Why Are We Deprecating Network Performance Features?](https://blogs.technet.microsoft.com/askpfeplat/2017/06/13/why-are-we-deprecating-network-performance-features-kb4014193)| 1709 | |Tile Data Layer |To be replaced by the Tile Store.| 1709 | |Resilient File System (ReFS) (added: August 17, 2017)| Creation ability will be available in the following editions only: Windows 10 Enterprise and Windows 10 Pro for Workstations. Creation ability will be removed from all other editions. All other editions will have Read and Write ability. | 1709 | -|Apps Corner| This Windows 10 mobile application is removed in the version 1703 release. | 1703 | |By default, Flash autorun in Edge is turned off. | Use the Click-to-Run (C2R) option instead. (This setting can be changed by the user.) | 1703 | |Interactive Service Detection Service| See [Interactive Services](/windows/win32/services/interactive-services) for guidance on how to keep software up to date. | 1703 | |Microsoft Paint | This application will not be available for languages that are not on the [full localization list](https://www.microsoft.com/windows/windows-10-specifications#Windows-10-localization). | 1703 | diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md index 546749d1dd..67aa39dd4e 100644 --- a/windows/deployment/update/deployment-service-overview.md +++ b/windows/deployment/update/deployment-service-overview.md @@ -29,6 +29,7 @@ The deployment service is designed for IT Pros who are looking for more control - You can stage deployments over a period of days or weeks by using rich expressions (for example, deploy 20H2 to 500 devices per day, beginning on March 14, 2021). - You can bypass pre-configured Windows Update for Business policies to immediately deploy a security update across your organization when emergencies arise. - You can benefit from deployments with automatic piloting tailored to your unique device population to ensure coverage of hardware and software in your organization. +- You can use safeguards against likely update issues that have been identified by Microsoft machine-learning algorithms and automatically hold the deployment for any affected devices. The service is privacy focused and backed by leading industry compliance certifications. @@ -52,7 +53,6 @@ Using the deployment service typically follows a common pattern: 2. The chosen tool conveys your approval, scheduling, and device selection information to the deployment service. 3. The deployment service processes the content approval and compares it with previously approved content. Final update applicability is determined and conveyed to Windows Update, which then offers approved content to devices on their next check for updates. - The deployment service exposes these capabilities through Microsoft [Graph REST APIs](/graph/overview). You can call the APIs directly, through a Graph SDK, or integrate them with a management tool such as Microsoft Endpoint Manager. ## Prerequisites @@ -74,7 +74,6 @@ Additionally, your organization must have one of the following subscriptions: - Windows Virtual Desktop Access E3 or E5 - Microsoft 365 Business Premium - ## Getting started To use the deployment service, you use a management tool built on the platform, script common actions using PowerShell, or build your own application. @@ -87,7 +86,6 @@ Microsoft Endpoint Manager integrates with the deployment service to provide Win The Microsoft Graph SDK includes a PowerShell extension that you can use to script and automate common update actions. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/graph/powershell/get-started). - ### Building your own application Microsoft Graph makes deployment service APIs available through. Get started with these learning paths: @@ -113,14 +111,19 @@ This built-in piloting capability complements your existing ring structure and p You should continue to use deployment rings as part of the servicing strategy for your organization, but use gradual rollouts to add scheduling convenience and additional protections within each ring. +### Safeguard holds against likely and known issues + +Microsoft uses [safeguard holds](/windows/deployment/update/safeguard-holds) to protect devices from encountering known quality or compatibility issues by preventing them from installing the update or upgrade. For Windows 11 deployments, the deployment service extends these safeguard holds to also protect devices that Microsoft identifies as being at a higher risk of experiencing problems after an update (such as operating system rollbacks, app crashes, or graphics issues). The service temporarily holds the deployment for these devices while Microsoft investigates the likely issue. Safeguard holds apply to deployments by default, but you can opt out. + +To verify whether a device is affected by a safeguard hold, see [Am I affected by a safeguard hold?](/windows/deployment/update/safeguard-holds#am-i-affected-by-a-safeguard-hold) + ### Monitoring deployments to detect rollback issues During deployments of Windows 11 or Windows 10 feature updates, driver combinations can sometimes result in an unexpected update failure that makes the device revert to the previously installed operating system version. The deployment service can monitor devices for such issues and automatically pause deployments when this happens, giving you time to detect and mitigate issues. - ### How to enable deployment protections -Deployment scheduling controls are always available, but to take advantage of the unique deployment protections tailored to your organization, devices must share diagnostic data with Microsoft. +Deployment scheduling controls are always available, but to take advantage of the unique deployment protections tailored to your population, devices must share diagnostic data with Microsoft. #### Device prerequisites diff --git a/windows/deployment/update/images/uc-workspace-safeguard-holds-device-view.png b/windows/deployment/update/images/uc-workspace-safeguard-holds-device-view.png new file mode 100644 index 0000000000..4f11e64555 Binary files /dev/null and b/windows/deployment/update/images/uc-workspace-safeguard-holds-device-view.png differ diff --git a/windows/deployment/update/images/uc-workspace-safeguard-holds-safeguard-hold-view.png b/windows/deployment/update/images/uc-workspace-safeguard-holds-safeguard-hold-view.png new file mode 100644 index 0000000000..b4c348b964 Binary files /dev/null and b/windows/deployment/update/images/uc-workspace-safeguard-holds-safeguard-hold-view.png differ diff --git a/windows/deployment/update/safeguard-holds.md b/windows/deployment/update/safeguard-holds.md index eb28dce097..0bb65fedd7 100644 --- a/windows/deployment/update/safeguard-holds.md +++ b/windows/deployment/update/safeguard-holds.md @@ -17,27 +17,27 @@ ms.topic: article - Windows 10 - Windows 11 -Microsoft uses quality and compatibility data to identify issues that might cause a Windows client feature update to fail or roll back. When we find such an issue, we might apply holds to the updating service to prevent affected devices from installing the update in order to safeguard them from these experiences. We also use holds when a customer, a partner, or Microsoft internal validation finds an issue that would cause severe impact (for example, rollback of the update, data loss, loss of connectivity, or loss of key functionality) and when a workaround is not immediately available. +Microsoft uses quality and compatibility data to identify issues that might cause a Windows client feature update to fail or roll back. When we find such an issue, we might apply safeguard holds to the updating service to prevent affected devices from installing the update in order to safeguard them from these experiences. We also use safeguard holds when a customer, a partner, or Microsoft internal validation finds an issue that would cause severe impact (for example, rollback of the update, data loss, loss of connectivity, or loss of key functionality) and when a workaround is not immediately available. Safeguard holds prevent a device with a known issue from being offered a new operating system version. We renew the offering once a fix is found and verified. We use holds to ensure customers have a successful experience as their device moves to a new version of Windows client. -The lifespan of holds varies depending on the time required to investigate and fix an issue. During this time Microsoft works diligently to procure, develop, and validate a fix and then offer it to affected devices. We monitor quality and compatibility data to confirm that a fix is complete before releasing the hold. Once we release the hold, Windows Update will resume offering new operating system versions to devices. +The lifespan of safeguard holds varies depending on the time required to investigate and fix an issue. During this time, Microsoft works diligently to procure, develop, and validate a fix and then offer it to affected devices. We monitor quality and compatibility data to confirm that a fix is complete before releasing the safeguard hold. Once we release the safeguard hold, Windows Update will resume offering new operating system versions to devices. -Safeguard holds only affect devices that use the Window Update service for updates. We encourage IT admins who manage updates to devices through other channels (such as media installations or updates coming from Windows Server Update Services) to remain aware of known issues that might also be present in their environments. +Safeguard holds only affect devices that use the Windows Update service for updates. We encourage IT admins who manage updates to devices through other channels (such as media installations or updates coming from Windows Server Update Services) to remain aware of known issues that might also be present in their environments. +IT admins managing updates using the [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview) also benefit from safeguard holds on devices that are likely to be affected by an issue. To learn more, see [Safeguard holds against likely and known issues](/windows/deployment/update/deployment-service-overview#safeguard-holds-against-likely-and-known-issues). ## Am I affected by a safeguard hold? -IT admins can use [Update Compliance](update-compliance-feature-update-status.md#safeguard-holds) to monitor various update health metrics for devices in their organization, including ones affected by a safeguard hold that prevents them from updating to a newer operating system version. +IT admins can use [Update Compliance](update-compliance-monitor.md) to monitor various update health metrics for devices in their organization. Update Compliance provides a [Safeguard Holds report](/windows/deployment/update/update-compliance-safeguard-holds), as well as [queries in the Feature Update Status report](/windows/deployment/update/update-compliance-feature-update-status), to provide you insight into the safeguard holds that are preventing devices from updating or upgrading. -Queries identify Safeguard IDs for each affected device, giving IT admins a detailed view into the various protections extended to devices. Safeguard IDs for publicly discussed known issues are also included in the [Windows release health](/windows/release-health/) dashboard, where you can easily find information related to publicly available safeguards. +The Update Compliance reports identify safeguard holds by their 8-digit identifiers. For safeguard holds associated with publicly discussed known issues, you can find additional details about the issue on the [Windows release health](/windows/release-health/) dashboard by searching for the safeguard hold ID on the **Known issues** page for the relevant release. On devices that use Windows Update (but not Windows Update for Business), the **Windows Update** page in the Settings app displays a message stating that an update is on its way, but not ready for the device. Instead of the option to download and install the update, users will see this message: -  -If you see this message, it means one or more holds affect your device. When the issue is fixed and the update is safe to install, we’ll release the hold and the update can resume safely. +This message means that the device is protected by one or more safeguard holds. When the issue is resolved and the update is safe to install, we will release the safeguard hold and the update can resume safely. ## What can I do? @@ -46,4 +46,4 @@ We recommend that you do not attempt to manually update until issues have been r > [!CAUTION] > Opting out of a safeguard hold can put devices at risk from known performance issues. We strongly recommend that you complete robust testing to ensure the impact is acceptable before opting out. -With that in mind, IT admins who stay informed with [Update Compliance](update-compliance-feature-update-status.md#safeguard-holds) and the [Windows release health](/windows/release-health/) dashboard can choose to temporarily [opt-out of the protection of all safeguard holds](safeguard-opt-out.md) and allow an update to proceed. We recommend opting out only in an IT environment and for validation purposes. If you do opt out of a hold, this condition is temporary. Once an update is complete, the protection of safeguard holds is reinstated automatically. \ No newline at end of file +With that in mind, IT admins who stay informed with [Update Compliance](update-compliance-feature-update-status.md#safeguard-holds) and the [Windows release health](/windows/release-health/) dashboard can choose to temporarily [opt-out of the protection of all safeguard holds](safeguard-opt-out.md) and allow an update to proceed. We recommend opting out only in an IT environment and for validation purposes. If you do opt out of a hold, this condition is temporary. Once an update is complete, the protection of safeguard holds is reinstated automatically. diff --git a/windows/deployment/update/update-compliance-feature-update-status.md b/windows/deployment/update/update-compliance-feature-update-status.md index 9b3662595f..9613aaa41e 100644 --- a/windows/deployment/update/update-compliance-feature-update-status.md +++ b/windows/deployment/update/update-compliance-feature-update-status.md @@ -43,16 +43,21 @@ Refer to the following list for what each state means: ## Safeguard holds -Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *safeguard hold* is generated to delay the device's upgrade and protect the end-user experience. Holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all safeguard holds on the Windows client release information pages for any given release. +Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *safeguard hold* is generated to delay the device's upgrade and protect the end-user experience. Safeguard holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all safeguard holds on the Windows client release information pages for any given release. -## Queries for safeguard holds +### Queries for safeguard holds -Update Compliance reporting offers two queries to help you retrieve data related to safeguard holds. The first query shows the device data for all devices that are affected by safeguard holds. The second query shows data specific to devices running the target build. +> [!TIP] +> For a new Update Compliance report with additional information on safeguard holds, try the [Safeguard Holds report](/windows/deployment/update/update-compliance-safeguard-holds). + +The Feature Update Status report offers two queries to help you retrieve data related to safeguard holds. These queries show data for devices that are configured to send diagnostic data at the *Optional* level (previously *Full*). For Windows 10 devices, devices configured to send diagnostic data at *Enhanced* level are also included. + +The first query shows the device data for all devices that are affected by safeguard holds. The second query shows data specific to devices running the target build.  -Update Compliance reporting will display the Safeguard IDs for known issues affecting a device in the **DeploymentErrorCode** column. Safeguard IDs for publicly discussed known issues are also included in the Windows Release Health dashboard, where you can easily find information related to publicly available safeguards. +Update Compliance reporting will display the safeguard hold IDs for known issues affecting a device in the **DeploymentErrorCode** column. Safeguard hold IDs for publicly discussed known issues are also included in the Windows Release Health dashboard, where you can easily find information related to publicly available safeguards. -### Opt out of safeguard hold +### Opt out of safeguard holds -You can [opt out of safeguard protections](safeguard-opt-out.md) by using the **Disable safeguards for Feature Updates** Group Policy. This policy is available to Windows Update for Business devices running Windows 10, version 1809 or later that have installed the October 2020 security update. +You can [opt out of safeguard holds](safeguard-opt-out.md) protecting against known issues by using the **Disable safeguards for Feature Updates** Group Policy. This policy is available to Windows Update for Business devices running Windows 10, version 1809 or later that have installed the October 2020 security update. diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index bb55b0dff1..db61a26720 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -23,7 +23,9 @@ ms.topic: article - Windows 11 > [!IMPORTANT] -> **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM. +> **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM. +> +> Devices must have this policy configured by January 31, 2022, to remain enrolled in Update Compliance. Devices without this policy configured, including Windows 10 releases prior to version 1809 which do not support this policy, will stop appearing in Update Compliance reports after this date. This topic introduces the high-level steps required to enroll to the Update Compliance solution and configure devices to send data to it. The following steps cover the enrollment and device configuration workflow. @@ -42,7 +44,7 @@ Before you begin the process to add Update Compliance to your Azure subscription - **Compatible operating systems and editions**: Update Compliance works only with Windows 10 or Windows 11 Professional, Education, and Enterprise editions. Update Compliance supports both the typical Windows 10 or Windows 11 Enterprise edition, as well as [Windows 10 Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq). Update Compliance only provides data for the standard Desktop Windows client version and is not currently compatible with Windows Server, Surface Hub, IoT, or other versions. - **Compatible Windows client servicing channels**: Update Compliance supports Windows client devices on the General Availability Channel and the Long-term Servicing Channel (LTSC). Update Compliance *counts* Windows Insider Preview devices, but does not currently provide detailed deployment insights for them. -- **Diagnostic data requirements**: Update Compliance requires devices be configured to send diagnostic data at *Required* level (previously *Basic*). To learn more about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows 10](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy). +- **Diagnostic data requirements**: Update Compliance requires devices to send diagnostic data at *Required* level (previously *Basic*). Some queries in Update Compliance require devices to send diagnostic data at *Optional* level (previously *Full*) for Windows 11 devices or *Enhanced* level for Windows 10 devices. To learn more about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows](https://support.microsoft.com/windows/diagnostics-feedback-and-privacy-in-windows-28808a2b-a31b-dd73-dcd3-4559a5199319). - **Data transmission requirements**: Devices must be able to contact specific endpoints required to authenticate and send diagnostic data. These are enumerated in detail at [Configuring Devices for Update Compliance manually](update-compliance-configuration-manual.md). - **Showing device names in Update Compliance**: For Windows 10, version 1803 or later, device names will not appear in Update Compliance unless you individually opt-in devices by using policy. The steps to accomplish this is outlined in [Configuring Devices for Update Compliance](update-compliance-configuration-manual.md). diff --git a/windows/deployment/update/update-compliance-safeguard-holds.md b/windows/deployment/update/update-compliance-safeguard-holds.md new file mode 100644 index 0000000000..a46fbed232 --- /dev/null +++ b/windows/deployment/update/update-compliance-safeguard-holds.md @@ -0,0 +1,61 @@ +--- +title: Update Compliance - Safeguard Holds report +ms.reviewer: +manager: laurawi +description: Learn how the Safeguard Holds report provides information about safeguard holds in your population. +ms.prod: w10 +ms.mktglfcycl: deploy +ms.pagetype: deploy +audience: itpro +itproauthor: jaimeo +author: jaimeo +ms.author: jaimeo +ms.collection: M365-analytics +ms.topic: article +ms.custom: seo-marvel-apr2020 +--- + +# Safeguard Holds + +**Applies to** + +- Windows 10 +- Windows 11 + +The Safeguard Holds report provides information about devices in your population that are affected by a [safeguard hold](/windows/deployment/update/safeguard-holds). + +Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *safeguard hold* is generated to delay the device's upgrade and protect the end-user experience. Safeguard holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all safeguard holds on the Windows client release information pages for any given release. + +Update Compliance provides two views into the safeguard holds that apply to devices in your population. The report shows data for devices that are configured to send diagnostic data at the *Optional* level (previously *Full*). For Windows 10 devices, devices configured to send diagnostic data at *Enhanced* level are also included. + +The safeguard hold report can be found in a different location from the other Update Compliance reports. To access the safeguard hold report, follow the instructions below. + +1. Navigate to your Log Analytics workspace to which Update Compliance is deployed. +2. In the left-hand menu, select **Solutions**. +3. Select the solution named **WaaSUpdateInsights(\
There is no equivalent MDM policy setting for Windows 10 Mobile. | +| No auto-restart with logged on users for scheduled automatic updates installations |  | Use this policy to prevent automatic restart when a user is logged on. This policy applies only when the **Configure Automatic Updates** policy is configured to perform scheduled installations of updates. | | Re-prompt for restart with scheduled installations |  | | | Delay Restart for scheduled installations |  | | | Reschedule Automatic Updates scheduled installations |  | | diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md index ac67414ec6..fc07839d42 100644 --- a/windows/deployment/update/windows-update-errors.md +++ b/windows/deployment/update/windows-update-errors.md @@ -173,7 +173,7 @@ The following table provides information about common errors you might run into | Message | Description | Mitigation | |---------|-------------|------------| -| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt and run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALT*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. | +| ERROR_SXS_ASSEMBLY_MISSING; The referenced assembly could not be found. | Typically, a component store corruption caused when a component is in a partially installed state. | Repair the component store with **Dism RestoreHealth command** or manually repair it with the payload from the partially installed component. From an elevated command prompt, run these commands:
*DISM /ONLINE /CLEANUP-IMAGE /SCANHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /CHECKHEALTH*
*DISM /ONLINE /CLEANUP-IMAGE /RESTOREHEALTH*
*Sfc /Scannow*
Restart the device. | ## 0x8007371b diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md new file mode 100644 index 0000000000..5ad54e7a9e --- /dev/null +++ b/windows/privacy/essential-services-and-connected-experiences.md @@ -0,0 +1,122 @@ +--- +title: Essential services and connected experiences for Windows +description: Explains what the essential services and connected experiences are for Windows +keywords: privacy, manage connections to Microsoft +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.localizationpriority: high +audience: ITPro +author: siosulli +ms.author: dansimp +manager: dansimp +ms.date: +--- + +# Essential services and connected experiences for Windows + +**Applies to** + +- Windows 11 +- Windows 10, version 1903 and later + +Windows includes features that connect to the internet to provide enhanced experiences and additional service-based capabilities. These features are called connected experiences. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure. + +When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. This data is crucial because this information enables us to deliver these cloud-based connected experiences. We refer to this data as required service data. Required service data can include information related to the operation of the connected experience that is needed to keep the underlying service secure, up to date, and performing as expected. Required service data can also include information needed by a connected experience to perform its task, such as configuration information about Windows. + +The connected experiences you choose to use in Windows will impact what required service data is sent to us. + +Required service data is also collected and sent to Microsoft for essential services. Essential services are used to keep the product **secure, up to date, performing as expected** or are **integral** to how the product works. For example, the licensing service that confirms that you’re properly licensed to use Windows. + +Although enterprise admins can turn off most essential services, we recommend, where applicable, you consider hosting the services on-premises and carefully assess the impact of turning off remaining services. The following list describes the essential services and connected experiences that are available to you in Windows and provides links to further information about each one. + +> [!NOTE] +> The information in this article describes the most common connected experiences and essential services. We will continue to update our list of connected experiences over time as Windows evolves. + +## Windows essential services + +| **Essential service** | **Description** | +| --- | --- | +|Authentication|The authentication service is required to enable sign in to work or school accounts. It validates a user’s identity and provides access to multiple apps and system components like OneDrive and activity history. Using a work or school account to sign in to Windows enables Microsoft to provide a consistent experience across your devices. If the authentication service is turned off, many apps and components may lose functionality and users may not be able to sign in.
To turn it off, see [Microsoft Account](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#12-microsoft-account).| +|Certificates|Certificates are digital files, stored on client devices, used to both encrypt data and verify the identity of an individual or organization. Trusted root certificates issued by a certification authority (CA), are stored in a certificate trust list (CTL). The Automatic Root Certificates Update mechanism contacts Windows Updates to update the CTL. If a new version of the CTL is identified, the list of trusted root certificates cached on the local device will be updated. Untrusted certificates are certificates that are publicly known to be fraudulent. Untrusted certificates are also stored in a list on the local device and updated by the Automatic Root Certificates Update mechanism.
If automatic updates are turned off, applications and websites may stop working because they did not receive an updated root certificate that the application uses. Additionally, the list of untrusted certificates will no longer be updated, which increases the attack vector on the device.
To turn it off, see [Automatic Root Certificates Update](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update).| +| Services Configuration | Services Configuration is used by Windows components and apps, such as the telemetry service, to dynamically update their configuration. If you turn off this service, apps using this service may stop working.
To turn it off, see [Services Configuration](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#31-services-configuration).| +| Licensing | Licensing services are used for the activation of Windows, and apps purchased from the Microsoft Store. If you disable the Windows License Manager Service or the Software Protection Platform Service, it may prevent activation of genuine Windows and store applications.
To turn off licensing services, see [License Manager](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#9-license-manager) and [Software Protection Platform](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#19-software-protection-platform).| +| Networking | Networking in Windows provides connectivity to and from your devices to the local intranet and internet. If you turn off networking, Windows devices will lose network connectivity.
To turn off Network Adapters, see [Disable-NetAdapter](/powershell/module/netadapter/disable-netadapter).| +| Device setup | The first time a user sets up a new device, the Windows out-of-box experience (OOBE) guides the user through the steps to accept the license agreement, connect to the internet, sign in to (or sign up for) a Microsoft account, and takes care of other important tasks. Most settings can also be changed after setup is completed.
To customize the initial setup experience, see [Customize Setup](/windows-hardware/customize/desktop/customize-oobe).| +| Diagnostic Data | Microsoft collects diagnostic data including error data about your devices with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behaves in the real world, focus on user priorities, find and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality will not be available to Microsoft.
To turn it off, see [Telemetry Services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics).| +| Update | Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users download apps from the Microsoft Store and keep them up to date. Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats.
Other services like Device metadata retrieval and Font streaming also ensure that the content on your devices is kept up to date.
To turn off updates, see [Windows Update](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update), [Device Metadata Retrieval](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#4-device-metadata-retrieval), and [Font Streaming](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#6-font-streaming).| +| Microsoft Store | Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps.
To turn it off, see [Microsoft Store](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store).| + +## Windows connected experiences + +| **Connected experience** | **Description** | +| --- | --- | +|Activity History|Activity History shows a history of activities a user has performed and can even synchronize activities across multiple devices for the same user. Synchronization across devices only works when a user signs in with the same account.
To turn it off, see [Activity History](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#1822-activity-history). | +|Cloud Clipboard|Cloud Clipboard enables users to copy images and text across all Windows devices when they sign in with the same account. Users can paste from their clipboard history and also pin items.
To turn it off, see [Cloud Clipboard](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#30-cloud-clipboard). | +| Date and Time | The Windows Time service is used to synchronize and maintain the most accurate date and time on your devices. It's installed by default and starts automatically on devices that are part of a domain. It can be started manually on other devices. If this service is stopped, date and time synchronization will be unavailable and any services that explicitly depend on it will fail to start.
To turn it off, see [Date and Time](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#3-date--time). | +| Delivery Optimization | Delivery Optimization is a cloud-managed, peer-to-peer client and a downloader service for Windows updates, upgrades, and applications to an organization's networked devices. Delivery Optimization allows devices to download updates from alternate sources, such as other peers on the network, in addition to Microsoft servers. This helps when you have a limited or unreliable Internet connection and reduces the bandwidth needed to keep all your organization's devices up to date.
If you have Delivery Optimization Peer-to-Peer option turned on, devices on your network may send and receive updates and apps to other devices on your local network, if you choose, or to devices on the Internet. By default, devices running Windows will only use Delivery Optimization to get and receive updates for devices and apps on your local network.
To turn it off, see [Delivery Optimization](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#28-delivery-optimization). | +| Emojis and more | The Emoji and more menu allows users to insert a variety of content like emoji, kaomoji, GIFs, symbols, and clipboard history. This connected experience is new in Windows 11.
To turn it off, see [Emojis availability](/windows/client-management/mdm/policy-csp-textinpu.md#textinput-touchkeyboardemojibuttonavailability). | +| Find My Device | Find My Device is a feature that can help users locate their Windows device if it's lost or stolen. This feature only works if a Microsoft account is used to sign in to the device, the user is an administrator on the device, and when location is turned on for the device. Users can find their device by logging in to [https://account.microsoft.com/devices](https://account.microsoft.com/devices) under the Find My Device tab.
To turn it off, see [Find My Device](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#5-find-my-device). | +| Location services | The device location setting enables certain Windows features such as auto setting the time zone or Find My Device to function properly. When the device location setting is enabled, the Microsoft location service will use a combination of global positioning service (GPS), nearby wireless access points, cell towers, and IP address to determine the device’s location. Depending on the capabilities of the device, its location can be determined with varying degrees of accuracy and may in some cases be determined precisely.
To turn it off, see [Location services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#182-location). | +| Microsoft Defender Antivirus | Microsoft Defender Antivirus provides cloud-delivered protection against new and emerging threats for the devices in your organization. Turning off Microsoft Defender Antivirus will potentially leave your Windows devices in a vulnerable state and more prone to security threats.
To turn it off, see [Microsoft Defender Antivirus](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-defender). | +| Microsoft Defender SmartScreen | Microsoft Defender SmartScreen is a feature of Windows, Internet Explorer, and Microsoft Edge. It helps protect users against phishing or malware websites and applications, and the downloading of potentially malicious files. Turning off Microsoft Defender SmartScreen means you cannot block a website or warn users they may be accessing a malicious site.
To turn it off, see [Microsoft Defender SmartScreen](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#241-microsoft-defender-smartscreen). | +| OneDrive | OneDrive is a cloud storage system that allows you to save your files and photos, and access them from any device, anywhere.
To turn off OneDrive, see [OneDrive](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#16-onedrive). | +| Troubleshooting Service | Windows troubleshooting service will automatically fix critical issues like corrupt settings that keep critical services from running. The service will also make adjustments to work with your hardware, or make other specific changes required for Windows to operate with the hardware, apps, and settings you’ve selected. In addition, it will recommend troubleshooting for other problems that aren’t critical to normal Windows operation but might impact your experience.
To turn it off, see [Troubleshooting service](/windows/client-management/mdm/policy-csp-troubleshooting). | +| Voice Typing | Voice typing (also referred to as Windows dictation in earlier versions of Windows) allows users to write text by speaking by using Microsoft’s online speech recognition technology.
To turn it off, see [Speech recognition](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#186-speech). | +| Windows backup | When settings synchronization is turned on, a user's settings are synced across all Windows devices when they sign in with the same account.
To turn it off, see [Sync your settings](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#21-sync-your-settings). | +| Windows Dashboard Widgets | Windows Dashboard widget is a dynamic view that shows users personalized content like news, weather, their calendar and to-do list, and recent photos. It provides a quick glance view, which allows users to be productive without needing to go to multiple apps or websites. This connected experience is new in Windows 11. | +| Windows Insider Program | The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to builds of Windows. Once you've registered for the program, you can run Insider Preview builds on as many devices as you want, each in the channel of your choice. Learn how to join the Windows Insider program by visiting the program’s [website](https://insider.windows.com/).
To turn it off, see [Windows Insider Program](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#7-insider-preview-builds). | +| Windows Search | Windows Search lets users use the search box on the taskbar to find what they are looking for, whether it’s on their device, in the cloud, or on the web. Windows Search can provide results for items from the device (including apps, settings, and files), the users account (including OneDrive, SharePoint, and other Microsoft services), and the internet.
To turn it off, see [Windows Search](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#2-cortana-and-search). | +| Windows Spotlight | Windows Spotlight displays new background images on the lock screen each day. Additionally, it provides feature suggestions, fun facts, and tips on the lock screen background.
Administrators can turn off Windows Spotlight features to prevent users from using the Windows Spotlight background.
To turn it off, see [Windows Spotlight](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#25-windows-spotlight). | + +## Microsoft Edge essential services and connected experiences + +Windows ships with Microsoft Edge and Internet Explorer on Windows devices. Microsoft Edge is the default browser and is recommended for the best web browsing experience. You can find details on all of Microsoft Edge's connected experiences and essential services [here](/microsoft-edge/privacy-whitepaper). To turn off specific Microsoft Edge feature, see [Microsoft Edge](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#13-microsoft-edge). + +## IE essential services and connected experiences + +Internet Explorer shares many of the Windows essential services listed above. The following table provides more details on the essential services and connected experiences specific to Internet Explorer. + +> [!NOTE] +> Apart from ActiveX Filtering, which is an essential service, all other features listed below are connected experiences. To turn off specific connected experiences, see [Internet Explorer](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#8-internet-explorer). + +| **Connected experience** | **Description** | +| --- | --- | +|ActiveX Filtering|ActiveX controls are small apps that allow websites to provide content such as videos and games, and let users interact with controls like toolbars and stock tickers. However, these apps can sometimes malfunction, and in some cases, they might be used to collect information from user devices, install software without a user's agreement, or be used to control a device remotely without a user's permission. ActiveX Filtering in Internet Explorer prevents sites from installing and using these apps which, can help keep users safer as they browse, but it can also affect the user experience of certain sites as interactive content might not work when ActiveX Filtering is on.
Note: To further enhance security, Internet Explorer also allows you to block out-of-date ActiveX controls. | +|Suggested Sites|Suggested Sites is an online experience that recommends websites, images, or videos a user might be interested in. When Suggested Sites is turned on, a user’s web browsing history is periodically sent to Microsoft.| +| Address Bar and Search suggestions | With search suggestions enabled, users will be offered suggested search terms as they type in the Address Bar. As users type information, it will be sent to the default search provider. | +| Auto-complete feature for web addresses | The auto-complete feature suggests possible matches when users are typing web addresses in the browser address bar. | +| Compatibility logging | This feature is designed for use by developers and IT professionals to determine the compatibility of their websites with Internet Explorer. It is disabled by default and needs to be enabled to start logging Internet Explorer events in the Windows Event Viewer. These events describe failures that might have happened on the site and can include information about specific controls and webpages that failed. | +| Compatibility View | Compatibility View helps make websites designed for older browsers look better when viewed in Internet Explorer. The compatibility view setting allows you to choose whether an employee can fix website display problems they encounter while browsing. | +| Flip ahead | Flip ahead enables users to flip through web content quickly by swiping across the page or by clicking forward. When flip ahead is turned on, web browsing history is periodically sent to Microsoft. If you turn off this setting, users will no longer be able swipe across a screen or click forward to go to the next pre-loaded page of a website. | +| Web Slices | A Web Slice enables users to subscribe to and automatically receive updates to content directly within a web page. Disabling the RSS Feeds setting will turn off background synchronization for feeds and Web Slices. | +| Accelerators | Accelerators are menu options in Internet Explorer that help automate common browser-related tasks. In Internet Explorer, when you right-click selected text, Accelerators appear in the list of available options.
For example, if you select a word, you can use the "Translate with Bing" Accelerator to obtain a translation of that word. | +| Pinning websites to Start | When a user pins a website to the Start menu, it displays as a tile similar to the way apps are displayed. Like Microsoft Store apps, website tiles might display updates if the website has been designed to do so. For example, an online email website might send updates to the tile indicating how many new messages a user has. | + +## Related links + +- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) +- [Connected Experiences in Office](/deployoffice/privacy/connected-experiences.md) +- [Essential Services in Office](/deployoffice/privacy/essential-services.md) + +To view endpoints for Windows Enterprise, see: + +- [Manage connection endpoints for Windows 11](manage-windows-11-endpoints.md) +- [Manage connection endpoints for Windows 10, version 21H1](manage-windows-21H1-endpoints.md) +- [Manage connection endpoints for Windows 10, version 20H2](manage-windows-20h2-endpoints.md) +- [Manage connection endpoints for Windows 10, version 1909](manage-windows-1909-endpoints.md) +- [Manage connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md) +- [Manage connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md) +- [Manage connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md) +- [Manage connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md) + +To view endpoints for non-Enterprise Windows editions, see: + +- [Windows 11 connection endpoints for non-Enterprise editions](windows-11-endpoints-non-enterprise-editions.md) +- [Windows 10, version 21H1, connection endpoints for non-Enterprise editions](windows-endpoints-21H1-non-enterprise-editions.md) +- [Windows 10, version 20H2, connection endpoints for non-Enterprise editions](windows-endpoints-20H2-non-enterprise-editions.md) +- [Windows 10, version 1909, connection endpoints for non-Enterprise editions](windows-endpoints-1909-non-enterprise-editions.md) +- [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md) +- [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md) +- [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md) +- [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md) \ No newline at end of file diff --git a/windows/privacy/toc.yml b/windows/privacy/toc.yml index 96516c4786..25fc676681 100644 --- a/windows/privacy/toc.yml +++ b/windows/privacy/toc.yml @@ -37,12 +37,14 @@ href: windows-diagnostic-data-1703.md - name: Windows 10 diagnostic data events and fields collected through the limit enhanced diagnostic data policy href: enhanced-diagnostic-data-windows-analytics-events-and-fields.md - - name: Manage Windows connection endpoints + - name: Manage Windows connected experiences items: - name: Manage connections from Windows operating system components to Microsoft services href: manage-connections-from-windows-operating-system-components-to-microsoft-services.md - name: Manage connections from Windows operating system components to Microsoft services using MDM href: manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md + - name: Essential services and connected experiences for Windows + href: essential-services-and-connected-experiences.md - name: Connection endpoints for Windows 11 href: manage-windows-11-endpoints.md - name: Connection endpoints for Windows 10, version 21H1 diff --git a/windows/privacy/windows-10-and-privacy-compliance.md b/windows/privacy/windows-10-and-privacy-compliance.md index 33e3f1c9c8..0930e7356b 100644 --- a/windows/privacy/windows-10-and-privacy-compliance.md +++ b/windows/privacy/windows-10-and-privacy-compliance.md @@ -29,13 +29,13 @@ Applies to: At Microsoft, we are committed to data privacy across all our products and services. With this guide, we provide administrators and compliance professionals with data privacy considerations for Windows. -Microsoft collects data through multiple interactions with users of Windows devices. This information can contain personal data that may be used to provide, secure, and improve Windows services. To help users and organizations control the collection of personal data, Windows provides comprehensive transparency features, settings choices, controls, and support for data subject requests, all of which are detailed in this article. +Microsoft collects data through multiple interactions with users of Windows devices. This information can contain personal data that may be used to provide, secure and improve Windows, and to provide connected experiences. To help users and organizations control the collection of personal data, Windows provides comprehensive transparency features, settings choices, controls, and support for data subject requests, all of which are detailed in this article. This information allows administrators and compliance professionals to work together to better manage personal data privacy considerations and related regulations, such as the General Data Protection Regulation (GDPR). ## 1. Windows data collection transparency -Transparency is an important part of the data collection process in Windows. Comprehensive information about the features and processes used to collect data is available to users and administrators directly within Windows, both during and after device set up. +Transparency is an important part of the data collection process in Windows. Comprehensive information about the features and processes used to collect data is available to users and administrators directly within Windows, both during and after device setup. ### 1.1 Device set up experience and support for layered transparency @@ -44,9 +44,9 @@ When setting up a device, a user can configure their privacy settings. Those pri The following table provides an overview of the Windows 10 and Windows 11 privacy settings presented during the device setup experience that involve processing personal data and where to find additional information. > [!NOTE] -> This table is limited to the privacy settings that are most commonly avaialable when setting up a current version of Windows 10 or newer. For the full list of settings that involve data collection, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). +> This table is limited to the privacy settings that are most commonly available when setting up a current version of Windows 10 or newer. For the full list of settings that involve data collection, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). -| Feature/Setting | Description | Supporting Content | Privacy Statement | +| Feature/Setting | Description | Supporting content | Privacy statement | | --- | --- | --- | --- | | Diagnostic Data |
Microsoft uses diagnostic data to keep Windows secure, up to date, troubleshoot problems, and make product improvements. Regardless of what choices you make for diagnostic data collection, the device will be just as secure and will operate normally. This data is collected by Microsoft to quickly identify and address issues affecting its customers.
Diagnostic data is categorized into the following:
- **Required diagnostic data**
Required diagnostic data includes information about your device, its settings, capabilities, and whether it is performing properly, whether a device is ready for an update, and whether there are factors that may impede the ability to receive updates, such as low battery, limited disk space, or connectivity through a paid network. You can find out what is collected with required diagnostic data [here](./required-windows-diagnostic-data-events-and-fields-2004.md). - **Optional diagnostic data**
Optional diagnostic data includes more detailed information about your device and its settings, capabilities, and device health. When you choose to send optional diagnostic data, required diagnostic data will always be included. You can find out the types of optional diagnostic data collected [here](./windows-diagnostic-data.md).
[Configure Windows diagnostic data in your organization](configure-windows-diagnostic-data-in-your-organization.md) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | | Inking & typing | Microsoft collects optional inking and typing diagnostic data to improve the language recognition and suggestion capabilities of apps and services running on Windows. | [Learn more](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy) | [Privacy Statement](https://privacy.microsoft.com/privacystatement#maindiagnosticsmodule) | @@ -71,7 +71,7 @@ Windows provides the ability to manage privacy settings through several differen ### 2.1 Privacy setting options for users -Once a Windows device is set up, a user can manage data collection settings by opening the Settings app in Windows. Administrators can control privacy settings via setting policy on the device (see Section 2.2 below). If this is the case, the user will see an alert that says **Some settings are hidden or managed by your organization** when they navigate to the Settings page. In this case, the user can only change settings in accordance with the policies that the administrator has applied to the device. +Once a Windows device is set up, a user can manage data collection settings by opening the Settings app in Windows. Administrators can control privacy settings via setting policy on the device (see Section 2.2 below). If this is the case, the user will see an alert that says **Some settings are hidden or managed by your organization** when they navigate to the settings page. In this case, the user can only change settings in accordance with the policies that the administrator has applied to the device. ### 2.2 Privacy setting controls for administrators @@ -80,14 +80,14 @@ Administrators can configure and control privacy settings across their organizat The following table provides an overview of the privacy settings discussed earlier in this document with details on how to configure these policies. The table also provides information on what the default value would be for each of these privacy settings if you do not manage the setting by using policy and suppress the Out-of-box Experience (OOBE) during device setup. If you’re interested in minimizing data collection, we also provide the recommended value to set. > [!NOTE] -> This is not a complete list of settings that involve managing data collection or connecting to Microsoft services. For a more detailed list, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). +> This is not a complete list of settings that involve managing data collection or connecting to connected experiences in Windows. For a more detailed list, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). -| Feature/Setting | GP/MDM Documentation | Default State if the Setup experience is suppressed | State to stop/minimize data collection | +| Connected experience /setting | GP/MDM documentation | Default state if the setup experience is suppressed | State to stop/minimize data collection | |---|---|---|---| | [Speech](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-speech) | Group Policy:
**Computer Configuration** > **Control Panel** > **Regional and Language Options** > **Allow users to enable online speech recognition services**
MDM: [Privacy/AllowInputPersonalization](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off | Off | | [Location](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location) | Group Policy:
**Computer Configuration** > **Windows Components** > **App Privacy** > **Let Windows apps access location**
MDM: [Privacy/LetAppsAccessLocation](/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | Off (Windows 10, version 1903 and later and Windows 11) | Off | | [Find my device](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#find-my-device) | Group Policy:
**Computer Configuration** > **Windows Components** > **Find My Device** > **Turn On/Off Find My Device**
MDM: [Experience/AllFindMyDevice](/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice) | Off | Off | -| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md) | Group Policy:
**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry** (or **Allow diagnostic data** in Windows 11 or Windows Server 2022)
MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)
**Note**: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the state to minimize data collection is not recommended. See [Enabling the Windows diagnostic data processor configuration](#238-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration) below for more information. | Required diagnostic data (Windows 10, version 1903 and later and Windows 11)
Server editions:
Enhanced diagnostic data | Security (Off) and block endpoints | +| [Diagnostic Data](configure-windows-diagnostic-data-in-your-organization.md) | Group Policy:
**Computer Configuration** > **Windows Components** > **Data Collection and Preview Builds** > **Allow Telemetry** (or **Allow diagnostic data** in Windows 11 or Windows Server 2022)
MDM: [System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)
**Note**: If you are planning to configure devices, using the Windows diagnostic data processor configuration option, the state to minimize data collection is not recommended. For more information, see [Enabling the Windows diagnostic data processor configuration](#237-diagnostic-data-enabling-the-windows-diagnostic-data-processor-configuration). | Required diagnostic data (Windows 10, version 1903 and later and Windows 11)
Server editions:
Enhanced diagnostic data | Security (Off) and block endpoints | | [Inking and typing diagnostics](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-ink) | Group Policy:
**Computer Configuration** > **Windows Components** > **Text Input** > **Improve inking and typing recognition**
MDM: [TextInput/AllowLinguisticDataCollection](/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Off (Windows 10, version 1809 and later and Windows 11) | Off | | Tailored Experiences | Group Policy:
**User Configuration** > **Windows Components** > **Cloud Content** > **Do not use diagnostic data for tailored experiences**
MDM: [Experience/AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-csp-experience#experience-allowtailoredexperienceswithdiagnosticdata) | Off | Off | | Advertising ID | Group Policy:
**Computer Configuration** > **System** > **User Profile** > **Turn off the advertising Id**
MDM: [Privacy/DisableAdvertisingId](/windows/client-management/mdm/policy-csp-privacy#privacy-disableadvertisingid) | Off | Off | @@ -111,19 +111,19 @@ You can use the following articles to learn more about Autopilot and how to use - [Overview of Windows Autopilot](/windows/deployment/windows-Autopilot/windows-Autopilot) - [Windows Autopilot deployment process](/windows/deployment/windows-Autopilot/deployment-process) -#### _2.3.2 Managing connections from Windows components to Microsoft services_ +#### _2.3.2 Managing Windows connected experiences and essential services_ -Administrators can manage the data sent from their organization to Microsoft by configuring settings associated with the functionality provided by Windows components. +Windows includes features that connect to the internet to provide enhanced experiences and additional service-based capabilities. These features are called connected experiences. For example, Microsoft Defender Antivirus is a connected experience that delivers updated protection to keep the devices in your organization secure. -For more details, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). This topic includes the different methods available on how to configure each setting, the impact to functionality, and which versions of Windows that are applicable. +Essential services are services in the product that connect to Microsoft to keep the product secure, up to date and performing as expected, or are integral to how the product works. For example, the licensing service that confirms that you’re properly licensed to use Windows. -#### _2.3.3 Managing Windows connections_ +[Windows essential services and connected experiences](essential-services-and-connected-experiences.md) provides a list of the most common Windows essential services and connected experiences. -Some Windows components, apps, and related services transfer data to Microsoft network endpoints. An administrator may want to block these endpoints for their organization to meet their specific compliance objectives. +When a connected experience is used, data is sent to and processed by Microsoft to provide that connected experience. Administrators can manage the data sent from their organization to Microsoft by configuring settings that are associated with the functionality provided by Windows connected experiences and essential services. For more information, see [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). This article includes the different methods available to configure each setting, the impact to functionality, and the versions of Windows that are applicable. -The **Manage Windows connection endpoints** section on the left-hand navigation menu provides a list of endpoints for the latest Windows releases, along with descriptions of any functionality that would be impacted by restricting data collection. +The article [Manage connection endpoints for Windows 11 Enterprise](manage-windows-11-endpoints.md) provides a list of endpoints to which data is transferred by Windows connected experiences for the latest Windows release, along with descriptions of any functionality that would be impacted by restricting data collection. -#### _2.3.4 Limited functionality baseline_ +#### _2.3.3 Limited functionality baseline_ An organization may want to minimize the amount of data sent back to Microsoft or shared with Microsoft apps by managing the connections and configuring additional settings on their devices. Similar to [Windows security baselines](/windows/security/threat-protection/windows-security-baselines), Microsoft has released a limited functionality baseline focused on configuring settings to minimize the data sent back to Microsoft. However, the functionality of the device could be impacted by applying these settings. The [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) article provides details on how to apply the baseline, along with the full list of settings covered in the baseline and the functionality that would be impacted. Administrators that don’t want to apply the baseline can still find details on how to configure each setting individually to find the right balance between data sharing and impact to functionality for their organization. @@ -131,15 +131,15 @@ An organization may want to minimize the amount of data sent back to Microsoft o > - We recommend that you fully test any modifications to these settings before deploying them in your organization. > - We also recommend that if you plan to enable the Windows diagnostic data processor configuration, adjust the limited configuration baseline before deploying it to ensure the Windows diagnostic setting is not turned off. -#### _2.3.5 Diagnostic data: Managing notifications for change of level at logon_ +#### _2.3.4 Diagnostic data: Managing notifications for change of level at logon_ Starting with Windows 10, version 1803 and Windows 11, if an administrator modifies the diagnostic data collection setting, users are notified of this change during the initial device sign in. For example, if you configure the device to send optional diagnostic data, users will be notified the next time they sign into the device. You can disable these notifications by using the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Configure telemetry opt-in change notifications** or the MDM policy `ConfigureTelemetryOptInChangeNotification`. -#### _2.3.6 Diagnostic data: Managing end user choice for changing the setting_ +#### _2.3.5 Diagnostic data: Managing end user choice for changing the setting_ -Windows 10, version 1803 and later and Windows 11 allows users to change their diagnostic data level to a lower setting than what their administrator has set. For example, if you have configured the device to send optional diagnostic data, a user can change the setting so that only required diagnostic data is sent by opening the Settings app in Windows. Administrators can restrict a user’s ability to change the setting by enabling the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Configure telemetry opt-in setting user interface** or the MDM policy `ConfigureTelemetryOptInSettingsUx`. +Windows 10, version 1803 and later and Windows 11 allows users to change their diagnostic data level to a lower setting than what their administrator has set. For example, if you have configured the device to send optional diagnostic data, a user can change the setting so that only required diagnostic data is sent by opening the Settings app in Windows and navigating to **Diagnostic & feedback**. Administrators can restrict a user’s ability to change the setting by enabling the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Data Collection and Preview Builds** > **Configure telemetry opt-in setting user interface** or the MDM policy `ConfigureTelemetryOptInSettingsUx`. -#### _2.3.7 Diagnostic data: Managing device-based data delete_ +#### _2.3.6 Diagnostic data: Managing device-based data delete_ Windows 10, version 1809 and later and Windows 11 allow a user to delete diagnostic data collected from their device by opening the Settings app in Windows and navigating to **Diagnostic & feedback** and clicking the **Delete** button under the **Delete diagnostic data** heading. An administrator can also delete diagnostic data for a device using the [Clear-WindowsDiagnosticData](/powershell/module/windowsdiagnosticdata/Clear-WindowsDiagnosticData) PowerShell cmdlet. @@ -148,7 +148,7 @@ An administrator can disable a user’s ability to delete their device’s diagn >[!Note] >If the Windows diagnostic data processor configuration is enabled, the Delete diagnostic data button will be disabled and the powershell cmdlet will not delete data collected under this configuration. IT administrators can instead delete diagnostic data collected by invoking a delete request from the admin portal. -#### _2.3.8 Diagnostic data: Enabling the Windows diagnostic data processor configuration_ +#### _2.3.7 Diagnostic data: Enabling the Windows diagnostic data processor configuration_ **Applies to:** diff --git a/windows/security/identity-protection/access-control/special-identities.md b/windows/security/identity-protection/access-control/special-identities.md index f0c84a4b48..f08c30bd24 100644 --- a/windows/security/identity-protection/access-control/special-identities.md +++ b/windows/security/identity-protection/access-control/special-identities.md @@ -12,7 +12,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article ms.localizationpriority: medium -ms.date: 04/19/2017 +ms.date: 10/12/2021 ms.reviewer: --- @@ -39,7 +39,7 @@ The special identity groups are described in the following tables: - [Anonymous Logon](#anonymous-logon) -- [Authenticated User](#authenticated-users) +- [Authenticated Users](#authenticated-users) - [Batch](#batch) @@ -90,7 +90,7 @@ The special identity groups are described in the following tables: Any user who accesses the system through an anonymous logon has the Anonymous Logon identity. This identity allows anonymous access to resources, such as a web page that is published on corporate servers. The Anonymous Logon group is not a member of the Everyone group by default. -| **Attribute** | **Value** | +| Attribute | Value | | :--: | :--: | | Well-Known SID/RID | S-1-5-7 | |Object Class| Foreign Security Principal| @@ -102,11 +102,11 @@ Any user who accesses the system through an anonymous logon has the Anonymous Lo Any user who accesses the system through a sign-in process has the Authenticated Users identity. This identity allows access to shared resources within the domain, such as files in a shared folder that should be accessible to all the workers in the organization. Membership is controlled by the operating system. -| **Attribute** | **Value** | +| Attribute | Value | | :--: | :--: | | Well-Known SID/RID | S-1-5-11 | |Object Class| Foreign Security Principal| -|Default Location in Active Directory |cn=System,cn=WellKnown Security Principals, cn=Configuration, dc=\
[Add workstations to domain](/windows/device-security/security-policy-settings/add-workstations-to-domain): SeMachineAccountPrivilege
[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege| ## Batch @@ -114,7 +114,7 @@ Any user who accesses the system through a sign-in process has the Authenticated Any user or process that accesses the system as a batch job (or through the batch queue) has the Batch identity. This identity allows batch jobs to run scheduled tasks, such as a nightly cleanup job that deletes temporary files. Membership is controlled by the operating system. -| **Attribute** | **Value** | +| Attribute | Value | | :--: | :--: | | Well-Known SID/RID | S-1-5-3 | |Object Class| Foreign Security Principal| @@ -128,7 +128,7 @@ The person who created the file or the directory is a member of this special ide A placeholder security identifier (SID) is created in an inheritable access control entry (ACE). When the ACE is inherited, the system replaces this SID with the SID for the primary group of the object’s current owner. The primary group is used only by the Portable Operating System Interface for UNIX (POSIX) subsystem. -| **Attribute** | **Value** | +| Attribute | Value | | :--: | :--: | | Well-Known SID/RID | S-1-3-1 | |Object Class| Foreign Security Principal| @@ -140,7 +140,7 @@ A placeholder security identifier (SID) is created in an inheritable access cont The person who created the file or the directory is a member of this special identity group. Windows Server operating systems use this identity to automatically grant access permissions to the creator of a file or directory. A placeholder SID is created in an inheritable ACE. When the ACE is inherited, the system replaces this SID with the SID for the object’s current owner. -| **Attribute** | **Value** | +| Attribute | Value | | :--: | :--: | | Well-Known SID/RID | S-1-3-0 | |Object Class| Foreign Security Principal| @@ -152,29 +152,29 @@ The person who created the file or the directory is a member of this special ide Any user who accesses the system through a dial-up connection has the Dial-Up identity. This identity distinguishes dial-up users from other types of authenticated users. -| **Attribute** | **Value** | +| Attribute | Value | | :--: | :--: | | Well-Known SID/RID | S-1-5-1 | |Object Class| Foreign Security Principal| |Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\
+ Windows Hello for Business works with any third-party federation servers that support the protocols used during the provisioning experience.
| Protocol | Description | | :---: | :--- | @@ -219,5 +223,10 @@ sections: - question: Does Windows Hello for Business work with Mac and Linux clients? answer: | - Windows Hello for Business is a feature of the Windows platform. At this time, Microsoft is not developing clients for other platforms. - \ No newline at end of file + Windows Hello for Business is a feature of Windows 10. At this time, Microsoft is not developing clients for other platforms. However, Microsoft is open to third-parties who are interested in moving these platforms away from passwords. Interested third-parties can get more information by emailing [whfbfeedback@microsoft.com](mailto:whfbfeedback@microsoft.com?subject=collaboration). + Windows Hello for Business is a feature of the Windows platform. At this time, Microsoft is not developing clients for other platforms. + + - question: Does Windows Hello for Business work with Azure Active Directory Domain Services (Azure AD DS) clients? + answer: | + No, Azure AD DS is a separately managed environment in Azure, and hybrid device registration with cloud Azure AD is not available for it via Azure AD Connect. Hence, Windows Hello for Business does not work with Azure AD. + diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index 25b4269de7..29bce3f5dc 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -38,7 +38,7 @@ There are two forms of PIN reset called destructive and non-destructive. Destruc Destructive and non-destructive PIN reset use the same entry points for initiating a PIN reset. If a user has forgotten their PIN, but has an alternate logon method, they can navigate to Sign-in options in Settings and initiate a PIN reset from the PIN options. If they do not have an alternate way to sign into their device, PIN reset can also be initiated from above the lock screen in the PIN credential provider. >[!IMPORTANT] ->For hybrid Azure AD joined devices, users must have corporate network connectivity to domain controllers to reset their PIN. If AD FS is being used for certificate trust or for on-premises only deployments, users must also have corporate network connectivity to federation services to reset their PIN. +>For hybrid Azure AD joined devices, users must have corporate network connectivity to domain controllers to complete destructive PIN reset. If AD FS is being used for certificate trust or for on-premises only deployments, users must also have corporate network connectivity to federation services to reset their PIN. ### Reset PIN from Settings diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index 3660d85201..92c2b72d61 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -22,7 +22,7 @@ ms.date: 1/22/2021 This article lists the infrastructure requirements for the different deployment models for Windows Hello for Business. -## Cloud Only Deployment +## Azure AD Cloud Only Deployment * Windows 10, version 1511 or later, or Windows 11 * Microsoft Azure Account @@ -35,37 +35,42 @@ This article lists the infrastructure requirements for the different deployment The table shows the minimum requirements for each deployment. For key trust in a multi-domain/multi-forest deployment, the following requirements are applicable for each domain/forest that hosts Windows Hello for business components or is involved in the Kerberos referral process. -| Key trustGroup Policy managed | Certificate trustMixed managed | Key trustModern managed | Certificate trustModern managed | +> [!NOTE] +> Windows Hello for Business is introducing a new trust model called cloud trust in early 2022. This trust model will enable deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). More information will be available on Windows Hello for Business cloud trust once it is generally available. + +| Key trust
Group Policy managed | Certificate trust
Mixed managed | Key trust
Modern managed | Certificate trust
Modern managed | | --- | --- | --- | --- | -| Windows 10, version 1511 or later| **Hybrid Azure AD Joined:**
*Minimum:* Windows 10, version 1703
*Best experience:* Windows 10, version 1709 or later (supports synchronous certificate enrollment).**Azure AD Joined:**
Windows 10, version 1511 or later| Windows 10, version 1511 or later | Windows 10, version 1511 or later | +| Windows 10, version 1511 or later| **Hybrid Azure AD Joined:**
*Minimum:* Windows 10, version 1703
*Best experience:* Windows 10, version 1709 or later (supports synchronous certificate enrollment).
**Azure AD Joined:**
Windows 10, version 1511 or later| Windows 10, version 1511 or later | Windows 10, version 1511 or later | | Windows Server 2016 or later Schema | Windows Server 2016 or later Schema | Windows Server 2016 or later Schema | Windows Server 2016 or later Schema | | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level| Windows Server 2008 R2 Domain/Forest functional level |Windows Server 2008 R2 Domain/Forest functional level | | Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | -| N/A | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) (hybrid Azure AD joined clients),
andWindows Server 2012 or later Network Device Enrollment Service (Azure AD joined) | N/A | Windows Server 2012 or later Network Device Enrollment Service | -| Azure MFA tenant, orAD FS w/Azure MFA adapter, orAD FS w/Azure MFA Server adapter, orAD FS w/3rd Party MFA Adapter | Azure MFA tenant, orAD FS w/Azure MFA adapter, orAD FS w/Azure MFA Server adapter, orAD FS w/3rd Party MFA Adapter | Azure MFA tenant, orAD FS w/Azure MFA adapter, orAD FS w/Azure MFA Server adapter, orAD FS w/3rd Party MFA Adapter | Azure MFA tenant, orAD FS w/Azure MFA adapter, orAD FS w/Azure MFA Server adapter, orAD FS w/3rd Party MFA Adapter | +| N/A | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) (hybrid Azure AD joined clients),
and
Windows Server 2012 or later Network Device Enrollment Service (Azure AD joined) | N/A | Windows Server 2012 or later Network Device Enrollment Service | +| Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | | Azure Account | Azure Account | Azure Account | Azure Account | | Azure Active Directory | Azure Active Directory | Azure Active Directory | Azure Active Directory | | Azure AD Connect | Azure AD Connect | Azure AD Connect | Azure AD Connect | | Azure AD Premium, optional | Azure AD Premium, needed for device write-back | Azure AD Premium, optional for automatic MDM enrollment | Azure AD Premium, optional for automatic MDM enrollment | > [!Important] -> 1. Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models. -> **Requirements:** -> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903 -> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903 +> - Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models. > -> 2. On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models. -> **Requirements:** -> Reset from settings - Windows 10, version 1703, Professional -> Reset above lock screen - Windows 10, version 1709, Professional -> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903 +> **Requirements:** +> - Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903 +> - Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903 +> +> - On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models. +> +> **Requirements:** +> - Reset from settings - Windows 10, version 1703, Professional +> - Reset above lock screen - Windows 10, version 1709, Professional +> - Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903 ## On-premises Deployments The table shows the minimum requirements for each deployment. -| Key trust Group Policy managed | Certificate trust Group Policy managed| +| Key trust
Group Policy managed | Certificate trust
Group Policy managed| | --- | --- | | Windows 10, version 1703 or later | Windows 10, version 1703 or later | | Windows Server 2016 Schema | Windows Server 2016 Schema| diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index cd38c11105..33d820a1a7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -70,7 +70,7 @@ In Windows 10, Windows Hello replaces passwords. When the identity provider sup >[!NOTE] >Windows Hello as a convenience sign-in uses regular user name and password authentication, without the user entering the password. - +:::image type="content" alt-text="How authentication works in Windows Hello." source="images/authflow.png" lightbox="images/authflow.png"::: Imagine that someone is looking over your shoulder as you get money from an ATM and sees the PIN that you enter. Having that PIN won't help them access your account because they don't have your ATM card. In the same way, learning your PIN for your device doesn't allow that attacker to access your account because the PIN is local to your specific device and doesn't enable any type of authentication from any other device. @@ -81,12 +81,19 @@ Windows Hello helps protect user identities and user credentials. Because the us ## How Windows Hello for Business works: key points - Windows Hello credentials are based on certificate or asymmetrical key pair. Windows Hello credentials can be bound to the device, and the token that is obtained using the credential is also bound to the device. + - Identity provider (such as Active Directory, Azure AD, or a Microsoft account) validates user identity and maps the Windows Hello public key to a user account during the registration step. + - Keys can be generated in hardware (TPM 1.2 or 2.0 for enterprises, and TPM 2.0 for consumers) or software, based on the policy. + - Authentication is the two-factor authentication with the combination of a key or certificate tied to a device and something that the person knows (a PIN) or something that the person is (biometrics). The Windows Hello gesture does not roam between devices and is not shared with the server. Biometrics templates are stored locally on a device. The PIN is never stored or shared. + - The private key never leaves a device when using TPM. The authenticating server has a public key that is mapped to the user account during the registration process. + - PIN entry and biometric gesture both trigger Windows 10 to use the private key to cryptographically sign data that is sent to the identity provider. The identity provider verifies the user's identity and authenticates the user. + - Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys. All keys are separated by identity providers' domains to help ensure user privacy. + - Certificate private keys can be protected by the Windows Hello container and the Windows Hello gesture. For details, see [How Windows Hello for Business works](hello-how-it-works.md). @@ -97,6 +104,9 @@ Windows Hello for Business can use either keys (hardware or software) or certifi Windows Hello for Business with a key does not support supplied credentials for RDP. RDP does not support authentication with a key or a self signed certificate. RDP with Windows Hello for Business is supported with certificate based deployments as a supplied credential. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](../remote-credential-guard.md). +> [!NOTE] +> Windows Hello for Business is introducing a new trust model called cloud trust in early 2022. This trust model will enable deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). More information will be available on Windows Hello for Business cloud trust once it is generally available. + ## Learn more [Implementing strong user authentication with Windows Hello for Business](https://www.microsoft.com/en-us/itshowcase/implementing-strong-user-authentication-with-windows-hello-for-business) diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 617be85699..8aada054b6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -74,20 +74,22 @@ The hybrid deployment model is for organizations that: - Use applications hosted in Azure Active Directory, and want a single sign-in user experience for both on-premises and Azure Active Directory resources > [!Important] -> Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models. -> **Requirements:** -> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903 -> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903 +> Hybrid deployments support non-destructive PIN reset that works with both the certificate trust and key trust models. +> +> **Requirements:** +> - Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903 +> - Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903 ##### On-premises The on-premises deployment model is for organizations that do not have cloud identities or use applications hosted in Azure Active Directory. > [!Important] -> On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models. -> **Requirements:** -> Reset from settings - Windows 10, version 1703, Professional -> Reset above lock screen - Windows 10, version 1709, Professional -> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903 +> On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models. +> +> **Requirements:** +> - Reset from settings - Windows 10, version 1703, Professional +> - Reset above lock screen - Windows 10, version 1709, Professional +> - Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903 It's fundamentally important to understand which deployment model to use for a successful deployment. Some aspects of the deployment may have already been decided for you based on your current infrastructure. @@ -95,6 +97,9 @@ It's fundamentally important to understand which deployment model to use for a s A deployment's trust type defines how each Windows Hello for Business client authenticates to the on-premises Active Directory. There are two trust types: key trust and certificate trust. +> [!NOTE] +> Windows Hello for Business is introducing a new trust model called cloud trust in early 2022. This trust model will enable deployment of Windows Hello for Business using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). More information will be available on Windows Hello for Business cloud trust once it is generally available. + The key trust type does not require issuing authentication certificates to end users. Users authenticate using a hardware-bound key created during the built-in provisioning experience. This requires an adequate distribution of Windows Server 2016 or later domain controllers relative to your existing authentication and the number of users included in your Windows Hello for Business deployment. Read the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more. The certificate trust type issues authentication certificates to end users. Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience. Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers (but still requires [Windows Server 2016 or later Active Directory schema](./hello-hybrid-cert-trust-prereqs.md#directories)). Users can use their certificate to authenticate to any Windows Server 2008 R2, or later, domain controller. diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md index ad5011e9b9..17d490b6d0 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md +++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md @@ -12,7 +12,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article ms.localizationpriority: medium -ms.date: 09/23/2021 +ms.date: 11/02/2021 ms.reviewer: --- @@ -389,7 +389,7 @@ The registry keys for the smart card KSP are in **HKEY\_LOCAL\_MACHINE\\SYSTEM\\ | **AllowPrivateSignatureKeyImport** | A non-zero value allows RSA signature private keys to be imported for use in key archival scenarios.
Default value: 00000000 | | **DefaultPrivateKeyLenBits** | Defines the default length for private keys, if desired.
Default value: 00000400
Default key generation parameter: 1024-bit keys | | **RequireOnCardPrivateKeyGen** | This key sets the flag that requires on-card private key generation (default). If this value is set, a key generated on a host can be imported into the smart card. This is used for smart cards that don't support on-card key generation or where key escrow is required.
Default value: 00000000 | -| **TransactionTimeoutMilliseconds** | Default timeout values allow you to specify whether transactions that take an excessive amount of time will fail.
Default value: 000005dc1500
The default timeout for holding transactions to the smart card is 1.5 seconds. | +| **TransactionTimeoutMilliseconds** | Default timeout values allow you to specify whether transactions that take an excessive amount of time will fail.
Default value: 000005dc
The default timeout for holding transactions to the smart card is 1.5 seconds. | **Additional registry keys for the smart card KSP** diff --git a/windows/security/security-foundations.md b/windows/security/security-foundations.md index 7ec5414862..0d118520fc 100644 --- a/windows/security/security-foundations.md +++ b/windows/security/security-foundations.md @@ -24,7 +24,7 @@ Use the links in the following table to learn more about the security foundation | Concept | Description | |:---|:---| -| FIBS 140-2 Validation | The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products. Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001.
Learn more about [FIPS 140-2 Validation](threat-protection/fips-140-validation.md). | +| FIPS 140-2 Validation | The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products. Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001.
Learn more about [FIPS 140-2 Validation](threat-protection/fips-140-validation.md). | | Common Criteria Certifications | Microsoft supports the Common Criteria certification program, ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles, and completes Common Criteria certifications of Microsoft Windows products.
Learn more about [Common Criteria Certifications](threat-protection/windows-platform-common-criteria.md). | | Microsoft Security Development Lifecycle | The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. The SDL has played a critical role in embedding security and privacy in software and culture at Microsoft.
Learn more about [Microsoft SDL](threat-protection/msft-security-dev-lifecycle.md).| | Microsoft Bug Bounty Program | If you find a vulnerability in a Microsoft product, service, or device, we want to hear from you! If your vulnerability report affects a product or service that is within scope of one of our bounty programs below, you could receive a bounty award according to the program descriptions.
Learn more about the [Microsoft Bug Bounty Program](https://www.microsoft.com/en-us/msrc/bounty?rtc=1). | diff --git a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md index f45d596295..1cb4f72589 100644 --- a/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Advanced security audit policy settings diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index 92cfb0b820..a3f1fdac56 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -16,7 +16,7 @@ metadata: ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 - ms.technology: mde + ms.technology: windows-sec title: Advanced security auditing FAQ diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing.md b/windows/security/threat-protection/auditing/advanced-security-auditing.md index 2e9d3a84f1..0b3fae0f35 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing.md +++ b/windows/security/threat-protection/auditing/advanced-security-auditing.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/6/2021 -ms.technology: mde +ms.technology: windows-sec --- # Advanced security audit policies diff --git a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md index d092d91f72..fe2879fa16 100644 --- a/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md +++ b/windows/security/threat-protection/auditing/appendix-a-security-monitoring-recommendations-for-many-audit-events.md @@ -11,7 +11,7 @@ ms.date: 09/06/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Appendix A: Security monitoring recommendations for many audit events diff --git a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md index 331e40c490..4deca9cd3b 100644 --- a/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md +++ b/windows/security/threat-protection/auditing/apply-a-basic-audit-policy-on-a-file-or-folder.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Apply a basic audit policy on a file or folder diff --git a/windows/security/threat-protection/auditing/audit-account-lockout.md b/windows/security/threat-protection/auditing/audit-account-lockout.md index 4837398076..2f8d75b174 100644 --- a/windows/security/threat-protection/auditing/audit-account-lockout.md +++ b/windows/security/threat-protection/auditing/audit-account-lockout.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Account Lockout diff --git a/windows/security/threat-protection/auditing/audit-application-generated.md b/windows/security/threat-protection/auditing/audit-application-generated.md index c2f603a680..f778de2af2 100644 --- a/windows/security/threat-protection/auditing/audit-application-generated.md +++ b/windows/security/threat-protection/auditing/audit-application-generated.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Application Generated diff --git a/windows/security/threat-protection/auditing/audit-application-group-management.md b/windows/security/threat-protection/auditing/audit-application-group-management.md index 7fefa5c73c..3cb78ff1b1 100644 --- a/windows/security/threat-protection/auditing/audit-application-group-management.md +++ b/windows/security/threat-protection/auditing/audit-application-group-management.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Application Group Management diff --git a/windows/security/threat-protection/auditing/audit-audit-policy-change.md b/windows/security/threat-protection/auditing/audit-audit-policy-change.md index 3828ec83b4..ae75fb4fef 100644 --- a/windows/security/threat-protection/auditing/audit-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-audit-policy-change.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Audit Policy Change diff --git a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md index 07e3af496b..68c6747f77 100644 --- a/windows/security/threat-protection/auditing/audit-authentication-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authentication-policy-change.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Authentication Policy Change diff --git a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md index 20750fbbe9..03111b60f9 100644 --- a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Authorization Policy Change diff --git a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md index ed8737a5d1..a877583e94 100644 --- a/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md +++ b/windows/security/threat-protection/auditing/audit-central-access-policy-staging.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Central Access Policy Staging diff --git a/windows/security/threat-protection/auditing/audit-certification-services.md b/windows/security/threat-protection/auditing/audit-certification-services.md index 655f1fbbbc..5c5e3cfccd 100644 --- a/windows/security/threat-protection/auditing/audit-certification-services.md +++ b/windows/security/threat-protection/auditing/audit-certification-services.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Certification Services diff --git a/windows/security/threat-protection/auditing/audit-computer-account-management.md b/windows/security/threat-protection/auditing/audit-computer-account-management.md index 1a3c91c1a9..c544d87734 100644 --- a/windows/security/threat-protection/auditing/audit-computer-account-management.md +++ b/windows/security/threat-protection/auditing/audit-computer-account-management.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Computer Account Management diff --git a/windows/security/threat-protection/auditing/audit-credential-validation.md b/windows/security/threat-protection/auditing/audit-credential-validation.md index 4bde8f1ddb..ad726d2c61 100644 --- a/windows/security/threat-protection/auditing/audit-credential-validation.md +++ b/windows/security/threat-protection/auditing/audit-credential-validation.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Credential Validation diff --git a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md index 593eb8718d..9af371fb40 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Detailed Directory Service Replication diff --git a/windows/security/threat-protection/auditing/audit-detailed-file-share.md b/windows/security/threat-protection/auditing/audit-detailed-file-share.md index 92b53125a2..15e15c2540 100644 --- a/windows/security/threat-protection/auditing/audit-detailed-file-share.md +++ b/windows/security/threat-protection/auditing/audit-detailed-file-share.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Detailed File Share diff --git a/windows/security/threat-protection/auditing/audit-directory-service-access.md b/windows/security/threat-protection/auditing/audit-directory-service-access.md index bceb0bc1d1..927eb3b00a 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-access.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Directory Service Access diff --git a/windows/security/threat-protection/auditing/audit-directory-service-changes.md b/windows/security/threat-protection/auditing/audit-directory-service-changes.md index a2290c487c..c012915713 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-changes.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-changes.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Directory Service Changes diff --git a/windows/security/threat-protection/auditing/audit-directory-service-replication.md b/windows/security/threat-protection/auditing/audit-directory-service-replication.md index 8bbcc73020..f745f49759 100644 --- a/windows/security/threat-protection/auditing/audit-directory-service-replication.md +++ b/windows/security/threat-protection/auditing/audit-directory-service-replication.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Directory Service Replication diff --git a/windows/security/threat-protection/auditing/audit-distribution-group-management.md b/windows/security/threat-protection/auditing/audit-distribution-group-management.md index 18f52d6dea..8317bd58a5 100644 --- a/windows/security/threat-protection/auditing/audit-distribution-group-management.md +++ b/windows/security/threat-protection/auditing/audit-distribution-group-management.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Distribution Group Management diff --git a/windows/security/threat-protection/auditing/audit-dpapi-activity.md b/windows/security/threat-protection/auditing/audit-dpapi-activity.md index ce489d62ac..ec0e0c8843 100644 --- a/windows/security/threat-protection/auditing/audit-dpapi-activity.md +++ b/windows/security/threat-protection/auditing/audit-dpapi-activity.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit DPAPI Activity diff --git a/windows/security/threat-protection/auditing/audit-file-share.md b/windows/security/threat-protection/auditing/audit-file-share.md index 97c2332179..7d9f3c613e 100644 --- a/windows/security/threat-protection/auditing/audit-file-share.md +++ b/windows/security/threat-protection/auditing/audit-file-share.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit File Share diff --git a/windows/security/threat-protection/auditing/audit-file-system.md b/windows/security/threat-protection/auditing/audit-file-system.md index 17787cf470..1d2aa49bd8 100644 --- a/windows/security/threat-protection/auditing/audit-file-system.md +++ b/windows/security/threat-protection/auditing/audit-file-system.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit File System diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md index 7e0478f79f..16b00b3889 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-connection.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Filtering Platform Connection diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md index dae76cc66f..40a667e051 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-packet-drop.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Filtering Platform Packet Drop diff --git a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md index 8a77aee208..ffefdd58cb 100644 --- a/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-filtering-platform-policy-change.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Filtering Platform Policy Change diff --git a/windows/security/threat-protection/auditing/audit-group-membership.md b/windows/security/threat-protection/auditing/audit-group-membership.md index 904bc669cb..97bb5b57e1 100644 --- a/windows/security/threat-protection/auditing/audit-group-membership.md +++ b/windows/security/threat-protection/auditing/audit-group-membership.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Group Membership diff --git a/windows/security/threat-protection/auditing/audit-handle-manipulation.md b/windows/security/threat-protection/auditing/audit-handle-manipulation.md index 1003455f12..b64ddae053 100644 --- a/windows/security/threat-protection/auditing/audit-handle-manipulation.md +++ b/windows/security/threat-protection/auditing/audit-handle-manipulation.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Handle Manipulation diff --git a/windows/security/threat-protection/auditing/audit-ipsec-driver.md b/windows/security/threat-protection/auditing/audit-ipsec-driver.md index 108d9f2155..1cdb6f9140 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-driver.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-driver.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit IPsec Driver diff --git a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md index 502f29b57d..7e372d5a0e 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-extended-mode.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit IPsec Extended Mode diff --git a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md index c3f71a182d..675299ef05 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-main-mode.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit IPsec Main Mode diff --git a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md index 0424935c98..982e294c4c 100644 --- a/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md +++ b/windows/security/threat-protection/auditing/audit-ipsec-quick-mode.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit IPsec Quick Mode diff --git a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md index ac184cba5f..c4245be658 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-authentication-service.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Kerberos Authentication Service diff --git a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md index 788a0eccd6..71f4e995c9 100644 --- a/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md +++ b/windows/security/threat-protection/auditing/audit-kerberos-service-ticket-operations.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Kerberos Service Ticket Operations diff --git a/windows/security/threat-protection/auditing/audit-kernel-object.md b/windows/security/threat-protection/auditing/audit-kernel-object.md index f0329f57a4..7262c46dd7 100644 --- a/windows/security/threat-protection/auditing/audit-kernel-object.md +++ b/windows/security/threat-protection/auditing/audit-kernel-object.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Kernel Object diff --git a/windows/security/threat-protection/auditing/audit-logoff.md b/windows/security/threat-protection/auditing/audit-logoff.md index eadeed6ed8..92a4bed8a5 100644 --- a/windows/security/threat-protection/auditing/audit-logoff.md +++ b/windows/security/threat-protection/auditing/audit-logoff.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Logoff diff --git a/windows/security/threat-protection/auditing/audit-logon.md b/windows/security/threat-protection/auditing/audit-logon.md index b6b71c23f6..f3450fc499 100644 --- a/windows/security/threat-protection/auditing/audit-logon.md +++ b/windows/security/threat-protection/auditing/audit-logon.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Logon diff --git a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md index ff61afa77f..aac15f25fa 100644 --- a/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md +++ b/windows/security/threat-protection/auditing/audit-mpssvc-rule-level-policy-change.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit MPSSVC Rule-Level Policy Change diff --git a/windows/security/threat-protection/auditing/audit-network-policy-server.md b/windows/security/threat-protection/auditing/audit-network-policy-server.md index 016e6d53d7..97911ece3f 100644 --- a/windows/security/threat-protection/auditing/audit-network-policy-server.md +++ b/windows/security/threat-protection/auditing/audit-network-policy-server.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Network Policy Server diff --git a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md index 7ef4be2fc3..67ef50a903 100644 --- a/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Non-Sensitive Privilege Use diff --git a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md index 774bedd202..fa4413dbb7 100644 --- a/windows/security/threat-protection/auditing/audit-other-account-logon-events.md +++ b/windows/security/threat-protection/auditing/audit-other-account-logon-events.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Other Account Logon Events diff --git a/windows/security/threat-protection/auditing/audit-other-account-management-events.md b/windows/security/threat-protection/auditing/audit-other-account-management-events.md index bab6689283..dfa2678034 100644 --- a/windows/security/threat-protection/auditing/audit-other-account-management-events.md +++ b/windows/security/threat-protection/auditing/audit-other-account-management-events.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Other Account Management Events diff --git a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md index 032d65589e..9314db237d 100644 --- a/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md +++ b/windows/security/threat-protection/auditing/audit-other-logonlogoff-events.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Other Logon/Logoff Events diff --git a/windows/security/threat-protection/auditing/audit-other-object-access-events.md b/windows/security/threat-protection/auditing/audit-other-object-access-events.md index 1a82bd54e1..9131eff82e 100644 --- a/windows/security/threat-protection/auditing/audit-other-object-access-events.md +++ b/windows/security/threat-protection/auditing/audit-other-object-access-events.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Other Object Access Events diff --git a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md index 61ed449132..9119efbc58 100644 --- a/windows/security/threat-protection/auditing/audit-other-policy-change-events.md +++ b/windows/security/threat-protection/auditing/audit-other-policy-change-events.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Other Policy Change Events diff --git a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md index ed0e6fde50..46f053cae3 100644 --- a/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md +++ b/windows/security/threat-protection/auditing/audit-other-privilege-use-events.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Other Privilege Use Events diff --git a/windows/security/threat-protection/auditing/audit-other-system-events.md b/windows/security/threat-protection/auditing/audit-other-system-events.md index 8762fb22fc..5d7042e1dc 100644 --- a/windows/security/threat-protection/auditing/audit-other-system-events.md +++ b/windows/security/threat-protection/auditing/audit-other-system-events.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Other System Events diff --git a/windows/security/threat-protection/auditing/audit-pnp-activity.md b/windows/security/threat-protection/auditing/audit-pnp-activity.md index 23779f6a95..fa29bfac6d 100644 --- a/windows/security/threat-protection/auditing/audit-pnp-activity.md +++ b/windows/security/threat-protection/auditing/audit-pnp-activity.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit PNP Activity diff --git a/windows/security/threat-protection/auditing/audit-process-creation.md b/windows/security/threat-protection/auditing/audit-process-creation.md index 1e0c857ede..b61b00d478 100644 --- a/windows/security/threat-protection/auditing/audit-process-creation.md +++ b/windows/security/threat-protection/auditing/audit-process-creation.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Process Creation diff --git a/windows/security/threat-protection/auditing/audit-process-termination.md b/windows/security/threat-protection/auditing/audit-process-termination.md index 7206647a67..72e92a74e0 100644 --- a/windows/security/threat-protection/auditing/audit-process-termination.md +++ b/windows/security/threat-protection/auditing/audit-process-termination.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Process Termination diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md index b942488455..3c6407d9f5 100644 --- a/windows/security/threat-protection/auditing/audit-registry.md +++ b/windows/security/threat-protection/auditing/audit-registry.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Registry diff --git a/windows/security/threat-protection/auditing/audit-removable-storage.md b/windows/security/threat-protection/auditing/audit-removable-storage.md index 9a0d27b1c2..1b527f37be 100644 --- a/windows/security/threat-protection/auditing/audit-removable-storage.md +++ b/windows/security/threat-protection/auditing/audit-removable-storage.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Removable Storage diff --git a/windows/security/threat-protection/auditing/audit-rpc-events.md b/windows/security/threat-protection/auditing/audit-rpc-events.md index 6be5c9a222..087ff6ed52 100644 --- a/windows/security/threat-protection/auditing/audit-rpc-events.md +++ b/windows/security/threat-protection/auditing/audit-rpc-events.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit RPC Events diff --git a/windows/security/threat-protection/auditing/audit-sam.md b/windows/security/threat-protection/auditing/audit-sam.md index 020c87b6c0..df74e9eb71 100644 --- a/windows/security/threat-protection/auditing/audit-sam.md +++ b/windows/security/threat-protection/auditing/audit-sam.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit SAM diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md index 045ce6d2cd..db3bc5689b 100644 --- a/windows/security/threat-protection/auditing/audit-security-group-management.md +++ b/windows/security/threat-protection/auditing/audit-security-group-management.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Security Group Management diff --git a/windows/security/threat-protection/auditing/audit-security-state-change.md b/windows/security/threat-protection/auditing/audit-security-state-change.md index 81d52226a4..88a21e9a8b 100644 --- a/windows/security/threat-protection/auditing/audit-security-state-change.md +++ b/windows/security/threat-protection/auditing/audit-security-state-change.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Security State Change diff --git a/windows/security/threat-protection/auditing/audit-security-system-extension.md b/windows/security/threat-protection/auditing/audit-security-system-extension.md index 06a62bc211..057d504bc1 100644 --- a/windows/security/threat-protection/auditing/audit-security-system-extension.md +++ b/windows/security/threat-protection/auditing/audit-security-system-extension.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Security System Extension diff --git a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md index d2929dbc8b..e54927afd1 100644 --- a/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md +++ b/windows/security/threat-protection/auditing/audit-sensitive-privilege-use.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Sensitive Privilege Use diff --git a/windows/security/threat-protection/auditing/audit-special-logon.md b/windows/security/threat-protection/auditing/audit-special-logon.md index a2c7e6fe4c..7cf389f177 100644 --- a/windows/security/threat-protection/auditing/audit-special-logon.md +++ b/windows/security/threat-protection/auditing/audit-special-logon.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit Special Logon diff --git a/windows/security/threat-protection/auditing/audit-system-integrity.md b/windows/security/threat-protection/auditing/audit-system-integrity.md index d88432587a..e4b357fa00 100644 --- a/windows/security/threat-protection/auditing/audit-system-integrity.md +++ b/windows/security/threat-protection/auditing/audit-system-integrity.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit System Integrity diff --git a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md index 51362e65a8..3d85c00f81 100644 --- a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md +++ b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md @@ -6,7 +6,7 @@ author: dansimp ms.author: dansimp ms.pagetype: security ms.prod: m365-security -ms.technology: mde +ms.technology: windows-sec --- # Audit Token Right Adjusted diff --git a/windows/security/threat-protection/auditing/audit-user-account-management.md b/windows/security/threat-protection/auditing/audit-user-account-management.md index 97b551d31a..e958273064 100644 --- a/windows/security/threat-protection/auditing/audit-user-account-management.md +++ b/windows/security/threat-protection/auditing/audit-user-account-management.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit User Account Management diff --git a/windows/security/threat-protection/auditing/audit-user-device-claims.md b/windows/security/threat-protection/auditing/audit-user-device-claims.md index f5b3b71fa8..9b92a3022e 100644 --- a/windows/security/threat-protection/auditing/audit-user-device-claims.md +++ b/windows/security/threat-protection/auditing/audit-user-device-claims.md @@ -12,7 +12,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit User/Device Claims diff --git a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md index 9e83b22f8e..e8f37ef2fc 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-logon-events.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit account logon events diff --git a/windows/security/threat-protection/auditing/basic-audit-account-management.md b/windows/security/threat-protection/auditing/basic-audit-account-management.md index e438366e30..1656e7f0eb 100644 --- a/windows/security/threat-protection/auditing/basic-audit-account-management.md +++ b/windows/security/threat-protection/auditing/basic-audit-account-management.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit account management diff --git a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md index fb18731a64..37ea6c6cb7 100644 --- a/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-directory-service-access.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit directory service access diff --git a/windows/security/threat-protection/auditing/basic-audit-logon-events.md b/windows/security/threat-protection/auditing/basic-audit-logon-events.md index 569a8335dd..01b1068234 100644 --- a/windows/security/threat-protection/auditing/basic-audit-logon-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-logon-events.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit logon events diff --git a/windows/security/threat-protection/auditing/basic-audit-object-access.md b/windows/security/threat-protection/auditing/basic-audit-object-access.md index 3cc432b64b..713700f0c2 100644 --- a/windows/security/threat-protection/auditing/basic-audit-object-access.md +++ b/windows/security/threat-protection/auditing/basic-audit-object-access.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit object access diff --git a/windows/security/threat-protection/auditing/basic-audit-policy-change.md b/windows/security/threat-protection/auditing/basic-audit-policy-change.md index 3e7cc6a8ea..ab4eb9ba52 100644 --- a/windows/security/threat-protection/auditing/basic-audit-policy-change.md +++ b/windows/security/threat-protection/auditing/basic-audit-policy-change.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit policy change diff --git a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md index ff6e5dff98..9949cfab8d 100644 --- a/windows/security/threat-protection/auditing/basic-audit-privilege-use.md +++ b/windows/security/threat-protection/auditing/basic-audit-privilege-use.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit privilege use diff --git a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md index a7f08b9c20..a1234e42c5 100644 --- a/windows/security/threat-protection/auditing/basic-audit-process-tracking.md +++ b/windows/security/threat-protection/auditing/basic-audit-process-tracking.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit process tracking diff --git a/windows/security/threat-protection/auditing/basic-audit-system-events.md b/windows/security/threat-protection/auditing/basic-audit-system-events.md index 4201c2447f..0f97e6acd1 100644 --- a/windows/security/threat-protection/auditing/basic-audit-system-events.md +++ b/windows/security/threat-protection/auditing/basic-audit-system-events.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Audit system events diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policies.md b/windows/security/threat-protection/auditing/basic-security-audit-policies.md index 012b98550f..252459caae 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policies.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policies.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Basic security audit policies diff --git a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md index 0b56e07522..37f8dddc0f 100644 --- a/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md +++ b/windows/security/threat-protection/auditing/basic-security-audit-policy-settings.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 -ms.technology: mde +ms.technology: windows-sec --- # Basic security audit policy settings diff --git a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md index 054ff9b595..45befb2420 100644 --- a/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md +++ b/windows/security/threat-protection/auditing/create-a-basic-audit-policy-settings-for-an-event-category.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/07/2021 -ms.technology: mde +ms.technology: windows-sec --- # Create a basic audit policy for an event category diff --git a/windows/security/threat-protection/auditing/event-1100.md b/windows/security/threat-protection/auditing/event-1100.md index c8ac91b393..1a67e3d958 100644 --- a/windows/security/threat-protection/auditing/event-1100.md +++ b/windows/security/threat-protection/auditing/event-1100.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 1100(S): The event logging service has shut down. diff --git a/windows/security/threat-protection/auditing/event-1102.md b/windows/security/threat-protection/auditing/event-1102.md index 02ac9384e5..51ff35f0c9 100644 --- a/windows/security/threat-protection/auditing/event-1102.md +++ b/windows/security/threat-protection/auditing/event-1102.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 1102(S): The audit log was cleared. diff --git a/windows/security/threat-protection/auditing/event-1104.md b/windows/security/threat-protection/auditing/event-1104.md index 0c5e2917af..53c67d234b 100644 --- a/windows/security/threat-protection/auditing/event-1104.md +++ b/windows/security/threat-protection/auditing/event-1104.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 1104(S): The security log is now full. diff --git a/windows/security/threat-protection/auditing/event-1105.md b/windows/security/threat-protection/auditing/event-1105.md index 1aeaa58c8e..ae939ee4ca 100644 --- a/windows/security/threat-protection/auditing/event-1105.md +++ b/windows/security/threat-protection/auditing/event-1105.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 1105(S): Event log automatic backup diff --git a/windows/security/threat-protection/auditing/event-1108.md b/windows/security/threat-protection/auditing/event-1108.md index 1a7f0cbd1e..7e9e4a1dd4 100644 --- a/windows/security/threat-protection/auditing/event-1108.md +++ b/windows/security/threat-protection/auditing/event-1108.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 1108(S): The event logging service encountered an error while processing an incoming event published from %1. diff --git a/windows/security/threat-protection/auditing/event-4608.md b/windows/security/threat-protection/auditing/event-4608.md index 255036037d..955c45883a 100644 --- a/windows/security/threat-protection/auditing/event-4608.md +++ b/windows/security/threat-protection/auditing/event-4608.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4608(S): Windows is starting up. diff --git a/windows/security/threat-protection/auditing/event-4610.md b/windows/security/threat-protection/auditing/event-4610.md index 2249612819..4248720724 100644 --- a/windows/security/threat-protection/auditing/event-4610.md +++ b/windows/security/threat-protection/auditing/event-4610.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4610(S): An authentication package has been loaded by the Local Security Authority. diff --git a/windows/security/threat-protection/auditing/event-4611.md b/windows/security/threat-protection/auditing/event-4611.md index b4ce0a9d8d..fe6ba0faa7 100644 --- a/windows/security/threat-protection/auditing/event-4611.md +++ b/windows/security/threat-protection/auditing/event-4611.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4611(S): A trusted logon process has been registered with the Local Security Authority. diff --git a/windows/security/threat-protection/auditing/event-4612.md b/windows/security/threat-protection/auditing/event-4612.md index aa8b9ecc61..151c9f9d71 100644 --- a/windows/security/threat-protection/auditing/event-4612.md +++ b/windows/security/threat-protection/auditing/event-4612.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4612(S): Internal resources allocated for the queuing of audit messages have been exhausted, leading to the loss of some audits. diff --git a/windows/security/threat-protection/auditing/event-4614.md b/windows/security/threat-protection/auditing/event-4614.md index 959ef959e9..9b4a55bf5e 100644 --- a/windows/security/threat-protection/auditing/event-4614.md +++ b/windows/security/threat-protection/auditing/event-4614.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4614(S): A notification package has been loaded by the Security Account Manager. diff --git a/windows/security/threat-protection/auditing/event-4615.md b/windows/security/threat-protection/auditing/event-4615.md index 82dbd7d648..ffcc91a1f2 100644 --- a/windows/security/threat-protection/auditing/event-4615.md +++ b/windows/security/threat-protection/auditing/event-4615.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4615(S): Invalid use of LPC port. diff --git a/windows/security/threat-protection/auditing/event-4616.md b/windows/security/threat-protection/auditing/event-4616.md index 2fc4b43b2c..4e13fb8824 100644 --- a/windows/security/threat-protection/auditing/event-4616.md +++ b/windows/security/threat-protection/auditing/event-4616.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4616(S): The system time was changed. diff --git a/windows/security/threat-protection/auditing/event-4618.md b/windows/security/threat-protection/auditing/event-4618.md index baa0727774..f67334d36a 100644 --- a/windows/security/threat-protection/auditing/event-4618.md +++ b/windows/security/threat-protection/auditing/event-4618.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4618(S): A monitored security event pattern has occurred. diff --git a/windows/security/threat-protection/auditing/event-4621.md b/windows/security/threat-protection/auditing/event-4621.md index d3475dbb08..e4188be9df 100644 --- a/windows/security/threat-protection/auditing/event-4621.md +++ b/windows/security/threat-protection/auditing/event-4621.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4621(S): Administrator recovered system from CrashOnAuditFail. diff --git a/windows/security/threat-protection/auditing/event-4622.md b/windows/security/threat-protection/auditing/event-4622.md index 5404c4491b..150ef448af 100644 --- a/windows/security/threat-protection/auditing/event-4622.md +++ b/windows/security/threat-protection/auditing/event-4622.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4622(S): A security package has been loaded by the Local Security Authority. diff --git a/windows/security/threat-protection/auditing/event-4624.md b/windows/security/threat-protection/auditing/event-4624.md index 6a36fda6d7..985c5b0e59 100644 --- a/windows/security/threat-protection/auditing/event-4624.md +++ b/windows/security/threat-protection/auditing/event-4624.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4624(S): An account was successfully logged on. diff --git a/windows/security/threat-protection/auditing/event-4625.md b/windows/security/threat-protection/auditing/event-4625.md index ec92960ecc..380cc917cd 100644 --- a/windows/security/threat-protection/auditing/event-4625.md +++ b/windows/security/threat-protection/auditing/event-4625.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4625(F): An account failed to log on. diff --git a/windows/security/threat-protection/auditing/event-4626.md b/windows/security/threat-protection/auditing/event-4626.md index 1aba2f1f3b..be7bf13b02 100644 --- a/windows/security/threat-protection/auditing/event-4626.md +++ b/windows/security/threat-protection/auditing/event-4626.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4626(S): User/Device claims information. diff --git a/windows/security/threat-protection/auditing/event-4627.md b/windows/security/threat-protection/auditing/event-4627.md index 8ad79efcb2..b484de7d2d 100644 --- a/windows/security/threat-protection/auditing/event-4627.md +++ b/windows/security/threat-protection/auditing/event-4627.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4627(S): Group membership information. diff --git a/windows/security/threat-protection/auditing/event-4634.md b/windows/security/threat-protection/auditing/event-4634.md index 16bf3e049d..71887eccc4 100644 --- a/windows/security/threat-protection/auditing/event-4634.md +++ b/windows/security/threat-protection/auditing/event-4634.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4634(S): An account was logged off. diff --git a/windows/security/threat-protection/auditing/event-4647.md b/windows/security/threat-protection/auditing/event-4647.md index 01428dba45..b30de5ea3f 100644 --- a/windows/security/threat-protection/auditing/event-4647.md +++ b/windows/security/threat-protection/auditing/event-4647.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4647(S): User initiated logoff. diff --git a/windows/security/threat-protection/auditing/event-4648.md b/windows/security/threat-protection/auditing/event-4648.md index 8d81d41573..7f4517f3d0 100644 --- a/windows/security/threat-protection/auditing/event-4648.md +++ b/windows/security/threat-protection/auditing/event-4648.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4648(S): A logon was attempted using explicit credentials. diff --git a/windows/security/threat-protection/auditing/event-4649.md b/windows/security/threat-protection/auditing/event-4649.md index 75f1bf3c96..f3b32117be 100644 --- a/windows/security/threat-protection/auditing/event-4649.md +++ b/windows/security/threat-protection/auditing/event-4649.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4649(S): A replay attack was detected. diff --git a/windows/security/threat-protection/auditing/event-4656.md b/windows/security/threat-protection/auditing/event-4656.md index 7aee847e93..4da92be0ed 100644 --- a/windows/security/threat-protection/auditing/event-4656.md +++ b/windows/security/threat-protection/auditing/event-4656.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4656(S, F): A handle to an object was requested. diff --git a/windows/security/threat-protection/auditing/event-4657.md b/windows/security/threat-protection/auditing/event-4657.md index 39cb4e6052..9e788eb845 100644 --- a/windows/security/threat-protection/auditing/event-4657.md +++ b/windows/security/threat-protection/auditing/event-4657.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4657(S): A registry value was modified. diff --git a/windows/security/threat-protection/auditing/event-4658.md b/windows/security/threat-protection/auditing/event-4658.md index 0acb8a0b2f..8f88502248 100644 --- a/windows/security/threat-protection/auditing/event-4658.md +++ b/windows/security/threat-protection/auditing/event-4658.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4658(S): The handle to an object was closed. diff --git a/windows/security/threat-protection/auditing/event-4660.md b/windows/security/threat-protection/auditing/event-4660.md index 871435d568..0be89f17f1 100644 --- a/windows/security/threat-protection/auditing/event-4660.md +++ b/windows/security/threat-protection/auditing/event-4660.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4660(S): An object was deleted. diff --git a/windows/security/threat-protection/auditing/event-4661.md b/windows/security/threat-protection/auditing/event-4661.md index 77da9a1780..2485aae2b6 100644 --- a/windows/security/threat-protection/auditing/event-4661.md +++ b/windows/security/threat-protection/auditing/event-4661.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4661(S, F): A handle to an object was requested. diff --git a/windows/security/threat-protection/auditing/event-4662.md b/windows/security/threat-protection/auditing/event-4662.md index 7950f49912..5e9f6832a9 100644 --- a/windows/security/threat-protection/auditing/event-4662.md +++ b/windows/security/threat-protection/auditing/event-4662.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4662(S, F): An operation was performed on an object. diff --git a/windows/security/threat-protection/auditing/event-4663.md b/windows/security/threat-protection/auditing/event-4663.md index d85a14bddf..8001bded3b 100644 --- a/windows/security/threat-protection/auditing/event-4663.md +++ b/windows/security/threat-protection/auditing/event-4663.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4663(S): An attempt was made to access an object. diff --git a/windows/security/threat-protection/auditing/event-4664.md b/windows/security/threat-protection/auditing/event-4664.md index 36c3d8aa08..e998b508ce 100644 --- a/windows/security/threat-protection/auditing/event-4664.md +++ b/windows/security/threat-protection/auditing/event-4664.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4664(S): An attempt was made to create a hard link. diff --git a/windows/security/threat-protection/auditing/event-4670.md b/windows/security/threat-protection/auditing/event-4670.md index 0f070cd8f8..059fde7e55 100644 --- a/windows/security/threat-protection/auditing/event-4670.md +++ b/windows/security/threat-protection/auditing/event-4670.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4670(S): Permissions on an object were changed. diff --git a/windows/security/threat-protection/auditing/event-4671.md b/windows/security/threat-protection/auditing/event-4671.md index cc53508b8f..c1374cae22 100644 --- a/windows/security/threat-protection/auditing/event-4671.md +++ b/windows/security/threat-protection/auditing/event-4671.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4671(-): An application attempted to access a blocked ordinal through the TBS. diff --git a/windows/security/threat-protection/auditing/event-4672.md b/windows/security/threat-protection/auditing/event-4672.md index 3e563025ba..af47315a26 100644 --- a/windows/security/threat-protection/auditing/event-4672.md +++ b/windows/security/threat-protection/auditing/event-4672.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4672(S): Special privileges assigned to new logon. diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md index 82e7ac1332..6252059b6d 100644 --- a/windows/security/threat-protection/auditing/event-4673.md +++ b/windows/security/threat-protection/auditing/event-4673.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4673(S, F): A privileged service was called. diff --git a/windows/security/threat-protection/auditing/event-4674.md b/windows/security/threat-protection/auditing/event-4674.md index 7a4b1a3654..9f1b9914da 100644 --- a/windows/security/threat-protection/auditing/event-4674.md +++ b/windows/security/threat-protection/auditing/event-4674.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4674(S, F): An operation was attempted on a privileged object. diff --git a/windows/security/threat-protection/auditing/event-4675.md b/windows/security/threat-protection/auditing/event-4675.md index f2a5d0c97e..47a81b9444 100644 --- a/windows/security/threat-protection/auditing/event-4675.md +++ b/windows/security/threat-protection/auditing/event-4675.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4675(S): SIDs were filtered. diff --git a/windows/security/threat-protection/auditing/event-4688.md b/windows/security/threat-protection/auditing/event-4688.md index 12b9206a7f..fd44f24170 100644 --- a/windows/security/threat-protection/auditing/event-4688.md +++ b/windows/security/threat-protection/auditing/event-4688.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4688(S): A new process has been created. diff --git a/windows/security/threat-protection/auditing/event-4689.md b/windows/security/threat-protection/auditing/event-4689.md index 49ec3f5924..74412386d9 100644 --- a/windows/security/threat-protection/auditing/event-4689.md +++ b/windows/security/threat-protection/auditing/event-4689.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4689(S): A process has exited. diff --git a/windows/security/threat-protection/auditing/event-4690.md b/windows/security/threat-protection/auditing/event-4690.md index 14d2dcb02d..f588b637ce 100644 --- a/windows/security/threat-protection/auditing/event-4690.md +++ b/windows/security/threat-protection/auditing/event-4690.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4690(S): An attempt was made to duplicate a handle to an object. diff --git a/windows/security/threat-protection/auditing/event-4691.md b/windows/security/threat-protection/auditing/event-4691.md index 30a869d7fc..45e0209fc6 100644 --- a/windows/security/threat-protection/auditing/event-4691.md +++ b/windows/security/threat-protection/auditing/event-4691.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4691(S): Indirect access to an object was requested. diff --git a/windows/security/threat-protection/auditing/event-4692.md b/windows/security/threat-protection/auditing/event-4692.md index 7e1e0b5ab9..f68457c377 100644 --- a/windows/security/threat-protection/auditing/event-4692.md +++ b/windows/security/threat-protection/auditing/event-4692.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4692(S, F): Backup of data protection master key was attempted. diff --git a/windows/security/threat-protection/auditing/event-4693.md b/windows/security/threat-protection/auditing/event-4693.md index 1bf4eef838..21e769eae0 100644 --- a/windows/security/threat-protection/auditing/event-4693.md +++ b/windows/security/threat-protection/auditing/event-4693.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4693(S, F): Recovery of data protection master key was attempted. diff --git a/windows/security/threat-protection/auditing/event-4694.md b/windows/security/threat-protection/auditing/event-4694.md index c6e3ca0a8c..1f64dc3491 100644 --- a/windows/security/threat-protection/auditing/event-4694.md +++ b/windows/security/threat-protection/auditing/event-4694.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4694(S, F): Protection of auditable protected data was attempted. diff --git a/windows/security/threat-protection/auditing/event-4695.md b/windows/security/threat-protection/auditing/event-4695.md index 55d37910f6..f4c77584c7 100644 --- a/windows/security/threat-protection/auditing/event-4695.md +++ b/windows/security/threat-protection/auditing/event-4695.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4695(S, F): Unprotection of auditable protected data was attempted. diff --git a/windows/security/threat-protection/auditing/event-4696.md b/windows/security/threat-protection/auditing/event-4696.md index c426f2bd9e..37ca02dd04 100644 --- a/windows/security/threat-protection/auditing/event-4696.md +++ b/windows/security/threat-protection/auditing/event-4696.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4696(S): A primary token was assigned to process. diff --git a/windows/security/threat-protection/auditing/event-4697.md b/windows/security/threat-protection/auditing/event-4697.md index 4c6103a175..16ace0c0a6 100644 --- a/windows/security/threat-protection/auditing/event-4697.md +++ b/windows/security/threat-protection/auditing/event-4697.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4697(S): A service was installed in the system. diff --git a/windows/security/threat-protection/auditing/event-4698.md b/windows/security/threat-protection/auditing/event-4698.md index e3f0385c69..fae37ea9f2 100644 --- a/windows/security/threat-protection/auditing/event-4698.md +++ b/windows/security/threat-protection/auditing/event-4698.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4698(S): A scheduled task was created. diff --git a/windows/security/threat-protection/auditing/event-4699.md b/windows/security/threat-protection/auditing/event-4699.md index b48820c643..dcea15f17d 100644 --- a/windows/security/threat-protection/auditing/event-4699.md +++ b/windows/security/threat-protection/auditing/event-4699.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4699(S): A scheduled task was deleted. diff --git a/windows/security/threat-protection/auditing/event-4700.md b/windows/security/threat-protection/auditing/event-4700.md index 6c44dbfa8d..2a46c16d19 100644 --- a/windows/security/threat-protection/auditing/event-4700.md +++ b/windows/security/threat-protection/auditing/event-4700.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4700(S): A scheduled task was enabled. diff --git a/windows/security/threat-protection/auditing/event-4701.md b/windows/security/threat-protection/auditing/event-4701.md index 0fa78f8923..e7bc488cc8 100644 --- a/windows/security/threat-protection/auditing/event-4701.md +++ b/windows/security/threat-protection/auditing/event-4701.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4701(S): A scheduled task was disabled. diff --git a/windows/security/threat-protection/auditing/event-4702.md b/windows/security/threat-protection/auditing/event-4702.md index 2ae3e2b5e3..78fee18be6 100644 --- a/windows/security/threat-protection/auditing/event-4702.md +++ b/windows/security/threat-protection/auditing/event-4702.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4702(S): A scheduled task was updated. diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md index a2d0ea1520..938491bf3a 100644 --- a/windows/security/threat-protection/auditing/event-4703.md +++ b/windows/security/threat-protection/auditing/event-4703.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4703(S): A user right was adjusted. diff --git a/windows/security/threat-protection/auditing/event-4704.md b/windows/security/threat-protection/auditing/event-4704.md index 04357bb664..b76c240efe 100644 --- a/windows/security/threat-protection/auditing/event-4704.md +++ b/windows/security/threat-protection/auditing/event-4704.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4704(S): A user right was assigned. diff --git a/windows/security/threat-protection/auditing/event-4705.md b/windows/security/threat-protection/auditing/event-4705.md index 0da39782ac..b4ecb04b99 100644 --- a/windows/security/threat-protection/auditing/event-4705.md +++ b/windows/security/threat-protection/auditing/event-4705.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4705(S): A user right was removed. diff --git a/windows/security/threat-protection/auditing/event-4706.md b/windows/security/threat-protection/auditing/event-4706.md index 5bceee43f2..5d2f62ef77 100644 --- a/windows/security/threat-protection/auditing/event-4706.md +++ b/windows/security/threat-protection/auditing/event-4706.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4706(S): A new trust was created to a domain. diff --git a/windows/security/threat-protection/auditing/event-4707.md b/windows/security/threat-protection/auditing/event-4707.md index 66c5a3a235..be0c79ea65 100644 --- a/windows/security/threat-protection/auditing/event-4707.md +++ b/windows/security/threat-protection/auditing/event-4707.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4707(S): A trust to a domain was removed. diff --git a/windows/security/threat-protection/auditing/event-4713.md b/windows/security/threat-protection/auditing/event-4713.md index 1fc0eda8ae..d54358f133 100644 --- a/windows/security/threat-protection/auditing/event-4713.md +++ b/windows/security/threat-protection/auditing/event-4713.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4713(S): Kerberos policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4714.md b/windows/security/threat-protection/auditing/event-4714.md index c95647f342..6ff804511a 100644 --- a/windows/security/threat-protection/auditing/event-4714.md +++ b/windows/security/threat-protection/auditing/event-4714.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4714(S): Encrypted data recovery policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4715.md b/windows/security/threat-protection/auditing/event-4715.md index 54836c643a..6b6faa90fa 100644 --- a/windows/security/threat-protection/auditing/event-4715.md +++ b/windows/security/threat-protection/auditing/event-4715.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4715(S): The audit policy (SACL) on an object was changed. diff --git a/windows/security/threat-protection/auditing/event-4716.md b/windows/security/threat-protection/auditing/event-4716.md index 3b035321b0..7f058962db 100644 --- a/windows/security/threat-protection/auditing/event-4716.md +++ b/windows/security/threat-protection/auditing/event-4716.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4716(S): Trusted domain information was modified. diff --git a/windows/security/threat-protection/auditing/event-4717.md b/windows/security/threat-protection/auditing/event-4717.md index 0d79674053..33d3817929 100644 --- a/windows/security/threat-protection/auditing/event-4717.md +++ b/windows/security/threat-protection/auditing/event-4717.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4717(S): System security access was granted to an account. diff --git a/windows/security/threat-protection/auditing/event-4718.md b/windows/security/threat-protection/auditing/event-4718.md index 22f9f3a64a..a7e1307af2 100644 --- a/windows/security/threat-protection/auditing/event-4718.md +++ b/windows/security/threat-protection/auditing/event-4718.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4718(S): System security access was removed from an account. diff --git a/windows/security/threat-protection/auditing/event-4719.md b/windows/security/threat-protection/auditing/event-4719.md index dc67d391cf..1a2dabdc7e 100644 --- a/windows/security/threat-protection/auditing/event-4719.md +++ b/windows/security/threat-protection/auditing/event-4719.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4719(S): System audit policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4720.md b/windows/security/threat-protection/auditing/event-4720.md index 1500cd23c9..7e6fc9cb68 100644 --- a/windows/security/threat-protection/auditing/event-4720.md +++ b/windows/security/threat-protection/auditing/event-4720.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4720(S): A user account was created. diff --git a/windows/security/threat-protection/auditing/event-4722.md b/windows/security/threat-protection/auditing/event-4722.md index 6b10efb7c8..c29e7669bc 100644 --- a/windows/security/threat-protection/auditing/event-4722.md +++ b/windows/security/threat-protection/auditing/event-4722.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4722(S): A user account was enabled. diff --git a/windows/security/threat-protection/auditing/event-4723.md b/windows/security/threat-protection/auditing/event-4723.md index 2208f2ae0e..1246930e5a 100644 --- a/windows/security/threat-protection/auditing/event-4723.md +++ b/windows/security/threat-protection/auditing/event-4723.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4723(S, F): An attempt was made to change an account's password. diff --git a/windows/security/threat-protection/auditing/event-4724.md b/windows/security/threat-protection/auditing/event-4724.md index 104704dc32..02d75f0b1d 100644 --- a/windows/security/threat-protection/auditing/event-4724.md +++ b/windows/security/threat-protection/auditing/event-4724.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4724(S, F): An attempt was made to reset an account's password. diff --git a/windows/security/threat-protection/auditing/event-4725.md b/windows/security/threat-protection/auditing/event-4725.md index 0b6ed0593a..f5f7dac0af 100644 --- a/windows/security/threat-protection/auditing/event-4725.md +++ b/windows/security/threat-protection/auditing/event-4725.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4725(S): A user account was disabled. diff --git a/windows/security/threat-protection/auditing/event-4726.md b/windows/security/threat-protection/auditing/event-4726.md index 03f7cab6c8..0b050a132b 100644 --- a/windows/security/threat-protection/auditing/event-4726.md +++ b/windows/security/threat-protection/auditing/event-4726.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4726(S): A user account was deleted. diff --git a/windows/security/threat-protection/auditing/event-4731.md b/windows/security/threat-protection/auditing/event-4731.md index ecbe498b31..b4faf3a540 100644 --- a/windows/security/threat-protection/auditing/event-4731.md +++ b/windows/security/threat-protection/auditing/event-4731.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4731(S): A security-enabled local group was created. diff --git a/windows/security/threat-protection/auditing/event-4732.md b/windows/security/threat-protection/auditing/event-4732.md index b837e2da3a..f81e218a6c 100644 --- a/windows/security/threat-protection/auditing/event-4732.md +++ b/windows/security/threat-protection/auditing/event-4732.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4732(S): A member was added to a security-enabled local group. diff --git a/windows/security/threat-protection/auditing/event-4733.md b/windows/security/threat-protection/auditing/event-4733.md index 1ff01f46dd..a0d46b343b 100644 --- a/windows/security/threat-protection/auditing/event-4733.md +++ b/windows/security/threat-protection/auditing/event-4733.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4733(S): A member was removed from a security-enabled local group. diff --git a/windows/security/threat-protection/auditing/event-4734.md b/windows/security/threat-protection/auditing/event-4734.md index 7fc762a800..1e677a0bdc 100644 --- a/windows/security/threat-protection/auditing/event-4734.md +++ b/windows/security/threat-protection/auditing/event-4734.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4734(S): A security-enabled local group was deleted. diff --git a/windows/security/threat-protection/auditing/event-4735.md b/windows/security/threat-protection/auditing/event-4735.md index ebd05f8b62..a545b2f85b 100644 --- a/windows/security/threat-protection/auditing/event-4735.md +++ b/windows/security/threat-protection/auditing/event-4735.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4735(S): A security-enabled local group was changed. diff --git a/windows/security/threat-protection/auditing/event-4738.md b/windows/security/threat-protection/auditing/event-4738.md index 1beea8a564..d78373e561 100644 --- a/windows/security/threat-protection/auditing/event-4738.md +++ b/windows/security/threat-protection/auditing/event-4738.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4738(S): A user account was changed. diff --git a/windows/security/threat-protection/auditing/event-4739.md b/windows/security/threat-protection/auditing/event-4739.md index d8417cef87..23b0cf6823 100644 --- a/windows/security/threat-protection/auditing/event-4739.md +++ b/windows/security/threat-protection/auditing/event-4739.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4739(S): Domain Policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4740.md b/windows/security/threat-protection/auditing/event-4740.md index 095b90641e..834f4b9ed5 100644 --- a/windows/security/threat-protection/auditing/event-4740.md +++ b/windows/security/threat-protection/auditing/event-4740.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4740(S): A user account was locked out. diff --git a/windows/security/threat-protection/auditing/event-4741.md b/windows/security/threat-protection/auditing/event-4741.md index c09ba86137..b35fb7facd 100644 --- a/windows/security/threat-protection/auditing/event-4741.md +++ b/windows/security/threat-protection/auditing/event-4741.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4741(S): A computer account was created. diff --git a/windows/security/threat-protection/auditing/event-4742.md b/windows/security/threat-protection/auditing/event-4742.md index b838e77a00..1f1d3bee7a 100644 --- a/windows/security/threat-protection/auditing/event-4742.md +++ b/windows/security/threat-protection/auditing/event-4742.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4742(S): A computer account was changed. diff --git a/windows/security/threat-protection/auditing/event-4743.md b/windows/security/threat-protection/auditing/event-4743.md index 064855d936..76be20055b 100644 --- a/windows/security/threat-protection/auditing/event-4743.md +++ b/windows/security/threat-protection/auditing/event-4743.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4743(S): A computer account was deleted. diff --git a/windows/security/threat-protection/auditing/event-4749.md b/windows/security/threat-protection/auditing/event-4749.md index e1990c4f1e..71f28544ca 100644 --- a/windows/security/threat-protection/auditing/event-4749.md +++ b/windows/security/threat-protection/auditing/event-4749.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4749(S): A security-disabled global group was created. diff --git a/windows/security/threat-protection/auditing/event-4750.md b/windows/security/threat-protection/auditing/event-4750.md index 9ebd361c00..28a17fc94c 100644 --- a/windows/security/threat-protection/auditing/event-4750.md +++ b/windows/security/threat-protection/auditing/event-4750.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4750(S): A security-disabled global group was changed. diff --git a/windows/security/threat-protection/auditing/event-4751.md b/windows/security/threat-protection/auditing/event-4751.md index c187c0da6a..d698721321 100644 --- a/windows/security/threat-protection/auditing/event-4751.md +++ b/windows/security/threat-protection/auditing/event-4751.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4751(S): A member was added to a security-disabled global group. diff --git a/windows/security/threat-protection/auditing/event-4752.md b/windows/security/threat-protection/auditing/event-4752.md index 642eb6b948..2aa9dcd01a 100644 --- a/windows/security/threat-protection/auditing/event-4752.md +++ b/windows/security/threat-protection/auditing/event-4752.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4752(S): A member was removed from a security-disabled global group. diff --git a/windows/security/threat-protection/auditing/event-4753.md b/windows/security/threat-protection/auditing/event-4753.md index cf4ada677c..d8bb64a34a 100644 --- a/windows/security/threat-protection/auditing/event-4753.md +++ b/windows/security/threat-protection/auditing/event-4753.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4753(S): A security-disabled global group was deleted. diff --git a/windows/security/threat-protection/auditing/event-4764.md b/windows/security/threat-protection/auditing/event-4764.md index 073049f2bf..2cd0957d10 100644 --- a/windows/security/threat-protection/auditing/event-4764.md +++ b/windows/security/threat-protection/auditing/event-4764.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4764(S): A group’s type was changed. diff --git a/windows/security/threat-protection/auditing/event-4765.md b/windows/security/threat-protection/auditing/event-4765.md index 472f9a92d0..f171b29603 100644 --- a/windows/security/threat-protection/auditing/event-4765.md +++ b/windows/security/threat-protection/auditing/event-4765.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4765(S): SID History was added to an account. diff --git a/windows/security/threat-protection/auditing/event-4766.md b/windows/security/threat-protection/auditing/event-4766.md index bf5820689e..9b0d0db5fe 100644 --- a/windows/security/threat-protection/auditing/event-4766.md +++ b/windows/security/threat-protection/auditing/event-4766.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4766(F): An attempt to add SID History to an account failed. diff --git a/windows/security/threat-protection/auditing/event-4767.md b/windows/security/threat-protection/auditing/event-4767.md index 4b580f7dc0..a7b6929712 100644 --- a/windows/security/threat-protection/auditing/event-4767.md +++ b/windows/security/threat-protection/auditing/event-4767.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4767(S): A user account was unlocked. diff --git a/windows/security/threat-protection/auditing/event-4768.md b/windows/security/threat-protection/auditing/event-4768.md index 9509c1486b..6846561482 100644 --- a/windows/security/threat-protection/auditing/event-4768.md +++ b/windows/security/threat-protection/auditing/event-4768.md @@ -7,11 +7,11 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: dansimp -ms.date: 09/07/2021 +ms.date: 10/20/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4768(S, F): A Kerberos authentication ticket (TGT) was requested. @@ -29,7 +29,7 @@ This event generates only on domain controllers. If TGT issue fails then you will see Failure event with **Result Code** field not equal to “**0x0**”. -This event doesn't generate for **Result Codes**: 0x10, 0x17 and 0x18. Event “[4771](event-4771.md): Kerberos pre-authentication failed.” generates instead. +This event doesn't generate for **Result Codes**: 0x10 and 0x18. Event “[4771](event-4771.md): Kerberos pre-authentication failed.” generates instead. > [!NOTE] > For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event. diff --git a/windows/security/threat-protection/auditing/event-4769.md b/windows/security/threat-protection/auditing/event-4769.md index 1790274e2c..c3ad787f9e 100644 --- a/windows/security/threat-protection/auditing/event-4769.md +++ b/windows/security/threat-protection/auditing/event-4769.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4769(S, F): A Kerberos service ticket was requested. diff --git a/windows/security/threat-protection/auditing/event-4770.md b/windows/security/threat-protection/auditing/event-4770.md index 6a1627d7df..40f752135e 100644 --- a/windows/security/threat-protection/auditing/event-4770.md +++ b/windows/security/threat-protection/auditing/event-4770.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4770(S): A Kerberos service ticket was renewed. diff --git a/windows/security/threat-protection/auditing/event-4771.md b/windows/security/threat-protection/auditing/event-4771.md index 9891a617a0..e2b66d8905 100644 --- a/windows/security/threat-protection/auditing/event-4771.md +++ b/windows/security/threat-protection/auditing/event-4771.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4771(F): Kerberos pre-authentication failed. diff --git a/windows/security/threat-protection/auditing/event-4772.md b/windows/security/threat-protection/auditing/event-4772.md index c93994b2ed..384ea2a5e0 100644 --- a/windows/security/threat-protection/auditing/event-4772.md +++ b/windows/security/threat-protection/auditing/event-4772.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4772(F): A Kerberos authentication ticket request failed. diff --git a/windows/security/threat-protection/auditing/event-4773.md b/windows/security/threat-protection/auditing/event-4773.md index 3d4e1fe09b..35ad7f2c6e 100644 --- a/windows/security/threat-protection/auditing/event-4773.md +++ b/windows/security/threat-protection/auditing/event-4773.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4773(F): A Kerberos service ticket request failed. diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md index 4c01962461..d7e73812a8 100644 --- a/windows/security/threat-protection/auditing/event-4774.md +++ b/windows/security/threat-protection/auditing/event-4774.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4774(S, F): An account was mapped for logon. diff --git a/windows/security/threat-protection/auditing/event-4775.md b/windows/security/threat-protection/auditing/event-4775.md index c9e4a319e8..b635329953 100644 --- a/windows/security/threat-protection/auditing/event-4775.md +++ b/windows/security/threat-protection/auditing/event-4775.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4775(F): An account could not be mapped for logon. diff --git a/windows/security/threat-protection/auditing/event-4776.md b/windows/security/threat-protection/auditing/event-4776.md index 4fde7cba9b..06430da291 100644 --- a/windows/security/threat-protection/auditing/event-4776.md +++ b/windows/security/threat-protection/auditing/event-4776.md @@ -11,7 +11,7 @@ ms.date: 09/13/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4776(S, F): The computer attempted to validate the credentials for an account. diff --git a/windows/security/threat-protection/auditing/event-4777.md b/windows/security/threat-protection/auditing/event-4777.md index f5b01ce6aa..74b68ee4d4 100644 --- a/windows/security/threat-protection/auditing/event-4777.md +++ b/windows/security/threat-protection/auditing/event-4777.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4777(F): The domain controller failed to validate the credentials for an account. diff --git a/windows/security/threat-protection/auditing/event-4778.md b/windows/security/threat-protection/auditing/event-4778.md index f7278c0017..085731bdc1 100644 --- a/windows/security/threat-protection/auditing/event-4778.md +++ b/windows/security/threat-protection/auditing/event-4778.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4778(S): A session was reconnected to a Window Station. diff --git a/windows/security/threat-protection/auditing/event-4779.md b/windows/security/threat-protection/auditing/event-4779.md index 3f34f106e4..ab9e18736c 100644 --- a/windows/security/threat-protection/auditing/event-4779.md +++ b/windows/security/threat-protection/auditing/event-4779.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4779(S): A session was disconnected from a Window Station. diff --git a/windows/security/threat-protection/auditing/event-4780.md b/windows/security/threat-protection/auditing/event-4780.md index 94b8733eab..eb96a39284 100644 --- a/windows/security/threat-protection/auditing/event-4780.md +++ b/windows/security/threat-protection/auditing/event-4780.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4780(S): The ACL was set on accounts which are members of administrators groups. diff --git a/windows/security/threat-protection/auditing/event-4781.md b/windows/security/threat-protection/auditing/event-4781.md index 0e7051d0c0..9cea675049 100644 --- a/windows/security/threat-protection/auditing/event-4781.md +++ b/windows/security/threat-protection/auditing/event-4781.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4781(S): The name of an account was changed. diff --git a/windows/security/threat-protection/auditing/event-4782.md b/windows/security/threat-protection/auditing/event-4782.md index 0d7d285e29..1079ddc301 100644 --- a/windows/security/threat-protection/auditing/event-4782.md +++ b/windows/security/threat-protection/auditing/event-4782.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4782(S): The password hash of an account was accessed. diff --git a/windows/security/threat-protection/auditing/event-4793.md b/windows/security/threat-protection/auditing/event-4793.md index d471201647..13abde059c 100644 --- a/windows/security/threat-protection/auditing/event-4793.md +++ b/windows/security/threat-protection/auditing/event-4793.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4793(S): The Password Policy Checking API was called. diff --git a/windows/security/threat-protection/auditing/event-4794.md b/windows/security/threat-protection/auditing/event-4794.md index 6901d09cbe..a96c2d8aa5 100644 --- a/windows/security/threat-protection/auditing/event-4794.md +++ b/windows/security/threat-protection/auditing/event-4794.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4794(S, F): An attempt was made to set the Directory Services Restore Mode administrator password. diff --git a/windows/security/threat-protection/auditing/event-4798.md b/windows/security/threat-protection/auditing/event-4798.md index 15a1328384..d3885f4283 100644 --- a/windows/security/threat-protection/auditing/event-4798.md +++ b/windows/security/threat-protection/auditing/event-4798.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4798(S): A user's local group membership was enumerated. diff --git a/windows/security/threat-protection/auditing/event-4799.md b/windows/security/threat-protection/auditing/event-4799.md index 92441ae64b..1bdc01b928 100644 --- a/windows/security/threat-protection/auditing/event-4799.md +++ b/windows/security/threat-protection/auditing/event-4799.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4799(S): A security-enabled local group membership was enumerated. diff --git a/windows/security/threat-protection/auditing/event-4800.md b/windows/security/threat-protection/auditing/event-4800.md index 2e468c9d92..205a90c987 100644 --- a/windows/security/threat-protection/auditing/event-4800.md +++ b/windows/security/threat-protection/auditing/event-4800.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4800(S): The workstation was locked. diff --git a/windows/security/threat-protection/auditing/event-4801.md b/windows/security/threat-protection/auditing/event-4801.md index 7da15cbbe7..0bfcfb1278 100644 --- a/windows/security/threat-protection/auditing/event-4801.md +++ b/windows/security/threat-protection/auditing/event-4801.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4801(S): The workstation was unlocked. diff --git a/windows/security/threat-protection/auditing/event-4802.md b/windows/security/threat-protection/auditing/event-4802.md index 7ea6add001..78cf0e5d14 100644 --- a/windows/security/threat-protection/auditing/event-4802.md +++ b/windows/security/threat-protection/auditing/event-4802.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4802(S): The screen saver was invoked. diff --git a/windows/security/threat-protection/auditing/event-4803.md b/windows/security/threat-protection/auditing/event-4803.md index 4971789fd3..94aed424ab 100644 --- a/windows/security/threat-protection/auditing/event-4803.md +++ b/windows/security/threat-protection/auditing/event-4803.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4803(S): The screen saver was dismissed. diff --git a/windows/security/threat-protection/auditing/event-4816.md b/windows/security/threat-protection/auditing/event-4816.md index a2c127435d..93576951c1 100644 --- a/windows/security/threat-protection/auditing/event-4816.md +++ b/windows/security/threat-protection/auditing/event-4816.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4816(S): RPC detected an integrity violation while decrypting an incoming message. diff --git a/windows/security/threat-protection/auditing/event-4817.md b/windows/security/threat-protection/auditing/event-4817.md index 3744b68704..dc9c07fb24 100644 --- a/windows/security/threat-protection/auditing/event-4817.md +++ b/windows/security/threat-protection/auditing/event-4817.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4817(S): Auditing settings on object were changed. diff --git a/windows/security/threat-protection/auditing/event-4818.md b/windows/security/threat-protection/auditing/event-4818.md index c71a145e05..5ced098023 100644 --- a/windows/security/threat-protection/auditing/event-4818.md +++ b/windows/security/threat-protection/auditing/event-4818.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4818(S): Proposed Central Access Policy does not grant the same access permissions as the current Central Access Policy. diff --git a/windows/security/threat-protection/auditing/event-4819.md b/windows/security/threat-protection/auditing/event-4819.md index f3acc685b2..882622efa4 100644 --- a/windows/security/threat-protection/auditing/event-4819.md +++ b/windows/security/threat-protection/auditing/event-4819.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4819(S): Central Access Policies on the machine have been changed. diff --git a/windows/security/threat-protection/auditing/event-4826.md b/windows/security/threat-protection/auditing/event-4826.md index 27f8cbeb41..136684f355 100644 --- a/windows/security/threat-protection/auditing/event-4826.md +++ b/windows/security/threat-protection/auditing/event-4826.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4826(S): Boot Configuration Data loaded. diff --git a/windows/security/threat-protection/auditing/event-4864.md b/windows/security/threat-protection/auditing/event-4864.md index aec977eddd..ea84a736a0 100644 --- a/windows/security/threat-protection/auditing/event-4864.md +++ b/windows/security/threat-protection/auditing/event-4864.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4864(S): A namespace collision was detected. diff --git a/windows/security/threat-protection/auditing/event-4865.md b/windows/security/threat-protection/auditing/event-4865.md index 994d2407a3..a7e2a7189e 100644 --- a/windows/security/threat-protection/auditing/event-4865.md +++ b/windows/security/threat-protection/auditing/event-4865.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4865(S): A trusted forest information entry was added. diff --git a/windows/security/threat-protection/auditing/event-4866.md b/windows/security/threat-protection/auditing/event-4866.md index ad75bb1d68..bd5bfba999 100644 --- a/windows/security/threat-protection/auditing/event-4866.md +++ b/windows/security/threat-protection/auditing/event-4866.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4866(S): A trusted forest information entry was removed. diff --git a/windows/security/threat-protection/auditing/event-4867.md b/windows/security/threat-protection/auditing/event-4867.md index e82918ba71..170868681f 100644 --- a/windows/security/threat-protection/auditing/event-4867.md +++ b/windows/security/threat-protection/auditing/event-4867.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4867(S): A trusted forest information entry was modified. diff --git a/windows/security/threat-protection/auditing/event-4902.md b/windows/security/threat-protection/auditing/event-4902.md index 67d2817434..89eeb36eb6 100644 --- a/windows/security/threat-protection/auditing/event-4902.md +++ b/windows/security/threat-protection/auditing/event-4902.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4902(S): The Per-user audit policy table was created. diff --git a/windows/security/threat-protection/auditing/event-4904.md b/windows/security/threat-protection/auditing/event-4904.md index 0a72ca6e45..02109612fd 100644 --- a/windows/security/threat-protection/auditing/event-4904.md +++ b/windows/security/threat-protection/auditing/event-4904.md @@ -11,7 +11,7 @@ ms.date: 09/07/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4904(S): An attempt was made to register a security event source. diff --git a/windows/security/threat-protection/auditing/event-4905.md b/windows/security/threat-protection/auditing/event-4905.md index 2bc2194af3..ead69b632a 100644 --- a/windows/security/threat-protection/auditing/event-4905.md +++ b/windows/security/threat-protection/auditing/event-4905.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4905(S): An attempt was made to unregister a security event source. diff --git a/windows/security/threat-protection/auditing/event-4906.md b/windows/security/threat-protection/auditing/event-4906.md index 5f8556c594..676c32fbcc 100644 --- a/windows/security/threat-protection/auditing/event-4906.md +++ b/windows/security/threat-protection/auditing/event-4906.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4906(S): The CrashOnAuditFail value has changed. diff --git a/windows/security/threat-protection/auditing/event-4907.md b/windows/security/threat-protection/auditing/event-4907.md index 54960760dd..3ae2c8793f 100644 --- a/windows/security/threat-protection/auditing/event-4907.md +++ b/windows/security/threat-protection/auditing/event-4907.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4907(S): Auditing settings on object were changed. diff --git a/windows/security/threat-protection/auditing/event-4908.md b/windows/security/threat-protection/auditing/event-4908.md index 4b00b7dc48..e59ae0559b 100644 --- a/windows/security/threat-protection/auditing/event-4908.md +++ b/windows/security/threat-protection/auditing/event-4908.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4908(S): Special Groups Logon table modified. diff --git a/windows/security/threat-protection/auditing/event-4909.md b/windows/security/threat-protection/auditing/event-4909.md index 77f5ddd123..f85c02b5ec 100644 --- a/windows/security/threat-protection/auditing/event-4909.md +++ b/windows/security/threat-protection/auditing/event-4909.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4909(-): The local policy settings for the TBS were changed. diff --git a/windows/security/threat-protection/auditing/event-4910.md b/windows/security/threat-protection/auditing/event-4910.md index 0c3e27cbcd..0cdca35e3e 100644 --- a/windows/security/threat-protection/auditing/event-4910.md +++ b/windows/security/threat-protection/auditing/event-4910.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4910(-): The group policy settings for the TBS were changed. diff --git a/windows/security/threat-protection/auditing/event-4911.md b/windows/security/threat-protection/auditing/event-4911.md index 34506e27c7..aeeaa0fdc0 100644 --- a/windows/security/threat-protection/auditing/event-4911.md +++ b/windows/security/threat-protection/auditing/event-4911.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4911(S): Resource attributes of the object were changed. diff --git a/windows/security/threat-protection/auditing/event-4912.md b/windows/security/threat-protection/auditing/event-4912.md index cd13c3c6ed..614b73a93f 100644 --- a/windows/security/threat-protection/auditing/event-4912.md +++ b/windows/security/threat-protection/auditing/event-4912.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4912(S): Per User Audit Policy was changed. diff --git a/windows/security/threat-protection/auditing/event-4913.md b/windows/security/threat-protection/auditing/event-4913.md index 88f5b9912c..bcc4c7eeee 100644 --- a/windows/security/threat-protection/auditing/event-4913.md +++ b/windows/security/threat-protection/auditing/event-4913.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4913(S): Central Access Policy on the object was changed. diff --git a/windows/security/threat-protection/auditing/event-4928.md b/windows/security/threat-protection/auditing/event-4928.md index c771de77c7..2899b77a51 100644 --- a/windows/security/threat-protection/auditing/event-4928.md +++ b/windows/security/threat-protection/auditing/event-4928.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4928(S, F): An Active Directory replica source naming context was established. diff --git a/windows/security/threat-protection/auditing/event-4929.md b/windows/security/threat-protection/auditing/event-4929.md index 8befaf8042..8d4802ca42 100644 --- a/windows/security/threat-protection/auditing/event-4929.md +++ b/windows/security/threat-protection/auditing/event-4929.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4929(S, F): An Active Directory replica source naming context was removed. diff --git a/windows/security/threat-protection/auditing/event-4930.md b/windows/security/threat-protection/auditing/event-4930.md index 9b7133cbec..ad5d6086a1 100644 --- a/windows/security/threat-protection/auditing/event-4930.md +++ b/windows/security/threat-protection/auditing/event-4930.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4930(S, F): An Active Directory replica source naming context was modified. diff --git a/windows/security/threat-protection/auditing/event-4931.md b/windows/security/threat-protection/auditing/event-4931.md index 9be2c0b308..39a7be5a64 100644 --- a/windows/security/threat-protection/auditing/event-4931.md +++ b/windows/security/threat-protection/auditing/event-4931.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4931(S, F): An Active Directory replica destination naming context was modified. diff --git a/windows/security/threat-protection/auditing/event-4932.md b/windows/security/threat-protection/auditing/event-4932.md index 2fe1488145..b686a7b13c 100644 --- a/windows/security/threat-protection/auditing/event-4932.md +++ b/windows/security/threat-protection/auditing/event-4932.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4932(S): Synchronization of a replica of an Active Directory naming context has begun. diff --git a/windows/security/threat-protection/auditing/event-4933.md b/windows/security/threat-protection/auditing/event-4933.md index 763c17876e..7fb4991241 100644 --- a/windows/security/threat-protection/auditing/event-4933.md +++ b/windows/security/threat-protection/auditing/event-4933.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4933(S, F): Synchronization of a replica of an Active Directory naming context has ended. diff --git a/windows/security/threat-protection/auditing/event-4934.md b/windows/security/threat-protection/auditing/event-4934.md index edfe9bb645..65521bb868 100644 --- a/windows/security/threat-protection/auditing/event-4934.md +++ b/windows/security/threat-protection/auditing/event-4934.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4934(S): Attributes of an Active Directory object were replicated. diff --git a/windows/security/threat-protection/auditing/event-4935.md b/windows/security/threat-protection/auditing/event-4935.md index 6473cffbe6..c939bc09ed 100644 --- a/windows/security/threat-protection/auditing/event-4935.md +++ b/windows/security/threat-protection/auditing/event-4935.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4935(F): Replication failure begins. diff --git a/windows/security/threat-protection/auditing/event-4936.md b/windows/security/threat-protection/auditing/event-4936.md index e87cf4d53e..37b1c8ca83 100644 --- a/windows/security/threat-protection/auditing/event-4936.md +++ b/windows/security/threat-protection/auditing/event-4936.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4936(S): Replication failure ends. diff --git a/windows/security/threat-protection/auditing/event-4937.md b/windows/security/threat-protection/auditing/event-4937.md index 6c1f85f0a7..f80f44586e 100644 --- a/windows/security/threat-protection/auditing/event-4937.md +++ b/windows/security/threat-protection/auditing/event-4937.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4937(S): A lingering object was removed from a replica. diff --git a/windows/security/threat-protection/auditing/event-4944.md b/windows/security/threat-protection/auditing/event-4944.md index 046a35e163..34ca3f9e47 100644 --- a/windows/security/threat-protection/auditing/event-4944.md +++ b/windows/security/threat-protection/auditing/event-4944.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4944(S): The following policy was active when the Windows Firewall started. diff --git a/windows/security/threat-protection/auditing/event-4945.md b/windows/security/threat-protection/auditing/event-4945.md index c76d313b14..f5581407ab 100644 --- a/windows/security/threat-protection/auditing/event-4945.md +++ b/windows/security/threat-protection/auditing/event-4945.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4945(S): A rule was listed when the Windows Firewall started. diff --git a/windows/security/threat-protection/auditing/event-4946.md b/windows/security/threat-protection/auditing/event-4946.md index 4279a425ff..505cec18fb 100644 --- a/windows/security/threat-protection/auditing/event-4946.md +++ b/windows/security/threat-protection/auditing/event-4946.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4946(S): A change has been made to Windows Firewall exception list. A rule was added. diff --git a/windows/security/threat-protection/auditing/event-4947.md b/windows/security/threat-protection/auditing/event-4947.md index 48613fd427..7d09cf4d23 100644 --- a/windows/security/threat-protection/auditing/event-4947.md +++ b/windows/security/threat-protection/auditing/event-4947.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4947(S): A change has been made to Windows Firewall exception list. A rule was modified. diff --git a/windows/security/threat-protection/auditing/event-4948.md b/windows/security/threat-protection/auditing/event-4948.md index 6d0290f772..65c71e3cd4 100644 --- a/windows/security/threat-protection/auditing/event-4948.md +++ b/windows/security/threat-protection/auditing/event-4948.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4948(S): A change has been made to Windows Firewall exception list. A rule was deleted. diff --git a/windows/security/threat-protection/auditing/event-4949.md b/windows/security/threat-protection/auditing/event-4949.md index 50b400ce2d..617b780983 100644 --- a/windows/security/threat-protection/auditing/event-4949.md +++ b/windows/security/threat-protection/auditing/event-4949.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4949(S): Windows Firewall settings were restored to the default values. diff --git a/windows/security/threat-protection/auditing/event-4950.md b/windows/security/threat-protection/auditing/event-4950.md index 90fdd4b72d..69db4a04e2 100644 --- a/windows/security/threat-protection/auditing/event-4950.md +++ b/windows/security/threat-protection/auditing/event-4950.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4950(S): A Windows Firewall setting has changed. diff --git a/windows/security/threat-protection/auditing/event-4951.md b/windows/security/threat-protection/auditing/event-4951.md index 65357fc8cf..060b9c4b83 100644 --- a/windows/security/threat-protection/auditing/event-4951.md +++ b/windows/security/threat-protection/auditing/event-4951.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4951(F): A rule has been ignored because its major version number was not recognized by Windows Firewall. diff --git a/windows/security/threat-protection/auditing/event-4952.md b/windows/security/threat-protection/auditing/event-4952.md index abd1012a90..3c9322ae26 100644 --- a/windows/security/threat-protection/auditing/event-4952.md +++ b/windows/security/threat-protection/auditing/event-4952.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4952(F): Parts of a rule have been ignored because its minor version number was not recognized by Windows Firewall. The other parts of the rule will be enforced. diff --git a/windows/security/threat-protection/auditing/event-4953.md b/windows/security/threat-protection/auditing/event-4953.md index d35205d2e8..2d31faae0c 100644 --- a/windows/security/threat-protection/auditing/event-4953.md +++ b/windows/security/threat-protection/auditing/event-4953.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4953(F): Windows Firewall ignored a rule because it could not be parsed. diff --git a/windows/security/threat-protection/auditing/event-4954.md b/windows/security/threat-protection/auditing/event-4954.md index f671cef1ef..67a7f024aa 100644 --- a/windows/security/threat-protection/auditing/event-4954.md +++ b/windows/security/threat-protection/auditing/event-4954.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4954(S): Windows Firewall Group Policy settings have changed. The new settings have been applied. diff --git a/windows/security/threat-protection/auditing/event-4956.md b/windows/security/threat-protection/auditing/event-4956.md index c56a466f9f..bc90d17945 100644 --- a/windows/security/threat-protection/auditing/event-4956.md +++ b/windows/security/threat-protection/auditing/event-4956.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4956(S): Windows Firewall has changed the active profile. diff --git a/windows/security/threat-protection/auditing/event-4957.md b/windows/security/threat-protection/auditing/event-4957.md index a34de9e92f..b83701e32b 100644 --- a/windows/security/threat-protection/auditing/event-4957.md +++ b/windows/security/threat-protection/auditing/event-4957.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4957(F): Windows Firewall did not apply the following rule. diff --git a/windows/security/threat-protection/auditing/event-4958.md b/windows/security/threat-protection/auditing/event-4958.md index 7bb37f579a..3fc2c85a83 100644 --- a/windows/security/threat-protection/auditing/event-4958.md +++ b/windows/security/threat-protection/auditing/event-4958.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4958(F): Windows Firewall did not apply the following rule because the rule referred to items not configured on this computer. diff --git a/windows/security/threat-protection/auditing/event-4964.md b/windows/security/threat-protection/auditing/event-4964.md index b83f63788a..969c9e219b 100644 --- a/windows/security/threat-protection/auditing/event-4964.md +++ b/windows/security/threat-protection/auditing/event-4964.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4964(S): Special groups have been assigned to a new logon. diff --git a/windows/security/threat-protection/auditing/event-4985.md b/windows/security/threat-protection/auditing/event-4985.md index ee97d237fc..6af088c0bd 100644 --- a/windows/security/threat-protection/auditing/event-4985.md +++ b/windows/security/threat-protection/auditing/event-4985.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 4985(S): The state of a transaction has changed. diff --git a/windows/security/threat-protection/auditing/event-5024.md b/windows/security/threat-protection/auditing/event-5024.md index 6f42905b26..46c44da725 100644 --- a/windows/security/threat-protection/auditing/event-5024.md +++ b/windows/security/threat-protection/auditing/event-5024.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5024(S): The Windows Firewall Service has started successfully. diff --git a/windows/security/threat-protection/auditing/event-5025.md b/windows/security/threat-protection/auditing/event-5025.md index 51c4600f15..fbc702ac8e 100644 --- a/windows/security/threat-protection/auditing/event-5025.md +++ b/windows/security/threat-protection/auditing/event-5025.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5025(S): The Windows Firewall Service has been stopped. diff --git a/windows/security/threat-protection/auditing/event-5027.md b/windows/security/threat-protection/auditing/event-5027.md index 85afaa1f92..47a348cf77 100644 --- a/windows/security/threat-protection/auditing/event-5027.md +++ b/windows/security/threat-protection/auditing/event-5027.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5027(F): The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy. diff --git a/windows/security/threat-protection/auditing/event-5028.md b/windows/security/threat-protection/auditing/event-5028.md index 8835c0a855..65d5204a98 100644 --- a/windows/security/threat-protection/auditing/event-5028.md +++ b/windows/security/threat-protection/auditing/event-5028.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5028(F): The Windows Firewall Service was unable to parse the new security policy. The service will continue with currently enforced policy. diff --git a/windows/security/threat-protection/auditing/event-5029.md b/windows/security/threat-protection/auditing/event-5029.md index 6e8bfab573..89b6ca69bb 100644 --- a/windows/security/threat-protection/auditing/event-5029.md +++ b/windows/security/threat-protection/auditing/event-5029.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5029(F): The Windows Firewall Service failed to initialize the driver. The service will continue to enforce the current policy. diff --git a/windows/security/threat-protection/auditing/event-5030.md b/windows/security/threat-protection/auditing/event-5030.md index 175e125235..9216275f2d 100644 --- a/windows/security/threat-protection/auditing/event-5030.md +++ b/windows/security/threat-protection/auditing/event-5030.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5030(F): The Windows Firewall Service failed to start. diff --git a/windows/security/threat-protection/auditing/event-5031.md b/windows/security/threat-protection/auditing/event-5031.md index 8a10a69008..b54933cde7 100644 --- a/windows/security/threat-protection/auditing/event-5031.md +++ b/windows/security/threat-protection/auditing/event-5031.md @@ -11,7 +11,7 @@ ms.sitesec: library ms.localizationpriority: none author: dansimp ms.date: 09/08/2021 -ms.technology: mde +ms.technology: windows-sec --- # 5031(F): The Windows Firewall Service blocked an application from accepting incoming connections on the network. diff --git a/windows/security/threat-protection/auditing/event-5032.md b/windows/security/threat-protection/auditing/event-5032.md index 235d9fd8d3..c8b0bff151 100644 --- a/windows/security/threat-protection/auditing/event-5032.md +++ b/windows/security/threat-protection/auditing/event-5032.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5032(F): Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network. diff --git a/windows/security/threat-protection/auditing/event-5033.md b/windows/security/threat-protection/auditing/event-5033.md index e664ac846b..dfbbcae025 100644 --- a/windows/security/threat-protection/auditing/event-5033.md +++ b/windows/security/threat-protection/auditing/event-5033.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5033(S): The Windows Firewall Driver has started successfully. diff --git a/windows/security/threat-protection/auditing/event-5034.md b/windows/security/threat-protection/auditing/event-5034.md index e447aeb0e7..e0815c5bd1 100644 --- a/windows/security/threat-protection/auditing/event-5034.md +++ b/windows/security/threat-protection/auditing/event-5034.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5034(S): The Windows Firewall Driver was stopped. diff --git a/windows/security/threat-protection/auditing/event-5035.md b/windows/security/threat-protection/auditing/event-5035.md index 0bc400131b..c6a382c517 100644 --- a/windows/security/threat-protection/auditing/event-5035.md +++ b/windows/security/threat-protection/auditing/event-5035.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5035(F): The Windows Firewall Driver failed to start. diff --git a/windows/security/threat-protection/auditing/event-5037.md b/windows/security/threat-protection/auditing/event-5037.md index c36c375902..d3542cd1d7 100644 --- a/windows/security/threat-protection/auditing/event-5037.md +++ b/windows/security/threat-protection/auditing/event-5037.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5037(F): The Windows Firewall Driver detected critical runtime error. Terminating. diff --git a/windows/security/threat-protection/auditing/event-5038.md b/windows/security/threat-protection/auditing/event-5038.md index 996a74d7b5..dbb32f1459 100644 --- a/windows/security/threat-protection/auditing/event-5038.md +++ b/windows/security/threat-protection/auditing/event-5038.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5038(F): Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. diff --git a/windows/security/threat-protection/auditing/event-5039.md b/windows/security/threat-protection/auditing/event-5039.md index 09baf51880..7194197d62 100644 --- a/windows/security/threat-protection/auditing/event-5039.md +++ b/windows/security/threat-protection/auditing/event-5039.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5039(-): A registry key was virtualized. diff --git a/windows/security/threat-protection/auditing/event-5051.md b/windows/security/threat-protection/auditing/event-5051.md index e9e1bea6c6..67f25e7071 100644 --- a/windows/security/threat-protection/auditing/event-5051.md +++ b/windows/security/threat-protection/auditing/event-5051.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5051(-): A file was virtualized. diff --git a/windows/security/threat-protection/auditing/event-5056.md b/windows/security/threat-protection/auditing/event-5056.md index 96af867108..59e64af10b 100644 --- a/windows/security/threat-protection/auditing/event-5056.md +++ b/windows/security/threat-protection/auditing/event-5056.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5056(S): A cryptographic self-test was performed. diff --git a/windows/security/threat-protection/auditing/event-5057.md b/windows/security/threat-protection/auditing/event-5057.md index 5d686b4510..625c998826 100644 --- a/windows/security/threat-protection/auditing/event-5057.md +++ b/windows/security/threat-protection/auditing/event-5057.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5057(F): A cryptographic primitive operation failed. diff --git a/windows/security/threat-protection/auditing/event-5058.md b/windows/security/threat-protection/auditing/event-5058.md index 319ffe99f0..7d3c14f3cc 100644 --- a/windows/security/threat-protection/auditing/event-5058.md +++ b/windows/security/threat-protection/auditing/event-5058.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5058(S, F): Key file operation. diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md index ff33eba467..3c79abb5d0 100644 --- a/windows/security/threat-protection/auditing/event-5059.md +++ b/windows/security/threat-protection/auditing/event-5059.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5059(S, F): Key migration operation. diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md index 23fa5c78d9..9497f26ebf 100644 --- a/windows/security/threat-protection/auditing/event-5060.md +++ b/windows/security/threat-protection/auditing/event-5060.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5060(F): Verification operation failed. diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md index 919d66a79c..f90e6fd02e 100644 --- a/windows/security/threat-protection/auditing/event-5061.md +++ b/windows/security/threat-protection/auditing/event-5061.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5061(S, F): Cryptographic operation. diff --git a/windows/security/threat-protection/auditing/event-5062.md b/windows/security/threat-protection/auditing/event-5062.md index 242721afc4..3ac8412240 100644 --- a/windows/security/threat-protection/auditing/event-5062.md +++ b/windows/security/threat-protection/auditing/event-5062.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5062(S): A kernel-mode cryptographic self-test was performed. diff --git a/windows/security/threat-protection/auditing/event-5063.md b/windows/security/threat-protection/auditing/event-5063.md index 020b7ebc4c..7fc9f07b38 100644 --- a/windows/security/threat-protection/auditing/event-5063.md +++ b/windows/security/threat-protection/auditing/event-5063.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5063(S, F): A cryptographic provider operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5064.md b/windows/security/threat-protection/auditing/event-5064.md index 2532a3b70b..0640bde11a 100644 --- a/windows/security/threat-protection/auditing/event-5064.md +++ b/windows/security/threat-protection/auditing/event-5064.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5064(S, F): A cryptographic context operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5065.md b/windows/security/threat-protection/auditing/event-5065.md index 0bbc9ae5c7..99731361a2 100644 --- a/windows/security/threat-protection/auditing/event-5065.md +++ b/windows/security/threat-protection/auditing/event-5065.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5065(S, F): A cryptographic context modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5066.md b/windows/security/threat-protection/auditing/event-5066.md index eebc61873d..a0faa27390 100644 --- a/windows/security/threat-protection/auditing/event-5066.md +++ b/windows/security/threat-protection/auditing/event-5066.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5066(S, F): A cryptographic function operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5067.md b/windows/security/threat-protection/auditing/event-5067.md index a3ca03be65..82bd2b643c 100644 --- a/windows/security/threat-protection/auditing/event-5067.md +++ b/windows/security/threat-protection/auditing/event-5067.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5067(S, F): A cryptographic function modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5068.md b/windows/security/threat-protection/auditing/event-5068.md index 645868eeca..54cfae4b8f 100644 --- a/windows/security/threat-protection/auditing/event-5068.md +++ b/windows/security/threat-protection/auditing/event-5068.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5068(S, F): A cryptographic function provider operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5069.md b/windows/security/threat-protection/auditing/event-5069.md index 50d95a9aff..6a762e71a3 100644 --- a/windows/security/threat-protection/auditing/event-5069.md +++ b/windows/security/threat-protection/auditing/event-5069.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5069(S, F): A cryptographic function property operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5070.md b/windows/security/threat-protection/auditing/event-5070.md index e279ab685d..2a77163002 100644 --- a/windows/security/threat-protection/auditing/event-5070.md +++ b/windows/security/threat-protection/auditing/event-5070.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5070(S, F): A cryptographic function property modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5136.md b/windows/security/threat-protection/auditing/event-5136.md index d83424aac5..5e7db9c0ed 100644 --- a/windows/security/threat-protection/auditing/event-5136.md +++ b/windows/security/threat-protection/auditing/event-5136.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5136(S): A directory service object was modified. diff --git a/windows/security/threat-protection/auditing/event-5137.md b/windows/security/threat-protection/auditing/event-5137.md index 65f8370ad0..eea8bf1a17 100644 --- a/windows/security/threat-protection/auditing/event-5137.md +++ b/windows/security/threat-protection/auditing/event-5137.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5137(S): A directory service object was created. diff --git a/windows/security/threat-protection/auditing/event-5138.md b/windows/security/threat-protection/auditing/event-5138.md index 4fa35c7f07..d9f97a7475 100644 --- a/windows/security/threat-protection/auditing/event-5138.md +++ b/windows/security/threat-protection/auditing/event-5138.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5138(S): A directory service object was undeleted. diff --git a/windows/security/threat-protection/auditing/event-5139.md b/windows/security/threat-protection/auditing/event-5139.md index 43eacd93d9..3333139144 100644 --- a/windows/security/threat-protection/auditing/event-5139.md +++ b/windows/security/threat-protection/auditing/event-5139.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5139(S): A directory service object was moved. diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md index eb389fe767..29641fcca5 100644 --- a/windows/security/threat-protection/auditing/event-5140.md +++ b/windows/security/threat-protection/auditing/event-5140.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5140(S, F): A network share object was accessed. diff --git a/windows/security/threat-protection/auditing/event-5141.md b/windows/security/threat-protection/auditing/event-5141.md index 8da8b7d590..11cada8ab0 100644 --- a/windows/security/threat-protection/auditing/event-5141.md +++ b/windows/security/threat-protection/auditing/event-5141.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5141(S): A directory service object was deleted. diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md index b72ef6d776..c5503ee4fa 100644 --- a/windows/security/threat-protection/auditing/event-5142.md +++ b/windows/security/threat-protection/auditing/event-5142.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5142(S): A network share object was added. diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md index d173059b23..bf370fffc3 100644 --- a/windows/security/threat-protection/auditing/event-5143.md +++ b/windows/security/threat-protection/auditing/event-5143.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5143(S): A network share object was modified. diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md index 937bc39ce4..6d117910a1 100644 --- a/windows/security/threat-protection/auditing/event-5144.md +++ b/windows/security/threat-protection/auditing/event-5144.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5144(S): A network share object was deleted. diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md index 1bf796cf9f..8584f3f782 100644 --- a/windows/security/threat-protection/auditing/event-5145.md +++ b/windows/security/threat-protection/auditing/event-5145.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5145(S, F): A network share object was checked to see whether client can be granted desired access. diff --git a/windows/security/threat-protection/auditing/event-5148.md b/windows/security/threat-protection/auditing/event-5148.md index 1946129b9b..094f91e5f3 100644 --- a/windows/security/threat-protection/auditing/event-5148.md +++ b/windows/security/threat-protection/auditing/event-5148.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5148(F): The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded. diff --git a/windows/security/threat-protection/auditing/event-5149.md b/windows/security/threat-protection/auditing/event-5149.md index 467c7145cc..3be32e2a0c 100644 --- a/windows/security/threat-protection/auditing/event-5149.md +++ b/windows/security/threat-protection/auditing/event-5149.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5149(F): The DoS attack has subsided and normal processing is being resumed. diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md index 9d9c830f21..fd48f85788 100644 --- a/windows/security/threat-protection/auditing/event-5150.md +++ b/windows/security/threat-protection/auditing/event-5150.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5150(-): The Windows Filtering Platform blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md index 6601b86883..ea0b6f1ba5 100644 --- a/windows/security/threat-protection/auditing/event-5151.md +++ b/windows/security/threat-protection/auditing/event-5151.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5151(-): A more restrictive Windows Filtering Platform filter has blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5152.md b/windows/security/threat-protection/auditing/event-5152.md index d4bcbf8042..1e2cec8711 100644 --- a/windows/security/threat-protection/auditing/event-5152.md +++ b/windows/security/threat-protection/auditing/event-5152.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5152(F): The Windows Filtering Platform blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5153.md b/windows/security/threat-protection/auditing/event-5153.md index eee4621b4d..f9e60da5a0 100644 --- a/windows/security/threat-protection/auditing/event-5153.md +++ b/windows/security/threat-protection/auditing/event-5153.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5153(S): A more restrictive Windows Filtering Platform filter has blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5154.md b/windows/security/threat-protection/auditing/event-5154.md index 6d0b939b64..4cd691deaf 100644 --- a/windows/security/threat-protection/auditing/event-5154.md +++ b/windows/security/threat-protection/auditing/event-5154.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5154(S): The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. diff --git a/windows/security/threat-protection/auditing/event-5155.md b/windows/security/threat-protection/auditing/event-5155.md index 166520ef13..b4626b59c1 100644 --- a/windows/security/threat-protection/auditing/event-5155.md +++ b/windows/security/threat-protection/auditing/event-5155.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5155(F): The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. diff --git a/windows/security/threat-protection/auditing/event-5156.md b/windows/security/threat-protection/auditing/event-5156.md index d0af703c34..f19c968a01 100644 --- a/windows/security/threat-protection/auditing/event-5156.md +++ b/windows/security/threat-protection/auditing/event-5156.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5156(S): The Windows Filtering Platform has permitted a connection. diff --git a/windows/security/threat-protection/auditing/event-5157.md b/windows/security/threat-protection/auditing/event-5157.md index c20c64f670..e860f2729c 100644 --- a/windows/security/threat-protection/auditing/event-5157.md +++ b/windows/security/threat-protection/auditing/event-5157.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5157(F): The Windows Filtering Platform has blocked a connection. diff --git a/windows/security/threat-protection/auditing/event-5158.md b/windows/security/threat-protection/auditing/event-5158.md index f35938a490..f2a088807e 100644 --- a/windows/security/threat-protection/auditing/event-5158.md +++ b/windows/security/threat-protection/auditing/event-5158.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5158(S): The Windows Filtering Platform has permitted a bind to a local port. diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md index 95ac21b41a..c66d53025f 100644 --- a/windows/security/threat-protection/auditing/event-5159.md +++ b/windows/security/threat-protection/auditing/event-5159.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5159(F): The Windows Filtering Platform has blocked a bind to a local port. diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md index 5d1e8bf0d8..2fcad0a7f5 100644 --- a/windows/security/threat-protection/auditing/event-5168.md +++ b/windows/security/threat-protection/auditing/event-5168.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5168(F): SPN check for SMB/SMB2 failed. diff --git a/windows/security/threat-protection/auditing/event-5376.md b/windows/security/threat-protection/auditing/event-5376.md index 1b77d59d7e..bc903c2a89 100644 --- a/windows/security/threat-protection/auditing/event-5376.md +++ b/windows/security/threat-protection/auditing/event-5376.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5376(S): Credential Manager credentials were backed up. diff --git a/windows/security/threat-protection/auditing/event-5377.md b/windows/security/threat-protection/auditing/event-5377.md index 82af29b1d7..0041df606e 100644 --- a/windows/security/threat-protection/auditing/event-5377.md +++ b/windows/security/threat-protection/auditing/event-5377.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5377(S): Credential Manager credentials were restored from a backup. diff --git a/windows/security/threat-protection/auditing/event-5378.md b/windows/security/threat-protection/auditing/event-5378.md index 7880067fb3..10f783e194 100644 --- a/windows/security/threat-protection/auditing/event-5378.md +++ b/windows/security/threat-protection/auditing/event-5378.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5378(F): The requested credentials delegation was disallowed by policy. diff --git a/windows/security/threat-protection/auditing/event-5447.md b/windows/security/threat-protection/auditing/event-5447.md index c7e89a3513..e20265f6c6 100644 --- a/windows/security/threat-protection/auditing/event-5447.md +++ b/windows/security/threat-protection/auditing/event-5447.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5447(S): A Windows Filtering Platform filter has been changed. diff --git a/windows/security/threat-protection/auditing/event-5632.md b/windows/security/threat-protection/auditing/event-5632.md index fd3345a565..565ff56e44 100644 --- a/windows/security/threat-protection/auditing/event-5632.md +++ b/windows/security/threat-protection/auditing/event-5632.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5632(S, F): A request was made to authenticate to a wireless network. diff --git a/windows/security/threat-protection/auditing/event-5633.md b/windows/security/threat-protection/auditing/event-5633.md index d72afb75da..8c8496f31b 100644 --- a/windows/security/threat-protection/auditing/event-5633.md +++ b/windows/security/threat-protection/auditing/event-5633.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5633(S, F): A request was made to authenticate to a wired network. diff --git a/windows/security/threat-protection/auditing/event-5712.md b/windows/security/threat-protection/auditing/event-5712.md index 48363c3beb..f3b0737f54 100644 --- a/windows/security/threat-protection/auditing/event-5712.md +++ b/windows/security/threat-protection/auditing/event-5712.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5712(S): A Remote Procedure Call (RPC) was attempted. diff --git a/windows/security/threat-protection/auditing/event-5888.md b/windows/security/threat-protection/auditing/event-5888.md index 4a22ab0013..13679d5290 100644 --- a/windows/security/threat-protection/auditing/event-5888.md +++ b/windows/security/threat-protection/auditing/event-5888.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5888(S): An object in the COM+ Catalog was modified. diff --git a/windows/security/threat-protection/auditing/event-5889.md b/windows/security/threat-protection/auditing/event-5889.md index d0d9842512..afcf23ffbe 100644 --- a/windows/security/threat-protection/auditing/event-5889.md +++ b/windows/security/threat-protection/auditing/event-5889.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5889(S): An object was deleted from the COM+ Catalog. diff --git a/windows/security/threat-protection/auditing/event-5890.md b/windows/security/threat-protection/auditing/event-5890.md index f7bf90b524..8bf8b1a673 100644 --- a/windows/security/threat-protection/auditing/event-5890.md +++ b/windows/security/threat-protection/auditing/event-5890.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 5890(S): An object was added to the COM+ Catalog. diff --git a/windows/security/threat-protection/auditing/event-6144.md b/windows/security/threat-protection/auditing/event-6144.md index 0ed126dc60..045943bcdf 100644 --- a/windows/security/threat-protection/auditing/event-6144.md +++ b/windows/security/threat-protection/auditing/event-6144.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6144(S): Security policy in the group policy objects has been applied successfully. diff --git a/windows/security/threat-protection/auditing/event-6145.md b/windows/security/threat-protection/auditing/event-6145.md index ff67ad627d..17484bcaf1 100644 --- a/windows/security/threat-protection/auditing/event-6145.md +++ b/windows/security/threat-protection/auditing/event-6145.md @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6145(F): One or more errors occurred while processing security policy in the group policy objects. diff --git a/windows/security/threat-protection/auditing/event-6281.md b/windows/security/threat-protection/auditing/event-6281.md index 28b9c2e509..a4404d8d5d 100644 --- a/windows/security/threat-protection/auditing/event-6281.md +++ b/windows/security/threat-protection/auditing/event-6281.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6281(F): Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md index 214d0c5b93..4579bf3a3f 100644 --- a/windows/security/threat-protection/auditing/event-6400.md +++ b/windows/security/threat-protection/auditing/event-6400.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6400(-): BranchCache: Received an incorrectly formatted response while discovering availability of content. diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md index 7ae7c5a3ab..b7e9be68fc 100644 --- a/windows/security/threat-protection/auditing/event-6401.md +++ b/windows/security/threat-protection/auditing/event-6401.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6401(-): BranchCache: Received invalid data from a peer. Data discarded. diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md index ca0ea21dbe..43c3c34353 100644 --- a/windows/security/threat-protection/auditing/event-6402.md +++ b/windows/security/threat-protection/auditing/event-6402.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6402(-): BranchCache: The message to the hosted cache offering it data is incorrectly formatted. diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md index dfa11c62ac..d2fdd63838 100644 --- a/windows/security/threat-protection/auditing/event-6403.md +++ b/windows/security/threat-protection/auditing/event-6403.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6403(-): BranchCache: The hosted cache sent an incorrectly formatted response to the client. diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md index fb4bccd26f..8398476eb6 100644 --- a/windows/security/threat-protection/auditing/event-6404.md +++ b/windows/security/threat-protection/auditing/event-6404.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6404(-): BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate. diff --git a/windows/security/threat-protection/auditing/event-6405.md b/windows/security/threat-protection/auditing/event-6405.md index 557c8ebabe..e8efbf0ec1 100644 --- a/windows/security/threat-protection/auditing/event-6405.md +++ b/windows/security/threat-protection/auditing/event-6405.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6405(-): BranchCache: %2 instance(s) of event id %1 occurred. diff --git a/windows/security/threat-protection/auditing/event-6406.md b/windows/security/threat-protection/auditing/event-6406.md index dbaeb0e873..5f556714d7 100644 --- a/windows/security/threat-protection/auditing/event-6406.md +++ b/windows/security/threat-protection/auditing/event-6406.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6406(-): %1 registered to Windows Firewall to control filtering for the following: %2. diff --git a/windows/security/threat-protection/auditing/event-6407.md b/windows/security/threat-protection/auditing/event-6407.md index 28612dacba..a5d377eb0e 100644 --- a/windows/security/threat-protection/auditing/event-6407.md +++ b/windows/security/threat-protection/auditing/event-6407.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6407(-): 1%. diff --git a/windows/security/threat-protection/auditing/event-6408.md b/windows/security/threat-protection/auditing/event-6408.md index c36f520a60..24596eef2a 100644 --- a/windows/security/threat-protection/auditing/event-6408.md +++ b/windows/security/threat-protection/auditing/event-6408.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6408(-): Registered product %1 failed and Windows Firewall is now controlling the filtering for %2. diff --git a/windows/security/threat-protection/auditing/event-6409.md b/windows/security/threat-protection/auditing/event-6409.md index 1ac08c75f1..776b12553b 100644 --- a/windows/security/threat-protection/auditing/event-6409.md +++ b/windows/security/threat-protection/auditing/event-6409.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6409(-): BranchCache: A service connection point object could not be parsed. diff --git a/windows/security/threat-protection/auditing/event-6410.md b/windows/security/threat-protection/auditing/event-6410.md index a9f5e5111f..bc2da0e57f 100644 --- a/windows/security/threat-protection/auditing/event-6410.md +++ b/windows/security/threat-protection/auditing/event-6410.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6410(F): Code integrity determined that a file does not meet the security requirements to load into a process. diff --git a/windows/security/threat-protection/auditing/event-6416.md b/windows/security/threat-protection/auditing/event-6416.md index 337a5395be..add5982ef7 100644 --- a/windows/security/threat-protection/auditing/event-6416.md +++ b/windows/security/threat-protection/auditing/event-6416.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6416(S): A new external device was recognized by the System. diff --git a/windows/security/threat-protection/auditing/event-6419.md b/windows/security/threat-protection/auditing/event-6419.md index 69a6f30def..0e7f44d997 100644 --- a/windows/security/threat-protection/auditing/event-6419.md +++ b/windows/security/threat-protection/auditing/event-6419.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6419(S): A request was made to disable a device. diff --git a/windows/security/threat-protection/auditing/event-6420.md b/windows/security/threat-protection/auditing/event-6420.md index 3a2dc5c9d9..f8cccf22a7 100644 --- a/windows/security/threat-protection/auditing/event-6420.md +++ b/windows/security/threat-protection/auditing/event-6420.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6420(S): A device was disabled. diff --git a/windows/security/threat-protection/auditing/event-6421.md b/windows/security/threat-protection/auditing/event-6421.md index 8ac5372312..5b0e22342b 100644 --- a/windows/security/threat-protection/auditing/event-6421.md +++ b/windows/security/threat-protection/auditing/event-6421.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6421(S): A request was made to enable a device. diff --git a/windows/security/threat-protection/auditing/event-6422.md b/windows/security/threat-protection/auditing/event-6422.md index 7e577f25c3..70ba147ede 100644 --- a/windows/security/threat-protection/auditing/event-6422.md +++ b/windows/security/threat-protection/auditing/event-6422.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6422(S): A device was enabled. diff --git a/windows/security/threat-protection/auditing/event-6423.md b/windows/security/threat-protection/auditing/event-6423.md index 5f8278b20e..10cf86de89 100644 --- a/windows/security/threat-protection/auditing/event-6423.md +++ b/windows/security/threat-protection/auditing/event-6423.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6423(S): The installation of this device is forbidden by system policy. diff --git a/windows/security/threat-protection/auditing/event-6424.md b/windows/security/threat-protection/auditing/event-6424.md index ba3fcbffe7..13af19c639 100644 --- a/windows/security/threat-protection/auditing/event-6424.md +++ b/windows/security/threat-protection/auditing/event-6424.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # 6424(S): The installation of this device was allowed, after having previously been forbidden by policy. diff --git a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md index 9c7941df2b..a5df9bf707 100644 --- a/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md +++ b/windows/security/threat-protection/auditing/file-system-global-object-access-auditing.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # File System (Global Object Access Auditing) diff --git a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md index cc3bf79488..b8cc2220c9 100644 --- a/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md +++ b/windows/security/threat-protection/auditing/how-to-list-xml-elements-in-eventdata.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # How to get a list of XML data name elements in EventData diff --git a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md index c446bdec67..3dc75d64ed 100644 --- a/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md +++ b/windows/security/threat-protection/auditing/monitor-central-access-policy-and-rule-definitions.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Monitor central access policy and rule definitions diff --git a/windows/security/threat-protection/auditing/monitor-claim-types.md b/windows/security/threat-protection/auditing/monitor-claim-types.md index b9e1ea714f..643795c7e2 100644 --- a/windows/security/threat-protection/auditing/monitor-claim-types.md +++ b/windows/security/threat-protection/auditing/monitor-claim-types.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Monitor claim types diff --git a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md index 791549bb4f..1be153db59 100644 --- a/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md +++ b/windows/security/threat-protection/auditing/monitor-resource-attribute-definitions.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Monitor resource attribute definitions diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md index ece759aeb6..83ab6f2561 100644 --- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md +++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-associated-with-files-and-folders.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Monitor the central access policies associated with files and folders diff --git a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md index 2d50a5c7db..a1780808e5 100644 --- a/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md +++ b/windows/security/threat-protection/auditing/monitor-the-central-access-policies-that-apply-on-a-file-server.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Monitor the central access policies that apply on a file server diff --git a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md index f223b3433d..20be28d785 100644 --- a/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md +++ b/windows/security/threat-protection/auditing/monitor-the-resource-attributes-on-files-and-folders.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Monitor the resource attributes on files and folders diff --git a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md index af897bbd62..ac76e18a1a 100644 --- a/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md +++ b/windows/security/threat-protection/auditing/monitor-the-use-of-removable-storage-devices.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Monitor the use of removable storage devices diff --git a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md index 7f950dd7b1..865b1b5aaf 100644 --- a/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md +++ b/windows/security/threat-protection/auditing/monitor-user-and-device-claims-during-sign-in.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Monitor user and device claims during sign-in diff --git a/windows/security/threat-protection/auditing/other-events.md b/windows/security/threat-protection/auditing/other-events.md index a54f6a6f1c..12044634fd 100644 --- a/windows/security/threat-protection/auditing/other-events.md +++ b/windows/security/threat-protection/auditing/other-events.md @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: dansimp ms.author: dansimp -ms.technology: mde +ms.technology: windows-sec --- # Other Events diff --git a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md index d47efbedbf..4f9f9b93e8 100644 --- a/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md +++ b/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Plan and deploy advanced security audit policies diff --git a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md index a01a3a3514..cd2acc181e 100644 --- a/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md +++ b/windows/security/threat-protection/auditing/registry-global-object-access-auditing.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Registry (Global Object Access Auditing) diff --git a/windows/security/threat-protection/auditing/security-auditing-overview.md b/windows/security/threat-protection/auditing/security-auditing-overview.md index fb1184eed7..1c305a4439 100644 --- a/windows/security/threat-protection/auditing/security-auditing-overview.md +++ b/windows/security/threat-protection/auditing/security-auditing-overview.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Security auditing diff --git a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md index dd8bb6516d..fe06c5d1a4 100644 --- a/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md +++ b/windows/security/threat-protection/auditing/using-advanced-security-auditing-options-to-monitor-dynamic-access-control-objects.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Using advanced security auditing options to monitor dynamic access control objects diff --git a/windows/security/threat-protection/auditing/view-the-security-event-log.md b/windows/security/threat-protection/auditing/view-the-security-event-log.md index 5b89a3802e..e934463906 100644 --- a/windows/security/threat-protection/auditing/view-the-security-event-log.md +++ b/windows/security/threat-protection/auditing/view-the-security-event-log.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # View the security event log diff --git a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md index 8e1db3e1b0..7917a249c2 100644 --- a/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md +++ b/windows/security/threat-protection/auditing/which-editions-of-windows-support-advanced-audit-policy-configuration.md @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/09/2021 -ms.technology: mde +ms.technology: windows-sec --- # Which editions of Windows support advanced audit policy configuration diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md index ea4b252a30..ea7806d09a 100644 --- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md +++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md @@ -12,7 +12,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 07/30/2021 ms.reviewer: -ms.technology: mde +ms.technology: windows-sec --- # Enable virtualization-based protection of code integrity @@ -54,8 +54,11 @@ Enabling in Intune requires using the Code Integrity node in the [AppLocker CSP] ### Enable HVCI using Group Policy 1. Use Group Policy Editor (gpedit.msc) to either edit an existing GPO or create a new one. + 2. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard**. + 3. Double-click **Turn on Virtualization Based Security**. + 4. Click **Enabled** and under **Virtualization Based Protection of Code Integrity**, select **Enabled with UEFI lock** to ensure HVCI cannot be disabled remotely or select **Enabled without UEFI lock**.  @@ -71,14 +74,17 @@ Set the following registry keys to enable HVCI. This provides exactly the same s > [!IMPORTANT] -> - Among the commands that follow, you can choose settings for **Secure Boot** and **Secure Boot with DMA**. In most situations, we recommend that you choose **Secure Boot**. This option provides Secure Boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have Secure Boot with DMA protection. A computer without IOMMUs will simply have Secure Boot enabled.
In contrast, with **Secure Boot with DMA**, the setting will enable Secure Boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS or HVCI protection, although it can still have WDAC enabled.
+> - Among the commands that follow, you can choose settings for **Secure Boot** and **Secure Boot with DMA**. In most situations, we recommend that you choose **Secure Boot**. This option provides Secure Boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have Secure Boot with DMA protection. A computer without IOMMUs will simply have Secure Boot enabled. +> +> In contrast, with **Secure Boot with DMA**, the setting will enable Secure Boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS or HVCI protection, although it can still have WDAC enabled. +> > - All drivers on the system must be compatible with virtualization-based protection of code integrity; otherwise, your system may fail. We recommend that you enable these features on a group of test computers before you enable them on users' computers. #### For Windows 10 version 1607 and later Recommended settings (to enable virtualization-based protection of Code Integrity policies, without UEFI Lock): -``` commands +```console reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f @@ -94,49 +100,49 @@ If you want to customize the preceding recommended settings, use the following s **To enable VBS** -``` command +```console reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f ``` **To enable VBS and require Secure boot only (value 1)** -``` command +```console reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f ``` **To enable VBS with Secure Boot and DMA (value 3)** -``` command +```console reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 3 /f ``` **To enable VBS without UEFI lock (value 0)** -``` command +```console reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 0 /f ``` **To enable VBS with UEFI lock (value 1)** -``` command +```console reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 1 /f ``` **To enable virtualization-based protection of Code Integrity policies** -``` command +```console reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 1 /f ``` **To enable virtualization-based protection of Code Integrity policies without UEFI lock (value 0)** -``` command +```console reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 0 /f ``` **To enable virtualization-based protection of Code Integrity policies with UEFI lock (value 1)** -``` command +```console reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 1 /f ``` @@ -144,7 +150,7 @@ reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorE Recommended settings (to enable virtualization-based protection of Code Integrity policies, without UEFI Lock): -``` command +```console reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f @@ -158,31 +164,31 @@ If you want to customize the preceding recommended settings, use the following s **To enable VBS (it is always locked to UEFI)** -``` command +```console reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f ``` **To enable VBS and require Secure boot only (value 1)** -``` command +```console reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f ``` **To enable VBS with Secure Boot and DMA (value 3)** -``` command +```console reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 3 /f ``` **To enable virtualization-based protection of Code Integrity policies (with the default, UEFI lock)** -``` command +```console reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "HypervisorEnforcedCodeIntegrity" /t REG_DWORD /d 1 /f ``` **To enable virtualization-based protection of Code Integrity policies without UEFI lock** -``` command +```console reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Unlocked" /t REG_DWORD /d 1 /f ``` @@ -190,7 +196,9 @@ reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Unlocked" /t REG Windows 10 and Windows Server 2016 have a WMI class for related properties and features: *Win32\_DeviceGuard*. This class can be queried from an elevated Windows PowerShell session by using the following command: -`Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windows\DeviceGuard` +```powershell +Get-CimInstance –ClassName Win32_DeviceGuard –Namespace root\Microsoft\Windows\DeviceGuard +``` > [!NOTE] > The *Win32\_DeviceGuard* WMI class is only available on the Enterprise edition of Windows 10. @@ -279,7 +287,7 @@ This field lists the computer name. All valid values for computer name. Another method to determine the available and enabled Windows Defender Device Guard features is to run msinfo32.exe from an elevated PowerShell session. When you run this program, the Windows Defender Device Guard properties are displayed at the bottom of the **System Summary** section. - +:::image type="content" alt-text="Windows Defender Device Guard properties in the System Summary." source="../images/dg-fig11-dgproperties.png" lightbox="../images/dg-fig11-dgproperties.png"::: ## Troubleshooting @@ -291,12 +299,15 @@ C. If you experience a critical error during boot or your system is unstable aft ## How to turn off HVCI -1. Run the following command from an elevated prompt to set the HVCI registry key to off -```ini -reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 0 /f -``` -2. Restart the device. -3. To confirm HVCI has been successfully disabled, open System Information and check **Virtualization-based security Services Running**, which should now have no value displayed. +1. Run the following command from an elevated prompt to set the HVCI registry key to off: + + ```console + reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 0 /f + ``` + +1. Restart the device. + +1. To confirm HVCI has been successfully disabled, open System Information and check **Virtualization-based security Services Running**, which should now have no value displayed. ## HVCI deployment in virtual machines @@ -311,6 +322,6 @@ Set-VMSecurity -VMName
Windows 10 Professional edition, version 1809 or higher
Windows 10 Professional for Workstations edition, version 1809 or higher
Windows 10 Professional Education edition, version 1809 or higher
Windows 10 Education edition, version 1809 or higher
Professional editions are only supported for non-managed devices; Intune or any other 3rd party mobile device management (MDM) solutions are not supported with MDAG for Professional editions.
Windows 11 | | Browser | Microsoft Edge | -| Management system
(only for managed devices)| [Microsoft Intune](/intune/)
**OR**
[Microsoft Endpoint Configuration Manager](/configmgr/)
**OR**
[Group Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753298(v=ws.11))
**OR**
Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product. |
+| Management system
(only for managed devices)| [Microsoft Intune](/intune/)
**OR**
[Microsoft Endpoint Configuration Manager](/configmgr/)
**OR**
[Group Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753298(v=ws.11))
**OR**
Your current, company-wide, non-Microsoft mobile device management (MDM) solution. For info about non-Mirosoft MDM solutions, see the documentation that came with your product. |
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
index 292813b7c0..cf455c976a 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
@@ -12,7 +12,7 @@ ms.reviewer:
manager: dansimp
ms.date: 09/09/2021
ms.custom: asr
-ms.technology: mde
+ms.technology: windows-sec
---
# Application Guard testing scenarios
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
index 9229244aa8..14c78b9fa8 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md
@@ -11,7 +11,7 @@ ms.date: 09/28/2020
ms.reviewer:
manager: dansimp
ms.author: dansimp
-ms.technology: mde
+ms.technology: windows-sec
---
# Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings
**Applies to:**
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
index baf718b6fe..8b9946ec0d 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
@@ -11,7 +11,7 @@ audience: ITPro
ms.localizationpriority: high
ms.reviewer:
manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
---
# Microsoft Defender SmartScreen
diff --git a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md
index 416b3ffd6e..a73abf03ff 100644
--- a/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md
+++ b/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md
@@ -11,7 +11,7 @@ ms.date: 10/13/2017
ms.reviewer:
manager: dansimp
ms.author: macapara
-ms.technology: mde
+ms.technology: windows-sec
---
# Set up and use Microsoft Defender SmartScreen on individual devices
diff --git a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md
index c2a1d31b98..33712bcefa 100644
--- a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md
+++ b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md
@@ -10,7 +10,7 @@ ms.pagetype: security
ms.sitesec: library
author: dulcemontemayor
ms.localizationpriority: medium
-ms.technology: mde
+ms.technology: windows-sec
---
diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
index 0a9058b91d..e783eedfcd 100644
--- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
+++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
@@ -10,7 +10,7 @@ author: dansimp
ms.reviewer:
manager: dansimp
ms.author: dansimp
-ms.technology: mde
+ms.technology: windows-sec
---
# Mitigate threats by using Windows 10 security features
diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
index e24bb48367..21a31de5bd 100644
--- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
@@ -13,7 +13,7 @@ ms.pagetype: security, devices
author: dulcemontemayor
ms.date: 10/13/2017
ms.localizationpriority: medium
-ms.technology: mde
+ms.technology: windows-sec
---
# Control the health of Windows 10-based devices
diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md
index 164d2ee773..a2c720f8da 100644
--- a/windows/security/threat-protection/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/security-compliance-toolkit-10.md
@@ -13,7 +13,7 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 11/21/2019
ms.reviewer:
-ms.technology: mde
+ms.technology: windows-sec
---
# Microsoft Security Compliance Toolkit 1.0
diff --git a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md
index 152f6711fe..3cf960a19f 100644
--- a/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md
+++ b/windows/security/threat-protection/security-policy-settings/access-credential-manager-as-a-trusted-caller.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Access Credential Manager as a trusted caller
diff --git a/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md b/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md
index 55c80b17f7..da17209420 100644
--- a/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md
+++ b/windows/security/threat-protection/security-policy-settings/access-this-computer-from-the-network.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 06/11/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Access this computer from the network - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md
index be2c2f115a..5111f06fe9 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-duration.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/16/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Account lockout duration
diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
index 26ba3362f0..5f8c91006d 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-policy.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 10/11/2018
-ms.technology: mde
+ms.technology: windows-sec
---
# Account Lockout Policy
diff --git a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
index 955b5f6e6f..fdbdef8e1e 100644
--- a/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
+++ b/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 11/02/2018
-ms.technology: mde
+ms.technology: windows-sec
---
# Account lockout threshold
diff --git a/windows/security/threat-protection/security-policy-settings/account-policies.md b/windows/security/threat-protection/security-policy-settings/account-policies.md
index 42f0509874..d3f03a9e97 100644
--- a/windows/security/threat-protection/security-policy-settings/account-policies.md
+++ b/windows/security/threat-protection/security-policy-settings/account-policies.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Account Policies
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
index 983c8abe93..132ecaa9be 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-administrator-account-status.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/01/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Accounts: Administrator account status
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md b/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md
index 21943761e2..d390220428 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-block-microsoft-accounts.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/10/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Accounts: Block Microsoft accounts
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md b/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md
index 1828f74f0d..6f785de269 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-guest-account-status.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Accounts: Guest account status - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
index 88adc7aa01..b630cc0ce5 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Accounts: Limit local account use of blank passwords to console logon only
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md b/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md
index 1bf1c8e328..d865644cf8 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-rename-administrator-account.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Accounts: Rename administrator account
diff --git a/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md b/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md
index 5694b75065..7ce4a682bc 100644
--- a/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md
+++ b/windows/security/threat-protection/security-policy-settings/accounts-rename-guest-account.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Accounts: Rename guest account - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md b/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md
index dfd593bde8..4c794419c1 100644
--- a/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md
+++ b/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Act as part of the operating system
diff --git a/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md b/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md
index c2cfbb9858..8e6a02b8ef 100644
--- a/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/add-workstations-to-domain.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Add workstations to domain
diff --git a/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md b/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md
index 154ecd7c75..c780868505 100644
--- a/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md
+++ b/windows/security/threat-protection/security-policy-settings/adjust-memory-quotas-for-a-process.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Adjust memory quotas for a process
diff --git a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
index fecacdacab..297de36841 100644
--- a/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Administer security policy settings
diff --git a/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md b/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md
index 3bb3d64326..62863b9009 100644
--- a/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md
+++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Allow log on locally - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md
index 044f3c2fe5..1ad9f2883f 100644
--- a/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md
+++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-through-remote-desktop-services.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Allow log on through Remote Desktop Services
diff --git a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md
index d534cb14e3..f22bcd4c5d 100644
--- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-access-of-global-system-objects.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Audit: Audit the access of global system objects
diff --git a/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md b/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md
index 6c2fec1dee..39535992d7 100644
--- a/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/01/2019
-ms.technology: mde
+ms.technology: windows-sec
---
# Audit: Audit the use of Backup and Restore privilege
diff --git a/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md b/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md
index 3c64ae947a..cc93c278b5 100644
--- a/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings
diff --git a/windows/security/threat-protection/security-policy-settings/audit-policy.md b/windows/security/threat-protection/security-policy-settings/audit-policy.md
index 351b357bb8..294edc4242 100644
--- a/windows/security/threat-protection/security-policy-settings/audit-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-policy.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Audit Policy
diff --git a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
index 6b2a642f91..dc462f0224 100644
--- a/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
+++ b/windows/security/threat-protection/security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Audit: Shut down system immediately if unable to log security audits
diff --git a/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md
index 67a1efe7b8..2ecdea12d2 100644
--- a/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md
+++ b/windows/security/threat-protection/security-policy-settings/back-up-files-and-directories.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Back up files and directories - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md b/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md
index 34327028f6..239a32f7b1 100644
--- a/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md
+++ b/windows/security/threat-protection/security-policy-settings/bypass-traverse-checking.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Bypass traverse checking
diff --git a/windows/security/threat-protection/security-policy-settings/change-the-system-time.md b/windows/security/threat-protection/security-policy-settings/change-the-system-time.md
index 611c4f29c6..c3d5940ecc 100644
--- a/windows/security/threat-protection/security-policy-settings/change-the-system-time.md
+++ b/windows/security/threat-protection/security-policy-settings/change-the-system-time.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Change the system time - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md b/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md
index f9251b7542..ac2ad49a7c 100644
--- a/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md
+++ b/windows/security/threat-protection/security-policy-settings/change-the-time-zone.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Change the time zone - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md b/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md
index eaca0ecfbb..c5a8a0a8e1 100644
--- a/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md
+++ b/windows/security/threat-protection/security-policy-settings/create-a-pagefile.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Create a pagefile - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/create-a-token-object.md b/windows/security/threat-protection/security-policy-settings/create-a-token-object.md
index 52fb6a0e53..b506e0c131 100644
--- a/windows/security/threat-protection/security-policy-settings/create-a-token-object.md
+++ b/windows/security/threat-protection/security-policy-settings/create-a-token-object.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Create a token object
diff --git a/windows/security/threat-protection/security-policy-settings/create-global-objects.md b/windows/security/threat-protection/security-policy-settings/create-global-objects.md
index c29a2716ee..fd0acee762 100644
--- a/windows/security/threat-protection/security-policy-settings/create-global-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/create-global-objects.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Create global objects
diff --git a/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md b/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md
index 33b84b4ddd..a38990fd17 100644
--- a/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/create-permanent-shared-objects.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Create permanent shared objects
diff --git a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md
index 70f390d16a..d5d9820efd 100644
--- a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md
+++ b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Create symbolic links
diff --git a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
index 8b5c1ba80d..cfed5fd439 100644
--- a/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
+++ b/windows/security/threat-protection/security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax
diff --git a/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md b/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
index 46bcee01d5..7142b1773f 100644
--- a/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
+++ b/windows/security/threat-protection/security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax
diff --git a/windows/security/threat-protection/security-policy-settings/debug-programs.md b/windows/security/threat-protection/security-policy-settings/debug-programs.md
index ee678fa038..0e70455139 100644
--- a/windows/security/threat-protection/security-policy-settings/debug-programs.md
+++ b/windows/security/threat-protection/security-policy-settings/debug-programs.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Debug programs
diff --git a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md
index 04844990fd..269c9d78ab 100644
--- a/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md
+++ b/windows/security/threat-protection/security-policy-settings/deny-access-to-this-computer-from-the-network.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 05/19/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Deny access to this computer from the network
diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md
index 33371b5594..3065d91365 100644
--- a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md
+++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-batch-job.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Deny log on as a batch job
diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md
index e93b14011b..3b48755935 100644
--- a/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md
+++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a-service.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Deny log on as a service
diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md
index 16aac6c38f..e3663ffda4 100644
--- a/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md
+++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-locally.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Deny log on locally
diff --git a/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md b/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md
index e618426e9d..ea9ba0f63a 100644
--- a/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md
+++ b/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Deny log on through Remote Desktop Services
diff --git a/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md
index 1c8ec83ad6..6f6a4ddb5f 100644
--- a/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md
+++ b/windows/security/threat-protection/security-policy-settings/devices-allow-undock-without-having-to-log-on.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Devices: Allow undock without having to log on
diff --git a/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md b/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md
index 4a2d451bd1..fccacdc413 100644
--- a/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md
+++ b/windows/security/threat-protection/security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Devices: Allowed to format and eject removable media
diff --git a/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md b/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md
index 15e9f97f5d..32a0ca45f2 100644
--- a/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md
+++ b/windows/security/threat-protection/security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Devices: Prevent users from installing printer drivers
diff --git a/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md b/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
index 14b745deaf..1bc52f9b73 100644
--- a/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
+++ b/windows/security/threat-protection/security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Devices: Restrict CD-ROM access to locally logged-on user only
diff --git a/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md b/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md
index 0b64be01ad..2591b45b42 100644
--- a/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md
+++ b/windows/security/threat-protection/security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Devices: Restrict floppy access to locally logged-on user only
diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md b/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md
index 6708f52037..ad7e4030e3 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Domain controller: Allow server operators to schedule tasks
diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md
index ba471b4b00..3c4bd32092 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Domain controller: LDAP server signing requirements
diff --git a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md
index 31325347d6..d0b2f91db5 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-controller-refuse-machine-account-password-changes.md
@@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.technology: mde
+ms.technology: windows-sec
---
# Domain controller: Refuse machine account password changes
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
index 9c02ea6441..c48680bf77 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Domain member: Digitally encrypt or sign secure channel data (always)
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md
index cc788fbe2b..f07984917f 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Domain member: Digitally encrypt secure channel data (when possible)
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md
index 5d0ee13652..b75a8767d9 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Domain member: Digitally sign secure channel data (when possible)
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md
index 16e25c74bf..8c85b1ecee 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 06/27/2019
-ms.technology: mde
+ms.technology: windows-sec
---
# Domain member: Disable machine account password changes
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md
index ff2d29cc14..7a5f2b3e94 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-maximum-machine-account-password-age.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 05/29/2020
-ms.technology: mde
+ms.technology: windows-sec
---
# Domain member: Maximum machine account password age
diff --git a/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md b/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md
index 544c028497..24cdd01bd2 100644
--- a/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md
+++ b/windows/security/threat-protection/security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Domain member: Require strong (Windows 2000 or later) session key
diff --git a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
index 9dfa07237d..d60d7b9568 100644
--- a/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
+++ b/windows/security/threat-protection/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Enable computer and user accounts to be trusted for delegation
diff --git a/windows/security/threat-protection/security-policy-settings/enforce-password-history.md b/windows/security/threat-protection/security-policy-settings/enforce-password-history.md
index 796779c714..e32f558d6c 100644
--- a/windows/security/threat-protection/security-policy-settings/enforce-password-history.md
+++ b/windows/security/threat-protection/security-policy-settings/enforce-password-history.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Enforce password history
diff --git a/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md b/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md
index 71615ceabb..c1b6e0c09e 100644
--- a/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md
+++ b/windows/security/threat-protection/security-policy-settings/enforce-user-logon-restrictions.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Enforce user logon restrictions
diff --git a/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md b/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md
index e6585a09a3..ed338300e8 100644
--- a/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md
+++ b/windows/security/threat-protection/security-policy-settings/force-shutdown-from-a-remote-system.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Force shutdown from a remote system
diff --git a/windows/security/threat-protection/security-policy-settings/generate-security-audits.md b/windows/security/threat-protection/security-policy-settings/generate-security-audits.md
index 40e5ca7ef1..4f81ddbe37 100644
--- a/windows/security/threat-protection/security-policy-settings/generate-security-audits.md
+++ b/windows/security/threat-protection/security-policy-settings/generate-security-audits.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Generate security audits
diff --git a/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md
index 7ad1fc41a6..548dfc7385 100644
--- a/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Configure security policy settings
diff --git a/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md b/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md
index 7c59f4013c..b7503031b7 100644
--- a/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md
+++ b/windows/security/threat-protection/security-policy-settings/impersonate-a-client-after-authentication.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Impersonate a client after authentication
diff --git a/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md b/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md
index 4473a058bb..f6eda6e23e 100644
--- a/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md
+++ b/windows/security/threat-protection/security-policy-settings/increase-a-process-working-set.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Increase a process working set
diff --git a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
index 8ca263ed4f..e2e776a8be 100644
--- a/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
+++ b/windows/security/threat-protection/security-policy-settings/increase-scheduling-priority.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 2/6/2020
-ms.technology: mde
+ms.technology: windows-sec
---
# Increase scheduling priority
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
index ce251bc758..7c5ca6c4a7 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Interactive logon: Display user information when the session is locked
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md
index dc34342e33..9994a60f7e 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name.md
@@ -14,7 +14,7 @@ ms.topic: conceptual
ms.date: 04/19/2017
ms.reviewer:
ms.author: dansimp
-ms.technology: mde
+ms.technology: windows-sec
---
# Interactive logon: Don't display last signed-in
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md
index e209f6f824..4131998946 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Interactive logon: Do not require CTRL+ALT+DEL
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
index dc75f23f03..e0431252ef 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Interactive logon: Don't display username at sign-in
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md
index ea490bea9a..e9a1fea0ae 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-account-lockout-threshold.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Interactive logon: Machine account lockout threshold
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md
index b42c080ea0..737bfddba3 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/18/2018
-ms.technology: mde
+ms.technology: windows-sec
---
# Interactive logon: Machine inactivity limit
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md
index 554fcc6d63..ec72b350f1 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Interactive logon: Message text for users attempting to log on
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md
index 3f2be2aad0..e5f5ce5eb8 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Interactive logon: Message title for users attempting to log on
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
index 1e1a6c2d56..90773e0b18 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/27/2018
-ms.technology: mde
+ms.technology: windows-sec
---
# Interactive logon: Number of previous logons to cache (in case domain controller is not available)
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md
index 0eada407ca..0194532533 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Interactive log on: Prompt the user to change passwords before expiration
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
index e08474cde8..88948dcc4f 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Interactive logon: Require Domain Controller authentication to unlock workstation
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
index 1235ce1f89..1ef1627762 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-require-smart-card.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Interactive logon: Require smart card - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md b/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md
index 822699cbe5..8b8a23f14d 100644
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-smart-card-removal-behavior.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Interactive logon: Smart card removal behavior
diff --git a/windows/security/threat-protection/security-policy-settings/kerberos-policy.md b/windows/security/threat-protection/security-policy-settings/kerberos-policy.md
index 4dde3dafa0..50e612ee9a 100644
--- a/windows/security/threat-protection/security-policy-settings/kerberos-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/kerberos-policy.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Kerberos Policy
diff --git a/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md b/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md
index ece23d6a1b..a0534994d0 100644
--- a/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md
+++ b/windows/security/threat-protection/security-policy-settings/load-and-unload-device-drivers.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Load and unload device drivers
diff --git a/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md b/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md
index 9f512271e5..17b2d7d0e6 100644
--- a/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md
+++ b/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Lock pages in memory
diff --git a/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md b/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md
index e4997ab361..4fb931974f 100644
--- a/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md
+++ b/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Log on as a batch job
diff --git a/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md b/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md
index a170ea805c..dbcb0f1907 100644
--- a/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md
+++ b/windows/security/threat-protection/security-policy-settings/log-on-as-a-service.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Log on as a service
diff --git a/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md b/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md
index 057b9c3219..5da39ee708 100644
--- a/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md
+++ b/windows/security/threat-protection/security-policy-settings/manage-auditing-and-security-log.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Manage auditing and security log
diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md
index 4c5b767250..e3ed6c49c4 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-service-ticket.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Maximum lifetime for service ticket
diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md
index 4298be4ed3..0b5fddd3cd 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Maximum lifetime for user ticket renewal
diff --git a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md
index c9f03e275f..b189dda660 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-lifetime-for-user-ticket.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Maximum lifetime for user ticket
diff --git a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md
index 18d09c4627..546b7de4f2 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-password-age.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-password-age.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Maximum password age
diff --git a/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md b/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md
index 98e58336ac..fe607f246f 100644
--- a/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md
+++ b/windows/security/threat-protection/security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Maximum tolerance for computer clock synchronization
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md
index f2c0e59130..d6c198624a 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md
@@ -12,7 +12,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: dansimp
ms.date: 06/28/2018
-ms.technology: mde
+ms.technology: windows-sec
---
# Microsoft network client: Digitally sign communications (always)
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
index 3fca806b68..0cc87e361e 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
index df04135ddb..abe6db2b33 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Microsoft network server: Amount of idle time required before suspending session
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
index bf80e3d066..1ef73b3a59 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Microsoft network server: Attempt S4U2Self to obtain claim information
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md
index aa8327994b..afb7ddfe20 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 06/21/2018
-ms.technology: mde
+ms.technology: windows-sec
---
# Microsoft network server: Digitally sign communications (always)
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
index c63ba1fa9c..5cf58f4daf 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Microsoft network server: Disconnect clients when logon hours expire
diff --git a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md
index 934085e4f4..23c36d99fa 100644
--- a/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md
+++ b/windows/security/threat-protection/security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Microsoft network server: Server SPN target name validation level
diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md
index a36abdd6f7..960112af64 100644
--- a/windows/security/threat-protection/security-policy-settings/minimum-password-age.md
+++ b/windows/security/threat-protection/security-policy-settings/minimum-password-age.md
@@ -12,7 +12,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: dansimp
ms.date: 11/13/2018
-ms.technology: mde
+ms.technology: windows-sec
---
# Minimum password age
diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
index c14de4b2fc..7921cdcc37 100644
--- a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
+++ b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Minimum password length
diff --git a/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md b/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md
index baa5e9c04b..b320e305b8 100644
--- a/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md
+++ b/windows/security/threat-protection/security-policy-settings/modify-an-object-label.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Modify an object label
diff --git a/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md b/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md
index 6858bbce7e..8d28849453 100644
--- a/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md
+++ b/windows/security/threat-protection/security-policy-settings/modify-firmware-environment-values.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Modify firmware environment values
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md b/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md
index b78e43e706..82be9fa1ec 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network access: Allow anonymous SID/Name translation
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
index 23a4d0c815..aa56038e35 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network access: Do not allow anonymous enumeration of SAM accounts and shares
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
index 3243d8261b..1e144a682f 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network access: Do not allow anonymous enumeration of SAM accounts
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
index 8cdbdc9908..160dbb22e8 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 07/01/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Network access: Do not allow storage of passwords and credentials for network authentication
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md
index 816f4d78b1..542bd046ed 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network access: Let Everyone permissions apply to anonymous users
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md
index bb01d6c117..78c22e2c43 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network access: Named Pipes that can be accessed anonymously
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md
index 078753c170..1f5a821007 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network access: Remotely accessible registry paths and subpaths
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md
index ab9370f9dd..fe4a3d425e 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-remotely-accessible-registry-paths.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network access: Remotely accessible registry paths
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
index 9fea7c3077..57dc9bbbb8 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network access: Restrict anonymous access to Named Pipes and Shares
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
index 66c3926643..e6ec3878c7 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
@@ -11,7 +11,7 @@ ms.date: 09/17/2018
ms.reviewer:
manager: dansimp
ms.author: dansimp
-ms.technology: mde
+ms.technology: windows-sec
---
# Network access: Restrict clients allowed to make remote calls to SAM
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md
index 125d609e61..0e8c62d1a3 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network access: Shares that can be accessed anonymously
diff --git a/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md b/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md
index 359010211d..f4a400c044 100644
--- a/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md
+++ b/windows/security/threat-protection/security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network access: Sharing and security model for local accounts
diff --git a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md
index 69ecb0c119..619b009548 100644
--- a/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md
+++ b/windows/security/threat-protection/security-policy-settings/network-list-manager-policies.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network List Manager policies
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
index 605dfd0cfd..261dd0a213 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 10/04/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Network security: Allow Local System to use computer identity for NTLM
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md
index 3f67d9dfbf..401a588948 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-localsystem-null-session-fallback.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network security: Allow LocalSystem NULL session fallback
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
index 671eb87720..7b4fd7fe4b 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network security: Allow PKU2U authentication requests to this computer to use online identities
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md
index d6813adc8f..034a2762ea 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network security: Configure encryption types allowed for Kerberos
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
index 23140d7b81..ebf155ba56 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network security: Do not store LAN Manager hash value on next password change
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md b/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md
index d82ba2d356..daab389419 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network security: Force logoff when logon hours expire
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md b/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md
index 90ab68bf7a..fcd510671f 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network security: LAN Manager authentication level
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md
index deb400f637..006e925460 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-ldap-client-signing-requirements.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network security: LDAP client signing requirements
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
index 7da3832813..1ab941f6ae 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 07/27/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
index fd5bcf7731..d606dc935b 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
index 4f61542115..bf5804a540 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
index ad33075c6d..5fb535995e 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network security: Restrict NTLM: Add server exceptions in this domain
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
index 466fe77336..47b963ab2a 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network security: Restrict NTLM: Audit incoming NTLM traffic
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
index 595f2d660a..bdbf0e528d 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network security: Restrict NTLM: Audit NTLM authentication in this domain
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md
index 1c4ca789c3..cbcc2e7d66 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network security: Restrict NTLM: Incoming NTLM traffic
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
index 947f4ab587..ccaba0be7d 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network security: Restrict NTLM: NTLM authentication in this domain
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
index 1a547615d6..f53a1e1665 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
diff --git a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
index 1a74bf2b3a..7928508380 100644
--- a/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
+++ b/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements.md
@@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.technology: mde
+ms.technology: windows-sec
---
# Password must meet complexity requirements
diff --git a/windows/security/threat-protection/security-policy-settings/password-policy.md b/windows/security/threat-protection/security-policy-settings/password-policy.md
index 697b00c255..11d69785c6 100644
--- a/windows/security/threat-protection/security-policy-settings/password-policy.md
+++ b/windows/security/threat-protection/security-policy-settings/password-policy.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Password Policy
diff --git a/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md b/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md
index 44ce6c881a..514e1a9ea7 100644
--- a/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md
+++ b/windows/security/threat-protection/security-policy-settings/perform-volume-maintenance-tasks.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Perform volume maintenance tasks
diff --git a/windows/security/threat-protection/security-policy-settings/profile-single-process.md b/windows/security/threat-protection/security-policy-settings/profile-single-process.md
index fc3af3e372..599cb50810 100644
--- a/windows/security/threat-protection/security-policy-settings/profile-single-process.md
+++ b/windows/security/threat-protection/security-policy-settings/profile-single-process.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Profile single process
diff --git a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md
index 37a46be943..47f372d723 100644
--- a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md
+++ b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Profile system performance
diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md
index 8d560cc318..c188b74c08 100644
--- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md
+++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Recovery console: Allow automatic administrative logon
diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
index 2d90c0a80f..c06d6f180c 100644
--- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
+++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Recovery console: Allow floppy copy and access to all drives and folders
diff --git a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md
index 099396d96b..4508560bdc 100644
--- a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md
+++ b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Remove computer from docking station - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md
index 497b00f4d5..dd1696b067 100644
--- a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md
+++ b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Replace a process level token
diff --git a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
index b58d2f93b4..87951d31f4 100644
--- a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
+++ b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 11/02/2018
-ms.technology: mde
+ms.technology: windows-sec
---
# Reset account lockout counter after
diff --git a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md
index 56932252a4..08c30303cf 100644
--- a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md
+++ b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Restore files and directories - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md
index 58e86eb700..fe3ba96d3f 100644
--- a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Advanced security audit policy settings
diff --git a/windows/security/threat-protection/security-policy-settings/security-options.md b/windows/security/threat-protection/security-policy-settings/security-options.md
index b31d7a38cd..f7a90a01c0 100644
--- a/windows/security/threat-protection/security-policy-settings/security-options.md
+++ b/windows/security/threat-protection/security-policy-settings/security-options.md
@@ -12,7 +12,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: dansimp
ms.date: 06/28/2018
-ms.technology: mde
+ms.technology: windows-sec
---
# Security Options
diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md
index 690b97fddb..a1d965558b 100644
--- a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md
+++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Security policy settings reference
diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
index 7a58b942a4..a0a8270da7 100644
--- a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Security policy settings
diff --git a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md
index 1b5d5a161d..57374f2aa8 100644
--- a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md
+++ b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Shut down the system - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
index 5f9aec2590..f80dd3b8cf 100644
--- a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
+++ b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Shutdown: Allow system to be shut down without having to log on
diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md
index b556412de2..4cada523db 100644
--- a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md
+++ b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 08/01/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Shutdown: Clear virtual memory pagefile
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md
index 996a278b07..204a5206ba 100644
--- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 01/04/2019
-ms.technology: mde
+ms.technology: windows-sec
---
# SMBv1 Microsoft network client: Digitally sign communications (always)
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
index 6b4331de2f..9ef171ea55 100644
--- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 01/04/2019
-ms.technology: mde
+ms.technology: windows-sec
---
# SMBv1 Microsoft network client: Digitally sign communications (if server agrees)
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md
index 0c427716aa..ffedfe0697 100644
--- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 01/04/2019
-ms.technology: mde
+ms.technology: windows-sec
---
# SMB v1 Microsoft network server: Digitally sign communications (always)
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
index 032bb6d057..48bbab1f2f 100644
--- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 01/04/2019
-ms.technology: mde
+ms.technology: windows-sec
---
# SMBv1 Microsoft network server: Digitally sign communications (if client agrees)
diff --git a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md
index fa3693209f..ea2f55d403 100644
--- a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md
+++ b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Store passwords using reversible encryption
diff --git a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md
index 04d2c905ec..88f07c4037 100644
--- a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md
+++ b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Synchronize directory service data
diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
index 0ab38e9139..d5dd1f683e 100644
--- a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
+++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# System cryptography: Force strong key protection for user keys stored on the computer
diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
index 67de664cfc..e98291ef6b 100644
--- a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
+++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 11/16/2018
-ms.technology: mde
+ms.technology: windows-sec
---
# System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
index 7d3fdb17cd..3a9ceb4840 100644
--- a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
+++ b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# System objects: Require case insensitivity for non-Windows subsystems
diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md
index 731ff816b1..abd9724c03 100644
--- a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# System objects: Strengthen default permissions of internal system objects (for example, Symbolic Links)
diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md
index 05dc5f7a16..a271d9f87f 100644
--- a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md
+++ b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# System settings: Optional subsystems
diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md b/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
index 85d1c3a9c8..9791d8a12d 100644
--- a/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
+++ b/windows/security/threat-protection/security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# System settings: Use certificate rules on Windows executables for Software Restriction Policies
diff --git a/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md b/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md
index 45985b786a..c4781f258c 100644
--- a/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/take-ownership-of-files-or-other-objects.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Take ownership of files or other objects
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
index d7900e363c..16e00a82f8 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# User Account Control: Admin Approval Mode for the Built-in Administrator account
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md b/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
index 09f6411652..8526a457ae 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
index 716ff6ad2d..e653550846 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
index de0490479f..48f2dfa8c7 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md
@@ -14,8 +14,8 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.date: 04/19/2017
-ms.technology: mde
+ms.date: 10/11/2021
+ms.technology: windows-sec
---
# User Account Control: Behavior of the elevation prompt for standard users
@@ -46,7 +46,7 @@ This policy setting determines the behavior of the elevation prompt for standard
### Best practices
1. Configure the **User Account Control: Behavior of the elevation prompt for standard users** to **Automatically deny elevation requests**. This setting requires the user to log on with an administrative account to run programs that require elevation of privilege.
-2. As a security best practice, standard users should not have knowledge of administrative passwords. However, if your users have both standard and administrator-level accounts, set **Prompt for credentials** so that the users do not choose to always log on with their administrator accounts, and they shift their behavior to use the standard user account.
+2. As a security best practice, standard users should not have knowledge of administrative passwords. However, if your users have both standard and administrator-level accounts, set **Prompt for credentials on the secure desktop** so that the users do not choose to always log on with their administrator accounts, and they shift their behavior to use the standard user account.
### Location
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md
index be33709e17..431ac04a15 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# User Account Control: Detect application installations and prompt for elevation
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
index 62665872ff..242580312c 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# User Account Control: Only elevate executables that are signed and validated
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
index 06e3831a67..76a8bc97a2 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# User Account Control: Only elevate UIAccess applications that are installed in secure locations
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
index da3fbca962..1ce02f4be2 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# User Account Control: Run all administrators in Admin Approval Mode
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md b/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
index 6b34c92be1..5eb4fbd4e9 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# User Account Control: Switch to the secure desktop when prompting for elevation
diff --git a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
index e8bf2f6497..dda6b18a18 100644
--- a/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
+++ b/windows/security/threat-protection/security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# User Account Control: Virtualize file and registry write failures to per-user locations
diff --git a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
index 5efa422cb9..6760680ea6 100644
--- a/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
+++ b/windows/security/threat-protection/security-policy-settings/user-rights-assignment.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 04/19/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# User Rights Assignment
diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
index a8362c5bda..fc9376dadb 100644
--- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
@@ -12,7 +12,7 @@ ms.pagetype: security
author: dulcemontemayor
ms.date: 02/28/2019
ms.localizationpriority: medium
-ms.technology: mde
+ms.technology: windows-sec
---
# Use Windows Event Forwarding to help with intrusion detection
diff --git a/windows/security/threat-protection/windows-10-mobile-security-guide.md b/windows/security/threat-protection/windows-10-mobile-security-guide.md
index 11b4c1a58b..4ee9598673 100644
--- a/windows/security/threat-protection/windows-10-mobile-security-guide.md
+++ b/windows/security/threat-protection/windows-10-mobile-security-guide.md
@@ -13,7 +13,7 @@ ms.pagetype: security, mobile
ms.localizationpriority: medium
author: dulcemontemayor
ms.date: 10/13/2017
-ms.technology: mde
+ms.technology: windows-sec
---
# Windows 10 Mobile security guide
diff --git a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
index 1fd7837df9..bea57dd3c8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
+++ b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md
@@ -15,7 +15,7 @@ ms.reviewer: isbrahm
ms.author: dansimp
manager: dansimp
ms.date: 10/30/2019
-ms.technology: mde
+ms.technology: windows-sec
---
# Allow Line-of-Business Win32 Apps on Intune-Managed S Mode Devices
diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
index 9cfa2e9982..9ff80c8e3d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
@@ -110,6 +110,8 @@
href: querying-application-control-events-centrally-using-advanced-hunting.md
- name: Known Issues
href: operations/known-issues.md
+ - name: Managed installer and ISG technical reference and troubleshooting guide
+ href: configure-wdac-managed-installer.md
- name: AppLocker
href: applocker\applocker-overview.md
items:
diff --git a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
index f200b445bc..9e1b49b4c8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
@@ -14,7 +14,7 @@ author: dansimp
ms.reviewer: isbrahm
ms.author: dansimp
manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
---
# Allow COM object registration in a Windows Defender Application Control policy
@@ -26,7 +26,7 @@ ms.technology: mde
- Windows Server 2016 and later
> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](feature-availability.md).
The [Microsoft Component Object Model (COM)](/windows/desktop/com/the-component-object-model) is a platform-independent, distributed, object-oriented system for creating binary software components that can interact. COM specifies an object model and programming requirements that enable COM objects to interact with other objects.
@@ -104,16 +104,16 @@ Example 3: Allows a specific COM object to register in PowerShell
Here's an example of an error in the Event Viewer (**Application and Service Logs** > **Microsoft** > **Windows** > **AppLocker** > **MSI and Script**):
-Log Name: Microsoft-Windows-AppLocker/MSI and Script
-Source: Microsoft-Windows-AppLocker
-Date: 11/11/2020 1:18:11 PM
-Event ID: 8036
-Task Category: None
-Level: Error
-Keywords:
-User: S-1-5-21-3340858017-3068726007-3466559902-3647
-Computer: contoso.com
-Description: {f8d253d9-89a4-4daa-87b6-1168369f0b21} was prevented from running due to Config CI policy.
+> Log Name: Microsoft-Windows-AppLocker/MSI and Script
+> Source: Microsoft-Windows-AppLocker
+> Date: 11/11/2020 1:18:11 PM
+> Event ID: 8036
+> Task Category: None
+> Level: Error
+> Keywords:
+> User: S-1-5-21-3340858017-3068726007-3466559902-3647
+> Computer: contoso.com
+> Description: {f8d253d9-89a4-4daa-87b6-1168369f0b21} was prevented from running due to Config CI policy.
Event XML:
@@ -155,10 +155,10 @@ To add this CLSID to the existing policy, follow these steps:
Once the command has been run, you will find that the following section is added to the policy XML.
```XML
-
-
## Configuring Policy Rules
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md
index 66ad01329f..4c286095a7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-merging-policies.md
@@ -16,7 +16,7 @@ ms.author: dansimp
manager: dansimp
ms.topic: conceptual
ms.date: 10/14/2020
-ms.technology: mde
+ms.technology: windows-sec
---
# Merging existing policies with the WDAC Wizard
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md
index 3143fd1d5c..8024e0f03b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard.md
@@ -16,7 +16,7 @@ ms.author: dansimp
manager: dansimp
ms.topic: conceptual
ms.date: 10/14/2020
-ms.technology: mde
+ms.technology: windows-sec
---
# Windows Defender Application Control Wizard
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
index b3d650b5e2..a247be4297 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
@@ -15,7 +15,7 @@ ms.reviewer: jogeurte
ms.author: dansimp
manager: dansimp
ms.date: 05/16/2018
-ms.technology: mde
+ms.technology: windows-sec
---
# Deploying Windows Defender Application Control (WDAC) policies
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
index 6617b5581c..2d52ef271b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
@@ -16,7 +16,7 @@ ms.author: dansimp
manager: dansimp
ms.topic: conceptual
ms.date: 02/20/2018
-ms.technology: mde
+ms.technology: windows-sec
---
# Windows Defender Application Control design guide
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
index 8d5d8dda4a..00ab146f0a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
@@ -15,7 +15,7 @@ ms.reviewer: isbrahm
ms.author: dansimp
manager: dansimp
ms.date: 03/16/2020
-ms.technology: mde
+ms.technology: windows-sec
---
# Windows Defender Application Control operational guide
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
index 9d17eb7f30..4e7a69a494 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control.md
@@ -16,7 +16,7 @@ ms.author: deniseb
manager: dansimp
ms.date: 05/26/2020
ms.custom: asr
-ms.technology: mde
+ms.technology: windows-sec
---
# Application Control for Windows
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
index 7f3ef48df0..2b298178cb 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-windows-10-in-s-mode.md
@@ -13,7 +13,7 @@ ms.author: dansimp
ms.date: 04/30/2018
ms.reviewer:
manager: dansimp
-ms.technology: mde
+ms.technology: windows-sec
---
# Manage Windows Security in Windows 10 in S mode
diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
index 848345ef8b..128243e87c 100644
--- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
+++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
@@ -13,7 +13,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: dansimp
ms.date: 03/01/2019
-ms.technology: mde
+ms.technology: windows-sec
---
diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
index 55321967df..c234a83d1d 100644
--- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
+++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
@@ -12,7 +12,7 @@ ms.date: 07/01/2021
ms.reviewer:
manager: dansimp
ms.author: dansimp
-ms.technology: mde
+ms.technology: windows-sec
---
# System Guard Secure Launch and SMM protection
diff --git a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
index 22c00f87cc..0ffe9699ca 100644
--- a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Add Production Devices to the Membership Group for a Zone
diff --git a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
index 14eaf54184..e3a45c598a 100644
--- a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Add Test Devices to the Membership Group for a Zone
diff --git a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
index 7a8c114351..1a7d5dd07e 100644
--- a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
+++ b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Appendix A: Sample GPO Template Files for Settings Used in this Guide
diff --git a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
index 2fe271c315..221490f2e9 100644
--- a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Assign Security Group Filters to the GPO
diff --git a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
index 0eda99ff36..2523d0ce01 100644
--- a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
@@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.technology: mde
+ms.technology: windows-sec
---
# Basic Firewall Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
index fde3e3850b..aa02076a04 100644
--- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
+++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
@@ -13,7 +13,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.technology: mde
+ms.technology: windows-sec
---
# Best practices for configuring Windows Defender Firewall
diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
index d17a0d6cac..e867dc86b4 100644
--- a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Boundary Zone GPOs
diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone.md b/windows/security/threat-protection/windows-firewall/boundary-zone.md
index 9c0d1186eb..11c757ec1c 100644
--- a/windows/security/threat-protection/windows-firewall/boundary-zone.md
+++ b/windows/security/threat-protection/windows-firewall/boundary-zone.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Boundary Zone
diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
index be336a726b..2904f65cb4 100644
--- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Certificate-based Isolation Policy Design Example
diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
index a59ba99025..f134b8f1db 100644
--- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Certificate-based isolation policy design
diff --git a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
index eb09b78b9f..fe2aeb49e8 100644
--- a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
+++ b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Change Rules from Request to Require Mode
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
index ec2429b56d..18558ef571 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Checklist: Configuring Basic Firewall Settings
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
index 5e8cd7d149..296c1e7556 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Checklist: Configuring Rules for an Isolated Server Zone
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
index c464183424..4c9332aa61 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
index 2a908f4267..4fa942aac8 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Checklist: Configuring Rules for the Boundary Zone
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
index fc6329d478..f543b9606f 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Checklist: Configuring Rules for the Encryption Zone
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
index 2a0fe73601..e5e7186579 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Checklist: Configuring Rules for the Isolated Domain
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
index b5113224e7..1796cc336e 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Checklist: Creating Group Policy Objects
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
index 53822035a9..cb5f132795 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Checklist: Creating Inbound Firewall Rules
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
index 445f1e1eda..cc6976169c 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Checklist: Creating Outbound Firewall Rules
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
index d57f7d5a5d..62905bf49e 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
index 1d50c40f3d..c9c577bc2e 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Checklist: Implementing a Basic Firewall Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
index 1166334bca..a1183f3f52 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Checklist: Implementing a Certificate-based Isolation Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
index cf988d2a7d..6a6f01d952 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Checklist: Implementing a Domain Isolation Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
index b571f7dce4..3090ba97d5 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Checklist: Implementing a Standalone Server Isolation Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
index 1841e7d9f5..7522322a6f 100644
--- a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
+++ b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Configure Authentication Methods
diff --git a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
index 2ef49bcb9e..99a5795add 100644
--- a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
+++ b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Configure Data Protection (Quick Mode) Settings
diff --git a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
index 064de062cf..ef75edf628 100644
--- a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
+++ b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Configure Group Policy to Autoenroll and Deploy Certificates
diff --git a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
index 3164f07dea..6e18c1001c 100644
--- a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
+++ b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Configure Key Exchange (Main Mode) Settings
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
index e3d4f8f8b6..c7c3f8fafc 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Configure the Rules to Require Encryption
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
index a4a7b01573..c7d71a4f26 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Configure the Windows Defender Firewall with Advanced Security Log
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
index 58fdd2dd8a..f0c5bb8bdf 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
@@ -12,7 +12,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: dansimp
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Configure the Workstation Authentication Certificate Template
diff --git a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
index ee29ef81e8..9a23ea1f28 100644
--- a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
+++ b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Configure Windows Defender Firewall with Advanced Security to Suppress Notifications When a Program Is Blocked
diff --git a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
index 6e1c2f5c0b..45aac5c3bd 100644
--- a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
+++ b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Confirm That Certificates Are Deployed Correctly
diff --git a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
index ac157cc912..16fa98ba4f 100644
--- a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Copy a GPO to Create a New GPO
diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
index 844bf1db69..7f5899e2f5 100644
--- a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
+++ b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Create a Group Account in Active Directory
diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
index b7b3944df5..c1f6da0c2a 100644
--- a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
+++ b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Create a Group Policy Object
diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
index c28612d61c..513807383f 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Create an Authentication Exemption List Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md
index b3a12b2ba9..037a451dee 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Create an Authentication Request Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
index 53f49581bd..da5b7f7f20 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Create an Inbound ICMP Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
index 452b942ae5..93586077a2 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Create an Inbound Port Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
index c3db4fccfa..bb976db9c3 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Create an Inbound Program or Service Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
index ebce547b94..e38e364c07 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Create an Outbound Port Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md
index d3c40f879a..15141a8aff 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Create an Outbound Program or Service Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
index 07e8a14728..9539084377 100644
--- a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
+++ b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Create Inbound Rules to Support RPC
diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
index 587339f4f2..e8872fb1a3 100644
--- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
+++ b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
@@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
-ms.technology: mde
+ms.technology: windows-sec
---
# Create Windows Firewall rules in Intune
diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
index 725f75af51..6d9896ef84 100644
--- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Create WMI Filters for the GPO
diff --git a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
index 52f4ad1566..bb72548e1a 100644
--- a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
+++ b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Designing a Windows Defender Firewall with Advanced Security Strategy
diff --git a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
index fe567b13bf..be0ce97138 100644
--- a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
+++ b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Determining the Trusted State of Your Devices
diff --git a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
index 990d2c4fec..6b8adafa56 100644
--- a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
+++ b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Documenting the Zones
diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
index dffc684c37..ec6e6a670b 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Domain Isolation Policy Design Example
diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
index 6d6e93c035..0f112cdfa7 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Domain Isolation Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md
index e8cd903c18..cd420e5088 100644
--- a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md
+++ b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Enable Predefined Inbound Rules
diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
index 8a3aa2796f..0102f9ee3a 100644
--- a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
+++ b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Enable Predefined Outbound Rules
diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
index c57c92edcd..6d909df105 100644
--- a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Encryption Zone GPOs
diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone.md b/windows/security/threat-protection/windows-firewall/encryption-zone.md
index 31176e0204..fe2e9815a6 100644
--- a/windows/security/threat-protection/windows-firewall/encryption-zone.md
+++ b/windows/security/threat-protection/windows-firewall/encryption-zone.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Encryption Zone
diff --git a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md
index 4aea9e2010..0a1c8c3094 100644
--- a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md
+++ b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Evaluating Windows Defender Firewall with Advanced Security Design Examples
diff --git a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
index 2dfe9fd103..686d6ff871 100644
--- a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
+++ b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Exempt ICMP from Authentication
diff --git a/windows/security/threat-protection/windows-firewall/exemption-list.md b/windows/security/threat-protection/windows-firewall/exemption-list.md
index e4569e0cf8..c060789ce3 100644
--- a/windows/security/threat-protection/windows-firewall/exemption-list.md
+++ b/windows/security/threat-protection/windows-firewall/exemption-list.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Exemption List
diff --git a/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md b/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md
index 718505a9d7..ca7cb954eb 100644
--- a/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md
+++ b/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md
@@ -13,7 +13,7 @@ ms.collection:
- m365-security-compliance
- m365-initiative-windows-security
ms.topic: troubleshooting
-ms.technology: mde
+ms.technology: windows-sec
---
# Filter origin audit log improvements
diff --git a/windows/security/threat-protection/windows-firewall/firewall-gpos.md b/windows/security/threat-protection/windows-firewall/firewall-gpos.md
index 8482ee05ce..c6815864d5 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-gpos.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Firewall GPOs
diff --git a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
index 85ce84a2a9..e130a76c47 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Basic Firewall Policy Design Example
diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md
index cb36df4ddd..562716bc3b 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md
@@ -13,7 +13,7 @@ ms.collection:
- m365-security-compliance
- m365-initiative-windows-security
ms.topic: troubleshooting
-ms.technology: mde
+ms.technology: windows-sec
---
# Troubleshooting Windows Firewall settings after a Windows upgrade
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
index 07fea715ef..32c6dd328f 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Gathering Information about Your Active Directory Deployment
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
index 08f2987678..65ecfd3af8 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Gathering Information about Your Current Network Infrastructure
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
index c5f34e8ce7..0e57c0e9a9 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Gathering Information about Your Devices
diff --git a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
index a34c386f5c..3a143a59c5 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Gathering Other Relevant Information
diff --git a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
index aad5e33e18..8482a7cd65 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Gathering the Information You Need
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
index 3eb3e0fb2b..afa8e8f5cc 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# GPO\_DOMISO\_Boundary
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
index bf33747880..d1ca928d07 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
@@ -15,7 +15,7 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# GPO\_DOMISO\_Encryption\_WS2008
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
index f625255685..662dd03f50 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# GPO\_DOMISO\_Firewall
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md
index ce42bb0dd3..bed380f50e 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# GPO\_DOMISO\_IsolatedDomain\_Clients
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
index ca3da60412..fb40bad66f 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# GPO\_DOMISO\_IsolatedDomain\_Servers
diff --git a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
index a3648e301a..6746a2c01c 100644
--- a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
+++ b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Identifying Windows Defender Firewall with Advanced Security implementation goals
diff --git a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
index adb0db7bd9..9f16389687 100644
--- a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
+++ b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Implementing Your Windows Defender Firewall with Advanced Security Design Plan
diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
index 72632250e3..ccaefb1de6 100644
--- a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Isolated Domain GPOs
diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/threat-protection/windows-firewall/isolated-domain.md
index 037bf1f77b..af0a3cd985 100644
--- a/windows/security/threat-protection/windows-firewall/isolated-domain.md
+++ b/windows/security/threat-protection/windows-firewall/isolated-domain.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Isolated Domain
diff --git a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
index 6e2fcee3e3..642c968859 100644
--- a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
+++ b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
@@ -14,7 +14,7 @@ ms.topic: conceptual
ms.date: 09/08/2021
ms.reviewer:
ms.author: dansimp
-ms.technology: mde
+ms.technology: windows-sec
---
# Isolating Microsoft Store Apps on Your Network
diff --git a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
index c50865a29b..472e264155 100644
--- a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
+++ b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Link the GPO to the Domain
diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
index 048875eafd..4d847f7055 100644
--- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Mapping your implementation goals to a Windows Firewall with Advanced Security design
diff --git a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
index 037b3a66d6..e2e209ff07 100644
--- a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
+++ b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Modify GPO Filters to Apply to a Different Zone or Version of Windows
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
index 43485b62d6..7b4d920b83 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Open the Group Policy Management Console to IP Security Policies
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
index 1239f18bf3..d55f5793ea 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Group Policy Management of Windows Firewall with Advanced Security
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
index a4cba8e7c3..77e7c364b3 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Group Policy Management of Windows Defender Firewall
diff --git a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
index 8dda8bcf96..c46ba8f97f 100644
--- a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Open Windows Defender Firewall with Advanced Security
diff --git a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
index 2291806174..c5d10098c9 100644
--- a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
+++ b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Planning Certificate-based Authentication
diff --git a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
index 0a5d687d62..a5c690294e 100644
--- a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Planning Domain Isolation Zones
diff --git a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
index fd986acbbd..81d3ffeabe 100644
--- a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
+++ b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Planning GPO Deployment
diff --git a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
index 47d3282978..3002cef090 100644
--- a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Planning Group Policy Deployment for Your Isolation Zones
diff --git a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
index 6ac5c58afd..6cf3ebe60c 100644
--- a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Planning Isolation Groups for the Zones
diff --git a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
index d767a7db71..9a897f0089 100644
--- a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
+++ b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Planning Network Access Groups
diff --git a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
index 2a5a06d873..9e87ee9790 100644
--- a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Planning Server Isolation Zones
diff --git a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
index e843a202ac..ed55752803 100644
--- a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
+++ b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Planning Settings for a Basic Firewall Policy
diff --git a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
index 67f3121c36..74e85fa1a0 100644
--- a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Planning the GPOs
diff --git a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
index 8d60afedaf..d651e8e71b 100644
--- a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Planning to Deploy Windows Defender Firewall with Advanced Security
diff --git a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
index 8459640ec7..66140941f1 100644
--- a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Planning Your Windows Defender Firewall with Advanced Security Design
diff --git a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
index 305d69aef6..e45fb6c5e6 100644
--- a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
+++ b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Procedures Used in This Guide
diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
index f0fc035973..c0a822af53 100644
--- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
+++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Protect devices from unwanted network traffic
diff --git a/windows/security/threat-protection/windows-firewall/quarantine.md b/windows/security/threat-protection/windows-firewall/quarantine.md
index 17ab51f503..83309d4b1b 100644
--- a/windows/security/threat-protection/windows-firewall/quarantine.md
+++ b/windows/security/threat-protection/windows-firewall/quarantine.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Quarantine behavior
diff --git a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
index a3963db1f2..5ae57cd35b 100644
--- a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
+++ b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Require Encryption When Accessing Sensitive Network Resources
diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
index e546bbf39d..4e8ca4f98b 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Restrict Access to Only Specified Users or Computers
diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
index d3d0f94001..287942862c 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Restrict access to only trusted devices
diff --git a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
index c0d7282746..35882149d3 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Restrict Server Access to Members of a Group Only
diff --git a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
index aa6d7c5117..70ebf3fd75 100644
--- a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
+++ b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
@@ -14,7 +14,7 @@ ms.topic: conceptual
ms.date: 09/08/2021
ms.reviewer:
ms.author: dansimp
-ms.technology: mde
+ms.technology: windows-sec
---
# Securing End-to-End IPsec connections by using IKEv2
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
index 74da744d30..9ec9d59a12 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Server Isolation GPOs
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
index fd8fad7308..59eb498be0 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Server Isolation Policy Design Example
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
index 3d5d5e9694..92ff6b97db 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Server Isolation Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
index 5e4d391f7f..3e3a5b108f 100644
--- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -13,7 +13,7 @@ ms.collection:
- m365-security-compliance
- m365-initiative-windows-security
ms.topic: troubleshooting
-ms.technology: mde
+ms.technology: windows-sec
---
# Troubleshooting UWP App Connectivity Issues
diff --git a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
index 8f2dd62bfc..0ae4b4f8dd 100644
--- a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
+++ b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior
diff --git a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
index 6f83b6d42d..d6dbf5fd5a 100644
--- a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
+++ b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
@@ -14,7 +14,7 @@ ms.topic: conceptual
ms.date: 09/08/2021
ms.reviewer:
ms.author: dansimp
-ms.technology: mde
+ms.technology: windows-sec
---
# Understanding the Windows Defender Firewall with Advanced Security Design Process
diff --git a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
index 633bcb4aed..61ffa9d578 100644
--- a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
+++ b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Verify That Network Traffic Is Authenticated
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
index c4e919e41a..b00b59d00e 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
@@ -14,7 +14,7 @@ ms.topic: conceptual
ms.date: 09/08/2021
ms.reviewer:
ms.author: dansimp
-ms.technology: mde
+ms.technology: windows-sec
---
# Windows Defender Firewall with Advanced Security Administration with Windows PowerShell
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
index 8e4af001ae..dfcf6cfc99 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Windows Defender Firewall with Advanced Security deployment overview
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
index 702acc0dcf..38545a3d40 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
@@ -15,7 +15,7 @@ audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.technology: mde
+ms.technology: windows-sec
---
# Windows Defender Firewall with Advanced Security design guide
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
index 7a9d7305a5..989c1be1a1 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
@@ -15,7 +15,7 @@ ms.topic: conceptual
ms.date: 09/08/2021
ms.reviewer:
ms.custom: asr
-ms.technology: mde
+ms.technology: windows-sec
---
# Windows Defender Firewall with Advanced Security
diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md
index 6b859eac3c..d87f9d1dcc 100644
--- a/windows/security/threat-protection/windows-platform-common-criteria.md
+++ b/windows/security/threat-protection/windows-platform-common-criteria.md
@@ -11,7 +11,7 @@ ms.topic: article
ms.localizationpriority: medium
ms.date: 3/20/2019
ms.reviewer:
-ms.technology: mde
+ms.technology: windows-sec
---
# Common Criteria Certifications
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
index 40ce6c2dea..31d3aba69a 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
@@ -11,7 +11,7 @@ ms.topic: article
ms.localizationpriority:
ms.date:
ms.reviewer:
-ms.technology: mde
+ms.technology: windows-sec
---
# Windows Sandbox architecture
@@ -42,7 +42,7 @@ Because Windows Sandbox runs the same operating system image as the host, it has
## Integrated kernel scheduler
-With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses new technology called "integrated scheduling," which allows the host scheduler to decide when the sandbox gets CPU cycles.
+With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses a new technology called "integrated scheduling," which allows the host scheduler to decide when the sandbox gets CPU cycles.
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
index 1f1a23bd49..cd5f7a2082 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
@@ -11,7 +11,7 @@ ms.topic: article
ms.localizationpriority: medium
ms.date:
ms.reviewer:
-ms.technology: mde
+ms.technology: windows-sec
---
# Windows Sandbox configuration
diff --git a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
index 0fec75ee34..2a3f6d6dc3 100644
--- a/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
+++ b/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md
@@ -11,7 +11,7 @@ ms.topic: article
ms.localizationpriority:
ms.date:
ms.reviewer:
-ms.technology: mde
+ms.technology: windows-sec
---
# Windows Sandbox
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
index d86c9170f6..4881edff29 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
@@ -13,7 +13,7 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 06/25/2018
ms.reviewer:
-ms.technology: mde
+ms.technology: windows-sec
---
# Get Support
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
index 9b329ccb64..46cc0e4626 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
@@ -13,7 +13,7 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 11/26/2018
ms.reviewer:
-ms.technology: mde
+ms.technology: windows-sec
---
# Microsoft Security Compliance Toolkit 1.0
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
index 435be7648b..7d1c42a7bb 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
@@ -13,7 +13,7 @@ ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date:
ms.reviewer:
-ms.technology: mde
+ms.technology: windows-sec
---
# Windows security baselines
diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md
index 48bf6b509b..2cc76a97e8 100644
--- a/windows/whats-new/whats-new-windows-10-version-1703.md
+++ b/windows/whats-new/whats-new-windows-10-version-1703.md
@@ -273,32 +273,6 @@ Learn about the new Group Policies that were added in Windows 10, version 1703.
- [Group Policy Settings Reference for Windows and Windows Server](https://www.microsoft.com/download/details.aspx?id=25250)
-## Windows 10 Mobile enhancements
-
-### Lockdown Designer
-
-The Lockdown Designer app helps you configure and create a lockdown XML file to apply to devices running Windows 10 Mobile, and includes a remote simulation to help you determine the layout for tiles on the Start screen. Using Lockdown Designer is easier than [manually creating a lockdown XML file](/windows/configuration/mobile-devices/lockdown-xml).
-
-
-
-[Learn more about the Lockdown Designer app.](/windows/configuration/mobile-devices/mobile-lockdown-designer)
-
-### Other enhancements
-
-Windows 10 Mobile, version 1703 also includes the following enhancements:
-
-- SD card encryption
-- Remote PIN resets for Azure Active Directory accounts
-- SMS text message archiving
-- WiFi Direct management
-- OTC update tool
-- Continuum display management
- - Individually turn off the monitor or phone screen when not in use
- - individually adjust screen time-out settings
-- Continuum docking solutions
- - Set Ethernet port properties
- - Set proxy properties for the Ethernet port
-
## Miracast on existing wireless network or LAN
In the Windows 10, version 1703, Microsoft has extended the ability to send a Miracast stream over a local network rather than over a direct wireless link. This functionality is based on the [Miracast over Infrastructure Connection Establishment Protocol (MS-MICE)](/openspecs/windows_protocols/ms-mice/9598ca72-d937-466c-95f6-70401bb10bdb).
diff --git a/windows/whats-new/windows-11-whats-new.md b/windows/whats-new/windows-11-whats-new.md
index e48159d8fd..4eafe42218 100644
--- a/windows/whats-new/windows-11-whats-new.md
+++ b/windows/whats-new/windows-11-whats-new.md
@@ -1,6 +1,6 @@
---
title: Windows 11, what's new and overview for administrators
-description: Learn more about what's new in Windows 11. Read about see the features IT professionals and administrators should know about Windows 11, including security, using apps, the new desktop, and deploying and servicing PCs.
+description: Learn more about what's new in Windows 11. Read about see the features IT professionals and administrators should know about Windows 11, including security, using apps, using Android apps, the new desktop, and deploying and servicing PCs.
ms.reviewer:
manager: dougeby
ms.audience: itpro
@@ -136,7 +136,16 @@ For more information on the security features you can configure, manage, and enf
Users can manage some desktop features using **Settings** app > **System** > **Multitasking**. For more information on the end-user experience, see [Multiple desktops in Windows](https://support.microsoft.com/windows/multiple-desktops-in-windows-11-36f52e38-5b4a-557b-2ff9-e1a60c976434).
-## Use your same apps, improved
+## Use your same apps, and new apps, improved
+
+- Starting with Windows 11, users in the [Windows Insider program](https://insider.windows.com/) can download and install **Android™️ apps** from the Microsoft Store. This feature is called the **Windows Subsystem for Android**, and allows users to use Android apps on their Windows devices, similar to other apps installed from the Microsoft Store.
+
+ Users open the Microsoft Store, install the **Amazon Appstore** app, and sign in with their Amazon account. When they sign in, they can search, download, and install Android apps.
+
+ For more information, see:
+
+ - [Windows Subsystem for Android](https://support.microsoft.com/windows/abed2335-81bf-490a-92e5-fe01b66e5c48)
+ - [Windows Subsystem for Android developer information](/windows/android/wsa)
- Your Windows 10 apps will also work on Windows 11. **[App Assure](https://www.microsoft.com/fasttrack/microsoft-365/app-assure)** is also available if there are some issues.