deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'public' into repo_sync_working_branch

Browse Source
This commit is contained in:
Gary Moore
2020-12-04 16:38:10 -08:00
committed by GitHub
parent 0dcd8d4959 a1ef42d8c7
commit 54d0422065
12 changed files with 158 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
View File

@ -113,8 +113,7 @@ Requirements:
4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in Windows 10, version 1709). For ADMX files in Windows 10, version 1903 and later, select **User Credential** as the Selected Credential Type to use.
> [!NOTE]
> **Device Credential** Credential Type will also work, however, it is not yet supported for MDM solutions (including Intune). We don't recommend using this option until support is announced.
> **Device Credential** Credential Type may work, however, it is not yet supported by Intune. We don't recommend using this option until it's supported.
![MDM autoenrollment policy](images/autoenrollment-policy.png)
5. Click **Enable**, and select **User Credential** from the dropdown **Select Credential Type to Use**, then click **OK**.
@ -184,6 +183,8 @@ Requirements:
- 2004 --> [Administrative Templates (.admx) for Windows 10 May 2020 Update (2004)](https://www.microsoft.com/download/confirmation.aspx?id=101445)
- 20H2 --> [Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2)](https://www.microsoft.com/download/details.aspx?id=102157)
2. Install the package on the Domain Controller.
3. Navigate, depending on the version to the folder:
@ -198,6 +199,8 @@ Requirements:
- 2004 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2020 Update (2004)**
- 20H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2020 Update (20H2)**
4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**.
5. Copy PolicyDefinitions folder to **C:\Windows\SYSVOL\domain\Policies**.

2
windows/deployment/update/waas-delivery-optimization.md
View File

@ -65,7 +65,7 @@ For information about setting up Delivery Optimization, including tips for the b
- Office installations and updates
- Xbox game pass games
- MSIX apps (HTTP downloads only)
- Edge browser installations and updates
## Requirements

4
windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md
View File

@ -8,10 +8,10 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.localizationpriority: high
audience: ITPro
author: medgarmedgar
author: robsize
ms.author: dansimp
manager: robsize
ms.date: 3/25/2020
ms.date: 12/1/2020
---
# Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server

2
windows/privacy/manage-windows-2004-endpoints.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.localizationpriority: high
audience: ITPro
author: linque1
ms.author: obezeajo
ms.author: robsize
manager: robsize
ms.collection: M365-security-compliance
ms.topic: article

235
windows/security/identity-protection/access-control/active-directory-security-groups.md
View File

@ -576,7 +576,7 @@ This security group has not changed since Windows Server 2008.
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>BuiltIn Local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -645,7 +645,7 @@ This security group has not changed since Windows Server 2008.
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>BuiltIn Local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -717,7 +717,7 @@ This security group includes the following changes since Windows Server 2008:
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>BuiltIn Local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -865,7 +865,7 @@ This security group has not changed since Windows Server 2008.
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Builtin local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -987,7 +987,7 @@ This security group has not changed since Windows Server 2008.
<tbody>
<tr class="odd">
<td><p>Well-Known SID/RID</p></td>
<td><p>S-1-5-&lt;domain&gt;-517</p></td>
<td><p>S-1-5-21-&lt;domain&gt;-517</p></td>
</tr>
<tr class="even">
<td><p>Type</p></td>
@ -1113,7 +1113,7 @@ This security group was introduced in Windows Vista Service Pack 1, and it h
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Builtin local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -1241,7 +1241,7 @@ The Device Owners group applies to versions of the Windows Server operating syst
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>BuiltIn Local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -1430,7 +1430,7 @@ This security group has not changed since Windows Server 2008.
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Domain local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -1493,7 +1493,7 @@ This security group has not changed since Windows Server 2008.
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Domain Global</p></td>
<td><p>Global</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -1552,7 +1552,7 @@ This security group has not changed since Windows Server 2008.
<tbody>
<tr class="odd">
<td><p>Well-Known SID/RID</p></td>
<td><p>S-1-5-&lt;domain&gt;-515</p></td>
<td><p>S-1-5-21-&lt;domain&gt;-515</p></td>
</tr>
<tr class="even">
<td><p>Type</p></td>
@ -1613,7 +1613,7 @@ This security group has not changed since Windows Server 2008.
<tbody>
<tr class="odd">
<td><p>Well-Known SID/RID</p></td>
<td><p>S-1-5-&lt;domain&gt;-516</p></td>
<td><p>S-1-5-21-&lt;domain&gt;-516</p></td>
</tr>
<tr class="even">
<td><p>Type</p></td>
@ -1674,7 +1674,7 @@ This security group has not changed since Windows Server 2008.
<tbody>
<tr class="odd">
<td><p>Well-Known SID/RID</p></td>
<td><p>S-1-5-&lt;domain&gt;-514</p></td>
<td><p>S-1-5-21-&lt;domain&gt;-514</p></td>
</tr>
<tr class="even">
<td><p>Type</p></td>
@ -1737,11 +1737,11 @@ This security group has not changed since Windows Server 2008.
<tbody>
<tr class="odd">
<td><p>Well-Known SID/RID</p></td>
<td><p>S-1-5-&lt;domain&gt;-513</p></td>
<td><p>S-1-5-21-&lt;domain&gt;-513</p></td>
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Domain Global</p></td>
<td><p>Global</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -1950,7 +1950,7 @@ This security group has not changed since Windows Server 2008.
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Builtin local</p></td>
<td><p>Domain Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -1985,13 +1985,13 @@ This security group has not changed since Windows Server 2008.
### <a href="" id="bkmk-gpcreatorsowners"></a>Group Policy Creators Owners
### <a href="" id="bkmk-gpcreatorsowners"></a>Group Policy Creator Owners
This group is authorized to create, edit, or delete Group Policy Objects in the domain. By default, the only member of the group is Administrator.
For information about other features you can use with this security group, see [Group Policy Overview](https://technet.microsoft.com/library/hh831791.aspx).
The Group Policy Creators Owners group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
The Group Policy Creator Owners group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
This security group has not changed since Windows Server 2008.
@ -2009,7 +2009,7 @@ This security group has not changed since Windows Server 2008.
<tbody>
<tr class="odd">
<td><p>Well-Known SID/RID</p></td>
<td><p>S-1-5-&lt;domain&gt;-520</p></td>
<td><p>S-1-5-21-&lt;domain&gt;-520</p></td>
</tr>
<tr class="even">
<td><p>Type</p></td>
@ -2093,12 +2093,11 @@ This security group has not changed since Windows Server 2008.
</tr>
<tr class="even">
<td><p>Default members</p></td>
<td><p>Guest</p></td>
<td><p><a href="#bkmk-domainguests" data-raw-source="[Domain Guests](#bkmk-domainguests)">Domain Guests</a></p><p>Guest</p></td>
</tr>
<tr class="odd">
<td><p>Default member of</p></td>
<td><p><a href="#bkmk-domainguests" data-raw-source="[Domain Guests](#bkmk-domainguests)">Domain Guests</a></p>
<p>Guest</p></td>
<td><p>None</p></td>
</tr>
<tr class="even">
<td><p>Protected by ADMINSDHOLDER?</p></td>
@ -2150,7 +2149,7 @@ This security group was introduced in Windows Server 2012, and it has not chang
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Builtin local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -2162,7 +2161,7 @@ This security group was introduced in Windows Server 2012, and it has not chang
</tr>
<tr class="odd">
<td><p>Default member of</p></td>
<td><p>No</p></td>
<td><p>None</p></td>
</tr>
<tr class="even">
<td><p>Protected by ADMINSDHOLDER?</p></td>
@ -2211,7 +2210,7 @@ This security group has not changed since Windows Server 2008.
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>BuiltIn Local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -2286,7 +2285,7 @@ This security group has not changed since Windows Server 2008.
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>BuiltIn local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -2389,7 +2388,7 @@ This security group has not changed since Windows Server 2008.
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>BuiltIn local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -2470,7 +2469,7 @@ This security group has not changed since Windows Server 2008.
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Builtin local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -2551,7 +2550,7 @@ This security group has not changed since Windows Server 2008.
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Builtin local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -2615,7 +2614,7 @@ This security group has not changed since Windows Server 2008.
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Builtin local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -2679,7 +2678,7 @@ This security group has not changed since Windows Server 2008. However, in Windo
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Builtin local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -2758,7 +2757,7 @@ The following table specifies the properties of the Protected Users group.
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Domain Global</p></td>
<td><p>Global</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -2819,7 +2818,7 @@ This security group has not changed since Windows Server 2008.
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Domain local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -2876,11 +2875,11 @@ This security group was introduced in Windows Server 2012, and it has not chang
<tbody>
<tr class="odd">
<td><p>Well-Known SID/RID</p></td>
<td><p>S-1-5-32-&lt;domain&gt;-576</p></td>
<td><p>S-1-5-32-576</p></td>
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Builtin local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -2939,7 +2938,7 @@ This security group was introduced in Windows Server 2012, and it has not chang
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Builtin local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -3000,7 +2999,7 @@ This security group was introduced in Windows Server 2012, and it has not chang
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Builtin local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -3035,6 +3034,78 @@ This security group was introduced in Windows Server 2012, and it has not chang
### <a href="" id="bkmk-rodc"></a>Read-Only Domain Controllers
This group is comprised of the Read-only domain controllers in the domain. A Read-only domain controller makes it possible for organizations to easily deploy a domain controller in scenarios where physical security cannot be guaranteed, such as branch office locations, or in scenarios where local storage of all domain passwords is considered a primary threat, such as in an extranet or in an application-facing role.
Because administration of a Read-only domain controller can be delegated to a domain user or security group, an Read-only domain controller is well suited for a site that should not have a user who is a member of the Domain Admins group. A Read-only domain controller encompasses the following functionality:
- Read-only AD DS database
- Unidirectional replication
- Credential caching
- Administrator role separation
- Read-only Domain Name System (DNS)
For information about deploying a Read-only domain controller, see [Understanding Planning and Deployment for Read-Only Domain Controllers](https://technet.microsoft.com/library/cc754719(v=ws.10).aspx).
This security group was introduced in Windows Server 2008, and it has not changed in subsequent versions.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th>Attribute</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p>Well-Known SID/RID</p></td>
<td><p>S-1-5-21-&lt;domain&gt;-521</p></td>
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Global</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
<td><p>CN=Users, DC=&lt;domain&gt;, DC=</p></td>
</tr>
<tr class="even">
<td><p>Default members</p></td>
<td><p>None</p></td>
</tr>
<tr class="odd">
<td><p>Default member of</p></td>
<td><p><a href="#bkmk-deniedrodcpwdrepl" data-raw-source="[Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)">Denied RODC Password Replication Group</a></p></td>
</tr>
<tr class="even">
<td><p>Protected by ADMINSDHOLDER?</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="odd">
<td><p>Safe to move out of default container?</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="even">
<td><p>Safe to delegate management of this group to non-Service admins?</p></td>
<td><p></p></td>
</tr>
<tr class="odd">
<td><p>Default User Rights</p></td>
<td><p>See <a href="#bkmk-deniedrodcpwdrepl" data-raw-source="[Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)">Denied RODC Password Replication Group</a></p></td>
</tr>
</tbody>
</table>
### <a href="" id="bkmk-remotedesktopusers"></a>Remote Desktop Users
The Remote Desktop Users group on an RD Session Host server is used to grant users and groups permissions to remotely connect to an RD Session Host server. This group cannot be renamed, deleted, or moved. It appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
@ -3096,78 +3167,6 @@ This security group has not changed since Windows Server 2008.
### <a href="" id="bkmk-rodc"></a>Read-Only Domain Controllers
This group is comprised of the Read-only domain controllers in the domain. A Read-only domain controller makes it possible for organizations to easily deploy a domain controller in scenarios where physical security cannot be guaranteed, such as branch office locations, or in scenarios where local storage of all domain passwords is considered a primary threat, such as in an extranet or in an application-facing role.
Because administration of a Read-only domain controller can be delegated to a domain user or security group, an Read-only domain controller is well suited for a site that should not have a user who is a member of the Domain Admins group. A Read-only domain controller encompasses the following functionality:
- Read-only AD DS database
- Unidirectional replication
- Credential caching
- Administrator role separation
- Read-only Domain Name System (DNS)
For information about deploying a Read-only domain controller, see [Understanding Planning and Deployment for Read-Only Domain Controllers](https://technet.microsoft.com/library/cc754719(v=ws.10).aspx).
This security group was introduced in Windows Server 2008, and it has not changed in subsequent versions.
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th>Attribute</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p>Well-Known SID/RID</p></td>
<td><p>S-1-5-21-&lt;domain&gt;-521</p></td>
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p></p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
<td><p>CN=Users, DC=&lt;domain&gt;, DC=</p></td>
</tr>
<tr class="even">
<td><p>Default members</p></td>
<td><p>None</p></td>
</tr>
<tr class="odd">
<td><p>Default member of</p></td>
<td><p><a href="#bkmk-deniedrodcpwdrepl" data-raw-source="[Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)">Denied RODC Password Replication Group</a></p></td>
</tr>
<tr class="even">
<td><p>Protected by ADMINSDHOLDER?</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="odd">
<td><p>Safe to move out of default container?</p></td>
<td><p>Yes</p></td>
</tr>
<tr class="even">
<td><p>Safe to delegate management of this group to non-Service admins?</p></td>
<td><p></p></td>
</tr>
<tr class="odd">
<td><p>Default User Rights</p></td>
<td><p>See <a href="#bkmk-deniedrodcpwdrepl" data-raw-source="[Denied RODC Password Replication Group](#bkmk-deniedrodcpwdrepl)">Denied RODC Password Replication Group</a></p></td>
</tr>
</tbody>
</table>
### <a href="" id="bkmk-remotemanagementusers"></a>Remote Management Users
@ -3197,7 +3196,7 @@ This security group was introduced in Windows Server 2012, and it has not chang
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Builtin local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -3264,7 +3263,7 @@ This security group has not changed since Windows Server 2008.
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Builtin local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -3327,7 +3326,7 @@ This security group has not changed since Windows Server 2008.
<tbody>
<tr class="odd">
<td><p>Well-Known SID/RID</p></td>
<td><p>S-1-5-&lt;root domain&gt;-518</p></td>
<td><p>S-1-5-21-&lt;root domain&gt;-518</p></td>
</tr>
<tr class="even">
<td><p>Type</p></td>
@ -3394,7 +3393,7 @@ This security group has not changed since Windows Server 2008.
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Builtin local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -3442,7 +3441,7 @@ The Storage Replica Administrators group applies to versions of the Windows Serv
| Attribute | Value |
|-----------|-------|
| Well-Known SID/RID | S-1-5-32-582 |
| Type | BuiltIn Local |
| Type | Builtin Local |
| Default container | CN=BuiltIn, DC=&lt;domain&gt;, DC= |
| Default members | None |
| Default member of | None |
@ -3463,7 +3462,7 @@ The System Managed Accounts group applies to versions of the Windows Server oper
| Attribute | Value |
|-----------|-------|
| Well-Known SID/RID | S-1-5-32-581 |
| Type | BuiltIn Local |
| Type | Builtin Local |
| Default container | CN=BuiltIn, DC=&lt;domain&gt;, DC= |
| Default members | Users |
| Default member of | None |
@ -3507,7 +3506,7 @@ This security group only applies to Windows Server 2003 and Windows Server 200
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Builtin local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -3574,7 +3573,7 @@ This security group includes the following changes since Windows Server 2008:
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Builtin local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>
@ -3588,7 +3587,7 @@ This security group includes the following changes since Windows Server 2008:
</tr>
<tr class="odd">
<td><p>Default member of</p></td>
<td><p>Domain Users (this membership is due to the fact that the Primary Group ID of all user accounts is Domain Users.)</p></td>
<td><p>None</p></td>
</tr>
<tr class="even">
<td><p>Protected by ADMINSDHOLDER?</p></td>
@ -3641,7 +3640,7 @@ This security group has not changed since Windows Server 2008.
</tr>
<tr class="even">
<td><p>Type</p></td>
<td><p>Builtin local</p></td>
<td><p>Builtin Local</p></td>
</tr>
<tr class="odd">
<td><p>Default container</p></td>

2
windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
View File

@ -68,7 +68,7 @@ If the error occurs again, check the error code against the following table to s
| 0x801C03ED | Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed. <br><br> -or- <br><br> Token was not found in the Authorization header. <br><br> -or- <br><br> Failed to read one or more objects. <br><br> -or- <br><br> The request sent to the server was invalid. | Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure Active Directory (Azure AD) and rejoin.
| 0x801C03EE | Attestation failed. | Sign out and then sign in again. |
| 0x801C03EF | The AIK certificate is no longer valid. | Sign out and then sign in again. |
| 0x801C03F2 | Windows Hello key registration failed. | ERROR\_BAD\_DIRECTORY\_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue refer to [Duplicate Attributes Prevent Dirsync](https://docs.microsoft.com/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync).
| 0x801C03F2 | Windows Hello key registration failed. | ERROR\_BAD\_DIRECTORY\_REQUEST. Another object with the same value for property proxyAddresses already exists. To resolve the issue, refer to [Duplicate Attributes Prevent Dirsync](https://docs.microsoft.com/office365/troubleshoot/administration/duplicate-attributes-prevent-dirsync). Also, if no sync conflict exists, please verify that the "Mail/Email address" in AAD and the Primary SMTP address are the same in the proxy address.
| 0x801C044D | Authorization token does not contain device ID. | Unjoin the device from Azure AD and rejoin. |
| | Unable to obtain user token. | Sign out and then sign in again. Check network and credentials. |
| 0x801C044E | Failed to receive user credentials input. | Sign out and then sign in again. |

3
windows/security/information-protection/bitlocker/bitlocker-overview.md
View File

@ -74,7 +74,7 @@ The hard disk must be partitioned with at least two drives:
- The operating system drive (or boot drive) contains the operating system and its support files. It must be formatted with the NTFS file system.
- The system drive contains the files that are needed to load Windows after the firmware has prepared the system hardware. BitLocker is not enabled on this drive. For BitLocker to work, the system drive must not be encrypted, must differ from the operating system drive, and must be formatted with the FAT32 file system on computers that use UEFI-based firmware or with the NTFS file system on computers that use BIOS firmware. We recommend that system drive be approximately 350 MB in size. After BitLocker is turned on it should have approximately 250 MB of free space.
A fixed data volume or removable data volume cannot be marked as an active partition.
A partition subject to encryption cannot be marked as an active partition (this applies to the operating system, fixed data, and removable data drives).
When installed on a new computer, Windows will automatically create the partitions that are required for BitLocker.
@ -99,4 +99,3 @@ When installing the BitLocker optional component on a server you will also need
| [Troubleshoot BitLocker](troubleshoot-bitlocker.md) | This guide describes the resources that can help you troubleshoot BitLocker issues, and provides solutions for several common BitLocker issues. |
| [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)| This topic for IT pros describes how to protect CSVs and SANs with BitLocker.|
| [Enabling Secure Boot and BitLocker Device Encryption on Windows 10 IoT Core](https://developer.microsoft.com/windows/iot/docs/securebootandbitlocker) | This topic covers how to use BitLocker with Windows 10 IoT Core |

4
windows/security/information-protection/bitlocker/ts-bitlocker-cannot-encrypt-tpm-issues.md
View File

@ -39,7 +39,9 @@ To resolve this issue, follow these steps:
1. Open an elevated PowerShell window and run the following script:
```ps
$Tpm = Get-WmiObject -class Win32_Tpm -namespace "root\CIMv2\Security\MicrosoftTpm" $ConfirmationStatus = $Tpm.GetPhysicalPresenceConfirmationStatus(22).ConfirmationStatus if($ConfirmationStatus -ne 4) {$Tpm.SetPhysicalPresenceRequest(22)}
$Tpm = Get-WmiObject -class Win32_Tpm -namespace "root\CIMv2\Security\MicrosoftTpm"
$ConfirmationStatus = $Tpm.GetPhysicalPresenceConfirmationStatus(22).ConfirmationStatus
if($ConfirmationStatus -ne 4) {$Tpm.SetPhysicalPresenceRequest(22)}
```
1. Restart the computer. If you are prompted at the restart screen, press F12 to agree.

2
windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
View File

@ -48,6 +48,8 @@ Microsoft Defender Antivirus uses [cloud-delivered protection](utilize-microsoft
Cloud-delivered protection is always on and requires an active connection to the Internet to function. Security intelligence updates occur on a scheduled cadence (configurable via policy). For more information, see [Use Microsoft cloud-provided protection in Microsoft Defender Antivirus](utilize-microsoft-cloud-protection-microsoft-defender-antivirus.md).
For a list of recent security intelligence updates, please visit: [Antimalware updates change log - Microsoft Security Intelligence](https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes).
Engine updates are included with security intelligence updates and are released on a monthly cadence.
## Product updates

1
windows/security/threat-protection/microsoft-defender-atp/common-errors.md
View File

@ -46,6 +46,7 @@ DisallowedOperation | Forbidden (403) | {the disallowed operation and the reason
NotFound | Not Found (404) | General Not Found error message.
ResourceNotFound | Not Found (404) | Resource {the requested resource} was not found.
InternalServerError | Internal Server Error (500) | (No error message, try retry the operation or contact us if it does not resolved)
TooManyRequests | Too Many Requests (429) | Response will represent reaching quota limit either by number of requests or by CPU.
## Body parameters are case-sensitive

4
windows/security/threat-protection/microsoft-defender-atp/mac-install-with-jamf.md
View File

@ -30,6 +30,9 @@ ms.topic: conceptual
Learn how to deploy Microsoft Defender for Endpoint for macOS with Jamf Pro.
> [!NOTE]
> If you are using macOS Catalina (10.15.4) or newer versions of macOS, see [New configuration profiles for macOS Catalina and newer versions of macOS](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/mac-sysext-policies).
This is a multi step process. You'll need to complete all of the following steps:
- [Login to the Jamf Portal](mac-install-jamfpro-login.md)
@ -40,4 +43,3 @@ This is a multi step process. You'll need to complete all of the following steps

33
windows/security/threat-protection/microsoft-defender-atp/non-windows.md
View File

@ -42,38 +42,38 @@ non-Windows platforms, enabling them to get a full picture of what's happening
in their environment, which empowers them to more quickly assess and respond to
threats.
## Microsoft Defender for Endpoint for Mac
## Microsoft Defender for Endpoint on macOS
Microsoft Defender for Endpoint for Mac offers antivirus and endpoint detection and response (EDR) capabilities for the three
Microsoft Defender for Endpoint on macOS offers antivirus and endpoint detection and response (EDR) capabilities for the three
latest released versions of macOS. Customers can deploy and manage the solution
through Microsoft Endpoint Manager and Jamf. Just like with Microsoft Office
applications on macOS, Microsoft Auto Update is used to manage Microsoft
Defender for Endpoint for Mac updates. For information about the key features and
Defender for Endpoint on Mac updates. For information about the key features and
benefits, read our
[announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/macOS).
For more details on how to get started, visit the Defender for Endpoint for Mac
For more details on how to get started, visit the Defender for Endpoint on macOS
[documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).
## Microsoft Defender for Endpoint for Linux
## Microsoft Defender for Endpoint on Linux
Microsoft Defender for Endpoint for Linux offers preventative (AV) capabilities for Linux
Microsoft Defender for Endpoint on Linux offers preventative (AV) capabilities for Linux
servers. This includes a full command line experience to configure and manage
the agent, initiate scans, and manage threats. We support recent versions of the
six most common Linux Server distributions: RHEL 7.2+, CentOS Linux 7.2+, Ubuntu
16 LTS, or higher LTS, SLES 12+, Debian 9+, and Oracle Linux 7.2. Microsoft
Defender for Endpoint for Linux can be deployed and configured using Puppet, Ansible, or
Defender for Endpoint on Linux can be deployed and configured using Puppet, Ansible, or
using your existing Linux configuration management tool. For information about
the key features and benefits, read our
[announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/Linux).
For more details on how to get started, visit the Microsoft Defender for Endpoint for
For more details on how to get started, visit the Microsoft Defender for Endpoint on
Linux
[documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux).
## Microsoft Defender for Endpoint for Android
## Microsoft Defender for Endpoint on Android
Microsoft Defender for Endpoint for Android is our mobile threat defense solution for
Microsoft Defender for Endpoint on Android is our mobile threat defense solution for
devices running Android 6.0 and higher. Both Android Enterprise (Work Profile)
and Device Administrator modes are supported. On Android, we offer web
protection, which includes anti-phishing, blocking of unsafe connections, and
@ -83,11 +83,20 @@ through integration with Microsoft Endpoint Manager and Conditional Access. For
information about the key features and benefits, read our
[announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/bg-p/MicrosoftDefenderATPBlog/label-name/Android).
For more details on how to get started, visit the Microsoft Defender for Endpoint for
For more details on how to get started, visit the Microsoft Defender for Endpoint on
Android
[documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-android).
## Microsoft Defender for Endpoint on iOS
Microsoft Defender for Endpoint on iOS is our mobile threat defense solution for devices
running iOS 11.0 and higher. Both Supervised and Unsupervised devices are supported.
On iOS, we offer web protection which includes anti-phishing, blocking unsafe connections, and
setting custom indicators. For more information about the key features and benefits,
read our [announcements](https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/bg-p/MicrosoftDefenderATPBlog/label-name/iOS).
For more details on how to get started, visit the Microsoft Defender for Endpoint
on iOS [documentation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios).
## Licensing requirements
@ -95,7 +104,7 @@ Eligible Licensed Users may use Microsoft Defender for Endpoint on up to five co
devices. Microsoft Defender for Endpoint is also available for purchase from a Cloud
Solution Provider (CSP).
Customers can obtain Microsoft Defender for Endpoint for Mac through a standalone
Customers can obtain Microsoft Defender for Endpoint on macOS through a standalone
Microsoft Defender for Endpoint license, as part of Microsoft 365 A5/E5, or Microsoft 365
Security.