Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into FromPrivateRepo

2025-06-15 02:13:43 +00:00 · 2018-04-12 10:34:20 -07:00
parent 19e1ec3281 a52412b9e3
commit 5d63ddfca8
10 changed files with 32 additions and 31 deletions
--- a/windows/configuration/ue-v/uev-getting-started.md
+++ b/windows/configuration/ue-v/uev-getting-started.md
@ -16,8 +16,8 @@ ms.date: 03/08/2018

 Follow the steps in this topic to deploy User Experience Virtualization (UE-V) for the first time in a test environment. Evaluate UE-V to determine whether it’s the right solution to manage user settings across multiple devices within your enterprise.

->**Note**
-The information in this section is explained in greater detail throughout the rest of the documentation. If you’ve already determined that UE-V is the right solution and you don’t need to further evaluate it, see [Prepare a UE-V deployment](uev-prepare-for-deployment.md).
+>[!NOTE]
+>The information in this section is explained in greater detail throughout the rest of the documentation. If you’ve already determined that UE-V is the right solution and you don’t need to further evaluate it, see [Prepare a UE-V deployment](uev-prepare-for-deployment.md).

 The standard installation of UE-V synchronizes the default Microsoft Windows and Office settings and many Windows applications settings. For best results, ensure that your test environment includes two or more user computers that share network access.

@ -94,13 +94,13 @@ A storage path must be configured on the client-side to tell where the personali

 4.  Select **Enabled**, fill in the **Settings storage path**, and click **OK**.

-    - Ensure that the storage path ends with **%username%** to ensure that eah user gets a unique folder.
+    - Ensure that the storage path ends with **%username%** to ensure that each user gets a unique folder.

 **To set the storage path for UE-V with PowerShell**

 1.  In a PowerShell window, type **Set-uevConfiguration -SettingsStoragePath [StoragePath]** where **[StoragePath]** is the path to the location created in step 2 followed by **\%username%**.

-    - Ensure that the storage path ends with **%username%** to ensure that eah user gets a unique folder.
+    - Ensure that the storage path ends with **%username%** to ensure that each user gets a unique folder.

 With Windows 10, version 1607 and later, the UE-V service is installed on user devices when the operating system is installed. Enable the service to start using UE-V. You can enable the service with the Group Policy editor or with Windows PowerShell.

--- a/windows/deployment/upgrade/setupdiag.md
+++ b/windows/deployment/upgrade/setupdiag.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
-ms.date: 03/30/2018
+ms.date: 04/11/2018
 ms.localizationpriority: high
 ---

@ -103,7 +103,7 @@ SetupDiag.exe /Output:C:\SetupDiag\Dumpdebug.log /Mode:Offline /LogsPath:D:\Dump

 ## Known issues

-1. Some rules can take a long time to process if the log files involved as large.
+1. Some rules can take a long time to process if the log files involved are large.
 2. SetupDiag only outputs data in a text format. If another format is desired, please provide this [feedback](#feedback).
 3. If the failing computer is opted into the Insider program and getting regular pre-release updates, or an update is already pending on the computer when SetupDiag is run, it can encounter problems trying to open these log files. This will likely cause a failure to determine a root cause.  In this case, try gathering the log files and running SetupDiag in offline mode.

--- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
@ -24,7 +24,7 @@ Passwords are still weak. We recommend that in addition to deploying Windows Def
 Windows Defender Credential Guard uses hardware security, so some features such as Windows To Go, are not supported. 

 ## Wi-fi and VPN Considerations
-When you enable Windows Defender Credential Guard, you can no longer use NTLM classic deployment model authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as for NTLMv1. For WiFi and VPN connections, Microsoft recommends that organizations move from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS. 
+When you enable Windows Defender Credential Guard, you can no longer use NTLM classic authentication for Single Sign-On. You will be forced to enter your credentials to use these protocols and cannot save the credentials for future use. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as for NTLMv1. For WiFi and VPN connections, Microsoft recommends that organizations move from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS. 

 ## Kerberos Considerations

--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@ -18,7 +18,7 @@ This topic explains how BitLocker Device Encryption  can help protect data on de
 For an architectural overview about how BitLocker Device Encryption  works with Secure Boot, see [Secure boot and BitLocker Device Encryption overview](https://docs.microsoft.com/windows-hardware/drivers/bringup/secure-boot-and-device-encryption-overview). 
 For a general overview and list of topics about BitLocker, see [BitLocker](bitlocker-overview.md).

-When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives; in Windows 10, BitLocker will even protect individual files, with data loss prevention capabilities. Windows consistently improves data protection by improving existing options and by providing new strategies.
+When users travel, their organization’s confidential data goes with them. Wherever confidential data is stored, it must be protected against unauthorized access. Windows has a long history of providing at-rest data-protection solutions that guard against nefarious attackers, beginning with the Encrypting File System in the Windows 2000 operating system. More recently, BitLocker has provided encryption for full drives and portable drives. Windows consistently improves data protection by improving existing options and by providing new strategies.

 Table 2 lists specific data-protection concerns and how they are addressed in Windows 10 and Windows 7.

--- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
@ -108,7 +108,7 @@ For Azure AD-joined computers, including virtual machines, the recovery password
 ``` 
 PS C:\>Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector

-PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:”
+PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:"

 PS C:\>BackupToAAD-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId
 ``` 
@ -118,7 +118,7 @@ For domain-joined computers, including servers, the recovery password should be
 ``` 
 PS C:\>Add-BitLockerKeyProtector -MountPoint "C:" -RecoveryPasswordProtector

-PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:”
+PS C:\>$BLV = Get-BitLockerVolume -MountPoint "C:"

 PS C:\>Backup-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[0].KeyProtectorId
 ```
--- a/windows/security/information-protection/windows-information-protection/images/robocopy-s-mode.png
+++ b/windows/security/information-protection/windows-information-protection/images/robocopy-s-mode.png
--- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
@ -175,7 +175,7 @@ To gain the most value out of the baseline subscription we recommend to have the
 -   Enable disabled event channels and set the minimum size for modern event files.
 -   Currently, there is no GPO template for enabling or setting the maximum size for the modern event files. This must be done by using a GPO. For more info, see [Appendix C – Event Channel Settings (enable and Channel Access) methods](#bkmk-appendixc).

-The annotated event query can be found in the following. For more info, see [Appendix F – Annotated Baseline Subscription Event Query](#bkmk-appendixf).
+The annotated event query can be found in the following. For more info, see [Appendix F – Annotated Suspect Subscription Event Query](#bkmk-appendixf).

 -   Anti-malware events from Microsoft Antimalware or Windows Defender. This can be configured for any given anti-malware product easily if it writes to the Windows event log.
 -   Security event log Process Create events.