From 38f9798e9c48b8a4e75247dade9529cf7b03f69c Mon Sep 17 00:00:00 2001 From: rogersoMS <44718379+rogersoMS@users.noreply.github.com> Date: Mon, 25 Oct 2021 23:33:30 +1100 Subject: [PATCH 1/4] Settings page visibility - added Hyperlink Page visibility - added hyperlink to relevant docs article documenting URI scheme for the Settings app pages --- windows/client-management/mdm/policy-csp-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 908deebcb4..8f27f310e5 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -927,7 +927,7 @@ The following list shows the supported values: -Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth". Multiple page identifiers are separated by semicolons. +Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth". Multiple page identifiers are separated by semicolons. For additional details on the URI reference scheme used for the various pages of the Settings app, refer to the following docs [article(https://docs.microsoft.com/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference)]. The following example illustrates a policy that would allow access only to the about and bluetooth pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively: From 7783fb9c7ff7df11a0cdbf72696067002b902189 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 25 Oct 2021 10:36:30 -0700 Subject: [PATCH 2/4] Update windows/client-management/mdm/policy-csp-settings.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-settings.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 8f27f310e5..15812aeb44 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -927,7 +927,7 @@ The following list shows the supported values: -Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth". Multiple page identifiers are separated by semicolons. For additional details on the URI reference scheme used for the various pages of the Settings app, refer to the following docs [article(https://docs.microsoft.com/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference)]. +Allows IT Admins to either prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified. The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:bluetooth", the page identifier used in the policy will be just "bluetooth". Multiple page identifiers are separated by semicolons. For additional information on the URI reference scheme used for the various pages of the System Settings app, see [ms-settings: URI scheme reference](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference). The following example illustrates a policy that would allow access only to the about and bluetooth pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively: From 8da4b2dc1c833d61711c2408376d8b930eec438a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 25 Oct 2021 10:37:28 -0700 Subject: [PATCH 3/4] Update security-foundations.md --- windows/security/security-foundations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/security-foundations.md b/windows/security/security-foundations.md index 7ec5414862..0d118520fc 100644 --- a/windows/security/security-foundations.md +++ b/windows/security/security-foundations.md @@ -24,7 +24,7 @@ Use the links in the following table to learn more about the security foundation | Concept | Description | |:---|:---| -| FIBS 140-2 Validation | The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products. Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001.

Learn more about [FIPS 140-2 Validation](threat-protection/fips-140-validation.md). | +| FIPS 140-2 Validation | The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products. Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001.

Learn more about [FIPS 140-2 Validation](threat-protection/fips-140-validation.md). | | Common Criteria Certifications | Microsoft supports the Common Criteria certification program, ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles, and completes Common Criteria certifications of Microsoft Windows products.

Learn more about [Common Criteria Certifications](threat-protection/windows-platform-common-criteria.md). | | Microsoft Security Development Lifecycle | The Security Development Lifecycle (SDL) is a security assurance process that is focused on software development. The SDL has played a critical role in embedding security and privacy in software and culture at Microsoft.

Learn more about [Microsoft SDL](threat-protection/msft-security-dev-lifecycle.md).| | Microsoft Bug Bounty Program | If you find a vulnerability in a Microsoft product, service, or device, we want to hear from you! If your vulnerability report affects a product or service that is within scope of one of our bounty programs below, you could receive a bounty award according to the program descriptions.

Learn more about the [Microsoft Bug Bounty Program](https://www.microsoft.com/en-us/msrc/bounty?rtc=1). | From 80c0a8bbacf1758eaf42a645ecbf04ef2049091a Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Mon, 25 Oct 2021 20:40:24 -0700 Subject: [PATCH 4/4] Fixes for Acrolinx score --- windows/client-management/mdm/policy-csp-settings.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 908deebcb4..36bcd1ebfe 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -933,12 +933,12 @@ The following example illustrates a policy that would allow access only to the a showonly:about;bluetooth -If the policy is not specified, the behavior will be that no pages are affected. If the policy string is formatted incorrectly, it will be ignored entirely (i.e. treated as not set) to prevent the machine from becoming unserviceable if data corruption occurs. Note that if a page is already hidden for another reason, then it will remain hidden even if it is in a "showonly:" list. +If the policy is not specified, the behavior will be that no pages are affected. If the policy string is formatted incorrectly, it will be ignored entirely (that is, treated as not set) to prevent the machine from becoming unserviceable if data corruption occurs. Note that if a page is already hidden for another reason, then it will remain hidden even if it is in a "showonly:" list. The format of the PageVisibilityList value is as follows: - The value is a unicode string up to 10,000 characters long, which will be used without case sensitivity. -- There are two variants: one that shows only the given pages and one which hides the given pages. +- There are two variants: one that shows only the given pages and one that hides the given pages. - The first variant starts with the string "showonly:" and the second with the string "hide:". - Following the variant identifier is a semicolon-delimited list of page identifiers, which must not have any extra whitespace. - Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:network-wifi" would be just "network-wifi". @@ -964,7 +964,7 @@ ADMX Info: -To validate on Desktop, do the following: +To validate on Desktop, use the following steps: 1. Open System Settings and verify that the About page is visible and accessible. 2. Configure the policy with the following string: "hide:about".