From 469a0c8f8723a6bec42bcd5c2b618e083bc9d7b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Sun, 20 Dec 2020 22:26:58 +0100 Subject: [PATCH 001/111] add info about the allowedThreats option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Sjögren --- .../linux-install-manually.md | 12 ++++--- .../linux-install-with-ansible.md | 30 ++++++++++++++-- .../linux-install-with-puppet.md | 34 ++++++++++++++++--- 3 files changed, 63 insertions(+), 13 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index cb813cf147..3df93c4de6 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -14,9 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: -- m365-security-compliance -- m365initiative-defender-endpoint +ms.collection: +- m365-security-compliance +- m365initiative-defender-endpoint ms.topic: conceptual --- @@ -144,10 +144,10 @@ In order to preview new features and provide early feedback, it is recommended t sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-[channel].list ``` For example, if you chose *insiders-fast* channel: - + ```bash sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-insiders-fast.list - ``` + ``` - Install the `gpg` package if not already installed: @@ -328,6 +328,8 @@ Download the onboarding package from Microsoft Defender Security Center: mdatp threat list ``` + If the the test file isn't detected and quarantined it might be labeled as a allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). + ## Log installation issues See [Log installation issues](linux-resources.md#log-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 35fe0795ab..6643175264 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -14,9 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: -- m365-security-compliance -- m365initiative-defender-endpoint +ms.collection: +- m365-security-compliance +- m365initiative-defender-endpoint ms.topic: conceptual --- @@ -248,6 +248,30 @@ Now run the tasks files under `/etc/ansible/playbooks/` or relevant directory. ansible-playbook /etc/ansible/playbooks/uninstall_mdatp.yml -i /etc/ansible/hosts ``` +## Testing + +Run a detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on a newly onboarded device: + +- Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command): + + ```bash + mdatp health --field real_time_protection_enabled + ``` + +- Open a Terminal window. Copy and execute the following command: + + ``` bash + curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt + ``` + +- The file should have been quarantined by Defender for Endpoint for Linux. Use the following command to list all the detected threats: + + ```bash + mdatp threat list + ``` + +If the the test file isn't detected and quarantined it might be labeled as a allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). + ## Log installation issues See [Log installation issues](linux-resources.md#log-installation-issues) for more information on how to find the automatically generated log that is created by the installer when an error occurs. diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index 46100ac983..b2358ccaea 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -14,9 +14,9 @@ author: dansimp ms.localizationpriority: medium manager: dansimp audience: ITPro -ms.collection: -- m365-security-compliance -- m365initiative-defender-endpoint +ms.collection: +- m365-security-compliance +- m365initiative-defender-endpoint ms.topic: conceptual --- @@ -52,7 +52,7 @@ Download the onboarding package from Microsoft Defender Security Center: ![Microsoft Defender Security Center screenshot](images/atp-portal-onboarding-linux-2.png) -4. From a command prompt, verify that you have the file. +4. From a command prompt, verify that you have the file. ```bash ls -l @@ -225,9 +225,33 @@ If the product is not healthy, the exit code (which can be checked through `echo - 1 if the device isn't onboarded yet. - 3 if the connection to the daemon cannot be established. +## Testing + +Run a detection test to verify that the device is properly onboarded and reporting to the service. Perform the following steps on a newly onboarded device: + +- Ensure that real-time protection is enabled (denoted by a result of `1` from running the following command): + + ```bash + mdatp health --field real_time_protection_enabled + ``` + +- Open a Terminal window. Copy and execute the following command: + + ``` bash + curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt + ``` + +- The file should have been quarantined by Defender for Endpoint for Linux. Use the following command to list all the detected threats: + + ```bash + mdatp threat list + ``` + +If the the test file isn't detected and quarantined it might be labeled as a allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). + ## Log installation issues - For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Log installation issues](linux-resources.md#log-installation-issues). +For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Log installation issues](linux-resources.md#log-installation-issues). ## Operating system upgrades From fdb7bddab305812754fbe4f1c0ae407d07b70967 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Mon, 28 Dec 2020 22:46:32 +0000 Subject: [PATCH 002/111] Update windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/linux-install-with-puppet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index b2358ccaea..2be925e7de 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -247,7 +247,7 @@ Run a detection test to verify that the device is properly onboarded and reporti mdatp threat list ``` -If the the test file isn't detected and quarantined it might be labeled as a allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). +If the the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). ## Log installation issues From 808515fa6efecd072fe8c331e804fce10d5b8e95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Mon, 28 Dec 2020 22:46:43 +0000 Subject: [PATCH 003/111] Update windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/linux-install-with-ansible.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 6643175264..daadffbab5 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -270,7 +270,7 @@ Run a detection test to verify that the device is properly onboarded and reporti mdatp threat list ``` -If the the test file isn't detected and quarantined it might be labeled as a allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). +If the the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). ## Log installation issues From 2de18161ad371f989e2450f398c79b1b6051a69a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Mon, 28 Dec 2020 22:46:49 +0000 Subject: [PATCH 004/111] Update windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/linux-install-manually.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index 3df93c4de6..c8f20a2db8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -328,7 +328,7 @@ Download the onboarding package from Microsoft Defender Security Center: mdatp threat list ``` - If the the test file isn't detected and quarantined it might be labeled as a allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). + If the the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). ## Log installation issues From 4410925f661d97fa1c6ea0936de0fdd56d1518c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Tue, 29 Dec 2020 20:04:40 +0000 Subject: [PATCH 005/111] Update windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/linux-install-manually.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md index c8f20a2db8..8e6178d0be 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually.md @@ -328,7 +328,7 @@ Download the onboarding package from Microsoft Defender Security Center: mdatp threat list ``` - If the the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). + If the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). ## Log installation issues From 9bff7e4ad7836f2cda2508de084437fa4e3e2df2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Tue, 29 Dec 2020 20:04:50 +0000 Subject: [PATCH 006/111] Update windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/linux-install-with-ansible.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index daadffbab5..ea03743538 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -270,7 +270,7 @@ Run a detection test to verify that the device is properly onboarded and reporti mdatp threat list ``` -If the the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). +If the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). ## Log installation issues From 87bfea1cfa9fdceada8116393e7ed217b08b40f6 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 4 Jan 2021 13:49:04 +0500 Subject: [PATCH 007/111] Addition of Value type supported Added information on value type supported and example. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8402 --- .../client-management/mdm/policy-csp-timelanguagesettings.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 8ef9349148..178d180438 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -78,7 +78,8 @@ Specifies the time zone to be applied to the device. This is the standard Window - +Value type is String. Supported values: +- Name of Standard Time Zone - e.g. Pacific Standard Time, Mountain Standard Time From 9ef776f4eb9f05fa7e5e3273f647ea4501626f43 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Mon, 4 Jan 2021 09:08:40 -0700 Subject: [PATCH 008/111] Update windows/client-management/mdm/policy-csp-timelanguagesettings.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../client-management/mdm/policy-csp-timelanguagesettings.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 178d180438..8d2b01f4b1 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -79,7 +79,7 @@ Specifies the time zone to be applied to the device. This is the standard Window Value type is String. Supported values: -- Name of Standard Time Zone - e.g. Pacific Standard Time, Mountain Standard Time +- Name of Standard Time Zone - for example, Pacific Standard Time, Mountain Standard Time. @@ -102,4 +102,3 @@ Footnotes: - 8 - Available in Windows 10, version 2004. - From a35610bb0c9825a85744575c24e58110ff517f9a Mon Sep 17 00:00:00 2001 From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com> Date: Sat, 23 Jan 2021 19:17:11 +0100 Subject: [PATCH 009/111] Update activate-using-active-directory-based-activation-client.md Adding Office to the supported list, as this greatly unknown based on my daily expierence as a consultant. Too many still use KMS. --- ...-using-active-directory-based-activation-client.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index e9c419383d..ff303620fa 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -29,6 +29,9 @@ ms.topic: article >- Windows Server 2012 >- Windows Server 2016 >- Windows Server 2019 +>- Office 2013* +>- Office 2016* +>- Office 2019* **Looking for retail activation?** @@ -97,6 +100,13 @@ When a reactivation event occurs, the client queries AD DS for the activation o 1. Activate your KMS host key by phone or online (Figure 15). ![Entering your KMS host key](../images/volumeactivationforwindows81-14.jpg) + + > [!NOTE] + > For activating a KMS Host Key (CSVLK) for Microsoft Office + for you need to install the version specific Office Volume license pack on the server where you have installed the Volume Activation Server Role. + - [Office 2013 VL pack](https://www.microsoft.com/en-us/download/details.aspx?id=35584) + - [Office 2016 VL pack](https://www.microsoft.com/en-us/download/details.aspx?id=49164) + - [Office 2019 VL pack](https://www.microsoft.com/en-us/download/details.aspx?id=57342) **Figure 15**. Choosing how to activate your product @@ -115,6 +125,7 @@ To verify your Active Directory-based activation configuration, complete the fol > [!NOTE] > If you are using both KMS and Active Directory-based activation, it may be difficult to see whether a client has been activated by KMS or by Active Directory-based activation. Consider disabling KMS during the test, or make sure that you are using a client computer that has not already been activated by KMS. The **slmgr.vbs /dlv** command also indicates whether KMS has been used. +> If you would like to see or mass change this, please consider to use [VAMT](https://docs.microsoft.com/en-us/windows/deployment/volume-activation/volume-activation-management-tool). ## See also From 7f505925ccf7c42859b5ab3d279441775f85610d Mon Sep 17 00:00:00 2001 From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com> Date: Sat, 23 Jan 2021 19:29:54 +0100 Subject: [PATCH 010/111] Update activate-using-active-directory-based-activation-client.md corrections --- .../activate-using-active-directory-based-activation-client.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index ff303620fa..e32bd63891 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -102,8 +102,7 @@ When a reactivation event occurs, the client queries AD DS for the activation o ![Entering your KMS host key](../images/volumeactivationforwindows81-14.jpg) > [!NOTE] - > For activating a KMS Host Key (CSVLK) for Microsoft Office - for you need to install the version specific Office Volume license pack on the server where you have installed the Volume Activation Server Role. + > For activating a KMS Host Key (CSVLK) for Microsoft Office you need to install the version specific Office Volume license pack on the server where you have installed the Volume Activation Server Role. - [Office 2013 VL pack](https://www.microsoft.com/en-us/download/details.aspx?id=35584) - [Office 2016 VL pack](https://www.microsoft.com/en-us/download/details.aspx?id=49164) - [Office 2019 VL pack](https://www.microsoft.com/en-us/download/details.aspx?id=57342) From e2749573a64fc6019f690c162a1164a2f111b190 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 25 Jan 2021 15:26:33 +0200 Subject: [PATCH 011/111] update hybrid scenario naming and add link to description https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8703 --- .../create-wdac-policy-for-fully-managed-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md index bec0d684e1..643145b624 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md @@ -42,7 +42,7 @@ Alice previously created a policy for the organization's lightly-managed devices Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's fully-managed devices: - All clients are running Windows 10 version 1903 or above; -- All clients are managed by Microsoft Endpoint Manager (MEM) either with Configuration Manager (MEMCM) standalone or hybrid mode with Intune; +- All clients are managed by Microsoft Endpoint Manager (MEM) either with Configuration Manager (MEMCM) standalone or [Co-Managed](https://docs.microsoft.com/en-us/mem/configmgr/comanage/overview) with Intune; > [!NOTE] > Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager (SCCM) From 5c6ecedbc990ac8c526a9fcac3ed78dcf6e71a3f Mon Sep 17 00:00:00 2001 From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com> Date: Tue, 26 Jan 2021 19:06:37 +0100 Subject: [PATCH 012/111] Update windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../activate-using-active-directory-based-activation-client.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index e32bd63891..a8a20be029 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -102,7 +102,8 @@ When a reactivation event occurs, the client queries AD DS for the activation o ![Entering your KMS host key](../images/volumeactivationforwindows81-14.jpg) > [!NOTE] - > For activating a KMS Host Key (CSVLK) for Microsoft Office you need to install the version specific Office Volume license pack on the server where you have installed the Volume Activation Server Role. + > To activate a KMS Host Key (CSVLK) for Microsoft Office, you need to install the version specific Office Volume License Pack on the server where the Volume Activation Server Role is installed. + - [Office 2013 VL pack](https://www.microsoft.com/en-us/download/details.aspx?id=35584) - [Office 2016 VL pack](https://www.microsoft.com/en-us/download/details.aspx?id=49164) - [Office 2019 VL pack](https://www.microsoft.com/en-us/download/details.aspx?id=57342) From e36b07e7837124be85832e039c0da3aba058b132 Mon Sep 17 00:00:00 2001 From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com> Date: Tue, 26 Jan 2021 19:06:52 +0100 Subject: [PATCH 013/111] Update windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../activate-using-active-directory-based-activation-client.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index a8a20be029..76f4881c7f 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -125,7 +125,7 @@ To verify your Active Directory-based activation configuration, complete the fol > [!NOTE] > If you are using both KMS and Active Directory-based activation, it may be difficult to see whether a client has been activated by KMS or by Active Directory-based activation. Consider disabling KMS during the test, or make sure that you are using a client computer that has not already been activated by KMS. The **slmgr.vbs /dlv** command also indicates whether KMS has been used. -> If you would like to see or mass change this, please consider to use [VAMT](https://docs.microsoft.com/en-us/windows/deployment/volume-activation/volume-activation-management-tool). +> To manage individual activations or apply multiple (mass) activations, please consider using [VAMT](https://docs.microsoft.com/en-us/windows/deployment/volume-activation/volume-activation-management-tool). ## See also From c2e7c0a3d5176dbe8a61a6a4aa7d76a11be6af10 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 26 Jan 2021 12:22:45 -0800 Subject: [PATCH 014/111] Update create-wdac-policy-for-fully-managed-devices.md --- .../create-wdac-policy-for-fully-managed-devices.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md index 643145b624..32fc319b88 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md @@ -15,7 +15,7 @@ author: jsuther1974 ms.reviewer: isbrahm ms.author: dansimp manager: dansimp -ms.date: 11/20/2019 +ms.date: 01/27/2021 ms.technology: mde --- @@ -42,7 +42,7 @@ Alice previously created a policy for the organization's lightly-managed devices Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's fully-managed devices: - All clients are running Windows 10 version 1903 or above; -- All clients are managed by Microsoft Endpoint Manager (MEM) either with Configuration Manager (MEMCM) standalone or [Co-Managed](https://docs.microsoft.com/en-us/mem/configmgr/comanage/overview) with Intune; +- All clients are managed by Microsoft Endpoint Manager (MEM) either with Configuration Manager (MEMCM) standalone or [Co-Managed](https://docs.microsoft.com/mem/configmgr/comanage/overview) with Intune; > [!NOTE] > Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager (SCCM) From 65f30854d51fe29295183dc082d0a0a9c39860af Mon Sep 17 00:00:00 2001 From: Steve DiAcetis Date: Wed, 27 Jan 2021 15:31:55 -0800 Subject: [PATCH 015/111] Update media-dynamic-update.md --- windows/deployment/update/media-dynamic-update.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index ea81420b8b..384a442054 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -64,6 +64,8 @@ Properly updating the installation media involves a large number of actions oper This table shows the correct sequence for applying the various tasks to the files. For example, the full sequence starts with adding the servicing stack update to WinRE (1) and concludes with adding the Dynamic Update for Setup to the new media (26). +**Note**: Starting in February 2021, the latest cumulative update (LCU) and servicing stack update (SSU) will be combined and distributed in the Microsoft Update Catalog as a new, combined cumulative update. For steps 1, 9 and 18 below that require the SSU for updating the installation media, the combined cumulative update should be used. + |Task |WinRE (winre.wim) |WinPE (boot.wim) |Operating system (install.wim) | New media | |---------|---------|---------|---------|------| |Add servicing stack Dynamic Update | 1 | 9 | 18 | From 134013a27dd81bfcff391c49a14b045ce7959c69 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 28 Jan 2021 09:04:40 +0530 Subject: [PATCH 016/111] made blod to some words , adjusted formats this is my own PR, i made some words are bold and removed symbol % . --- .../usmt/usmt-recognized-environment-variables.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md index dfb923bbd4..59de92c6b0 100644 --- a/windows/deployment/usmt/usmt-recognized-environment-variables.md +++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md @@ -101,7 +101,7 @@ You can use these variables within sections in the .xml files with `context=User

CSIDL_COMMON_STARTUP

-

The file-system directory that contains the programs that appear in the Startup folder for all users. A typical path in Windows XP is C:\Documents and Settings\All Users\Start Menu\Programs\Startup. A typical path is C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup.

+

The file-system directory that contains the programs that appear in the Startup folder for all users. A typical path in Windows XP is C:\Documents and Settings\All Users\Start Menu\Programs\Startup. A typical path is C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup.

CSIDL_COMMON_TEMPLATES

@@ -116,7 +116,7 @@ You can use these variables within sections in the .xml files with `context=User

Refers to the Appdata folder inside %DEFAULTUSERPROFILE%.

-

CSIDL_DEFAULT_LOCAL_APPDATA

+

CCSIDL_DEFAULT_LOCAL_APPDATA

Refers to the local Appdata folder inside %DEFAULTUSERPROFILE%.

@@ -319,7 +319,7 @@ You can use these variables in the .xml files within sections with `context=User

CSIDL_CONTACTS

-

This refers to the Contacts folder in %CSIDL_PROFILE%.

+

This refers to the Contacts folder in CSIDL_PROFILE.

CSIDL_CONTROLS

@@ -339,7 +339,7 @@ You can use these variables in the .xml files within sections with `context=User

CSIDL_DRIVES

-

The virtual folder representing My Computer that contains everything on the local computer: storage devices, printers, and Control Panel. The folder may also contain mapped network drives.

+

The virtual folder representing My Computer that contains everything on the local computer: storage devices, printers, and Control Panel. The folder may also contain mapped network drives.

CSIDL_FAVORITES

@@ -379,7 +379,7 @@ You can use these variables in the .xml files within sections with `context=User

CSIDL_NETHOOD

-

A file-system directory that contains the link objects that may exist in the My Network Places virtual folder. It is not the same as CSIDL_NETWORK, which represents the network namespace root. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Network Shortcuts.

+

A file-system directory that contains the link objects that may exist in the My Network Places virtual folder. It is not the same as CSIDL_NETWORK, which represents the network namespace root. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Network Shortcuts.

CSIDL_NETWORK

From ecb322dacfc851eec24c40f1ab6e925866eeffd3 Mon Sep 17 00:00:00 2001 From: Jaime Ondrusek Date: Thu, 28 Jan 2021 09:39:12 -0700 Subject: [PATCH 017/111] Update windows/deployment/update/media-dynamic-update.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/deployment/update/media-dynamic-update.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index 384a442054..33713148d1 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -64,7 +64,8 @@ Properly updating the installation media involves a large number of actions oper This table shows the correct sequence for applying the various tasks to the files. For example, the full sequence starts with adding the servicing stack update to WinRE (1) and concludes with adding the Dynamic Update for Setup to the new media (26). -**Note**: Starting in February 2021, the latest cumulative update (LCU) and servicing stack update (SSU) will be combined and distributed in the Microsoft Update Catalog as a new, combined cumulative update. For steps 1, 9 and 18 below that require the SSU for updating the installation media, the combined cumulative update should be used. +> [!NOTE] +> Starting in February 2021, the latest cumulative update (LCU) and servicing stack update (SSU) will be combined and distributed in the Microsoft Update Catalog as a new, combined cumulative update. For steps 1, 9 and 18 below that require the SSU for updating the installation media, the combined cumulative update should be used. |Task |WinRE (winre.wim) |WinPE (boot.wim) |Operating system (install.wim) | New media | |---------|---------|---------|---------|------| From 26b8798d0805258207373a870f73a9ea35985f23 Mon Sep 17 00:00:00 2001 From: Jaime Ondrusek Date: Thu, 28 Jan 2021 09:40:39 -0700 Subject: [PATCH 018/111] Update media-dynamic-update.md Corrections. --- windows/deployment/update/media-dynamic-update.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index 33713148d1..f88e592375 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -65,7 +65,7 @@ Properly updating the installation media involves a large number of actions oper This table shows the correct sequence for applying the various tasks to the files. For example, the full sequence starts with adding the servicing stack update to WinRE (1) and concludes with adding the Dynamic Update for Setup to the new media (26). > [!NOTE] -> Starting in February 2021, the latest cumulative update (LCU) and servicing stack update (SSU) will be combined and distributed in the Microsoft Update Catalog as a new, combined cumulative update. For steps 1, 9 and 18 below that require the SSU for updating the installation media, the combined cumulative update should be used. +> Starting in February 2021, the latest cumulative update and servicing stack update will be combined and distributed in the Microsoft Update Catalog as a new combined cumulative update. For Steps 1, 9, and 18 below that require the servicing stack update for updating the installation media, you should use the combined cumulative update. |Task |WinRE (winre.wim) |WinPE (boot.wim) |Operating system (install.wim) | New media | |---------|---------|---------|---------|------| From 47200682bcd68d8d067996fb3935664eda96e65c Mon Sep 17 00:00:00 2001 From: Steve DiAcetis Date: Mon, 1 Feb 2021 10:21:48 -0800 Subject: [PATCH 019/111] Changes to describe the Feb 2021 changes to SSU and LCU. Changes to describe the Feb 2021 changes to SSU and LCU. --- windows/deployment/update/media-dynamic-update.md | 2 +- windows/deployment/update/servicing-stack-updates.md | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index f88e592375..6b8f00ddcd 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -65,7 +65,7 @@ Properly updating the installation media involves a large number of actions oper This table shows the correct sequence for applying the various tasks to the files. For example, the full sequence starts with adding the servicing stack update to WinRE (1) and concludes with adding the Dynamic Update for Setup to the new media (26). > [!NOTE] -> Starting in February 2021, the latest cumulative update and servicing stack update will be combined and distributed in the Microsoft Update Catalog as a new combined cumulative update. For Steps 1, 9, and 18 below that require the servicing stack update for updating the installation media, you should use the combined cumulative update. +> Starting in February 2021, the latest cumulative update and servicing stack update will be combined and distributed in the Microsoft Update Catalog as a new combined cumulative update. For Steps 1, 9, and 18 below that require the servicing stack update for updating the installation media, you should use the combined cumulative update. For more information on the combined cumulative update, see [Servicing stack updates](https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates). |Task |WinRE (winre.wim) |WinPE (boot.wim) |Operating system (install.wim) | New media | |---------|---------|---------|---------|------| diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index e2b6404d14..c51a9ff9fb 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -44,7 +44,6 @@ Both Windows 10 and Windows Server use the cumulative update mechanism, in which Servicing stack updates must ship separately from the cumulative updates because they modify the component that installs Windows updates. The servicing stack is released separately because the servicing stack itself requires an update. For example, the cumulative update [KB4284880](https://support.microsoft.com/help/4284880/windows-10-update-kb4284880) requires the [May 17, 2018 servicing stack update](https://support.microsoft.com/help/4132216), which includes updates to Windows Update. - ## Is there any special guidance? Microsoft recommends you install the latest servicing stack updates for your operating system before installing the latest cumulative update. @@ -58,3 +57,7 @@ Typically, the improvements are reliability and performance improvements that do * Servicing stack update releases are specific to the operating system version (build number), much like quality updates. * Search to install latest available [Servicing stack update for Windows 10](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001). * Once a servicing stack update is installed, it cannot be removed or uninstalled from the machine. + + +## Simplifying on-premises deployment of servicing stack updates +With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update will include the latest servicing stack updates, to provide a single cumulative update payload to both Windows Server Update Services (WSUS) and Microsoft Catalog. If you use an endpoint management tool backed by WSUS, such as the Configuration Manager, you will only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update will be available on Windows 10, version 2004 and higher starting with the 2021 2C release, KB4601382. From 0062b68c57db4af372e8c6f1fbad0e51002a98a0 Mon Sep 17 00:00:00 2001 From: Steve DiAcetis Date: Mon, 1 Feb 2021 11:31:19 -0800 Subject: [PATCH 020/111] Updates to support UnoPackage Small tweaks based on feedback --- windows/deployment/update/media-dynamic-update.md | 6 +++--- windows/deployment/update/servicing-stack-updates.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/deployment/update/media-dynamic-update.md b/windows/deployment/update/media-dynamic-update.md index 6b8f00ddcd..74fc796879 100644 --- a/windows/deployment/update/media-dynamic-update.md +++ b/windows/deployment/update/media-dynamic-update.md @@ -64,9 +64,6 @@ Properly updating the installation media involves a large number of actions oper This table shows the correct sequence for applying the various tasks to the files. For example, the full sequence starts with adding the servicing stack update to WinRE (1) and concludes with adding the Dynamic Update for Setup to the new media (26). -> [!NOTE] -> Starting in February 2021, the latest cumulative update and servicing stack update will be combined and distributed in the Microsoft Update Catalog as a new combined cumulative update. For Steps 1, 9, and 18 below that require the servicing stack update for updating the installation media, you should use the combined cumulative update. For more information on the combined cumulative update, see [Servicing stack updates](https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates). - |Task |WinRE (winre.wim) |WinPE (boot.wim) |Operating system (install.wim) | New media | |---------|---------|---------|---------|------| |Add servicing stack Dynamic Update | 1 | 9 | 18 | @@ -84,6 +81,9 @@ This table shows the correct sequence for applying the various tasks to the file |Add .NET and .NET cumulative updates | | | 24 | |Export image | 8 | 17 | 25 | +> [!NOTE] +> Starting in February 2021, the latest cumulative update and servicing stack update will be combined and distributed in the Microsoft Update Catalog as a new combined cumulative update. For Steps 1, 9, and 18 that require the servicing stack update for updating the installation media, you should use the combined cumulative update. For more information on the combined cumulative update, see [Servicing stack updates](https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates). + ### Multiple Windows editions The main operating system file (install.wim) contains multiple editions of Windows 10. It’s possible that only an update for a given edition is required to deploy it, based on the index. Or, it might be that all editions need an update. Further, ensure that languages are installed before Features on Demand, and the latest cumulative update is always applied last. diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index c51a9ff9fb..f79ad98939 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -60,4 +60,4 @@ Typically, the improvements are reliability and performance improvements that do ## Simplifying on-premises deployment of servicing stack updates -With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update will include the latest servicing stack updates, to provide a single cumulative update payload to both Windows Server Update Services (WSUS) and Microsoft Catalog. If you use an endpoint management tool backed by WSUS, such as the Configuration Manager, you will only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update will be available on Windows 10, version 2004 and higher starting with the 2021 2C release, KB4601382. +With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update will include the latest servicing stack updates, to provide a single cumulative update payload to both Windows Server Update Services (WSUS) and Microsoft Catalog. If you use an endpoint management tool backed by WSUS, such as Configuration Manager, you will only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update will be available on Windows 10, version 2004 and higher starting with the 2021 2C release, KB4601382. From f3d2a3398369d671d0755949b82bf87823e7411c Mon Sep 17 00:00:00 2001 From: Steve DiAcetis Date: Mon, 1 Feb 2021 16:48:41 -0800 Subject: [PATCH 021/111] Update servicing-stack-updates.md --- windows/deployment/update/servicing-stack-updates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index f79ad98939..6ab6a9595d 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -60,4 +60,4 @@ Typically, the improvements are reliability and performance improvements that do ## Simplifying on-premises deployment of servicing stack updates -With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update will include the latest servicing stack updates, to provide a single cumulative update payload to both Windows Server Update Services (WSUS) and Microsoft Catalog. If you use an endpoint management tool backed by WSUS, such as Configuration Manager, you will only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update will be available on Windows 10, version 2004 and higher starting with the 2021 2C release, KB4601382. +With the Windows Update experience, servicing stack updates and cumulative updates are deployed together to the device. The update stack automatically orchestrates the installation, so both are applied correctly. Starting in February 2021, the cumulative update will include the latest servicing stack updates, to provide a single cumulative update payload to both Windows Server Update Services (WSUS) and Microsoft Catalog. If you use an endpoint management tool backed by WSUS, such as Configuration Manager, you will only have to select and deploy the monthly cumulative update. The latest servicing stack updates will automatically be applied correctly. Release notes and file information for cumulative updates, including those related to the servicing stack, will be in a single KB article. The combined monthly cumulative update will be available on Windows 10, version 2004 and later starting with the 2021 2C release, KB4601382. From 198032fd9f6c339e7ae4d6963dca655db6c033f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Fri, 5 Feb 2021 15:19:08 +0000 Subject: [PATCH 022/111] Update windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/linux-install-with-ansible.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md index 4bb6d76a83..8b2e7da1ca 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-ansible.md @@ -261,7 +261,7 @@ Run a detection test to verify that the device is properly onboarded and reporti - Open a Terminal window. Copy and execute the following command: - ``` bash + ```bash curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt ``` From 95888c61c75699a5290a6193f406f9a2311e4e6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Fri, 5 Feb 2021 15:19:14 +0000 Subject: [PATCH 023/111] Update windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/linux-install-with-puppet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index a80cb41d24..292caa4194 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -238,7 +238,7 @@ Run a detection test to verify that the device is properly onboarded and reporti - Open a Terminal window. Copy and execute the following command: - ``` bash + ```bash curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt ``` From 1490d9ba4e735783ebc225a74a9fcc2f98a5762b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Sj=C3=B6gren?= Date: Fri, 5 Feb 2021 20:23:14 +0000 Subject: [PATCH 024/111] Update windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../microsoft-defender-atp/linux-install-with-puppet.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md index 292caa4194..260bdb6f66 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-install-with-puppet.md @@ -248,7 +248,7 @@ Run a detection test to verify that the device is properly onboarded and reporti mdatp threat list ``` -If the the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). +If the test file isn't detected and quarantined, it might be labeled as an allowed threat. See the [allowedThreats](linux-preferences.md#allowed-threats) option and the structure of the configuration profile at [Set preferences for Microsoft Defender for Endpoint for Linux](linux-preferences.md). ## Log installation issues From 3381427fbc2601a6f644c7f12a8997745aada5a8 Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Mon, 8 Feb 2021 12:04:23 -0500 Subject: [PATCH 025/111] licensing note - per device added a note in requirements about device based licensing please review and see if this is the right spot for this and the right verbiage? --- windows/deployment/windows-10-subscription-activation.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 84fa27310d..123f4f81af 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -88,6 +88,7 @@ For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & - Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded. - Azure Active Directory (Azure AD) available for identity management. - Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported. +- Windows 10 per user licensing, not available for per device based licensing. For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3/E5 or A3/A5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md). From a53cad8b8775523d6cf9faed1c78d8cb7d93e7f9 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 10 Feb 2021 10:45:14 +0200 Subject: [PATCH 026/111] Update windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../create-wdac-policy-for-fully-managed-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md index 32fc319b88..b7803dc3b8 100644 --- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md +++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md @@ -42,7 +42,7 @@ Alice previously created a policy for the organization's lightly-managed devices Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's fully-managed devices: - All clients are running Windows 10 version 1903 or above; -- All clients are managed by Microsoft Endpoint Manager (MEM) either with Configuration Manager (MEMCM) standalone or [Co-Managed](https://docs.microsoft.com/mem/configmgr/comanage/overview) with Intune; +- All clients are managed by Microsoft Endpoint Manager (MEM) either with Configuration Manager (MEMCM) standalone or [co-managed](https://docs.microsoft.com/mem/configmgr/comanage/overview) with Intune; > [!NOTE] > Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager (SCCM) From 8ed56635b105d2b8b00015dd399f74dd71bdf725 Mon Sep 17 00:00:00 2001 From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com> Date: Wed, 10 Feb 2021 19:30:13 +0100 Subject: [PATCH 027/111] Update windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../activate-using-active-directory-based-activation-client.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index 76f4881c7f..c1dae11e8f 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -102,7 +102,8 @@ When a reactivation event occurs, the client queries AD DS for the activation o ![Entering your KMS host key](../images/volumeactivationforwindows81-14.jpg) > [!NOTE] - > To activate a KMS Host Key (CSVLK) for Microsoft Office, you need to install the version specific Office Volume License Pack on the server where the Volume Activation Server Role is installed. + > To activate a KMS Host Key (CSVLK) for Microsoft Office, you need to install the version-specific Office Volume License Pack on the server where the Volume Activation Server Role is installed. + - [Office 2013 VL pack](https://www.microsoft.com/en-us/download/details.aspx?id=35584) - [Office 2016 VL pack](https://www.microsoft.com/en-us/download/details.aspx?id=49164) From f7ae476d1bdf800eb2b543e1117ec4d291a72104 Mon Sep 17 00:00:00 2001 From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com> Date: Wed, 10 Feb 2021 19:30:38 +0100 Subject: [PATCH 028/111] Update windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../activate-using-active-directory-based-activation-client.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index c1dae11e8f..c472142ab1 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -105,7 +105,8 @@ When a reactivation event occurs, the client queries AD DS for the activation o > To activate a KMS Host Key (CSVLK) for Microsoft Office, you need to install the version-specific Office Volume License Pack on the server where the Volume Activation Server Role is installed. - - [Office 2013 VL pack](https://www.microsoft.com/en-us/download/details.aspx?id=35584) + - [Office 2013 VL pack](https://www.microsoft.com/download/details.aspx?id=35584) + - [Office 2016 VL pack](https://www.microsoft.com/en-us/download/details.aspx?id=49164) - [Office 2019 VL pack](https://www.microsoft.com/en-us/download/details.aspx?id=57342) From 9b7c051fce99a9933280d920ea9a0adc9a48979a Mon Sep 17 00:00:00 2001 From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com> Date: Wed, 10 Feb 2021 19:30:46 +0100 Subject: [PATCH 029/111] Update windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../activate-using-active-directory-based-activation-client.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index c472142ab1..3ec15b4f4b 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -107,7 +107,8 @@ When a reactivation event occurs, the client queries AD DS for the activation o - [Office 2013 VL pack](https://www.microsoft.com/download/details.aspx?id=35584) - - [Office 2016 VL pack](https://www.microsoft.com/en-us/download/details.aspx?id=49164) + - [Office 2016 VL pack](https://www.microsoft.com/download/details.aspx?id=49164) + - [Office 2019 VL pack](https://www.microsoft.com/en-us/download/details.aspx?id=57342) **Figure 15**. Choosing how to activate your product From f9df2cc67de6f9cd539501fd08c03ecd6bbb64ff Mon Sep 17 00:00:00 2001 From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com> Date: Wed, 10 Feb 2021 19:31:02 +0100 Subject: [PATCH 030/111] Update windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../activate-using-active-directory-based-activation-client.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index 3ec15b4f4b..f6bb4acffb 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -128,7 +128,8 @@ To verify your Active Directory-based activation configuration, complete the fol > [!NOTE] > If you are using both KMS and Active Directory-based activation, it may be difficult to see whether a client has been activated by KMS or by Active Directory-based activation. Consider disabling KMS during the test, or make sure that you are using a client computer that has not already been activated by KMS. The **slmgr.vbs /dlv** command also indicates whether KMS has been used. -> To manage individual activations or apply multiple (mass) activations, please consider using [VAMT](https://docs.microsoft.com/en-us/windows/deployment/volume-activation/volume-activation-management-tool). +> To manage individual activations or apply multiple (mass) activations, please consider using the [VAMT](https://docs.microsoft.com/windows/deployment/volume-activation/volume-activation-management-tool). + ## See also From 22de11d95fb5d326d0ba3dafcc6f13927a1964d9 Mon Sep 17 00:00:00 2001 From: Steve DiAcetis Date: Wed, 10 Feb 2021 10:32:55 -0800 Subject: [PATCH 031/111] Update servicing-stack-updates.md --- windows/deployment/update/servicing-stack-updates.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md index 6ab6a9595d..13487eef17 100644 --- a/windows/deployment/update/servicing-stack-updates.md +++ b/windows/deployment/update/servicing-stack-updates.md @@ -29,8 +29,6 @@ Servicing stack updates provide fixes to the servicing stack, the component that Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes. -For information about some changes to servicing stack updates, see [Simplifing Deployment of Servicing Stack Updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-on-premises-deployment-of-servicing-stack-updates/ba-p/1646039) on the Windows IT Pro blog. - ## When are they released? Servicing stack update are released depending on new issues or vulnerabilities. In rare occasions a servicing stack update may need to be released on demand to address an issue impacting systems installing the monthly security update. Starting in November 2018 new servicing stack updates will be classified as "Security" with a severity rating of "Critical." From 5231e7592100c363180bbd5976a0bf0706600f7b Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 11 Feb 2021 13:59:53 +0530 Subject: [PATCH 032/111] Update windows/deployment/usmt/usmt-recognized-environment-variables.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../deployment/usmt/usmt-recognized-environment-variables.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md index 59de92c6b0..496e80bf84 100644 --- a/windows/deployment/usmt/usmt-recognized-environment-variables.md +++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md @@ -319,7 +319,7 @@ You can use these variables in the .xml files within sections with `context=User

CSIDL_CONTACTS

-

This refers to the Contacts folder in CSIDL_PROFILE.

+

This refers to the Contacts folder in %CSIDL_PROFILE%.

CSIDL_CONTROLS

@@ -468,4 +468,3 @@ You can use these variables in the .xml files within sections with `context=User - From 96037c45cd156a6b54e0405e8ef5538542362406 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 11 Feb 2021 14:01:03 +0530 Subject: [PATCH 033/111] Update windows/deployment/usmt/usmt-recognized-environment-variables.md accepted Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../deployment/usmt/usmt-recognized-environment-variables.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md index 496e80bf84..4ca2874fab 100644 --- a/windows/deployment/usmt/usmt-recognized-environment-variables.md +++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md @@ -116,7 +116,7 @@ You can use these variables within sections in the .xml files with `context=User

Refers to the Appdata folder inside %DEFAULTUSERPROFILE%.

-

CCSIDL_DEFAULT_LOCAL_APPDATA

+

CSIDL_DEFAULT_LOCAL_APPDATA

Refers to the local Appdata folder inside %DEFAULTUSERPROFILE%.

@@ -467,4 +467,3 @@ You can use these variables in the .xml files within sections with `context=User - From 15770237c9fc41c388259d9b19cfd557869bf34b Mon Sep 17 00:00:00 2001 From: Karl Wester-Ebbinghaus <45657752+Karl-WE@users.noreply.github.com> Date: Thu, 11 Feb 2021 10:33:26 +0100 Subject: [PATCH 034/111] Update windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../activate-using-active-directory-based-activation-client.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index f6bb4acffb..1d42b159e5 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -109,7 +109,8 @@ When a reactivation event occurs, the client queries AD DS for the activation o - [Office 2016 VL pack](https://www.microsoft.com/download/details.aspx?id=49164) - - [Office 2019 VL pack](https://www.microsoft.com/en-us/download/details.aspx?id=57342) + - [Office 2019 VL pack](https://www.microsoft.com/download/details.aspx?id=57342) + **Figure 15**. Choosing how to activate your product From 7650d404ec22f0a9ac7b01491b76baa616467c3f Mon Sep 17 00:00:00 2001 From: Apu Dutta Date: Fri, 12 Feb 2021 10:27:42 -0800 Subject: [PATCH 035/111] Update EUICC CSP with latest changes The DiscoveryServer nodes were added for Cobalt. Update the CSP page to reflect these changes. Also added missing nodes from this structure - PPR1Allowed and PPR1AlreadySet --- windows/client-management/mdm/euiccs-csp.md | 30 +++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md index 1f42e3e43d..cf03244fdf 100644 --- a/windows/client-management/mdm/euiccs-csp.md +++ b/windows/client-management/mdm/euiccs-csp.md @@ -38,6 +38,36 @@ Required. Indicates whether this eUICC is physically present and active. Updated Supported operation is Get. Value type is boolean. +**_eUICC_/PPR1Allowed** +Required. Indicates whether the download of a profile with PPR1 is allowed. If the eUICC already has a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 is not allowed. + +Supported operation is Get. Value type is boolean. + +**_eUICC_/PPR1AlreadySet** +Required. Indicates whether the eUICC has already a profile with PPR1. + +Supported operation is Get. Value type is boolean. + +**_eUICC_/DownloadServers** +Interior node. Represents default SM-DP+ discovery requests. + +Supported operation is Get. + +**_eUICC_/DownloadServers/_ServerName_** +Interior node. Optional. Node representing the discovery operation for a server name. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request. + +Supported operations are Add, Get, and Delete. + +**_eUICC_/DownloadServers/_ServerName_/DiscoveryState** +Required. Current state of the discovery operation for the parent ServerName (Requested = 1, Executing = 2, Completed = 3, Failed = 4). Queried by the CSP and only updated by the LPA. + +Supported operation is Get. Value type is integer. Default value is 1. + +**_eUICC_/DownloadServers/_ServerName_/AutoEnable** +Required. Indicates whether the discovered profile must be enabled automatically after install. This must be set by the MDM when the ServerName subtree is created + +Supported operations are Add, Get, and Replace. Value type is bool. + **_eUICC_/Profiles** Interior node. Required. Represents all enterprise-owned profiles. From 87062dbbbf3a9630ea1cb5a7f9b4daadf5797b71 Mon Sep 17 00:00:00 2001 From: Apu Dutta Date: Fri, 12 Feb 2021 10:31:33 -0800 Subject: [PATCH 036/111] Update euiccs-ddf-file.md --- .../client-management/mdm/euiccs-ddf-file.md | 206 +++++++++++++++++- 1 file changed, 203 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md index 38bb8e5f6f..24adff5b0b 100644 --- a/windows/client-management/mdm/euiccs-ddf-file.md +++ b/windows/client-management/mdm/euiccs-ddf-file.md @@ -49,7 +49,7 @@ The XML below if for Windows 10, version 1803. - com.microsoft/1.1/MDM/eUICCs + com.microsoft/1.2/MDM/eUICCs @@ -58,7 +58,7 @@ The XML below if for Windows 10, version 1803. - Represents information associated with an eUICC. There is one subtree for each known eUICC, created by the Local Profile Assistant (LPA) when the eUICC is first seen. The node name is meaningful only to the LPA (which associates it with an eUICC ID (EID) in an implementation-specific manner, e.g., this could be a SHA-256 hash of the EID). The node name "Default" represents the currently active eUICC. + Represents information associated with an eUICC. There is one subtree for each known eUICC, created by the Local Profile Assistant (LPA) when the eUICC is first seen. The node name is the eUICC ID (EID). The node name "Default" represents the currently active eUICC. @@ -79,7 +79,7 @@ The XML below if for Windows 10, version 1803. - Identifies an eUICC in an implementation-specific manner, e.g., this could be a SHA-256 hash of the EID. + The EID. @@ -118,6 +118,139 @@ The XML below if for Windows 10, version 1803. + + PPR1Allowed + + + + + Indicates whether the download of a profile with PPR1 is allowed. If the eUICC has already a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 is not allowed. + + + + + + + + + + + text/plain + + + + + PPR1AlreadySet + + + + + Indicates whether the eUICC has already a profile with PPR1. + + + + + + + + + + + text/plain + + + + + DownloadServers + + + + + Represents default SM-DP+ discovery requests. + + + + + + + + + + + + + + + + + + + + + + + Node representing the discovery operation for a server name. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request. + + + + + + + + + + ServerName + + + + + + DiscoveryState + + + + + 1 + Current state of the discovery operation for the parent ServerName (Requested = 1, Executing = 2, Completed = 3, Failed = 4). Queried by the CSP and only updated by the LPA. + + + + + + + + + + + text/plain + + + + + AutoEnable + + + + + + + Indicates whether the discovered profile must be enabled automatically after install. This must be set by the MDM when the ServerName subtree is created. + + + + + + + + + + + text/plain + + + + + Profiles @@ -145,6 +278,7 @@ The XML below if for Windows 10, version 1803. + Node representing an enterprise-owned eUICC profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC). @@ -167,6 +301,7 @@ The XML below if for Windows 10, version 1803. + Fully qualified domain name of the SM-DP+ that can download this profile. Must be set by the MDM when the ICCID subtree is created. @@ -192,6 +327,7 @@ The XML below if for Windows 10, version 1803. + Matching ID (activation code token) for profile download. Must be set by the MDM when the ICCID subtree is created. @@ -256,6 +392,70 @@ The XML below if for Windows 10, version 1803. + + PPR1Set + + + + + This profile policy rule indicates whether disabling of this profile is not allowed (true if not allowed, false otherwise). + + + + + + + + + + + text/plain + + + + + PPR2Set + + + + + This profile policy rule indicates whether deletion of this profile is not allowed (true if not allowed, false otherwise). + + + + + + + + + + + text/plain + + + + + ErrorDetail + + + + + 0 + Detailed error if the profile download and install procedure failed (None = 0, CardGeneralFailure = 1, ConfirmationCodeMissing = 3, ForbiddenByPolicy = 5, InvalidMatchingId = 6, NoEligibleProfileForThisDevice = 7, NotEnoughSpaceOnCard = 8, ProfileEidMismatch = 10, ProfileNotAvailableForNewBinding = 11, ProfileNotReleasedByOperator = 12, RemoteServerGeneralFailure = 13, RemoteServerUnreachable = 14). + + + + + + + + + + + text/plain + + + From f48a3eba273e4bf2cf86a407df0f677c13f7faf2 Mon Sep 17 00:00:00 2001 From: Warren Williams Date: Fri, 12 Feb 2021 16:19:59 -0600 Subject: [PATCH 037/111] Update mandatory-user-profile.md --- windows/client-management/mandatory-user-profile.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index e77a3132db..5b40fc92cb 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -94,6 +94,8 @@ First, you create a default user profile with the customizations that you want, 5. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the set up, and then sign in to the computer using an account that has local administrator privileges. 6. Right-click Start, go to **Control Panel** (view by large or small icons) > **System** > **Advanced system settings**, and click **Settings** in the **User Profiles** section. + +Starting in Windows 10 version (2004) Open the Settings app and click on Advanced system settings 7. In **User Profiles**, click **Default Profile**, and then click **Copy To**. @@ -103,12 +105,13 @@ First, you create a default user profile with the customizations that you want, ![Example of UI](images/copy-to-change.png) -9. In **Select User or Group**, in the **Enter the object name to select** field, type `everyone`, click **Check Names**, and then click **OK**. +9. In **Select User or Group**, in the **Enter the object name to select** field, type `everyone` or the group of users that the profile will be assigned to, click **Check Names**, and then click **OK**. 10. In **Copy To**, in the **Copy profile to** field, enter the path and folder name where you want to store the mandatory profile. The folder name must use the correct [extension](#extension) for the operating system version. For example, the folder name must end with “.v6” to identify it as a user profile folder for Windows 10, version 1607. - If the device is joined to the domain and you are signed in with an account that has permissions to write to a shared folder on the network, you can enter the shared folder path. - If the device is not joined to the domain, you can save the profile locally and then copy it to the shared folder location. + - Optionally you can check the box “Mandatory profile”. This step is not required but will set permissions that are more restrictive and it is recommend to do so ![Example of UI](images/copy-to-path.png) From 35e5e3714a2151d5de5165309b8566414750c8c7 Mon Sep 17 00:00:00 2001 From: Warren Williams Date: Fri, 12 Feb 2021 18:02:45 -0600 Subject: [PATCH 038/111] Update mandatory-user-profile.md We need to also update screen shots with the control panel applet that has the check box. --- windows/client-management/mandatory-user-profile.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index 211519bdec..f082708dbb 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -84,6 +84,8 @@ First, you create a default user profile with the customizations that you want, 1. Right-click Start, go to **Control Panel** (view by large or small icons) > **System** > **Advanced system settings**, and click **Settings** in the **User Profiles** section. +Starting in Windows 10 version (2004) Open the Settings app and click on Advanced system settings + 1. In **User Profiles**, click **Default Profile**, and then click **Copy To**. ![Example of UI](images/copy-to.png) @@ -92,12 +94,13 @@ First, you create a default user profile with the customizations that you want, ![Example of UI](images/copy-to-change.png) -1. In **Select User or Group**, in the **Enter the object name to select** field, type `everyone`, click **Check Names**, and then click **OK**. +1. In **Select User or Group**, in the **Enter the object name to select** field, type `everyone` or the group of users that the profile will be assigned to, click **Check Names**, and then click **OK**. 1. In **Copy To**, in the **Copy profile to** field, enter the path and folder name where you want to store the mandatory profile. The folder name must use the correct [extension](#profile-extension-for-each-windows-version) for the operating system version. For example, the folder name must end with ".v6" to identify it as a user profile folder for Windows 10, version 1607. - If the device is joined to the domain and you are signed in with an account that has permissions to write to a shared folder on the network, you can enter the shared folder path. - If the device is not joined to the domain, you can save the profile locally and then copy it to the shared folder location. + - Optionally you can check the box “Mandatory profile”. This step is not required but will set permissions that are more restrictive and it is recommend to do so ![Example of UI](images/copy-to-path.png) From 4530c9c4880b73bf28fb36fd49ad17eee1b24655 Mon Sep 17 00:00:00 2001 From: Andrei-George Stoica Date: Wed, 17 Feb 2021 09:25:59 +0200 Subject: [PATCH 039/111] Updating PS script link after gallery.technet removal Also adding download link for the cab file directly. --- .../security/threat-protection/mbsa-removal-and-guidance.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md index 09dc088c59..8ed4a703ef 100644 --- a/windows/security/threat-protection/mbsa-removal-and-guidance.md +++ b/windows/security/threat-protection/mbsa-removal-and-guidance.md @@ -25,14 +25,14 @@ MBSA was largely used in situations where neither Microsoft Update nor a local W A script can help you with an alternative to MBSA’s patch-compliance checking: - [Using WUA to Scan for Updates Offline](https://docs.microsoft.com/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline), which includes a sample .vbs script. -For a PowerShell alternative, see [Using WUA to Scan for Updates Offline with PowerShell](https://gallery.technet.microsoft.com/Using-WUA-to-Scan-for-f7e5e0be). +For a PowerShell alternative, see [Using WUA to Scan for Updates Offline with PowerShell](https://github.com/andreiztm/thedeploymentguy/blob/main/WUAOfflineScan/Scan-UpdatesOffline.ps1). For example: [![VBS script](images/vbs-example.png)](https://docs.microsoft.com/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline) -[![PowerShell script](images/powershell-example.png)](https://gallery.technet.microsoft.com/Using-WUA-to-Scan-for-f7e5e0be) +[![PowerShell script](images/powershell-example.png)](https://github.com/andreiztm/thedeploymentguy/blob/main/WUAOfflineScan/Scan-UpdatesOffline.ps1) -The preceding scripts leverage the [WSUS offline scan file](https://support.microsoft.com/help/927745/detailed-information-for-developers-who-use-the-windows-update-offline) (wsusscn2.cab) to perform a scan and get the same information on missing updates as MBSA supplied. MBSA also relied on the wsusscn2.cab to determine which updates were missing from a given system without connecting to any online service or server. The wsusscn2.cab file is still available and there are currently no plans to remove or replace it. +The preceding scripts leverage the [WSUS offline scan file](https://support.microsoft.com/help/927745/detailed-information-for-developers-who-use-the-windows-update-offline) ([wsusscn2.cab](https://go.microsoft.com/fwlink/?LinkID=74689)) to perform a scan and get the same information on missing updates as MBSA supplied. MBSA also relied on the wsusscn2.cab to determine which updates were missing from a given system without connecting to any online service or server. The wsusscn2.cab file is still available and there are currently no plans to remove or replace it. The wsusscn2.cab file contains the metadata of only security updates, update rollups and service packs available from Microsoft Update; it does not contain any information on non-security updates, tools or drivers. ## More Information From cfdc25e28fd3379f924041b9e5e44171ebfaf4bc Mon Sep 17 00:00:00 2001 From: Bill Mcilhargey <19168174+computeronix@users.noreply.github.com> Date: Wed, 17 Feb 2021 11:56:14 -0500 Subject: [PATCH 040/111] Update windows/deployment/windows-10-subscription-activation.md thank you! Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/deployment/windows-10-subscription-activation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 123f4f81af..10f8c33ea6 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -88,7 +88,7 @@ For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & - Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded. - Azure Active Directory (Azure AD) available for identity management. - Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported. -- Windows 10 per user licensing, not available for per device based licensing. +- Windows 10 per user licensing is not available for per device based licensing. For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3/E5 or A3/A5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md). From 9f75b5e864d50d3e1b87468af4866a5112d3cef7 Mon Sep 17 00:00:00 2001 From: Warren Williams Date: Wed, 17 Feb 2021 14:42:35 -0600 Subject: [PATCH 041/111] Update windows/client-management/mandatory-user-profile.md Looks good Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mandatory-user-profile.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index 5b40fc92cb..f6e740c387 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -93,7 +93,7 @@ First, you create a default user profile with the customizations that you want, 5. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the set up, and then sign in to the computer using an account that has local administrator privileges. -6. Right-click Start, go to **Control Panel** (view by large or small icons) > **System** > **Advanced system settings**, and click **Settings** in the **User Profiles** section. +6. Right-click **Start**, go to **Control Panel** (view by large or small icons) > **System** > **Advanced system settings**, and click **Settings** in the **User Profiles** section. Alternatively, starting in Windows 10, version 2004, open the **Settings** app and select **Advanced system settings**. Starting in Windows 10 version (2004) Open the Settings app and click on Advanced system settings @@ -170,4 +170,3 @@ When a user is configured with a mandatory profile, Windows 10 starts as though - [Lock down Windows 10 to specific apps](/windows/configuration/lock-down-windows-10-to-specific-apps) - [Windows Spotlight on the lock screen](/windows/configuration/windows-spotlight) - [Configure devices without MDM](/windows/configuration/configure-devices-without-mdm) - From d799310fdcbc0e99e106cddeb8d8ff364245d3bc Mon Sep 17 00:00:00 2001 From: Warren Williams Date: Wed, 17 Feb 2021 14:43:14 -0600 Subject: [PATCH 042/111] Update windows/client-management/mandatory-user-profile.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mandatory-user-profile.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index f6e740c387..d1a5769dc3 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -111,7 +111,7 @@ Starting in Windows 10 version (2004) Open the Settings app and click on Advance - If the device is joined to the domain and you are signed in with an account that has permissions to write to a shared folder on the network, you can enter the shared folder path. - If the device is not joined to the domain, you can save the profile locally and then copy it to the shared folder location. - - Optionally you can check the box “Mandatory profile”. This step is not required but will set permissions that are more restrictive and it is recommend to do so + - Optionally, you can check the **Mandatory profile** checkbox. This step is not required but will set permissions that are more restrictive and we recommend doing so. ![Example of UI](images/copy-to-path.png) From b0493a478af4d72f2b24e4c80ce382f595015d6f Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 18 Feb 2021 18:26:01 +0530 Subject: [PATCH 043/111] corrected layout issue as per user report #9174 , so i added one line gap . --- .../hello-for-business/hello-feature-pin-reset.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index 2a553e3421..2d44a36872 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -35,7 +35,7 @@ ms.reviewer: The Microsoft PIN reset services enables you to help users recover who have forgotten their PIN. Using Group Policy, Microsoft Intune or a compatible MDM, you can configure Windows 10 devices to securely use the Microsoft PIN reset service that enables users to reset their forgotten PIN through settings or above the lock screen without requiring re-enrollment. >[!IMPORTANT] -> The Microsoft PIN Reset service only works with **Enterprise Edition** for Windows 10, version 1709 to 1809. The feature works with **Enterprise Edition** and **Pro** edition with Windows 10, version 1903 and newer. +> The Microsoft PIN Reset service only works with **Enterprise Edition** for Windows 10, version 1709 to 1809. The feature works with **Enterprise Edition** and **Pro edition** with Windows 10, version 1903 and newer. ### Onboarding the Microsoft PIN reset service to your Intune tenant @@ -49,8 +49,10 @@ Before you can remotely reset PINs, you must on-board the Microsoft PIN reset se 3. Go to the [Microsoft PIN Reset Client Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=9115dd05-fad5-4f9c-acc7-305d08b1b04e&resource=https%3A%2F%2Fcred.microsoft.com%2F&redirect_uri=ms-appx-web%3A%2F%2FMicrosoft.AAD.BrokerPlugin%2F9115dd05-fad5-4f9c-acc7-305d08b1b04e&state=6765f8c5-f4a7-4029-b667-46a6776ad611&prompt=admin_consent), and sign in using the Global administrator account you use to manage your Azure Active Directory tenant. 4. After you have logged in, choose **Accept** to give consent for the PIN reset client to access your account. ![PIN reset client application in Azure](images/pinreset/pin-reset-client-prompt.png) + > [!NOTE] > After you have accepted the PIN reset service and client requests, you will land on a page that states "You do not have permission to view this directory or page." This behavior is expected. Be sure to confirm that the two PIN reset applications are listed for your tenant. + 5. In the [Azure portal](https://portal.azure.com), verify that the Microsoft PIN Reset Service and Microsoft PIN Reset Client are integrated from the **Enterprise applications** blade. Filter to application status "Enabled" and both Microsoft Pin Reset Service Production and Microsoft Pin Reset Client Production will show up in your tenant. ![PIN reset service permissions page](images/pinreset/pin-reset-applications.png) From c4ee6de0f6fdca244ebb8a9939cd10c6f1a5e1bf Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 18 Feb 2021 22:35:17 +0530 Subject: [PATCH 044/111] Update windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-feature-pin-reset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index 2d44a36872..35853c7fd0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -35,7 +35,7 @@ ms.reviewer: The Microsoft PIN reset services enables you to help users recover who have forgotten their PIN. Using Group Policy, Microsoft Intune or a compatible MDM, you can configure Windows 10 devices to securely use the Microsoft PIN reset service that enables users to reset their forgotten PIN through settings or above the lock screen without requiring re-enrollment. >[!IMPORTANT] -> The Microsoft PIN Reset service only works with **Enterprise Edition** for Windows 10, version 1709 to 1809. The feature works with **Enterprise Edition** and **Pro edition** with Windows 10, version 1903 and newer. +> The Microsoft PIN reset service only works with **Enterprise Edition** for Windows 10, version 1709 to 1809. The feature works with **Enterprise Edition** and **Pro Edition** with Windows 10, version 1903 and later. ### Onboarding the Microsoft PIN reset service to your Intune tenant From ac85f39c7bdf19f4eb8ab37ea84541ed13925db1 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 18 Feb 2021 14:22:08 -0800 Subject: [PATCH 045/111] Update windows/client-management/mdm/euiccs-csp.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/euiccs-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md index cf03244fdf..8ed1999e86 100644 --- a/windows/client-management/mdm/euiccs-csp.md +++ b/windows/client-management/mdm/euiccs-csp.md @@ -39,7 +39,7 @@ Required. Indicates whether this eUICC is physically present and active. Updated Supported operation is Get. Value type is boolean. **_eUICC_/PPR1Allowed** -Required. Indicates whether the download of a profile with PPR1 is allowed. If the eUICC already has a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 is not allowed. +Required. Indicates whether the download of a profile with PPR1 is allowed. If the eUICC already has a profile (regardless of its origin and policy rules associated with it), the download of a profile with PPR1 is not allowed. Supported operation is Get. Value type is boolean. From ef183a2d25cf983dcabb319ecb2d450a253aac04 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 18 Feb 2021 14:22:18 -0800 Subject: [PATCH 046/111] Update windows/client-management/mdm/euiccs-csp.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/euiccs-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md index 8ed1999e86..3ff3575823 100644 --- a/windows/client-management/mdm/euiccs-csp.md +++ b/windows/client-management/mdm/euiccs-csp.md @@ -44,7 +44,7 @@ Required. Indicates whether the download of a profile with PPR1 is allowed. If t Supported operation is Get. Value type is boolean. **_eUICC_/PPR1AlreadySet** -Required. Indicates whether the eUICC has already a profile with PPR1. +Required. Indicates whether the eUICC already has a profile with PPR1. Supported operation is Get. Value type is boolean. From 084b054448a456a5446c3e8058eb617e4d89a10d Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 18 Feb 2021 14:22:30 -0800 Subject: [PATCH 047/111] Update windows/client-management/mdm/euiccs-csp.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/euiccs-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md index 3ff3575823..a1abb178fc 100644 --- a/windows/client-management/mdm/euiccs-csp.md +++ b/windows/client-management/mdm/euiccs-csp.md @@ -64,7 +64,7 @@ Required. Current state of the discovery operation for the parent ServerName (Re Supported operation is Get. Value type is integer. Default value is 1. **_eUICC_/DownloadServers/_ServerName_/AutoEnable** -Required. Indicates whether the discovered profile must be enabled automatically after install. This must be set by the MDM when the ServerName subtree is created +Required. Indicates whether the discovered profile must be enabled automatically after install. This must be set by the MDM when the ServerName subtree is created. Supported operations are Add, Get, and Replace. Value type is bool. From b402ef4ddd6da32ee60ed679ac4c4d741ca0746a Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 18 Feb 2021 14:22:43 -0800 Subject: [PATCH 048/111] Update windows/client-management/mdm/euiccs-csp.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/euiccs-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md index a1abb178fc..3cae935341 100644 --- a/windows/client-management/mdm/euiccs-csp.md +++ b/windows/client-management/mdm/euiccs-csp.md @@ -54,7 +54,7 @@ Interior node. Represents default SM-DP+ discovery requests. Supported operation is Get. **_eUICC_/DownloadServers/_ServerName_** -Interior node. Optional. Node representing the discovery operation for a server name. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request. +Interior node. Optional. Node specifying the server name for a discovery operation. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request. Supported operations are Add, Get, and Delete. From edeb093c94e4ebcbc3fe3e8d6a18d73b0f9df8a7 Mon Sep 17 00:00:00 2001 From: Kateyanne <67609554+Kateyanne@users.noreply.github.com> Date: Thu, 18 Feb 2021 14:36:23 -0800 Subject: [PATCH 049/111] Update windows/client-management/mandatory-user-profile.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mandatory-user-profile.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index f082708dbb..f3a6ddd33a 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -82,7 +82,7 @@ First, you create a default user profile with the customizations that you want, 1. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the set up, and then sign in to the computer using an account that has local administrator privileges. -1. Right-click Start, go to **Control Panel** (view by large or small icons) > **System** > **Advanced system settings**, and click **Settings** in the **User Profiles** section. +1. Right-click **Start**, go to **Control Panel** (view by large or small icons) > **System** > **Advanced system settings**, and click **Settings** in the **User Profiles** section. Alternatively, starting in Windows 10, version 2004, open the **Settings** app and select **Advanced system settings**. Starting in Windows 10 version (2004) Open the Settings app and click on Advanced system settings From 9054e35bd76f4413756511d138676997f82e9f06 Mon Sep 17 00:00:00 2001 From: Kateyanne <67609554+Kateyanne@users.noreply.github.com> Date: Thu, 18 Feb 2021 14:36:33 -0800 Subject: [PATCH 050/111] Update windows/client-management/mandatory-user-profile.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mandatory-user-profile.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index f3a6ddd33a..98d50499a0 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -100,7 +100,7 @@ Starting in Windows 10 version (2004) Open the Settings app and click on Advance - If the device is joined to the domain and you are signed in with an account that has permissions to write to a shared folder on the network, you can enter the shared folder path. - If the device is not joined to the domain, you can save the profile locally and then copy it to the shared folder location. - - Optionally you can check the box “Mandatory profile”. This step is not required but will set permissions that are more restrictive and it is recommend to do so + - Optionally, you can check the **Mandatory profile** checkbox. This step is not required but will set permissions that are more restrictive and we recommend doing so. ![Example of UI](images/copy-to-path.png) From 9c682c5c5a3b1de3754781696218628a9da31a13 Mon Sep 17 00:00:00 2001 From: Andrei-George Stoica Date: Fri, 19 Feb 2021 19:33:39 +0200 Subject: [PATCH 051/111] Clarify firewall requirements --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index a9ec6583a1..2239629eb9 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -134,7 +134,7 @@ For more details, check out the [Adopting Windows as a Service at Microsoft](htt **Does Delivery Optimization work with WSUS?**: Yes. Devices will obtain the update payloads from the WSUS server, but must also have an internet connection as they communicate with the Delivery Optimization cloud service for coordination. -**Which ports does Delivery Optimization use?**: Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service will register and open this port on the device, but you might need to set this port to accept inbound traffic through your firewall yourself. If you don't allow inbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data). +**Which ports does Delivery Optimization use?**: Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service will register and open this port on the device, but you might need to set this port to accept inbound or outbound traffic through your firewall yourself. If you don't allow inbound or outbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data). If you set up Delivery Optimization to create peer groups that include devices across NATs (or any form of internal subnet that uses gateways or firewalls between subnets), it will use Teredo. For this to work, you must allow inbound TCP/IP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up. From 29235b0a0c00fbed0e89dd3fc24e854f8f2eac95 Mon Sep 17 00:00:00 2001 From: Apu Dutta Date: Fri, 19 Feb 2021 12:15:21 -0800 Subject: [PATCH 052/111] Address review comments --- windows/client-management/mdm/euiccs-ddf-file.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md index 24adff5b0b..4101bc0f61 100644 --- a/windows/client-management/mdm/euiccs-ddf-file.md +++ b/windows/client-management/mdm/euiccs-ddf-file.md @@ -124,7 +124,7 @@ The XML below if for Windows 10, version 1803. - Indicates whether the download of a profile with PPR1 is allowed. If the eUICC has already a profile (regardless of its origin and policy rules associated with it), then the download of a profile with PPR1 is not allowed. + Indicates whether the download of a profile with PPR1 is allowed. If the eUICC already has a profile (regardless of its origin and policy rules associated with it), the download of a profile with PPR1 is not allowed. @@ -145,7 +145,7 @@ The XML below if for Windows 10, version 1803. - Indicates whether the eUICC has already a profile with PPR1. + Indicates whether the eUICC already has a profile with PPR1. @@ -189,7 +189,7 @@ The XML below if for Windows 10, version 1803. - Node representing the discovery operation for a server name. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request. + Node specifying the server name for a discovery operation. The node name is the fully qualified domain name of the SM-DP+ server that will be used for profile discovery. Creation of this subtree triggers a discovery request. From b24137f0063c3c2bccc21d990dd06d9b6c39be73 Mon Sep 17 00:00:00 2001 From: Warren Williams Date: Fri, 19 Feb 2021 15:33:21 -0600 Subject: [PATCH 053/111] Update windows/client-management/mandatory-user-profile.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/client-management/mandatory-user-profile.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index 4feae3100d..83dca7f380 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -53,8 +53,6 @@ First, you create a default user profile with the customizations that you want, > [!NOTE] > Use a lab or extra computer running a clean installation of Windows 10 to create a default user profile. Do not use a computer that is required for business (that is, a production computer). This process removes all domain accounts from the computer, including user profile folders. -======= - 1. Configure the computer settings that you want to include in the user profile. For example, you can configure settings for the desktop background, uninstall default apps, install line-of-business apps, and so on. > [!NOTE] From 3b0afcee67b41dfdb47aae2e24c6d9830a3a6bcb Mon Sep 17 00:00:00 2001 From: Warren Williams Date: Fri, 19 Feb 2021 15:33:29 -0600 Subject: [PATCH 054/111] Update windows/client-management/mandatory-user-profile.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/client-management/mandatory-user-profile.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index 83dca7f380..7c3c3ba50f 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -103,7 +103,6 @@ Starting in Windows 10 version (2004) Open the Settings app and click on Advance ![Example of UI](images/copy-to-path.png) -======= - If the device is not joined to the domain, you can save the profile locally and then copy it to the shared folder location. - Optionally, you can check the **Mandatory profile** checkbox. This step is not required but will set permissions that are more restrictive and we recommend doing so. From 472af05f8ac8cea8e76cdd12414f7b6baf3d92f6 Mon Sep 17 00:00:00 2001 From: Warren Williams Date: Fri, 19 Feb 2021 15:49:00 -0600 Subject: [PATCH 055/111] Update windows/client-management/mandatory-user-profile.md Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- windows/client-management/mandatory-user-profile.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index 7c3c3ba50f..b1ce6d51a9 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -101,8 +101,8 @@ Starting in Windows 10 version (2004) Open the Settings app and click on Advance - If the device is joined to the domain and you are signed in with an account that has permissions to write to a shared folder on the network, you can enter the shared folder path. - - ![Example of UI](images/copy-to-path.png) + ![Example of UI](images/copy-to-path.png) + - If the device is not joined to the domain, you can save the profile locally and then copy it to the shared folder location. - Optionally, you can check the **Mandatory profile** checkbox. This step is not required but will set permissions that are more restrictive and we recommend doing so. From 3bcf38908d58b3a974e82ce31e88d61401abf5dc Mon Sep 17 00:00:00 2001 From: Patrick McDonald <48225667+pamcdo@users.noreply.github.com> Date: Fri, 19 Feb 2021 17:53:21 -0500 Subject: [PATCH 056/111] Update hello-hybrid-key-whfb-settings-policy.md The ", and" is part of the dialog box and should be bolded as well. Not bolding it has led customers to believe there are two separate options instead of one. --- .../hello-hybrid-key-whfb-settings-policy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index d7355b0c32..d8a838a906 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -13,7 +13,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium -ms.date: 08/20/2018 +ms.date: 02/19/2021 ms.reviewer: --- # Configure Hybrid Windows Hello for Business: Group Policy @@ -55,7 +55,7 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv 7. Expand **Windows Settings**, **Security Settings**, and click **Public Key Policies**. 8. In the details pane, right-click **Certificate Services Client � Auto-Enrollment** and select **Properties**. 9. Select **Enabled** from the **Configuration Model** list. -10. Select the **Renew expired certificates**, **update pending certificates**, and **remove revoked certificates** check box. +10. Select the **Renew expired certificates**, **update pending certificates**, **and remove revoked certificates** check box. 11. Select the **Update certificates that use certificate templates** check box. 12. Click **OK**. Close the **Group Policy Management Editor**. From 196c74f673f21454514c8af192152e8dcae6cfed Mon Sep 17 00:00:00 2001 From: Andrei-George Stoica Date: Sat, 20 Feb 2021 08:35:27 +0200 Subject: [PATCH 057/111] Modified from or to and to show that both are required --- windows/deployment/update/waas-delivery-optimization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/waas-delivery-optimization.md b/windows/deployment/update/waas-delivery-optimization.md index 2239629eb9..d497aeae62 100644 --- a/windows/deployment/update/waas-delivery-optimization.md +++ b/windows/deployment/update/waas-delivery-optimization.md @@ -134,7 +134,7 @@ For more details, check out the [Adopting Windows as a Service at Microsoft](htt **Does Delivery Optimization work with WSUS?**: Yes. Devices will obtain the update payloads from the WSUS server, but must also have an internet connection as they communicate with the Delivery Optimization cloud service for coordination. -**Which ports does Delivery Optimization use?**: Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service will register and open this port on the device, but you might need to set this port to accept inbound or outbound traffic through your firewall yourself. If you don't allow inbound or outbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data). +**Which ports does Delivery Optimization use?**: Delivery Optimization listens on port 7680 for requests from other peers by using TCP/IP. The service will register and open this port on the device, but you might need to set this port to accept inbound and outbound traffic through your firewall yourself. If you don't allow inbound and outbound traffic over port 7680, you can't use the peer-to-peer functionality of Delivery Optimization. However, devices can still successfully download by using HTTP or HTTPS traffic over port 80 (such as for default Windows Update data). If you set up Delivery Optimization to create peer groups that include devices across NATs (or any form of internal subnet that uses gateways or firewalls between subnets), it will use Teredo. For this to work, you must allow inbound TCP/IP traffic over port 3544. Look for a "NAT traversal" setting in your firewall to set this up. From d9803f8f375d74893d18dc6847f2024babe8be20 Mon Sep 17 00:00:00 2001 From: Patrick McDonald <48225667+pamcdo@users.noreply.github.com> Date: Sat, 20 Feb 2021 19:02:46 -0500 Subject: [PATCH 058/111] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-whfb-settings-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index d8a838a906..5a639e777f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -55,7 +55,7 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv 7. Expand **Windows Settings**, **Security Settings**, and click **Public Key Policies**. 8. In the details pane, right-click **Certificate Services Client � Auto-Enrollment** and select **Properties**. 9. Select **Enabled** from the **Configuration Model** list. -10. Select the **Renew expired certificates**, **update pending certificates**, **and remove revoked certificates** check box. +10. Select the **Renew expired certificates, update pending certificates, and remove revoked certificates** check box. 11. Select the **Update certificates that use certificate templates** check box. 12. Click **OK**. Close the **Group Policy Management Editor**. From 13e59ef592d0f2469fcdd6a763c1a4f6a1037ce5 Mon Sep 17 00:00:00 2001 From: SujudAbu-Atta <78092864+SujudAbu-Atta@users.noreply.github.com> Date: Mon, 22 Feb 2021 10:43:09 +0200 Subject: [PATCH 059/111] Update api-release-notes.md Added batch updated alerts API release note --- .../microsoft-defender-atp/api-release-notes.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md index b46d84553b..13ca1ef039 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md +++ b/windows/security/threat-protection/microsoft-defender-atp/api-release-notes.md @@ -25,6 +25,12 @@ ms.technology: mde The following information lists the updates made to the Microsoft Defender for Endpoint APIs and the dates they were made. +### 10.02.2021 +
+ +- Added new API: [Batch update alerts](batch-update-alerts.md). + +
### 25.01.2021
@@ -70,4 +76,4 @@ The following information lists the updates made to the Microsoft Defender for E - Added option to expand the Alert entity with its related Evidence. See [List Alerts](get-alerts.md).
-
\ No newline at end of file +
From 0646bca665e5cb644b80dc9f579b8c33ddf625f1 Mon Sep 17 00:00:00 2001 From: Jin Lin Date: Mon, 22 Feb 2021 16:53:30 -0800 Subject: [PATCH 060/111] Update enable-exploit-protection.md Additional parameters for hardware-enforced stack protection (https://techcommunity.microsoft.com/t5/windows-kernel-internals/understanding-hardware-enforced-stack-protection/ba-p/1247815) --- .../microsoft-defender-atp/enable-exploit-protection.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md index 046a880398..3f2f1e958a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md @@ -228,6 +228,7 @@ This table lists the individual **Mitigations** (and **Audits**, when available) | Mitigation type | Applies to | Mitigation cmdlet parameter keyword | Audit mode cmdlet parameter | | :-------------- | :--------- | :---------------------------------- | :-------------------------- | | Control flow guard (CFG) | System and app-level | `CFG`, `StrictCFG`, `SuppressExports` | Audit not available | +| Hardware-enforced Stack Protection | App-level only | `UserShadowStack`, `UserShadowStackStrictMode` | `AuditUserShadowStack` | | Data Execution Prevention (DEP) | System and app-level | `DEP`, `EmulateAtlThunks` | Audit not available | | Force randomization for images (Mandatory ASLR) | System and app-level | `ForceRelocateImages` | Audit not available | | Randomize memory allocations (Bottom-Up ASLR) | System and app-level | `BottomUp`, `HighEntropy` | Audit not available From b656b88244dc5c6829c97d5bf66e3d2874cc237e Mon Sep 17 00:00:00 2001 From: Jin Lin Date: Mon, 22 Feb 2021 17:05:55 -0800 Subject: [PATCH 061/111] Update enable-exploit-protection.md Policy also works for system-mode --- .../microsoft-defender-atp/enable-exploit-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md index 3f2f1e958a..50c80fed5b 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md +++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md @@ -228,7 +228,7 @@ This table lists the individual **Mitigations** (and **Audits**, when available) | Mitigation type | Applies to | Mitigation cmdlet parameter keyword | Audit mode cmdlet parameter | | :-------------- | :--------- | :---------------------------------- | :-------------------------- | | Control flow guard (CFG) | System and app-level | `CFG`, `StrictCFG`, `SuppressExports` | Audit not available | -| Hardware-enforced Stack Protection | App-level only | `UserShadowStack`, `UserShadowStackStrictMode` | `AuditUserShadowStack` | +| Hardware-enforced Stack Protection | System and app-level | `UserShadowStack`, `UserShadowStackStrictMode` | `AuditUserShadowStack` | | Data Execution Prevention (DEP) | System and app-level | `DEP`, `EmulateAtlThunks` | Audit not available | | Force randomization for images (Mandatory ASLR) | System and app-level | `ForceRelocateImages` | Audit not available | | Randomize memory allocations (Bottom-Up ASLR) | System and app-level | `BottomUp`, `HighEntropy` | Audit not available From 936be85c51592f71e1c70b3a1d185610be7dd497 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Tue, 23 Feb 2021 11:41:52 +0500 Subject: [PATCH 062/111] Addition of Configuration Updated a configuration in the document to reflect the CPU usage during scheduled scans. Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8929 --- .../microsoft-defender-atp/linux-preferences.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md index 7da256d6f9..76d874b7e8 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md @@ -245,6 +245,16 @@ Specify the maximum number of entries to keep in the scan history. Entries inclu | **Possible values** | 10000 (default). Allowed values are from 5000 items to 15000 items. | | **Comments** | Available in Defender for Endpoint version 101.04.76 or higher. | +#### Maximum on-demand scan threads + +Specify the maximum number CPU used during scheduled scans. +||| +|:---|:---| +| **Key** | maximumOnDemandScanThreads | +| **Data type** | String | +| **Possible values** | 1 to use only 1 CPU. 2 to use 2 CPUs. | +| **Comments** | Setting this configuration will limit the CPU usage during scheduled scans. | + ### Cloud-delivered protection preferences The *cloudService* entry in the configuration profile is used to configure the cloud-driven protection feature of the product. From 36d4eb45c7a006202f40069d260cbae283613943 Mon Sep 17 00:00:00 2001 From: ImranHabib <47118050+joinimran@users.noreply.github.com> Date: Tue, 23 Feb 2021 12:27:34 +0500 Subject: [PATCH 063/111] Update windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../microsoft-defender-atp/linux-preferences.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md index 76d874b7e8..f22ca4f413 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-preferences.md @@ -247,7 +247,7 @@ Specify the maximum number of entries to keep in the scan history. Entries inclu #### Maximum on-demand scan threads -Specify the maximum number CPU used during scheduled scans. +Specify the maximum number of CPUs used during scheduled scans. ||| |:---|:---| | **Key** | maximumOnDemandScanThreads | From 3a984306d21fb022badc0be578954d7a0f4cbf19 Mon Sep 17 00:00:00 2001 From: rbsec Date: Tue, 23 Feb 2021 09:58:21 +0000 Subject: [PATCH 064/111] Fix some broken quotes --- windows/whats-new/ltsc/whats-new-windows-10-2019.md | 2 +- windows/whats-new/whats-new-windows-10-version-1709.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index e74672c002..435e7530bd 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -220,7 +220,7 @@ The new [security baseline for Windows 10 version 1803](https://docs.microsoft.c #### SMBLoris vulnerability -An issue, known as “SMBLoris�?, which could result in denial of service, has been addressed. +An issue, known as “SMBLoris”, which could result in denial of service, has been addressed. #### Windows Security Center diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md index b33762e67f..1792e88bff 100644 --- a/windows/whats-new/whats-new-windows-10-version-1709.md +++ b/windows/whats-new/whats-new-windows-10-version-1709.md @@ -119,7 +119,7 @@ The minimum PIN length is being changed from 6 to 4, with a default of 6. For mo Microsoft has released new [Windows security baselines](https://docs.microsoft.com/windows/device-security/windows-security-baselines) for Windows Server and Windows 10. A security baseline is a group of Microsoft-recommended configuration settings with an explanation of their security impact. For more information, and to download the Policy Analyzer tool, see [Microsoft Security Compliance Toolkit 1.0](https://docs.microsoft.com/windows/device-security/security-compliance-toolkit-10). ### SMBLoris vulnerability -An issue, known as “SMBLoris�?, which could result in denial of service, has been addressed. +An issue, known as “SMBLoris”, which could result in denial of service, has been addressed. ## Windows Analytics From ba31438ad05d00b5609548eec4ad66184afa2689 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Tue, 23 Feb 2021 20:29:49 +0530 Subject: [PATCH 065/111] updated adobe reader version and made words to bold this is my own PR, I edited some paragraphs, I added an Adobe reader version number. I successfully a few paragraphs only, But remaining i need to edit. I will continue my work after merging this content. Also, i need help from contributors with suggestions . Thanking you --- .../deploy-a-windows-10-image-using-mdt.md | 106 +++++++++--------- 1 file changed, 53 insertions(+), 53 deletions(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 2779d317f6..2017acc4d7 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -21,18 +21,18 @@ ms.topic: article **Applies to** - Windows 10 -This topic will show you how to take your reference image for Windows 10 (that was just [created](create-a-windows-10-reference-image.md)), and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT). +This topic will show you how to take your reference image for Windows 10 (that was just [created](create-a-windows-10-reference-image.md)), and deploy that image to your environment using the **Microsoft Deployment Toolkit (MDT)**. -We will prepare for this by creating an MDT deployment share that is used solely for image deployment. Separating the processes of creating reference images from the processes used to deploy them in production allows greater control of on both processes. We will configure Active Directory permissions, configure the deployment share, create a new task sequence, and add applications, drivers, and rules. +We will prepare for this by creating an **MDT** deployment share that is used solely for image deployment. Separating the processes of creating reference images from the processes used to deploy them in production allows greater control of on both processes. We will configure **Active Directory** permissions, configure the deployment share, create a new task sequence, and add applications, drivers, and rules. -For the purposes of this topic, we will use four computers: DC01, MDT01, HV01 and PC0005. +For the purposes of this topic, we will use four computers: **DC01, MDT01, HV01 and PC0005**. -- DC01 is a domain controller -- MDT01 is a domain member server -- HV01 is a Hyper-V server -- PC0005 is a blank device to which we will deploy Windows 10 +- **DC01** is a domain controller +- **MDT01** is a domain member server +- **HV01** is a Hyper-V server +- **PC0005** is a blank device to which we will deploy Windows 10 -MDT01 and PC0005 are members of the domain contoso.com for the fictitious Contoso Corporation. HV01 used to test deployment of PC0005 in a virtual environment. +**MDT01** and **PC0005** are members of the domain contoso.com for the fictitious Contoso Corporation. **HV01** used to test deployment of **PC0005** in a virtual environment. ![devices](../images/mdt-07-fig01.png) @@ -45,14 +45,14 @@ These steps will show you how to configure an Active Directory account with the On **DC01**: -1. Download the [Set-OUPermissions.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619362) and copy it to the **C:\\Setup\\Scripts** directory on DC01. This script configures permissions to allow the MDT_JD account to manage computer accounts in the contoso > Computers organizational unit. -2. Create the MDT_JD service account by running the following command from an elevated Windows PowerShell prompt: +1. Download the [Set-OUPermissions.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619362) and copy it to the **C:\\Setup\\Scripts** directory on **DC01**. This script configures permissions to allow the **MDT_JD** account to manage computer accounts in the contoso > Computers organizational unit. +2. Create the **MDT_JD** service account by running the following command from an elevated **Windows PowerShell prompt**: ```powershell New-ADUser -Name MDT_JD -UserPrincipalName MDT_JD -path "OU=Service Accounts,OU=Accounts,OU=Contoso,DC=CONTOSO,DC=COM" -Description "MDT join domain account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -PasswordNeverExpires $true -Enabled $true ``` -3. Next, run the Set-OuPermissions script to apply permissions to the **MDT\_JD** service account, enabling it to manage computer accounts in the Contoso / Computers OU. Run the following commands from an elevated Windows PowerShell prompt: +3. Next, run the **Set-OuPermissions script** to apply permissions to the **MDT\_JD** service account, enabling it to manage computer accounts in the Contoso / Computers OU. Run the following commands from an elevated **Windows PowerShell prompt**: ```powershell Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force @@ -76,7 +76,7 @@ The following is a list of the permissions being granted: ## Step 2: Set up the MDT production deployment share -Next, create a new MDT deployment share. You should not use the same deployment share that you used to create the reference image for a production deployment. Perform this procedure on the MDT01 server. +Next, create a new **MDT** deployment share. You should not use the same deployment share that you used to create the reference image for a production deployment. Perform this procedure on the **MDT01** server. ### Create the MDT production deployment share @@ -85,21 +85,21 @@ On **MDT01**: The steps for creating the deployment share for production are the same as when you created the deployment share for creating the custom reference image: 1. Ensure you are signed on as: contoso\administrator. -2. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**. +2. In the **Deployment Workbench** console, right-click **Deployment Shares** and select **New Deployment Share**. 3. On the **Path** page, in the **Deployment share path** text box, type **D:\\MDTProduction** and click **Next**. 4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and click **Next**. 5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and click **Next**. 6. On the **Options** page, accept the default settings and click **Next** twice, and then click **Finish**. -7. Using File Explorer, verify that you can access the **\\\\MDT01\\MDTProduction$** share. +7. Using **File Explorer**, verify that you can access the **\\\\MDT01\\MDTProduction$** share. ### Configure permissions for the production deployment share -To read files in the deployment share, you need to assign NTFS and SMB permissions to the MDT Build Account (MDT\_BA) for the **D:\\MDTProduction** folder +To read files in the deployment share, you need to assign **NTFS** and **SMB** permissions to the **MDT Build Account (MDT\_BA)** for the **D:\\MDTProduction** folder On **MDT01**: 1. Ensure you are signed in as **contoso\\administrator**. -2. Modify the NTFS permissions for the **D:\\MDTProduction** folder by running the following command in an elevated Windows PowerShell prompt: +2. Modify the **NTFS** permissions for the **D:\\MDTProduction** folder by running the following command in an elevated **Windows PowerShell prompt**: ``` powershell icacls "D:\MDTProduction" /grant '"CONTOSO\MDT_BA":(OI)(CI)(M)' @@ -112,33 +112,33 @@ The next step is to add a reference image into the deployment share with the set ### Add the Windows 10 Enterprise x64 RTM custom image -In these steps, we assume that you have completed the steps in the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) topic, so you have a Windows 10 reference image at **D:\\MDTBuildLab\\Captures\REFW10X64-001.wim** on MDT01. +In these steps, we assume that you have completed the steps in the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) topic, so you have a Windows 10 reference image at **D:\\MDTBuildLab\\Captures\REFW10X64-001.wim** on **MDT01**. -1. Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Production**; select the **Operating Systems** node, and create a folder named **Windows 10**. +1. Using the **Deployment Workbench**, expand the **Deployment Shares** node, and then expand **MDT Production**; select the **Operating Systems** node, and create a **folder** named **Windows 10**. 2. Right-click the **Windows 10** folder and select **Import Operating System**. 3. On the **OS Type** page, select **Custom image file** and click **Next**. 4. On the **Image** page, in the **Source file** text box, browse to **D:\\MDTBuildLab\\Captures\\REFW10X64-001.wim** and click **Next**. 5. On the **Setup** page, select the **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path** option; in the **Setup source directory** text box, browse to **D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM** and click **Next**. 6. On the **Destination** page, in the **Destination directory name** text box, type **W10EX64RTM**, click **Next** twice, and then click **Finish**. -7. After adding the operating system, double-click the added operating system name in the **Operating Systems / Windows 10** node and change the name to **Windows 10 Enterprise x64 RTM Custom Image**. +7. After adding the **Operating System**, double-click the added **Operating System** name in the **Operating Systems / Windows 10** node and change the name to **Windows 10 Enterprise x64 RTM Custom Image**. >[!NOTE] ->The reason for adding the setup files has changed since earlier versions of MDT. MDT 2010 used the setup files to install Windows. MDT uses DISM to apply the image; however, you still need the setup files because some components in roles and features are stored outside the main image. +>The reason for adding the setup files has changed since earlier versions of **MDT**. **MDT 2010** used the setup files to install Windows. **MDT** uses **DISM** Command to apply the image; however, you still need the **setup files** because some components in **roles and features** are stored outside the main image. -![imported OS](../images/fig2-importedos.png) +![Imported OS](../images/fig2-importedos.png) ## Step 4: Add an application -When you configure your MDT Build Lab deployment share, you can also add applications to the new deployment share before creating your task sequence. This section walks you through the process of adding an application to the MDT Production deployment share using Adobe Reader as an example. +When you configure your **MDT Build Lab deployment** share, you can also add a**pplications** to the new deployment share before creating your task sequence. This section walks you through the process of adding an application to the **MDT Production deployment** share using **Adobe Reader** as an example. ### Create the install: Adobe Reader DC On **MDT01**: -1. Download the Enterprise distribution version of [Adobe Acrobat Reader DC](https://get.adobe.com/reader/enterprise/) (AcroRdrDC1902120058_en_US.exe) to **D:\\setup\\adobe** on MDT01. -2. Extract the .exe file that you downloaded to an .msi (ex: .\AcroRdrDC1902120058_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne). -3. In the Deployment Workbench, expand the **MDT Production** node and navigate to the **Applications** node. +1. Download the Enterprise distribution version of [**Adobe Acrobat Reader DC**](https://get.adobe.com/reader/enterprise/) (AcroRdrDC2100120140_en_US.exe) to **D:\\setup\\adobe** on MDT01. +2. Extract the **.exe** file that you downloaded to an **.msi** (ex: .\AcroRdrDC2100120140_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne). +3. In the **Deployment Workbench**, expand the **MDT Production** node and navigate to the **Applications** node. 4. Right-click the **Applications** node, and create a new folder named **Adobe**. 5. In the **Applications** node, right-click the **Adobe** folder and select **New Application**. 6. On the **Application Type** page, select the **Application with source files** option and click **Next**. @@ -153,7 +153,7 @@ The Adobe Reader application added to the Deployment Workbench. ## Step 5: Prepare the drivers repository -In order to deploy Windows 10 with MDT successfully, you need drivers for the boot images and for the actual operating system. This section will show you how to add drivers for the boot image and operating system, using the following hardware models as examples: +In order to deploy Windows 10 with **MDT** successfully, you need drivers for the boot images and for the actual operating system. This section will show you how to add drivers for the boot image and operating system, using the following hardware models as examples: - Lenovo ThinkPad T420 - Dell Latitude 7390 - HP EliteBook 8560w @@ -166,19 +166,19 @@ For boot images, you need to have storage and network drivers; for the operating ### Create the driver source structure in the file system -The key to successful management of drivers for MDT, as well as for any other deployment solution, is to have a really good driver repository. From this repository, you import drivers into MDT for deployment, but you should always maintain the repository for future use. +The key to successful management of drivers for **MDT**, as well as for any other deployment solution, is to have a really good driver repository. From this repository, you import drivers into MDT for deployment, but you should always maintain the repository for future use. On **MDT01**: > [!IMPORTANT] > In the steps below, it is critical that the folder names used for various computer makes and models exactly match the results of **wmic computersystem get model,manufacturer** on the target system. -1. Using File Explorer, create the **D:\\drivers** folder. +1. Using **File Explorer**, create the **D:\\drivers** folder. 2. In the **D:\\drivers** folder, create the following folder structure: - 1. WinPE x86 - 2. WinPE x64 - 3. Windows 10 x64 -3. In the new Windows 10 x64 folder, create the following folder structure: + 1. **WinPE x86** + 2. **WinPE x64** + 3. **Windows 10 x64** +3. In the new **Windows 10 x64** folder, create the following folder structure: - Dell Inc - Latitude E7450 - Hewlett-Packard @@ -193,12 +193,12 @@ On **MDT01**: ### Create the logical driver structure in MDT -When you import drivers to the MDT driver repository, MDT creates a single instance folder structure based on driver class names. However, you can, and should, mimic the driver structure of your driver source repository in the Deployment Workbench. This is done by creating logical folders in the Deployment Workbench. -1. On MDT01, using Deployment Workbench, select the **Out-of-Box Drivers** node. +When you import drivers to the **MDT driver repository**, **MDT** creates a single instance folder structure based on driver class names. However, you can, and should, mimic the driver structure of your driver source repository in the Deployment Workbench. This is done by creating logical folders in the Deployment Workbench. +1. On **MDT01**, using Deployment Workbench, select the **Out-of-Box Drivers** node. 2. In the **Out-Of-Box Drivers** node, create the following folder structure: - 1. WinPE x86 - 2. WinPE x64 - 3. Windows 10 x64 + 1. **WinPE x86** + 2. **WinPE x64** + 3. **Windows 10 x64** 3. In the **Windows 10 x64** folder, create the following folder structure: - Dell Inc - Latitude E7450 @@ -209,7 +209,7 @@ When you import drivers to the MDT driver repository, MDT creates a single insta - Microsoft Corporation - Surface Laptop -The preceding folder names should match the actual make and model values that MDT reads from devices during deployment. You can find out the model values for your machines by using the following command in Windows PowerShell: +The preceding folder names should match the actual make and model values that MDT reads from devices during deployment. You can find out the model values for your machines by using the following command in **Windows PowerShell Prompt: ``` powershell Get-WmiObject -Class:Win32_ComputerSystem @@ -220,7 +220,7 @@ Or, you can use this command in a normal command prompt: wmic csproduct get name ``` -If you want a more standardized naming convention, try the ModelAliasExit.vbs script from the Deployment Guys blog post entitled [Using and Extending Model Aliases for Hardware Specific Application Installation](https://go.microsoft.com/fwlink/p/?LinkId=619536). +If you want a more standardized naming convention, try the **ModelAliasExit.vbs script** from the Deployment Guys blog post entitled [Using and Extending Model Aliases for Hardware Specific Application Installation](https://go.microsoft.com/fwlink/p/?LinkId=619536). ![drivers](../images/fig4-oob-drivers.png) @@ -229,19 +229,19 @@ The Out-of-Box Drivers structure in the Deployment Workbench. ### Create the selection profiles for boot image drivers By default, MDT adds any storage and network drivers that you import to the boot images. However, you should add only the drivers that are necessary to the boot image. You can control which drivers are added by using selection profiles. -The drivers that are used for the boot images (Windows PE) are Windows 10 drivers. If you can’t locate Windows 10 drivers for your device, a Windows 7 or Windows 8.1 driver will most likely work, but Windows 10 drivers should be your first choice. +The drivers that are used for the boot images (Windows PE) are Windows 10 drivers. If you can’t locate **Windows 10** drivers for your device, a **Windows 7 or Windows 8.1** driver will most likely work, but Windows 10 drivers should be your first choice. On **MDT01**: -1. In the Deployment Workbench, under the **MDT Production** node, expand the **Advanced Configuration** node, right-click the **Selection Profiles** node, and select **New Selection Profile**. -2. In the New Selection Profile Wizard, create a selection profile with the following settings: - 1. Selection Profile name: WinPE x86 - 2. Folders: Select the WinPE x86 folder in Out-of-Box Drivers. +1. In the **Deployment Workbench**, under the **MDT Production** node, expand the **Advanced Configuration** node, right-click the **Selection Profiles** node, and select **New Selection Profile**. +2. In the New **Selection Profile Wizard**, create a **selection profile** with the following settings: + 1. Selection Profile name: **WinPE x86** + 2. Folders: Select the **WinPE x86 folder** in **Out-of-Box** Drivers. 3. Click **Next**, **Next** and **Finish**. 3. Right-click the **Selection Profiles** node again, and select **New Selection Profile**. -4. In the New Selection Profile Wizard, create a selection profile with the following settings: - 1. Selection Profile name: WinPE x64 - 2. Folders: Select the WinPE x64 folder in Out-of-Box Drivers. +4. In the New **Selection Profile Wizard**, create a **selection profile** with the following settings: + 1. Selection Profile name: **WinPE x64** + 2. Folders: Select the **WinPE x64 folder** in **Out-of-Box** Drivers. 3. Click **Next**, **Next** and **Finish**. ![figure 5](../images/fig5-selectprofile.png) @@ -250,22 +250,22 @@ Creating the WinPE x64 selection profile. ### Extract and import drivers for the x64 boot image -Windows PE supports all the hardware models that we have, but here you learn to add boot image drivers to accommodate any new hardware that might require additional drivers. In this example, you add the latest Intel network drivers to the x64 boot image. +**Windows PE** supports all the hardware models that we have, but here you learn to add boot image drivers to accommodate any new hardware that might require additional drivers. In this example, you add the latest Intel network drivers to the x64 boot image. On **MDT01**: 1. Download **PROWinx64.exe** from Intel.com (ex: [PROWinx64.exe](https://downloadcenter.intel.com/downloads/eula/25016/Intel-Network-Adapter-Driver-for-Windows-10?httpDown=https%3A%2F%2Fdownloadmirror.intel.com%2F25016%2Feng%2FPROWinx64.exe)). -2. Extract PROWinx64.exe to a temporary folder - in this example to the **C:\\Tmp\\ProWinx64** folder. - a. **Note**: Extracting the .exe file manually requires an extraction utility. You can also run the .exe and it will self-extract files to the **%userprofile%\AppData\Local\Temp\RarSFX0** directory. This directory is temporary and will be deleted when the .exe terminates. -3. Using File Explorer, create the **D:\\Drivers\\WinPE x64\\Intel PRO1000** folder. +2. Extract **PROWinx64.exe** to a temporary folder - in this example to the **C:\\Tmp\\ProWinx64** folder. + a. **Note**: Extracting the **.exe** file manually requires an extraction utility. You can also run the .exe and it will self-extract files to the **%userprofile%\AppData\Local\Temp\RarSFX0** directory. This directory is temporary and will be deleted when the **.exe** terminates. +3. Using **File Explorer**, create the **D:\\Drivers\\WinPE x64\\Intel PRO1000** folder. 4. Copy the content of the **C:\\Tmp\\PROWinx64\\PRO1000\\Winx64\\NDIS64** folder to the **D:\\Drivers\\WinPE x64\\Intel PRO1000** folder. -5. In the Deployment Workbench, expand the **MDT Production** > **Out-of-Box Drivers** node, right-click the **WinPE x64** node, and select **Import Drivers**, and use the following Driver source directory to import drivers: **D:\\Drivers\\WinPE x64\\Intel PRO1000**. +5. In the **Deployment Workbench**, expand the **MDT Production** > **Out-of-Box Drivers** node, right-click the **WinPE x64** node, and select **Import Drivers**, and use the following Driver source directory to import drivers: **D:\\Drivers\\WinPE x64\\Intel PRO1000**. ### Download, extract, and import drivers ### For the Lenovo ThinkStation P500 -For the ThinkStation P500 model, you use the Lenovo ThinkVantage Update Retriever software to download the drivers. With Update Retriever, you need to specify the correct Lenovo Machine Type for the actual hardware (the first four characters of the model name). As an example, the Lenovo ThinkStation P500 model has the 30A6003TUS model name, meaning the Machine Type is 30A6. +For the **ThinkStation P500** model, you use the Lenovo ThinkVantage Update Retriever software to download the drivers. With Update Retriever, you need to specify the correct Lenovo Machine Type for the actual hardware (the first four characters of the model name). As an example, the Lenovo ThinkStation P500 model has the 30A6003TUS model name, meaning the Machine Type is 30A6. ![ThinkStation image](../images/thinkstation.png) From 4727d18a70570350f02a2581cb8cb725cbdc814a Mon Sep 17 00:00:00 2001 From: Max Stein Date: Tue, 23 Feb 2021 14:34:41 -0800 Subject: [PATCH 066/111] Update set-up-shared-or-guest-pc.md Updating new steps admins to take as a part of the 2101 Intune service release. (Set up shared or guest pcs). --- .../set-up-shared-or-guest-pc.md | 28 +++++++++++-------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md index 00fb65ab30..9c1330bdc3 100644 --- a/windows/configuration/set-up-shared-or-guest-pc.md +++ b/windows/configuration/set-up-shared-or-guest-pc.md @@ -85,23 +85,27 @@ You can configure Windows to be in shared PC mode in a couple different ways: - Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/sharedpc-csp). To setup a shared device policy for Windows 10 in Intune, complete the following steps: - 1. Go to the [Microsoft Endpoint Manager portal](https://endpoint.microsoft.com/#home). - 2. Select **Devices** from the navigation. - 3. Under **Policy**, select **Configuration profiles**. - 4. Select **Create profile**. - 5. From the **Platform** menu, select **Windows 10 and later**. - 6. From the **Profile** menu, select **Shared multi-user device**. + 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). + 2. Select **Devices** > **Windows** > **Configuration profiles** > **Create profile**. + 3. Enter the following properties: - ![custom OMA-URI policy in Intune](images/shared_pc_1.jpg) + - **Platform**: Select **Windows 10 and later**. + - **Profile**: Select **Templates** > **Shared multi-user device**. - 7. Select **Create**. - 8. Enter a name for the policy (e.g. My Win10 Shared devices policy). You can optionally add a description should you wish to do so. - 9. Select **Next**. - 10. On the **Configuration settings** page, set the ‘Shared PC Mode’ value to **Enabled**. + 4. Select **Create**. + 5. In **Basics**, enter the following properties: + + - **Name**: Enter a descriptive name for the new profile. + - **Description**: Enter a description for the profile. This setting is optional, but recommended. + + 6. Select **Next**. + 7. In **Configuration settings**, depending on the platform you chose, the settings you can configure are different. Choose your platform for detailed settings: + + 8. On the **Configuration settings** page, set the ‘Shared PC Mode’ value to **Enabled**. ![Shared PC settings in ICD](images/shared_pc_3.png) - 11. From this point on, you can configure any additional settings you’d like to be part of this policy, and then follow the rest of the set-up flow to its completion by selecting **Create** after **Step 6**. + 9. From this point on, you can configure any additional settings you’d like to be part of this policy, and then follow the rest of the set-up flow to its completion by selecting **Create** after **Step 4**. - A provisioning package created with the Windows Configuration Designer: You can apply a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows 10 PC that is already in use. The provisioning package is created in Windows Configuration Designer. Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/sharedpc-csp), exposed in Windows Configuration Designer as **SharedPC**. From 63382204e996b38fb6bed7d81923252128c3e954 Mon Sep 17 00:00:00 2001 From: Max Stein Date: Tue, 23 Feb 2021 14:38:00 -0800 Subject: [PATCH 067/111] Update set-up-shared-or-guest-pc.md Updating new steps for the set up shared or guest pcs setup that was a part of the 2101 Intune service release. --- windows/configuration/images/Shared_PC_1.jpg | Bin 40769 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 windows/configuration/images/Shared_PC_1.jpg diff --git a/windows/configuration/images/Shared_PC_1.jpg b/windows/configuration/images/Shared_PC_1.jpg deleted file mode 100644 index 7b993b00a8918f4ad6e00522e458bfeea2927649..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 40769 zcmeFa2|SeT-Z(zCB>TRb3Qko8kqm~hWX%#nQ6~Eqld^APCrj4I zZe}FA8CeFi{O_LUInR0OocEmbod55AKfm95Xzouw?p#|o+hjA~{K4##C5)Ke84ILdVJ>B`38>2zjYOTn+m$)cQSfWnX&}_>_i@!qjXTZ zz<>8!Ma<1&|F5t5_S#rU#qI@~p@QBH?Gz(!pf;U8DuYM$r!K|k1EX4z zF7@zzQ@bCRc##Sk(q=$dY#1C`?Xc;Wbr)5c5nf=<8N4RvJf`lND#-HY#Qtzl1EmqV z+)EBdj~5~r(Tlws&<%UK=l}G}+5zmYZOoGekA$AQ$pCVqf&e7he}`x&(Vhw_Evp~5 zthW&&7!x3$m7+PJAF}3Fyj>(*BxXyEgh)j>6%w-v-|Eqf>V{Kfx~4K!BS*0# zl{;e3_m?`DOpoP%)YIIG{CY89gGT)fZ2mVwl|=1W7U4I#*!^|5OlGVsY_4l9UV z=(w$yq$=GdDE{?gV6ceDgVTJey~bwCy_R$AJVtbjH>jYqfs_i=YHl^sF}5Dj$$#SvkCE@ zhY87sWupTx6i?8-+%|LGxd_u%XWrq0HJ-=c4se*uCc3AUg@00cr(JaJd8=#HJMW<` za1q)cVGri^?V1okgdliH?Ab(vr3r=Xu2iNh|1iy)7e+ndaW8j_7)K}~#PulzA6zsJ z>l>fX+`U)ZL2|mxxJADuhspicyy$%`n+jBlGMIRH(tpjo;NH4n$Rvjnn%Sx{!&kDV zS4c*@DwQErg0q`9a0<*mfv8uZf^I{>^C?FLl+d9EouNy7Nxn%ekFXB3sAoI=BdQT8 zCq(mO$+^ldBT_As?_5IR`Z#Mt%uq1t03xgP;fTgF?kR}TNrtna;Seg(SV>5cu%sdKbYgqdk9{JacW1X4M3tVrGEt3>_TrZ z#ybR;!R=jFGmtIJCfqA=)Ql%JMqbtK9U*+%1_cN>$|Ps zXptSXmQ_()EUs3j_w?8?PqFxABtz|Sm_CjQ@^`K_pBg{yD0H>c*17%i`CHH$k#J8_ zLGUX$%?>S571tVywzHOV2?q11^QX=p#NJLesP5Hn9yoq)>+u_&>6n1yqrB_DwD_fO$j;X(O``b#ACv@MIE*2c+DCXArqRalwY=NO7D9W&^jZk92jyN%{ z#e%%qh-89soAji7+c_eTow91_aoRRQEjB=h{(6K+$}^fxR3O|W1AZD`n26Qbv#N1c zci^>UvgPybQ^(pgCog>Qg}`n5(01KHNv%;O$;>tShW#p@rGskfgJT#SRgP0BUrRh) zNZeXUhM&!lpzCKV(~mZgH$yo?x?u@K^6yGAm&vGU&gY?xv5 zgyj3AKAEbyVxJQRY|ll{-c4~HrIS|oYvo-=uv0S05)sd~azSuX^MLJ&dS_ zybhx<`VR0XU339IE_9bYyCZ?bSzBJMh+3X|${%BUJtqUFc6w>v;HGZ_ zDjU&g=i4WPJuXC?nzvoNxj+jo3X>TBV)xRv{iB-mYxa9Y&Yg!aI$U%_2Hv4)u$mvo zd-+2uF==SAza8{p_`?Ufm+sAQ>m3(3Jg^B_%HB}!LJ=mun`x}y4rQ!Oq2>@5Q)&;Iqlmi6TS7EKn2AV%tMJX`>;Dx?AavAIT9`#QGY&>qR6}frGkp0 zsURmyz%o!lV2Fb}1Lb3qNn~r-*9xT3K!$?Dwq`O-$||AN9w)NC-)^FuJ#ezjE`V|v zwmn)egbX3+<2Rc<@@!fS2zOGP#R#5Mkg4AEOA$6Aw$_oHRRDL%MbuxcK5mCu;hGcU z8x%gR-Gi#ua@u&}-0J&9dw=BOs9&qs3T3}&X$rm=q6h~E)U%>hr%PcAMc!ag~)*}wj6W5;;+ zPrKLvc;gdhl3P>MkqTmk8z2b!m@n@P5eGvEQo$BlJf{Zs9lL!77B$Cspqp*a;6l=7 z?u!Fq(=iDrdhXfT`n`6S*f#q(G?YjMl>`^KWz4NwIZQGhol%&Wf66UVD-pvcwAZpE z=la?6kiqLYxI=!&9zyx_cARCjQ@h+V;oy>|y1CTl8nSMC@@e2Ix^8NMEWY4|`q z`{9Ek0ohNrK@VlXCA_wDgW;eML%Kzk$@LG2r}=8ySNlv7FBY?nj-BxM0>U2aBpj8PNQBlH1icmSbsyWk}cs0UOwWvue`fJh#G6GzL2+&l3i{p`v`BgR0b9gE!_)f4B zXV%9Q`_+NGe5IT%0SMGDTN+(HjOt7@GDgQD5c715b=# zqafGJ-1N(~uIi4NxGLXeHyiCtM7@HqusKZkDt?^`3RAa34O@*W7sSqwynXesL}Lke z_)EU6-vut2#Us*mop9kDO`>fBg7!MmK)QUeT2?G&`&Ixsu`7wMO)Z>3@M{ijH5Ihs zP7YB&u%kqb+PRFM422u#43C|`Yp2g|2Xx)OTc~9#a)Y0Kisj`?v)%zC#x~#Y?$jNU z%0RWb4+>`6WTQxYAWI6i>@Z}S2Ry~H7h&B;Ox`LQg8Ys*dw17E`~ioQaq1hUn}uAe zuO}zA?77aIRi5IBq%(&T^N`h3xde_1E5q&3pSwmB<`Ye~rs-w;CJJ=NOcNT>2 z>Hx)rJK zLKcf(H*lLcMMPj$!cqjQ@hjmE^L<>-RgZrCJWgvHN6+~ZY{ZT^4d#H01JA+Xn#6iM zJ7yVms052*(ap0@h;yv8@y`=DTEedoQT#Uk_Lz5kz4H3XV_$lrejS8qhUktdP@k<8 zj_tFA$c?{0Bypy2C;6mXtgBm>J4F~j_+pB@r%}824X%GJf3NAp;2`JYaAg4#u{zUC zkSBC;bVqF#@}9l%ggPgtgRFbG|3F2;7rReFD#;Hc6X?^VTf81v*|m0mcENNn(O~V> zjdKu=M7!pmoO1-m;AP5(N2lk?r-H?c#8047XJ50Y_|j7vC)qXWh-of7!?h?ZlD|F0 zoWK}{G8q4Cbv@|BzKp0TyNOEqa3m1)3el8>Ly6u5{wo6|`UZCO^5UOIE!1yL+??i; zWC@BMr|?;9T#%+~2AnU{uw5gf_)Q8Mf@9vR@Z|*mKybDl`8h#4R;%nwoR^B(7tv#0 z-}DI`84IUaCv{-i$ zImJHWX7IL*5Fb=m)Bm|7DnGkx+S-yk;888RAZRK;@wk;?gUe^B1~4U5ebAE^qyul!6jLzC4_?v(js^N`#UJO74s&v{pvAs zda>ZN_wR#SCe*xPwgGzw4r+4+X&d)|PSCzF2K26px3%U-YZu=j!7}WYL&oY;xlP*y z+o+5by%kgY*R%`qR1mK^_iZ1iov@`sb!|J5nDb~E@xyUP>H_wv2OLIVa%-8Xpk5n1n8Gs%B|R$c zpF%cv88LTs(-7}0FXJ}*tqjvgt7Fw%J3FsPhDpSF&Ag(5_VHtoWNtJQ6*Lt!L@g!LtJWj7WhUsTpoXLlDkusFsS7@_Qsj6k1Zdg$3utBpEdGnsH@qm95G zQmtLMAoM848I$jwW7}WiaM$lyEi?QL%?XWWkWY}(9R1zZQ)%)?JL_oHv&ETs6rZ;1 zXff^|s@n#KmE0lf?OY&g!1X+F@{Ghs1KJr*s{KsUTfL;Vi|HYwC7zp_C2M9OzT%Ez zbj0KM84dXcp`i%*6(w((+cmv&<85U*>BTIaiXP+t4lI zSSyB4Dd7(%saB3qL0aY4`sQ2CM3`PFU%DkA+iJw>IRwNP?N>s*S{IY^oHlD&hF08R zN~QMepOQdjYE2atTIC!?&X;v)zJ`N#*n~gd6C6Bj8}k$se~k-mJdzELhg31hTADa+^^iT4YixE1$6_=WdU8z>^h zX|{&hyqLiE*|`fC(y1OrDZ^K``8C8d@gZnA&oW zW|0q(9UNI*9sx=&{788pA~WlxB4%m}m3lPn=~{dh;EMg#szBm$sDZ+S$66k(wEEzj z<)G4>VkVxJ7GNHYb!t<02S+J+gC7gIPlVx|qG_`HVjKs3*@Lyb%F>kfy?-or^ELRA zTO9Nz&O@on$DR&{7|zD{qB9+l;KgkGUJ~FimW|NrlwfPyOo5ZgOpNt9fk$H<(`R3zRmg)`< zpU~0T-UQueT1qKdsj?qE4HkjR;u%AWsi4nxts@MRABcFVQvbKZYJN9 zsd(}rg3a5k4@|qZP$NFo9RQS6-g#G3*1L2wX##s(B&Iw}%k;A1UX92{I~sHC$3U+c z{-4hG#D;?`4om+I1YH8r0)ibTo~D8Z4gxhu=Q7=ub6*{iAF{c^) z>zcjOefrl>qU6LnD(ErT8mMx@B-4qR*>f++xp78b{rWts>I5WB(It?3l{xr zb9Bk=D18!KC8W1fsZJs-UYWW|6A zLjgQHh1mr{T=$}ac#PLWfOl&xO|GKKSJ{8Q13V0rB~n4N3R7Sb-voj%zrOt^U$MiH zr&mW8YjE&gTk5l5Q$d!Kd!pY!zCc~s?@>YVKCMrwpr4SQL+K{20OXDSoxEmmEGI3- z-)Hc1boRbH)q)8pKj_O&UtkA-3>-y&fj*f2n|VThBJHPzwLcAMdd`A{Z=CW={>0La zI2-+GOI@YBV25Lun&?SgewP^4g*4xO2cb>l7kXR&Q+gLYcp&JEZeQGZb# zKl9h$s*a)A|9%erld`x=ivK=ku}ccTpzcZq;CuXyo!?bZ|EfQ-tDt^RP{#qUi{A$D zx^naM3H{pr%cw5{>P()zZw!u)w%+y-KA)#}RpFW6dC~h$Bl%LzQ-}tsf(KNP+!e&^ zdlR8e2Uk>i&Y*J!wicV%xWb2uf^)wn1|3}GzWOeF@!X{gE~h_}ozgA7A&0wkNz&0E z;L&6HP%@uPZ_o|XBg&Gzz39%CG~-<9!pJAuJf=D~w0Vpe{#efDm=Y)TB5Oot(7N}) zNFzNwy};_1_#VAWrEffL5~#Q$g>J8qBPz=%@gHm&CLfYzTEF*6Z*i_q?g+ZOkY!>k z#YuJB4(z6OR!&@&6M&A$y zzaTXxD-gqs*fV|fpsJ)Z#N${E%Z<=}m$e;3)w=D*;mHLzCZoNDZz6*CUwzf;yEe0Xo&$8piTj$(4}@koDXp*|(cSGr~diL`#hUY2~}qdMi~k=g@_)p>32 zXs;^hGU%P?wgAdJkK$`&W5dM@S(Nb++yZ{yS34XPu4BWAn&!w1BM+Hp@O_&?oI?oEVvmF zVsl_XU0_16=b>j|S949*^l__vbxD)aj+?2jAR2v6A=)^pl>bshw4>&AGL8?@;uOl>G`V^+)Ya zF8jzlO`ggQJwW6~nZIj7(KCz?vkSh#3`u`>Tq$D|ZvCFosdd7|p;u z`$|VdL!(nwa{dBBgTI|WueVc`uhH|yQ@rPDi!@zc+(zVpTr~t^UOdTesh>~G+gP5w z5WKq6R(h<#l1uOK*?@VPeKbF3dAGz@%qv(BA)y~z@M{f`wbX}y|o?oQ`_FR&tlizrbm+gMyE4DBciPbQ>*#B@z zY}Ky+;qW;b59!c%f>x|w%)k#h*gOk8T1Gxml6Mq|Dy^3)W7`)jpXl{cJ~8vgN+3IQ zZ;Pip%LaZ}6ei|h=*R46la~|STwK_us;2E~!I4&?iDFRao|5%E5m4 zanB7_ulbMX-z=*x4j&MKPd28!SbEvRNWy^MQWnb=1C< zU#A5LO1(6DHbN2|T$e>)X411s644Ecvm@ix+wtUybk;_0A?Iz#bP%P=_ctC~p;bA;!F7tOsZ1*zw1E&sv_)g( zcNnb@vsoxPqFn(jS%;kBD+UQx($~1NY;fo^WOOAcgCi$Yv~%#q+CU``m?|dS<7r^dl@SEXR zM+#mh4sjaV^dp-5i6nj^HIA}>-gV1js(mWy-gB@qo>zf+7?c~iIDP?Xs zqZh!>*;&Q!uwR6?t*zN`3L24em>7iZ(rMJkM^?^`=)8ZB2}D4mC? zQ`W$ubGT+Rbj9U0!>8&t>qJ{p2JVEqm_1#;eOfq3`v0;^CYczBsnKnoVEwcfDQ;7R zZ^?FNvUIj-I-D?aTFaEipZ?bM2v;T%_d+1vNq__*gjY(~IX>VQut$&0Lb)Fj%eL(I zjVzerPE@_O-F)W%?e)pXckHw!wW{#D(2xhiK!ZLI2YQ^06)V1I0SUp}v)t+L)ZH!@ z2OmGVRyX~rJCX{bdx(m(5e=Sj%8%r4^16$3?1gJ*KTY(y-L~`YKEx@ zKV*x^hb~YKe3~X8nhdVXZEy0(AY0D&>jepoppA6Dnx> z${>27-G$8e={_;Wm>ARM`w_8v=6huF`gaGgWH!CVb7&C=q)Ld_K{n`1fGn?*O}N@8 zEaVBqY%9@{_-_4XuQqSkQy_ywV|nR&_QM6pezch+rKejpdt?k7(mzq+YKV$G(Ecu- zp2KHvv&}D#;hwT_Wi0spor>(aT3&+atMT=cf&op*PwH)VUKkIl$~EqPxw;n;=^f~* zV5J&b%SdEw9?3|GdXEv6x?CH#GG=8dqvm7iHSzLw8cqXg>*X47>G=G^4s0Zt5-a~Xn>>_yMY+5!#lhbc;k2E8=oR`_QizI*`@c^_yW=z=gqX3zEjzi|Tl%>+9T z&8eU>Vj)zJ-xKY(L|Hf>zO!-2wbEAToQ~;*Yasrc>3<>EJF6X}vqWUim0yy(baz706 z%S@o(k@P=16IZxFI(X~JwO^4bMUtpgg%DJV03tl2f`l-@z6F281Qo>6kAF{jtO4}3 z(*UW%9drfaxkbo#^r*#Podpn`7OhkeEjP(t^H6UzsTrWONvTB z^bz+*Z0i4r=|W+OU^d2%yw?j%p_K*yK=fbPB`C)O0jS91<$%D)=>VyMl0*u9HnI12 zWXpf2SRwe&jFbG!IMII@=MR+s*T<>&u7LhJP9LH{KMlxin0`mq6_OLcr$4Z)?jM;* zHsm|k-S|xq5ST-~h*_E61ObVUot<3c`*(|p#e`#%nZ_?L;kJI+CX zz5Z*V*u~E-eh`tn^7XT^*p-W2x!9G9zjdN^b=va0>rN=yLIfJ4qz2c{1-ki_NI|izoGHEZ!0*ai1%E+$J=_6f0 zEs*wq#AVu#z%`6gD&$vr@8tinV*QuW%)OTwJfThOBM3}c!z4E(q}l+>-@hJ;u?#7V zHmE9>5%w7z=ebxuwTZfVFP@McQF~yRq(&}->w0)%x?Gxy3^CsJ+NB}c&my*@IIUbVl56yU74uBcP=*Aw(OKt<{6fk5W0a!g_8|7hu#x_eFzJ@4Zkr&Wjc$F ziMcNMM5QK*tBVM2xiw94s%zoEbd&)LQ&f)6yT-=(jmo>4=NzVW20NQQjs%Qt-ZZ!c zOWp{sCSJiKr;tHPH74pB9w__!T@MOAWOd{S%fPUwFK7uBc}NiA_uD3ccFu%v1#a9R zek&l3Vx>ai;9OX+i-<$%po32~F~MM;!Qsi7Q3=I!y=h1nO`1Euj%kMIG&OvyWEMf`1ladS!R#^_kQFDP0v(S zP*^AQcFtSE^@ScEY?s|Tx2N&OH)cWR71n+c9PhmEO@t5PlzJ0ooAS_6q<0wxgy(!y z$;pJm(VaV!9!-ps_a^jj_HQ0ihd@-N)Nke!ksG!H>+JjBs)=U^C-6WmWi|Vq(o%~` z%dqP&E;_~nk=Luv>0@R+Vn2<1f0E@PBvc4GDoGd$Q>t+_r+vdQC*)ZYE@J1#)!Etn zPHoCIeC2S;PmgJa+dW54LO(_;Kx)yighG_Oqtjl@NNo;%OaBEUI;mY^xY;bvF!DNS z_8a%k!d7pNn{N5`?m)XZ`Xgii2l0{O^3TBjE8qN8urj_S?lgW&H=40-?KLnP^SYAD zBgBsl=$MCV2LzV;e;cv zCf^tL$uow;>%b0pY0-sL(4;sO6rKqLblJf`N%Q2+G=gBVexrRT#tBl~5@MTgGi*;0 zCfG&rwcIJIs=_Zn-Bjs0kM?8k%3+&%yv*}JaGBVUm;p|EH=%FcITu~M7p{5=mWPA5i zitD-bx$vdq6gR^i7cdnBfiO_cQW}5_nBoYC890#MU=f1=rLgEtU~^+^&QJ43Y%S;^ zza>G+6sVwY-|*0B@Mm+xs;@k$`xycg*b3Bxc~G{%B$FTKS6etvant|1PeJ~{Q~sYc z51h>+UF;!=I7@g(UNNjhTfUw;>cp&*d4AdO#kQFx((zBvqfRu!L?iWmGn-7>m1oXXSb1-^U+ z+o^L0+oY6$1K?-9u}GHB^NHKClOcu6JjF@Q1hIz_T*p4+N)bYkQh@wFk|P=Y4-i`j zAOZZf06h8}sO{P!$^(4_N6}jleu`Z?S#h>M#sP_cPHHu12&*a&f@P>(xYR?9(P{T8i?(C6V zskqOy9X^Zr`-A=f&`-jFqJlK+Nsu2VbB+CyUp*@G-g=-HjOt#n+da6u84oLqY<1>EmD6e^NcVq+_r@Dn3*`uw5Hu z-yaeEFTrL^{85tX5Wh<3*?%mdz+Q6E4be-T2oj0Jzs0!0NB1jR|A_LR_2qZA_T~8_ z54{C{Afmr%8vUUDuKvJK+h}|`{s%SU_p5SVRmt7q7?~Y$o=Ej19JdPS8{|)MxNtu- z&pdi!k*3fVgIMgxL`T?w6V37HW+;cv@L4rW{Ta*ROR*rfeec;ivo)z8i=BHj6EYp1 z&R@gs1YA8V;mVSKSYUtDRCp^M;lIWnvaRosBGM=O&}mOhmc8s1$HWsI;45{cpogvM zP2Pfs4Ze+Ao*x-^$=tbyTohql3r<0ix|0#V=!D2Ws%V|xOh_#X;0u}L-?gIl&y11b z^n*pXto)lLL;S=Tzgei&kY5=g<}Vg7{TITW|4p@;eF9EF00;d&4fHFi{xYxMNG1Lk z)AqNd`cZ=%7W#V{1WNpwpZ-;Q_m83b-M;?{-CqpHKZWkUGTi?Ry1%a<|I?uRzf>2H z?f)IMy4?%t@jtJ6$p4cT1F%i(ga3|J1MC{#ojUgLx}fr@DxS)T2X$P!Y1~?gh|s zhe#TIPmvaZ>NznFnOoO2VQZ)oB?zZO%At}Z+=T(z66pge`VNvMPtWHcQ5ia;OE^3g zzG^sn0@0#EEQ{JeY@4%sd>JlPDOHR-5?6g&Iy-H+WZH8$$}k``u)y@CvvhMw{?fb$ zgkk*&ngcG0_svBpl-E@EEzKmE&VTF;FvL2Qpft!x#B?x`ol-Z5-acxUYSw+TFX~{L zr5mJkTV2?-@v@5t@74jJ1oDg8k1Ix#zZYiy-VHI`{ke>CA*5w;XCJT(OD|klQ2FEH z5V;-x>(^uTR8TpV46OVz#lHf+`O0TQbHtp~;9Xs>E!+-!3vfu=wLw&|ur%BmzrJiY zFw^&`$s#j&_13ed*6CNS*McOD%`%}<+m}zGxChX7zyWDwl!4)s+QUy85-kU<52TgG z8p?hc7aCW(V`9a{sLm$SsOeWnd;$ZuS8VGYU_I6o%@p$tXQUx^C;b(5x5jiZ*h&0q9XSqijHUjmma5F@@O-HulQ_I}4 z%3vLxNK!K>;N*%C(Q@kIh-#C@@s>*T6L&C|(?%)x+-jEx%Y%$CadFmM0cHW~Y`>FZ zu7yZ5I)pDd+aOH(Rrw` zT&`By9M&^&UQV_+_hG8T+q<_tP0wsCJT(*8e9e9YkA6~;-2Hjfh(JG5GFCa@CArp- zqtx{^#8B1A<)a4+n-{?#cpi6+fU2{6QWbWmva-iT%rf|H+sDBkuBPqj_54K0yQ&SSb|GF|#3>+nJp{_5slh3*KM#ORM_a~P6!#a3WmU5 zD#1F-G;Jn$-7CiW=xRB^GJ+kNZYmsU(^;Eh@w0x{czeM!U8@Klb4anYIM>2iz#CE8uJ&_?l{Yc=u-i}qhePrxG`AjiI z5*B#5-&X}L-CrPID7z>>Y0Pih+kVdNvHt}ZE6iIxaSfRQVk&;H6`L58tXorA@iz7( zuBxQ={q^@2V>4{P9Dn53ux846j zD0W{S?899y*rLK|F+`dZ{|1ETB7_S_aZy3c3-6rRlGGKtzRarP`N^H|gjW`KB=IcwGt@ruzL<%5dAvw=bMFX9)YWOwo!xJ{ zEUY9)xCzbSZtdNeu=ycJEA_)|XReUQ%@(0sTH;5Zs!ii!9TA*x7PJe$qvk=pM`VdS zz4d&v@YS-Cl7RV%xdCT$l?xf-xPXo!It}1V3m1|#LHsISwIRoyxj?^BQ({2<%(nY< zqQX&b{d-(S@ANp@?;Xh-^|b!9rW-&yGQr-nzh4;GI;CIuxbXPRuiX{!SYNxkHo+-d z|7$|o4alWXl8B4@!ssZ9ZIT%{EoCfCP;S!pFnh5y-B-v%mg{C-r-03a=u+pBhFaPA zU@aS8TTTIoAt)6vn)*mx>R%JiEEP`ImOt9+pvcwLP}bq!pY+Xzow(TqVbUK zsqbQ3&9yx&_Hd9;%{;_U!j8FZg_MxT8MWJ;B9bA=Q7NUH$ za;R2fe&R@J&^~QDjrf9ht_qbpk#r~N#=O26&x7fTYtG_CvzzEVPZ_dSwrtzewI$qQ zD;fiDe3H1mZQEnSD49i!yMlLV?&fnSJN0TKH_P6a>3uDS)uleqxTA?`)6?V)&O*a0 z{>CH;JR}tE31oEHU^_N|g%1tR%{glEv|nkVB*Y-uD$Eq#SCAE&+>L??SB z=Xx~Xhx`2>a_5fCDGr~a6Kk7}*|e*L_wC&%)NKIj8%m(`&=HGSFvofUq<*76EFF)t z9PJFPDibh$boOBD=slPS-Dxr9H}LZWcHkgFSmB)#VyxtPdh9XA0&U+ zZjYU8tVwXsF@-K4LAz};B7DjfRw@;#Q*ceEN3Kq71>3!O{> zBV|EEUj0N8#C2V%H+Jmz$p(znlI(K9mt>lYIqwgwe)c;a#UyyJMoqgPtk+j?_e)Lr zz^&k8k?s$*60VFVgIJK)89>ngn>NpR)6D_%z69*M<(Z&-y zHL;RxZ4kW57HeR+p*D218iI97j=VBevWT5LPY`VsJcM7U*phVt=byG(in{WuDxj#2 z-Vp|9|4HEFk|&cPXqI)pB0M>LZ?z%L>GHn14BESk$pW6w?|)Pjr~g*vzmfz9;loK@ z`?5-%qT742GbfsQtSqc`#7-JT@Lu-{&zyqN0Oz=52Oq6g!}uH-J=c5mSq7hJehIgf z#CEKnL|m-fhu3?EjCB_Ljq*%$z~L(sNU;|g*9t$sj_`^#f4+W4BKF#<-l6J_jgLU! z-kIPr*i8lLA3!-f668luP(gqjUA15bxSvmla)GM-wnlae@a^3BRX3L{ek`P3{=+Ni z;ttR+qFRU8*z>(#dg%wDkxTX%5aCy0@y^R$R^0@bN6Nv5{r1z4h)c0aK%#)EZd?!54ehsD17`dJIQj+1s#}C=QQDk-*QNL~6W1K3}nGMJB zhx2e?WyN}!fG(@ALhgKfK;c0&>XBT4SmQ~c|HAhkq@lKWL_>N+LneQL=(5caJt_YU z0Qvm`=o-I#C1m=S$E65pO6Zqv@>coxs3azXq6$DR0uBS24;JWybAP%Q@WZFJyx|}D7qgIKi!^A z5i-Of$ebO&ppkbyt9MSPcTRT*Ke@&Xu7%Ekhs#mh%!y;@wk`P|ZvC$?F1<|=ruf@# zc90r(RC$3u7+0XN1}sSh{Y0Q>q5}lza9PupL#%YQ63qsabu)!^Gr`bCM9)#*EyQ!g z9V~iQ4(bZzx~9=T-VEeoSbw12cE9~vI`H|O*zAjAW@LtrW#}%cf9H%{QtwLj|0<~l z^#30fc&6r`Q{X?|4=C{LT?G!9%v}Y(YpZu{HIB6FmhHM_|G)!BZhd$4v4E=|PkcoX z#!0ov(@(;5HZcY>$xb=NT7_u=R#_h|Yi;_88nJnELtTDZPsA6f_XP>IWU4D&P3yn3 zIu7rgzpcEW)t4I{_r%n(1JyRI$p!OTX@Ii8Wz(QRmgA610VB7sJQX#fJ-%L8V_&zH ziQ1PjZr+|zcJFJ?<*eK*ktY`8Yp2q}WsVyGD{k7-WMC6BzVAoR#+&E;;UvRfil1qX zlUT2}*GhgvwmZwTk3DiRSG85QV=Mr<+=&>10JUO?(s@?fI+4(3aJ* zf6ol7?fvp%gYvDN@!m4A`$X>SUk=Zu12+gY`R>P;M&@bp^l16qW^LDY6O6iQcDml$ zaQr&k-bJl~@Z8KCYsF5Q=&@`{z>)D^d)uBB8_^o;Yl9?t{$qZT{cF$CkJ~qvzG{vv zBfCMr{CY4kjr5qbOQjQzJ#3OsQyhMtoa-JPI3Y|RCpPHIN?i)r5T3i6US9oa;?nuY z`m0MeQ?&MUi{yrc+Ee80L&Rjf$HsAj@B)Nm*&V@W0j-~gCF)1-sJPKt?cdjM@YrVw zk^9~pFUc7HYHiB+i{#|wsRK7jMGfcvw>M!^3&x{%klmwr0p zzCB&Y_S#XYx61ee^mtn^&Tc_w*N<-spFkC8 z3QrjN;5Qpp&5r9ma8pTimUw@m`Nij^j0CAzy)Mwh0kbez<3>C2%9P~_*RYf3{)CC0 z#vvJ}9E(<4^>^a$To_C^5{;@8to$c(ohHjv>kU~y&z24ODwoAJnnoT9Sniu}z($HZ z&AM~$;L)eL-BH1Q8uPK`K9)GM$4XF9n0^DlMV4|muVt5ehPH^jgoi>?-p7fX0eQ#T zbT!3*PpzvVvT+ctp#&Kf zzeW__+2bIlIIu3<%}MOrUR|AN@UfPY=R1>lQQ>I1+L_cXkGG5hyh}FH#Gxrf1cbF# zj2K7ZMsgEXMqIefhg;>6?c8rmepz8$e3!o8mN{-9vUZJTotI~P;!~?R+#27KN;qpw z^k!Hn3t!vWyDswta-iW2+o;Lo=OdTA?UZPSdu=>3NN~Jn(F0s)`e4Es?8ptaD%k-S zmPZjr=*jDJtm!8&JIQ09OIr9HoMw$?495Dx>guwzK|@K)3pZz;-T)d{Mhx#Qk*KRF z#WeH4K`}PIBS^+#Du|z*-4HvVk1QsKPCPMBYPS10DLqcV8VEF36rjV9CG3re!0j&| zW3ZDPaxva6nN-l-6R}K!tYt60EVJ+gjFykE8D@gKN)BNb%zgO@DoC6>>s-=Cyh3^3 zx{UquQr0bL8!4mq&-*!_>h7r)#@a2t!WZ_*^TRIpx10fUj(i?#kaNa9w;Ubcn|xC^ z6Dlh)9zk38m4{~Sp0+H!W=D$TSki;IiKc@sU?JgmTnE((*PU&?%p}<<9y2lzv$F*@ z-gm0Rqn3Q|=$0h;&~;IH%Sr@Mw?K#rGA=6bzjwVld|c;Z+Qd1oQ&VClh8I8^UIvYW z)eG0iudCTp;Rge;&J#uN>)+S&cA9n2M|_Os;N}dP(360dcbB+Qga@nDa((+P8ZC%J zO~;*FVUC0IhD=srW`<>Dc9L=?=8wXJQw7`V+g`KZORLtzZS)bf*`v7|IAJeV*4-W^ z$c^|!Hg^?YdC$OEO-PMo!!mX@6jP*qKOtE)*%xr<2#2a9yxz4OO6qH9_a2tTX-GUf z6Zr+jm{9kc-8$_ZTngJI-l{43cBokN46B)LZK#2>=Uq&CJo_0|r~fCqG#NAwNrvbb zNABUgp-p#kN;*H@(g4tm%r4u&NiuJKU2mz5D-$M{Zs4e(;lyT(^~uMz$Cmrmbu)5y z#L@<@G6F>ShT>I zmL=(<&cpAY=u)tcH*G}KOS)GS=2=+I`7P8XsjljT1`K!_8zO>|r+lWTk`RZK#K_Z! zq*-=%A+5_sM|=!`{?!FV8T?B0& z)Jlo7@7XhLzp7G&giy!lZDxj^vsG1~q(4w#p{GK<0T%YXS)%^;Sk~*lB0VvZ^TOo3 zGH{`YtseIEuMt*%f24zfQA5srItD~xKi|u|IF349tTsz(q-?9Sirj0rhM-o0i9s5V~I-$=irx*2~cu< zcoyY~-}oTt)E8>Dbonr(mDOWzusNf=jv&&!ru)f741sf|9H2i?h%fqDpTcjna!cPn zTj17xn&%XbnU>JJwTwEQ-rA6xpV2`ae>p{U2R0qLddn=B$*02l`*2SYJtAWPYVAsU zS9V;o1oZ8;Iv!;7GK>6+=^JT~y{HUy{PD@&pCAXW8GO(@gpc};uhYKz2r(>`w0_tM zbx$T&D6bzjciTEiaCr{#ermXFz`<)bLF}OZOo8d35}HHf&?9Qoe5=LGVxb?wiST8U zp$R@EaV_JbyzBOmx#_U!EAnxJO!W}HH@Ye%zie_>z8{e53w`n$sb0s~gwJzs?feA{ zE;Q<>(NSL0zNlTaPeY;oMiNZ^o@}+iU@r~_fGpGiEeW&=+-B=#^l<2v&5T%WI zM`fY9+Bcjh5AG(@WoPag7PCBp15&5h{L`;yPt<*d^!f;C8HBUd>d-`T(z!aKbST-X zk@3mW#zVNcD9_(LPZtDW<`h>8cl@;l1OB;-W8VS0hVQiKCOk@=N3ii;p=ARm$S!o^ zvQ@uG3lqllt$uK~2tLa+98UCcJ#YW;GaeCpBDE)j2Q#?|2fxj+yzSRc@ ziSwsyTsyVvO*GWCDorO*FqQfQV{Z)^c)TfyFwh7LXpzP^J!uh!OAh5^`uWZ&j_JIvYM<3SfX z0+;u_gBG%#vcq`w%l^Zwd@w$IVqpu@oDRG~y1au$P+o4_KDtV`7d*Epb{**cOz4c_ zzIdGMFonMKwI(uXn7t6Zv^ukxWYzh*FiUv@W4B$9gQdA^69LXMTUfv`rUIKUNoDGd zJ%Ro0#nESFKILAwxSKZ_#yN>24OD^U&IAd$(w7NVp3w&S@gHqJ3Gd#IZXK;}rcC7F zI>w+szsMCt+GW8?N%igxZ^bFj*$GkUDij_HAKq7^4(IWunu3IQspuc%Jw^3;un9}S z-s!b{M!MOHDOGR~qzq1A33Y8X9kq2SdF|JbmpI&`PjbUNAVb+`UsE!nvHDcXUOc4X Ze`5{*ccy(p&3|Z Date: Wed, 24 Feb 2021 11:22:23 +0530 Subject: [PATCH 068/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 2017acc4d7..11753d97af 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -23,7 +23,7 @@ ms.topic: article This topic will show you how to take your reference image for Windows 10 (that was just [created](create-a-windows-10-reference-image.md)), and deploy that image to your environment using the **Microsoft Deployment Toolkit (MDT)**. -We will prepare for this by creating an **MDT** deployment share that is used solely for image deployment. Separating the processes of creating reference images from the processes used to deploy them in production allows greater control of on both processes. We will configure **Active Directory** permissions, configure the deployment share, create a new task sequence, and add applications, drivers, and rules. +We will prepare for this by creating an **MDT** deployment share that is used solely for image deployment. Separating the processes of creating reference images from the processes used to deploy them in production allows greater control of both processes. We will configure **Active Directory** permissions, configure the deployment share, create a new task sequence, and add applications, drivers, and rules. For the purposes of this topic, we will use four computers: **DC01, MDT01, HV01 and PC0005**. From 4a4ba2dda0175c1cb8e35dd47c080a6ae7b50f5e Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:22:50 +0530 Subject: [PATCH 069/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 11753d97af..586ec55aa7 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -32,7 +32,7 @@ For the purposes of this topic, we will use four computers: **DC01, MDT01, HV01 - **HV01** is a Hyper-V server - **PC0005** is a blank device to which we will deploy Windows 10 -**MDT01** and **PC0005** are members of the domain contoso.com for the fictitious Contoso Corporation. **HV01** used to test deployment of **PC0005** in a virtual environment. +**MDT01** and **PC0005** are members of the domain contoso.com for the fictitious Contoso Corporation. **HV01** is used to test the deployment of **PC0005** in a virtual environment. ![devices](../images/mdt-07-fig01.png) From f719cd43215e0bb60b0edad159749646968b00a0 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:23:12 +0530 Subject: [PATCH 070/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 586ec55aa7..47c87e09b0 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -122,7 +122,7 @@ In these steps, we assume that you have completed the steps in the [Create a Win 6. On the **Destination** page, in the **Destination directory name** text box, type **W10EX64RTM**, click **Next** twice, and then click **Finish**. 7. After adding the **Operating System**, double-click the added **Operating System** name in the **Operating Systems / Windows 10** node and change the name to **Windows 10 Enterprise x64 RTM Custom Image**. ->[!NOTE] +> [!NOTE] >The reason for adding the setup files has changed since earlier versions of **MDT**. **MDT 2010** used the setup files to install Windows. **MDT** uses **DISM** Command to apply the image; however, you still need the **setup files** because some components in **roles and features** are stored outside the main image. From 5429df8bcd62e94713e1fb34ff58d2b98b53e420 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:23:49 +0530 Subject: [PATCH 071/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 47c87e09b0..9387540124 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -130,7 +130,7 @@ In these steps, we assume that you have completed the steps in the [Create a Win ## Step 4: Add an application -When you configure your **MDT Build Lab deployment** share, you can also add a**pplications** to the new deployment share before creating your task sequence. This section walks you through the process of adding an application to the **MDT Production deployment** share using **Adobe Reader** as an example. +When you configure your **MDT Build Lab deployment** share, you can also add **applications** to the new deployment share before creating your task sequence. This section walks you through the process of adding an application to the **MDT Production deployment** share using **Adobe Reader** as an example. ### Create the install: Adobe Reader DC From 60f91e5deff68abb03d6b9b47b7bd09a0faa1f1b Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:24:11 +0530 Subject: [PATCH 072/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 9387540124..e96ae41179 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -123,7 +123,7 @@ In these steps, we assume that you have completed the steps in the [Create a Win 7. After adding the **Operating System**, double-click the added **Operating System** name in the **Operating Systems / Windows 10** node and change the name to **Windows 10 Enterprise x64 RTM Custom Image**. > [!NOTE] ->The reason for adding the setup files has changed since earlier versions of **MDT**. **MDT 2010** used the setup files to install Windows. **MDT** uses **DISM** Command to apply the image; however, you still need the **setup files** because some components in **roles and features** are stored outside the main image. +> The reason for adding the setup files has changed since earlier versions of **MDT**. **MDT 2010** used the setup files to install Windows. **MDT** uses the **DISM** command to apply the image; however, you still need the **setup files** because some components in **roles and features** are stored outside the main image. ![Imported OS](../images/fig2-importedos.png) From d027375bcff6484e46321f28cd8cfe38fa91d0ef Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:24:24 +0530 Subject: [PATCH 073/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index e96ae41179..300e73b186 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -137,7 +137,7 @@ When you configure your **MDT Build Lab deployment** share, you can also add **a On **MDT01**: 1. Download the Enterprise distribution version of [**Adobe Acrobat Reader DC**](https://get.adobe.com/reader/enterprise/) (AcroRdrDC2100120140_en_US.exe) to **D:\\setup\\adobe** on MDT01. -2. Extract the **.exe** file that you downloaded to an **.msi** (ex: .\AcroRdrDC2100120140_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne). +2. Extract the **.exe** file that you downloaded to a **.msi** (ex: .\AcroRdrDC2100120140_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne). 3. In the **Deployment Workbench**, expand the **MDT Production** node and navigate to the **Applications** node. 4. Right-click the **Applications** node, and create a new folder named **Adobe**. 5. In the **Applications** node, right-click the **Adobe** folder and select **New Application**. From 2932031718b27aa5a8947d1c082c7f67465246fb Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:24:42 +0530 Subject: [PATCH 074/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 300e73b186..fb16dd3c37 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -209,7 +209,7 @@ When you import drivers to the **MDT driver repository**, **MDT** creates a sing - Microsoft Corporation - Surface Laptop -The preceding folder names should match the actual make and model values that MDT reads from devices during deployment. You can find out the model values for your machines by using the following command in **Windows PowerShell Prompt: +The preceding folder names should match the actual make and model values that MDT reads from devices during deployment. You can find out the model values for your machines by using the following command in an elevated **Windows PowerShell prompt**: ``` powershell Get-WmiObject -Class:Win32_ComputerSystem From 04f89ef9c4869c381b7f9b277f4f0be0c04c7ef9 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:24:55 +0530 Subject: [PATCH 075/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index fb16dd3c37..6b18f752b6 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -153,7 +153,7 @@ The Adobe Reader application added to the Deployment Workbench. ## Step 5: Prepare the drivers repository -In order to deploy Windows 10 with **MDT** successfully, you need drivers for the boot images and for the actual operating system. This section will show you how to add drivers for the boot image and operating system, using the following hardware models as examples: +In order to deploy Windows 10 with **MDT** successfully, you need drivers for the boot images and for the actual operating system. This section will show you how to add drivers for the boot images and operating system, using the following hardware models as examples: - Lenovo ThinkPad T420 - Dell Latitude 7390 - HP EliteBook 8560w From eda636b6ae45bc9e16d86aac34bd590d14d608e4 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:27:28 +0530 Subject: [PATCH 076/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 6b18f752b6..ac608d2f37 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -229,7 +229,7 @@ The Out-of-Box Drivers structure in the Deployment Workbench. ### Create the selection profiles for boot image drivers By default, MDT adds any storage and network drivers that you import to the boot images. However, you should add only the drivers that are necessary to the boot image. You can control which drivers are added by using selection profiles. -The drivers that are used for the boot images (Windows PE) are Windows 10 drivers. If you can’t locate **Windows 10** drivers for your device, a **Windows 7 or Windows 8.1** driver will most likely work, but Windows 10 drivers should be your first choice. +The drivers that are used for the boot images (Windows PE) are Windows 10 drivers. If you can’t locate **Windows 10** drivers for your device, a **Windows 7** or **Windows 8.1** driver will most likely work, but Windows 10 drivers should be your first choice. On **MDT01**: From b397cda4516761e21f2b62245cc0405b908d8c6f Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:31:23 +0530 Subject: [PATCH 077/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index ac608d2f37..3b90fab699 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -234,7 +234,7 @@ The drivers that are used for the boot images (Windows PE) are Windows 10 driver On **MDT01**: 1. In the **Deployment Workbench**, under the **MDT Production** node, expand the **Advanced Configuration** node, right-click the **Selection Profiles** node, and select **New Selection Profile**. -2. In the New **Selection Profile Wizard**, create a **selection profile** with the following settings: +2. In the **New Selection Profile Wizard**, create a **selection profile** with the following settings: 1. Selection Profile name: **WinPE x86** 2. Folders: Select the **WinPE x86 folder** in **Out-of-Box** Drivers. 3. Click **Next**, **Next** and **Finish**. From 800fe3abf2c9e38348d17cd51432f2b96ae58bfd Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:31:42 +0530 Subject: [PATCH 078/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 3b90fab699..0aa865e362 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -239,7 +239,7 @@ On **MDT01**: 2. Folders: Select the **WinPE x86 folder** in **Out-of-Box** Drivers. 3. Click **Next**, **Next** and **Finish**. 3. Right-click the **Selection Profiles** node again, and select **New Selection Profile**. -4. In the New **Selection Profile Wizard**, create a **selection profile** with the following settings: +4. In the **New Selection Profile Wizard**, create a **selection profile** with the following settings: 1. Selection Profile name: **WinPE x64** 2. Folders: Select the **WinPE x64 folder** in **Out-of-Box** Drivers. 3. Click **Next**, **Next** and **Finish**. From f8fb238d7997a6cc56e28f75a61f24c1ffa37baf Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:31:55 +0530 Subject: [PATCH 079/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 0aa865e362..c57ab65032 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -25,7 +25,7 @@ This topic will show you how to take your reference image for Windows 10 (that We will prepare for this by creating an **MDT** deployment share that is used solely for image deployment. Separating the processes of creating reference images from the processes used to deploy them in production allows greater control of both processes. We will configure **Active Directory** permissions, configure the deployment share, create a new task sequence, and add applications, drivers, and rules. -For the purposes of this topic, we will use four computers: **DC01, MDT01, HV01 and PC0005**. +For the purposes of this topic, we will use four computers: **DC01**, **MDT01**, **HV01**, and **PC0005**. - **DC01** is a domain controller - **MDT01** is a domain member server From 22a12e714123031d004e64c282ae1da811670de1 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:32:09 +0530 Subject: [PATCH 080/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index c57ab65032..b3075c2cfa 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -94,7 +94,7 @@ The steps for creating the deployment share for production are the same as when ### Configure permissions for the production deployment share -To read files in the deployment share, you need to assign **NTFS** and **SMB** permissions to the **MDT Build Account (MDT\_BA)** for the **D:\\MDTProduction** folder +To read files in the deployment share, you need to assign **NTFS** and **SMB** permissions to the **MDT Build Account (MDT\_BA)** for the **D:\\MDTProduction** folder. On **MDT01**: From 1905cb6c08e9bc2fc99e8d50223727abbba1e68d Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:32:23 +0530 Subject: [PATCH 081/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index b3075c2cfa..1ab83e7066 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -236,7 +236,7 @@ On **MDT01**: 1. In the **Deployment Workbench**, under the **MDT Production** node, expand the **Advanced Configuration** node, right-click the **Selection Profiles** node, and select **New Selection Profile**. 2. In the **New Selection Profile Wizard**, create a **selection profile** with the following settings: 1. Selection Profile name: **WinPE x86** - 2. Folders: Select the **WinPE x86 folder** in **Out-of-Box** Drivers. + 2. Folders: Select the **WinPE x86 folder** in **Out-of-Box Drivers**. 3. Click **Next**, **Next** and **Finish**. 3. Right-click the **Selection Profiles** node again, and select **New Selection Profile**. 4. In the **New Selection Profile Wizard**, create a **selection profile** with the following settings: From 112543582b835f1ac483441fa0192abfef96a1c7 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:32:40 +0530 Subject: [PATCH 082/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 1ab83e7066..ad33d40fd6 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -250,7 +250,7 @@ Creating the WinPE x64 selection profile. ### Extract and import drivers for the x64 boot image -**Windows PE** supports all the hardware models that we have, but here you learn to add boot image drivers to accommodate any new hardware that might require additional drivers. In this example, you add the latest Intel network drivers to the x64 boot image. +**Windows PE** supports all the hardware models that we have, but here you learn how to add boot image drivers to accommodate any new hardware that might require additional drivers. In this example, you add the latest Intel network drivers to the x64 boot image. On **MDT01**: From 5ddf048a4a6fb22960678a7bd1bd514b054015ea Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:33:05 +0530 Subject: [PATCH 083/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index ad33d40fd6..9fdb2b3c3e 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -242,7 +242,7 @@ On **MDT01**: 4. In the **New Selection Profile Wizard**, create a **selection profile** with the following settings: 1. Selection Profile name: **WinPE x64** 2. Folders: Select the **WinPE x64 folder** in **Out-of-Box** Drivers. - 3. Click **Next**, **Next** and **Finish**. + 3. Click **Next**, **Next**, and **Finish**. ![figure 5](../images/fig5-selectprofile.png) From 4aa7f8847ef6a7b141b9d8e6d0c9a36c8a6a0160 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:33:17 +0530 Subject: [PATCH 084/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index 9fdb2b3c3e..e2ca2fafc0 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -237,7 +237,7 @@ On **MDT01**: 2. In the **New Selection Profile Wizard**, create a **selection profile** with the following settings: 1. Selection Profile name: **WinPE x86** 2. Folders: Select the **WinPE x86 folder** in **Out-of-Box Drivers**. - 3. Click **Next**, **Next** and **Finish**. + 3. Click **Next**, **Next**, and **Finish**. 3. Right-click the **Selection Profiles** node again, and select **New Selection Profile**. 4. In the **New Selection Profile Wizard**, create a **selection profile** with the following settings: 1. Selection Profile name: **WinPE x64** From 7918ccd38d147a892cf0ead86df0b389af6dbb1b Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:33:31 +0530 Subject: [PATCH 085/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index e2ca2fafc0..b64a3b7a0b 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -241,7 +241,7 @@ On **MDT01**: 3. Right-click the **Selection Profiles** node again, and select **New Selection Profile**. 4. In the **New Selection Profile Wizard**, create a **selection profile** with the following settings: 1. Selection Profile name: **WinPE x64** - 2. Folders: Select the **WinPE x64 folder** in **Out-of-Box** Drivers. + 2. Folders: Select the **WinPE x64 folder** in **Out-of-Box Drivers**. 3. Click **Next**, **Next**, and **Finish**. ![figure 5](../images/fig5-selectprofile.png) From cc3f83cf159fea69f586d754c614dccbbe224101 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:35:46 +0530 Subject: [PATCH 086/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index b64a3b7a0b..bf3cde3a44 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -259,7 +259,7 @@ On **MDT01**: a. **Note**: Extracting the **.exe** file manually requires an extraction utility. You can also run the .exe and it will self-extract files to the **%userprofile%\AppData\Local\Temp\RarSFX0** directory. This directory is temporary and will be deleted when the **.exe** terminates. 3. Using **File Explorer**, create the **D:\\Drivers\\WinPE x64\\Intel PRO1000** folder. 4. Copy the content of the **C:\\Tmp\\PROWinx64\\PRO1000\\Winx64\\NDIS64** folder to the **D:\\Drivers\\WinPE x64\\Intel PRO1000** folder. -5. In the **Deployment Workbench**, expand the **MDT Production** > **Out-of-Box Drivers** node, right-click the **WinPE x64** node, and select **Import Drivers**, and use the following Driver source directory to import drivers: **D:\\Drivers\\WinPE x64\\Intel PRO1000**. +5. In the **Deployment Workbench**, expand the **MDT Production** > **Out-of-Box Drivers** node, right-click the **WinPE x64** node, select **Import Drivers**, and use the following driver source directory to import drivers: **D:\\Drivers\\WinPE x64\\Intel PRO1000**. ### Download, extract, and import drivers From 6ab718e9dd7c5188305bc84ff7d873b8ea988446 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:45:39 +0530 Subject: [PATCH 087/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index bf3cde3a44..e7c0e7dbde 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -256,7 +256,6 @@ On **MDT01**: 1. Download **PROWinx64.exe** from Intel.com (ex: [PROWinx64.exe](https://downloadcenter.intel.com/downloads/eula/25016/Intel-Network-Adapter-Driver-for-Windows-10?httpDown=https%3A%2F%2Fdownloadmirror.intel.com%2F25016%2Feng%2FPROWinx64.exe)). 2. Extract **PROWinx64.exe** to a temporary folder - in this example to the **C:\\Tmp\\ProWinx64** folder. - a. **Note**: Extracting the **.exe** file manually requires an extraction utility. You can also run the .exe and it will self-extract files to the **%userprofile%\AppData\Local\Temp\RarSFX0** directory. This directory is temporary and will be deleted when the **.exe** terminates. 3. Using **File Explorer**, create the **D:\\Drivers\\WinPE x64\\Intel PRO1000** folder. 4. Copy the content of the **C:\\Tmp\\PROWinx64\\PRO1000\\Winx64\\NDIS64** folder to the **D:\\Drivers\\WinPE x64\\Intel PRO1000** folder. 5. In the **Deployment Workbench**, expand the **MDT Production** > **Out-of-Box Drivers** node, right-click the **WinPE x64** node, select **Import Drivers**, and use the following driver source directory to import drivers: **D:\\Drivers\\WinPE x64\\Intel PRO1000**. From 8191fb51fe1df989de32006b8e982410342d4a50 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Wed, 24 Feb 2021 11:45:55 +0530 Subject: [PATCH 088/111] Update windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md index e7c0e7dbde..355ea08482 100644 --- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md +++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md @@ -255,7 +255,7 @@ Creating the WinPE x64 selection profile. On **MDT01**: 1. Download **PROWinx64.exe** from Intel.com (ex: [PROWinx64.exe](https://downloadcenter.intel.com/downloads/eula/25016/Intel-Network-Adapter-Driver-for-Windows-10?httpDown=https%3A%2F%2Fdownloadmirror.intel.com%2F25016%2Feng%2FPROWinx64.exe)). -2. Extract **PROWinx64.exe** to a temporary folder - in this example to the **C:\\Tmp\\ProWinx64** folder. +2. Extract **PROWinx64.exe** to a temporary folder - in this example to the **C:\\Tmp\\ProWinx64** folder. Note that extracting the **.exe** file manually requires an extraction utility. You can also run the .exe and it will self-extract files to the **%userprofile%\AppData\Local\Temp\RarSFX0** directory. This directory is temporary and will be deleted when the **.exe** terminates. 3. Using **File Explorer**, create the **D:\\Drivers\\WinPE x64\\Intel PRO1000** folder. 4. Copy the content of the **C:\\Tmp\\PROWinx64\\PRO1000\\Winx64\\NDIS64** folder to the **D:\\Drivers\\WinPE x64\\Intel PRO1000** folder. 5. In the **Deployment Workbench**, expand the **MDT Production** > **Out-of-Box Drivers** node, right-click the **WinPE x64** node, select **Import Drivers**, and use the following driver source directory to import drivers: **D:\\Drivers\\WinPE x64\\Intel PRO1000**. From da74350012b5f803f271a68836a862dfb07ad592 Mon Sep 17 00:00:00 2001 From: Kurt Sarens <56369685+kurtsarens@users.noreply.github.com> Date: Wed, 24 Feb 2021 13:08:48 +0100 Subject: [PATCH 089/111] Update microsoft-defender-antivirus-compatibility.md EDR Block mode is a feature not a state... having it in the columns confuses people and creates support calls --- .../microsoft-defender-antivirus-compatibility.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index 3c97136983..f9e280a3e3 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -81,13 +81,13 @@ The table in this section summarizes the functionality and features that are ava > [!IMPORTANT] > Do not turn off capabilities, such as real-time protection, cloud-delivered protection, or limited periodic scanning, if you are using Microsoft Defender Antivirus in passive mode or you are using EDR in block mode. -|Protection |Active mode |Passive mode |EDR in block mode |Disabled or uninstalled | -|:---|:---|:---|:---|:---| -| [Real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) and [cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) | Yes | No [[3](#fn3)] | No | No | -| [Limited periodic scanning availability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus) | No | No | No | Yes | -| [File scanning and detection information](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus) | Yes | Yes | Yes | No | -| [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | Yes | See note [[4](#fn4)] | Yes | No | -| [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) | Yes | Yes | Yes | No | +|Protection |Active mode |Passive mode |Disabled or uninstalled | +|:---|:---|:---|:---| +| [Real-time protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-real-time-protection-microsoft-defender-antivirus) and [cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus) | Yes | No [[3](#fn3)] | No | +| [Limited periodic scanning availability](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/limited-periodic-scanning-microsoft-defender-antivirus) | No | No | Yes | +| [File scanning and detection information](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/customize-run-review-remediate-scans-microsoft-defender-antivirus) | Yes | Yes | No | +| [Threat remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-remediation-microsoft-defender-antivirus) | Yes | See note [[4](#fn4)] | No | +| [Security intelligence updates](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus) | Yes | Yes | No | (3) In general, when Microsoft Defender Antivirus is in passive mode, real-time protection does not provide any blocking or enforcement, even though it is enabled and in passive mode. From dc686fcc39ebcce7a0c11a4ff31c3e1e94937c33 Mon Sep 17 00:00:00 2001 From: rbsec Date: Wed, 24 Feb 2021 14:44:20 +0000 Subject: [PATCH 090/111] Replace ANSI quotes with ASCII ones --- windows/whats-new/ltsc/whats-new-windows-10-2019.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 435e7530bd..072625e781 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -220,7 +220,7 @@ The new [security baseline for Windows 10 version 1803](https://docs.microsoft.c #### SMBLoris vulnerability -An issue, known as “SMBLoris”, which could result in denial of service, has been addressed. +An issue, known as "SMBLoris", which could result in denial of service, has been addressed. #### Windows Security Center @@ -340,13 +340,13 @@ If you have shared devices deployed in your work place, **Fast sign-in** enables ### Web sign-in to Windows 10 -Until now, Windows logon only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We are introducing “web sign-in,” a new way of signing into your Windows PC. Web Sign-in enables Windows logon support for non-ADFS federated providers (e.g.SAML). +Until now, Windows logon only supported the use of identities federated to ADFS or other providers that support the WS-Fed protocol. We are introducing "web sign-in," a new way of signing into your Windows PC. Web Sign-in enables Windows logon support for non-ADFS federated providers (e.g.SAML). **To try out web sign-in:** 1. Azure AD Join your Windows 10 PC. (Web sign-in is only supported on Azure AD Joined PCs). 2. Set the Policy CSP, and the Authentication and EnableWebSignIn polices to enable web sign-in. 3. On the lock screen, select web sign-in under sign-in options. -4. Click the “Sign in” button to continue. +4. Click the "Sign in" button to continue. ![Web sign-in](../images/websignin.png "web sign-in") From c0f41ea1fb404c385a29cd40b27c477c493fb5c4 Mon Sep 17 00:00:00 2001 From: rbsec Date: Wed, 24 Feb 2021 14:46:33 +0000 Subject: [PATCH 091/111] Replace ANSI quotes with ASCII ones --- windows/whats-new/whats-new-windows-10-version-1709.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md index 1792e88bff..7da6279237 100644 --- a/windows/whats-new/whats-new-windows-10-version-1709.md +++ b/windows/whats-new/whats-new-windows-10-version-1709.md @@ -119,7 +119,7 @@ The minimum PIN length is being changed from 6 to 4, with a default of 6. For mo Microsoft has released new [Windows security baselines](https://docs.microsoft.com/windows/device-security/windows-security-baselines) for Windows Server and Windows 10. A security baseline is a group of Microsoft-recommended configuration settings with an explanation of their security impact. For more information, and to download the Policy Analyzer tool, see [Microsoft Security Compliance Toolkit 1.0](https://docs.microsoft.com/windows/device-security/security-compliance-toolkit-10). ### SMBLoris vulnerability -An issue, known as “SMBLoris”, which could result in denial of service, has been addressed. +An issue, known as "SMBLoris", which could result in denial of service, has been addressed. ## Windows Analytics From 9510405d2674accfa49c108f3832bd746b28662e Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 24 Feb 2021 08:30:57 -0800 Subject: [PATCH 092/111] Update microsoft-defender-antivirus-compatibility.md --- .../microsoft-defender-antivirus-compatibility.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md index f9e280a3e3..531fd81b5c 100644 --- a/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md +++ b/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md @@ -13,7 +13,7 @@ ms.author: deniseb ms.custom: nextgen ms.reviewer: tewchen, pahuijbr, shwjha manager: dansimp -ms.date: 02/09/2021 +ms.date: 02/24/2021 ms.technology: mde --- From 772a032248229ca542396e2e5fad22257e727c8b Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 24 Feb 2021 09:03:44 -0800 Subject: [PATCH 093/111] Update Onboard-Windows-10-multi-session-device.md --- .../Onboard-Windows-10-multi-session-device.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md index 94eacf9749..d806706d5e 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md +++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md @@ -13,7 +13,7 @@ ms.topic: article author: dansimp ms.author: dansimp ms.custom: nextgen -ms.date: 02/04/2021 +ms.date: 02/24/2021 ms.reviewer: manager: dansimp ms.technology: mde @@ -31,9 +31,6 @@ Applies to: > [!IMPORTANT] > Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender for Endpoint. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future. -> [!WARNING] -> Microsoft Defender for Endpoint support for Windows Virtual Desktop multi-session scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported. - Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on your organization's needs, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity. ## Before you begin From 5bf4aab647a3622f775c10bc9dbc92ee715328b8 Mon Sep 17 00:00:00 2001 From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com> Date: Wed, 24 Feb 2021 19:27:05 -0800 Subject: [PATCH 094/111] Update faq-md-app-guard.md --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 60b5e96c41..d61d6d1100 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -161,7 +161,7 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli 5. Reboot the device. ### Why doesn't the container fully load when device control policies are enabled? -Allow-listed items must be configured as "allowed" in the Group Policy Object ensure AppGuard works properly. +Allow-listed items must be configured as "allowed" in the Group Policy Object to ensure AppGuard works properly. This is a prerequisite. If the device installations have already been blocked by device control policies, the OS must be reinstalled to resolve this issue. Policy: Allow installation of devices that match any of these device IDs - `SCSI\DiskMsft____Virtual_Disk____` From 5de1aaef5a0df37715898ab2cb2b689cf4f4c3c8 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 25 Feb 2021 10:03:44 -0800 Subject: [PATCH 095/111] Update faq-md-app-guard.md --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index d61d6d1100..c845c37bc3 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 01/21/2021 +ms.date: 02/25/2021 ms.reviewer: manager: dansimp ms.custom: asr From 4c7ad9c7e78444df1924ce4e646078b432347768 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 25 Feb 2021 10:06:58 -0800 Subject: [PATCH 096/111] Update faq-md-app-guard.md --- .../faq-md-app-guard.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index c845c37bc3..0ab5ff8744 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -36,7 +36,7 @@ We recommend 8-GB RAM for optimal performance but you can use the following regi In Windows 10 Enterprise edition 1803, users are able to download documents from the isolated Application Guard container to the host PC. This capability is managed by policy. -In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host PC. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. +In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host device. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. ### Can employees copy and paste between the host device and the Application Guard Edge session? @@ -46,9 +46,9 @@ Depending on your organization's settings, employees can copy and paste images ( To help keep the Application Guard Edge session secure and isolated from the host device, we don't copy the Favorites stored in the Application Guard Edge session back to the host device. -### Why aren’t employees able to see their Extensions in the Application Guard Edge session? +### Why aren’t employees able to see their extensions in the Application Guard Edge session? -Currently, the Application Guard Edge session doesn't support Extensions. However, we're closely monitoring your feedback about this. +Currently, the Application Guard Edge session doesn't support extensions. However, we're closely monitoring your feedback about this. ### How do I configure Microsoft Defender Application Guard to work with my network proxy (IP-Literal Addresses)? @@ -80,7 +80,7 @@ This account is part of Application Guard beginning with Windows 10, version 170 ### How do I trust a subdomain in my site list? -To trust a subdomain, you must precede your domain with two dots, for example: `..contoso.com` ensures that `mail.contoso.com` or `news.contoso.com` are trusted. The first dot represents the strings for the subdomain name (mail or news), the second dot recognizes the start of the domain name (`contoso.com`). This prevents sites such as `fakesitecontoso.com` from being trusted. +To trust a subdomain, you must precede your domain with two dots. For example: `..contoso.com` ensures that `mail.contoso.com` or `news.contoso.com` are trusted. The first dot represents the strings for the subdomain name (mail or news), the second dot recognizes the start of the domain name (`contoso.com`). This prevents sites such as `fakesitecontoso.com` from being trusted. ### Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? From aa3ea2b62115ba473fc3f3d3949f256c4718e9b2 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 25 Feb 2021 10:07:38 -0800 Subject: [PATCH 097/111] Update faq-md-app-guard.md --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 0ab5ff8744..d3085c37e8 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -161,7 +161,7 @@ ICS is enabled by default in Windows, and ICS must be enabled in order for Appli 5. Reboot the device. ### Why doesn't the container fully load when device control policies are enabled? -Allow-listed items must be configured as "allowed" in the Group Policy Object to ensure AppGuard works properly. This is a prerequisite. If the device installations have already been blocked by device control policies, the OS must be reinstalled to resolve this issue. +Allow-listed items must be configured as "allowed" in the Group Policy Object to ensure Application Guard works properly. This is a prerequisite. If the device installations have already been blocked by device control policies, the OS must be reinstalled to resolve this issue. Policy: Allow installation of devices that match any of these device IDs - `SCSI\DiskMsft____Virtual_Disk____` From 1c4c612185e1d7b212ea02615073965d7f1148f9 Mon Sep 17 00:00:00 2001 From: Helen Allas Date: Thu, 25 Feb 2021 11:14:26 -0800 Subject: [PATCH 098/111] Update reference to the portal Should be "Microsoft Defender Security Center" --- .../microsoft-defender-atp/microsoft-defender-atp-linux.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index b9232a219a..d858fa0862 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -51,7 +51,7 @@ There are several methods and deployment tools that you can use to install and c In general you need to take the following steps: -- Ensure that you have a Microsoft Defender for Endpoint subscription, and that you have access to the [Microsoft Defender for Endpoint portal](microsoft-defender-security-center.md). +- Ensure that you have a Microsoft Defender for Endpoint subscription, and that you have access to the [Microsoft Defender Security Center portal](microsoft-defender-security-center.md). - Deploy Microsoft Defender for Endpoint for Linux using one of the following deployment methods: - The command-line tool: - [Manual deployment](linux-install-manually.md) From 6f7b3d2e1687fe3dd6ab79f6a06d670dc5a12e79 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Fri, 26 Feb 2021 13:23:49 +0200 Subject: [PATCH 099/111] update port number https://github.com/MicrosoftDocs/windows-itpro-docs/issues/9024 --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index d3085c37e8..8ce4c7a158 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -131,7 +131,7 @@ In the Microsoft Defender Firewall user interface go through the following steps 1. Right click on inbound rules, create a new rule. 2. Choose **custom rule**. 3. Program path: `%SystemRoot%\System32\svchost.exe`. -4. Protocol Type: UDP, Specific ports: 67, Remote port: any. +4. Protocol Type: UDP, Specific ports: 68, Remote port: any. 5. Any IP addresses. 6. Allow the connection. 7. All profiles. From 6834a684465f5c150880faa3fc62a2596770e8ec Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 1 Mar 2021 09:31:11 -0800 Subject: [PATCH 100/111] Update defender-endpoint-false-positives-negatives.md --- .../defender-endpoint-false-positives-negatives.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md index 5aabbdddd6..f5c7c3085a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md +++ b/windows/security/threat-protection/microsoft-defender-atp/defender-endpoint-false-positives-negatives.md @@ -11,7 +11,7 @@ ms.sitesec: library ms.pagetype: security ms.author: deniseb author: denisebmsft -ms.date: 02/11/2021 +ms.date: 03/01/2021 ms.localizationpriority: medium manager: dansimp audience: ITPro @@ -37,7 +37,7 @@ In endpoint protection solutions, a false positive is an entity, such as a file ![Definition of false positive and negatives in Windows Defender for Endpoints](images/false-positives-overview.png) -Fortunately, steps can be taken to address and reduce these kinds of issues. If you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), your security operations can take steps to address them by using the following process: +Microsoft Defender for Endpoint enables your security operations team to fine-tune your security settings and help address and reduce false positives. If you're seeing false positives/negatives in your [Microsoft Defender Security Center](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/use), use the following process: 1. [Review and classify alerts](#part-1-review-and-classify-alerts) 2. [Review remediation actions that were taken](#part-2-review-remediation-actions) From 2d14f9caf86f8bb558a7e046fe83f9ec4fdc6d41 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 1 Mar 2021 12:03:12 -0800 Subject: [PATCH 101/111] Update faq-md-app-guard.md --- .../faq-md-app-guard.md | 67 +++++++++---------- 1 file changed, 31 insertions(+), 36 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 8ce4c7a158..3e780a9cbc 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -1,6 +1,6 @@ --- -title: FAQ - Microsoft Defender Application Guard (Windows 10) -description: Learn about the commonly asked questions and answers for Microsoft Defender Application Guard. +title: Microsoft Defender Application Guard FAQ (Windows 10) +description: See frequently asked questions and answers for Microsoft Defender Application Guard. ms.prod: m365-security ms.mktglfcycl: manage ms.sitesec: library @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: denisebmsft ms.author: deniseb -ms.date: 02/25/2021 +ms.date: 03/01/2021 ms.reviewer: manager: dansimp ms.custom: asr @@ -19,11 +19,9 @@ ms.technology: mde **Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Answering frequently asked questions about Microsoft Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration. +This article lists frequently asked questions and answers about Microsoft Defender Application Guard (Application Guard) features, integration with the Windows operating system, and general configuration. -## Frequently Asked Questions - -### Can I enable Application Guard on machines equipped with 4-GB RAM? +## Can I enable Application Guard on machines equipped with 4-GB RAM? We recommend 8-GB RAM for optimal performance but you can use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration. `HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount` (Default is four cores.) @@ -32,29 +30,29 @@ We recommend 8-GB RAM for optimal performance but you can use the following regi `HKLM\software\Microsoft\Hvsi\SpecRequiredFreeDiskSpaceInGB` (Default is 5 GB.) -### Can employees download documents from the Application Guard Edge session onto host devices? +## Can employees download documents from the Application Guard Edge session onto host devices? In Windows 10 Enterprise edition 1803, users are able to download documents from the isolated Application Guard container to the host PC. This capability is managed by policy. In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host device. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. -### Can employees copy and paste between the host device and the Application Guard Edge session? +## Can employees copy and paste between the host device and the Application Guard Edge session? Depending on your organization's settings, employees can copy and paste images (.bmp) and text to and from the isolated container. -### Why don't employees see their Favorites in the Application Guard Edge session? +## Why don't employees see their Favorites in the Application Guard Edge session? To help keep the Application Guard Edge session secure and isolated from the host device, we don't copy the Favorites stored in the Application Guard Edge session back to the host device. -### Why aren’t employees able to see their extensions in the Application Guard Edge session? +## Why aren’t employees able to see their extensions in the Application Guard Edge session? Currently, the Application Guard Edge session doesn't support extensions. However, we're closely monitoring your feedback about this. -### How do I configure Microsoft Defender Application Guard to work with my network proxy (IP-Literal Addresses)? +## How do I configure Microsoft Defender Application Guard to work with my network proxy (IP-Literal Addresses)? Microsoft Defender Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as `192.168.1.4:81` can be annotated as `itproxy:81` or using a record such as `P19216810010` for a proxy with an IP address of `192.168.100.10`. This applies to Windows 10 Enterprise edition 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune. -### Which Input Method Editors (IME) in 19H1 are not supported? +## Which Input Method Editors (IME) in 19H1 are not supported? The following Input Method Editors (IME) introduced in Windows 10, version 1903 are currently not supported in Microsoft Defender Application Guard. - Vietnam Telex keyboard @@ -70,31 +68,31 @@ The following Input Method Editors (IME) introduced in Windows 10, version 1903 - Odia phonetic keyboard - Punjabi phonetic keyboard -### I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering? +## I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering? This feature is currently experimental only and is not functional without an additional registry key provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, contact Microsoft and we’ll work with you to enable the feature. -### What is the WDAGUtilityAccount local account? +## What is the WDAGUtilityAccount local account? This account is part of Application Guard beginning with Windows 10, version 1709 (Fall Creators Update). This account remains disabled until Application Guard is enabled on your device. This item is integrated to the OS and is not considered as a threat/virus/malware. -### How do I trust a subdomain in my site list? +## How do I trust a subdomain in my site list? To trust a subdomain, you must precede your domain with two dots. For example: `..contoso.com` ensures that `mail.contoso.com` or `news.contoso.com` are trusted. The first dot represents the strings for the subdomain name (mail or news), the second dot recognizes the start of the domain name (`contoso.com`). This prevents sites such as `fakesitecontoso.com` from being trusted. -### Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? +## Are there differences between using Application Guard on Windows Pro vs Windows Enterprise? When using Windows Pro or Windows Enterprise, you have access to using Application Guard in Standalone Mode. However, when using Enterprise you have access to Application Guard in Enterprise-Managed Mode. This mode has some extra features that the Standalone Mode does not. For more information, see [Prepare to install Microsoft Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard). -### Is there a size limit to the domain lists that I need to configure? +## Is there a size limit to the domain lists that I need to configure? Yes, both the Enterprise Resource domains hosted in the cloud and the Domains categorized as both work and personal have a 16383-B limit. -### Why does my encryption driver break Microsoft Defender Application Guard? +## Why does my encryption driver break Microsoft Defender Application Guard? Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`). -### Why do the Network Isolation policies in Group Policy and CSP look different? +## Why do the Network Isolation policies in Group Policy and CSP look different? There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatory network isolation policies to deploy Application Guard are different between CSP and GP. @@ -104,30 +102,33 @@ For EnterpriseNetworkDomainNames, there is no mapped CSP policy. Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Application Guard does not work and results in an error message (`0x80070013 ERROR_WRITE_PROTECT`). -### Why did Application Guard stop working after I turned off hyperthreading? +## Why did Application Guard stop working after I turned off hyperthreading? If hyperthreading is disabled (because of an update applied through a KB article or through BIOS settings), there is a possibility Application Guard no longer meets the minimum requirements. -### Why am I getting the error message "ERROR_VIRTUAL_DISK_LIMITATION"? +## Why am I getting the error message "ERROR_VIRTUAL_DISK_LIMITATION"? Application Guard might not work correctly on NTFS compressed volumes. If this issue persists, try uncompressing the volume. -### Why am I getting the error message "ERR_NAME_NOT_RESOLVED" after not being able to reach PAC file? +## Why am I getting the error message "ERR_NAME_NOT_RESOLVED" after not being able to reach PAC file? This is a known issue. To mitigate this you need to create two firewall rules. For guidance on how to create a firewall rule by using group policy, see: - [Create an inbound icmp rule](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule) - [Open Group Policy management console for Microsoft Defender Firewall](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security) -First rule (DHCP Server): +### First rule (DHCP Server) + 1. Program path: `%SystemRoot%\System32\svchost.exe` 2. Local Service: `Sid: S-1-5-80-2009329905-444645132-2728249442-922493431-93864177 (Internet Connection Service (SharedAccess))` 3. Protocol UDP 4. Port 67 -Second rule (DHCP Client) +### Second rule (DHCP Client) + This is the same as the first rule, but scoped to local port 68. -In the Microsoft Defender Firewall user interface go through the following steps: + +In the Microsoft Defender Firewall user interface, take the following steps: 1. Right click on inbound rules, create a new rule. 2. Choose **custom rule**. 3. Program path: `%SystemRoot%\System32\svchost.exe`. @@ -138,29 +139,25 @@ In the Microsoft Defender Firewall user interface go through the following steps 8. The new rule should show up in the user interface. Right click on the **rule** > **properties**. 9. In the **Programs and services** tab, Under the **Services** section click on **settings**. Choose **Apply to this Service** and select **Internet Connection Sharing (ICS) Shared Access**. -### Why can I not launch Application Guard when Exploit Guard is enabled? +## Why can I not launch Application Guard when Exploit Guard is enabled? There is a known issue such that if you change the Exploit Protection settings for CFG and possibly others, hvsimgr cannot launch. To mitigate this issue, go to **Windows Security** > **App and Browser control** > **Exploit Protection Setting**, and then switch CFG to **use default**. - -### How can I have ICS in enabled state yet still use Application Guard? +## How can I have ICS in enabled state yet still use Application Guard? ICS is enabled by default in Windows, and ICS must be enabled in order for Application Guard to function correctly. We do not recommend disabling ICS; however, you can disable ICS in part by using a Group Policy and editing registry keys. 1. In the Group Policy setting, **Prohibit use of Internet Connection Sharing on your DNS domain network**, set it to **Disabled**. - 2. Disable IpNat.sys from ICS load as follows:
`System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1` - 3. Configure ICS (SharedAccess) to enabled as follows:
`HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start = 3` - 4. (This is optional) Disable IPNAT as follows:
`HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4` - 5. Reboot the device. -### Why doesn't the container fully load when device control policies are enabled? +## Why doesn't the container fully load when device control policies are enabled? + Allow-listed items must be configured as "allowed" in the Group Policy Object to ensure Application Guard works properly. This is a prerequisite. If the device installations have already been blocked by device control policies, the OS must be reinstalled to resolve this issue. Policy: Allow installation of devices that match any of these device IDs @@ -180,8 +177,6 @@ Policy: Allow installation of devices that match any of these device IDs Policy: Allow installation of devices using drivers that match these device setup classes - `{71a27cdd-812a-11d0-bec7-08002be2092f}` - - ## See also [Configure Microsoft Defender Application Guard policy settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard) From 77c3fa78b9078157a1f2bcdf9b845f54e8278e18 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 1 Mar 2021 12:05:13 -0800 Subject: [PATCH 102/111] Update faq-md-app-guard.md --- .../microsoft-defender-application-guard/faq-md-app-guard.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md index 3e780a9cbc..938a3e95a4 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md @@ -136,8 +136,9 @@ In the Microsoft Defender Firewall user interface, take the following steps: 5. Any IP addresses. 6. Allow the connection. 7. All profiles. -8. The new rule should show up in the user interface. Right click on the **rule** > **properties**. -9. In the **Programs and services** tab, Under the **Services** section click on **settings**. Choose **Apply to this Service** and select **Internet Connection Sharing (ICS) Shared Access**. +8. The new rule should show up in the user interface. Right-click on the rule, and then select **Properties**. +9. In the **Programs and services** tab, under **Services**, select **settings**. +10. Choose **Apply to this Service**, and then select **Internet Connection Sharing (ICS) Shared Access**. ## Why can I not launch Application Guard when Exploit Guard is enabled? From 14bafbd81ae329f9fdb7b3bd8b4f96680d5612c4 Mon Sep 17 00:00:00 2001 From: Sunayana Singh Date: Tue, 2 Mar 2021 10:35:27 +0530 Subject: [PATCH 103/111] Adding Whats new for iOS --- .../microsoft-defender-atp/ios-whatsnew.md | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md new file mode 100644 index 0000000000..cb037ccf1c --- /dev/null +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md @@ -0,0 +1,36 @@ +--- +title: What's new in Microsoft Defender for Endpoint for iOS +description: Learn about the major changes for previous versions of Microsoft Defender for Endpoint for iOS. +keywords: microsoft, defender, atp, mac, installation, macos, whatsnew +search.product: eADQiWindows 10XVcnh +search.appverid: met150 +ms.prod: m365-security +ms.mktglfcycl: security +ms.sitesec: library +ms.pagetype: security +ms.author: sunasing +author: sunasing +ms.localizationpriority: medium +manager: sunasing +audience: ITPro +ms.collection: + - m365-security-compliance + - m365initiative-defender-endpoint +ms.topic: conceptual +ms.technology: mde +--- + +# What's new in Microsoft Defender for Endpoint for iOS + +[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] + +**Applies to:** +- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) +- [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) + +> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) + +## 1.1.15010101 + +- With this version, we are announcing support for iPadOS / iPad devices. +- Bug fixes. From eacc8502e776bbe546a16a67ab7a994e149d167d Mon Sep 17 00:00:00 2001 From: alons8 <61512160+alons8@users.noreply.github.com> Date: Tue, 2 Mar 2021 14:11:03 +0200 Subject: [PATCH 104/111] Update user-roles.md --- .../threat-protection/microsoft-defender-atp/user-roles.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md index 5533555522..8197b29c28 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/user-roles.md +++ b/windows/security/threat-protection/microsoft-defender-atp/user-roles.md @@ -71,7 +71,7 @@ The following steps guide you on how to create roles in Microsoft Defender Secur > [!NOTE] > This setting is only available in the Microsoft Defender for Endpoint administrator (default) role. -- **Manage security settings in Security Center** - Configure alert suppression settings, manage folder exclusions for automation, onboard and offboard devices, and manage email notifications, manage evaluation lab +- **Manage security settings in Security Center** - Configure alert suppression settings, manage folder exclusions for automation, onboard and offboard devices, manage email notifications, manage evaluation lab, and upload files to Live Response library. - **Live response capabilities** - **Basic** commands: From 5622d4f8f945dbcf92c3d82fb9c031ebefcff5a3 Mon Sep 17 00:00:00 2001 From: Andrei-George Stoica Date: Tue, 2 Mar 2021 19:05:47 +0200 Subject: [PATCH 105/111] Updating link to the PowerShell Gallery --- .../security/threat-protection/mbsa-removal-and-guidance.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md index 8ed4a703ef..0bef93992f 100644 --- a/windows/security/threat-protection/mbsa-removal-and-guidance.md +++ b/windows/security/threat-protection/mbsa-removal-and-guidance.md @@ -25,12 +25,12 @@ MBSA was largely used in situations where neither Microsoft Update nor a local W A script can help you with an alternative to MBSA’s patch-compliance checking: - [Using WUA to Scan for Updates Offline](https://docs.microsoft.com/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline), which includes a sample .vbs script. -For a PowerShell alternative, see [Using WUA to Scan for Updates Offline with PowerShell](https://github.com/andreiztm/thedeploymentguy/blob/main/WUAOfflineScan/Scan-UpdatesOffline.ps1). +For a PowerShell alternative, see [Using WUA to Scan for Updates Offline with PowerShell](https://www.powershellgallery.com/packages/Scan-UpdatesOffline/1.0/Content/Scan-UpdatesOffline.ps1). For example: [![VBS script](images/vbs-example.png)](https://docs.microsoft.com/windows/desktop/wua_sdk/using-wua-to-scan-for-updates-offline) -[![PowerShell script](images/powershell-example.png)](https://github.com/andreiztm/thedeploymentguy/blob/main/WUAOfflineScan/Scan-UpdatesOffline.ps1) +[![PowerShell script](images/powershell-example.png)](https://www.powershellgallery.com/packages/Scan-UpdatesOffline/1.0/Content/Scan-UpdatesOffline.ps1) The preceding scripts leverage the [WSUS offline scan file](https://support.microsoft.com/help/927745/detailed-information-for-developers-who-use-the-windows-update-offline) ([wsusscn2.cab](https://go.microsoft.com/fwlink/?LinkID=74689)) to perform a scan and get the same information on missing updates as MBSA supplied. MBSA also relied on the wsusscn2.cab to determine which updates were missing from a given system without connecting to any online service or server. The wsusscn2.cab file is still available and there are currently no plans to remove or replace it. The wsusscn2.cab file contains the metadata of only security updates, update rollups and service packs available from Microsoft Update; it does not contain any information on non-security updates, tools or drivers. From 0a45c0a88462083eaaee98f8dc5a429dda727933 Mon Sep 17 00:00:00 2001 From: Charles Inglis <32555877+cinglis-msft@users.noreply.github.com> Date: Tue, 2 Mar 2021 12:21:53 -0500 Subject: [PATCH 106/111] Update update-compliance-get-started.md Added note about using DA config to config UC devices as well for simultaneous enrollment --- windows/deployment/update/update-compliance-get-started.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 4e77a4d513..7c19ac8184 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -66,6 +66,9 @@ To find your CommercialID within Azure: Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. There are two ways to configure devices to use Update Compliance. +> [!NOTE] +> Customers using or that plan to use [Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/overview) can follow the process to [Enroll devices in Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/enroll-devices) to also enroll devices to Update Compliance, but note the Commercial ID and Log Analytics workspace must be the same for both solutions. + > [!NOTE] > After configuring devices via one of the two methods below, it can take up to 72 hours before devices are visible in the solution. Until then, Update Compliance will indicate it is still assessing devices. From fe6b9afd1d616689a605a31c7234ebdd3d3ff4df Mon Sep 17 00:00:00 2001 From: Jaime Ondrusek Date: Tue, 2 Mar 2021 10:24:30 -0700 Subject: [PATCH 107/111] Update update-compliance-get-started.md Small edits for clarity. --- windows/deployment/update/update-compliance-get-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md index 7c19ac8184..8bf31e807a 100644 --- a/windows/deployment/update/update-compliance-get-started.md +++ b/windows/deployment/update/update-compliance-get-started.md @@ -67,7 +67,7 @@ To find your CommercialID within Azure: Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. There are two ways to configure devices to use Update Compliance. > [!NOTE] -> Customers using or that plan to use [Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/overview) can follow the process to [Enroll devices in Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/enroll-devices) to also enroll devices to Update Compliance, but note the Commercial ID and Log Analytics workspace must be the same for both solutions. +> If you use or plan to use [Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/overview), follow the steps in [Enroll devices in Desktop Analytics](https://docs.microsoft.com/mem/configmgr/desktop-analytics/enroll-devices) to also enroll devices to Update Compliance. You should be aware that the Commercial ID and Log Analytics workspace must be the same for both Desktop Analytics and Update Compliance. > [!NOTE] > After configuring devices via one of the two methods below, it can take up to 72 hours before devices are visible in the solution. Until then, Update Compliance will indicate it is still assessing devices. From 6b6717df95c20608324c277382e9f0609c22c935 Mon Sep 17 00:00:00 2001 From: gkomatsu Date: Tue, 2 Mar 2021 17:19:01 -0800 Subject: [PATCH 108/111] Update diagnose-mdm-failures-in-windows-10.md Removed section specific to Windows Mobile Field Medic which is no longer available. --- .../mdm/diagnose-mdm-failures-in-windows-10.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md index db52ac149a..4f20ca31cd 100644 --- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md +++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md @@ -112,8 +112,8 @@ Example: Export the Debug logs ``` -## Collect logs from Windows 10 Mobile devices - + +  -## Collect logs remotely from Windows 10 Holographic or Windows 10 Mobile devices +## Collect logs remotely from Windows 10 Holographic -For holographic or mobile devices already enrolled in MDM, you can remotely collect MDM logs through the MDM channel using the [DiagnosticLog CSP](diagnosticlog-csp.md). +For holographic already enrolled in MDM, you can remotely collect MDM logs through the MDM channel using the [DiagnosticLog CSP](diagnosticlog-csp.md). You can use the DiagnosticLog CSP to enable the ETW provider. The provider ID is 3DA494E4-0FE2-415C-B895-FB5265C5C83B. The following examples show how to enable the ETW provider: From 572679322d688e40efb98d13398e02133687ef54 Mon Sep 17 00:00:00 2001 From: jcaparas Date: Wed, 3 Mar 2021 10:02:02 -0800 Subject: [PATCH 109/111] Update windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../threat-protection/microsoft-defender-atp/ios-whatsnew.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md index cb037ccf1c..1d3adbc525 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md @@ -28,7 +28,7 @@ ms.technology: mde - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631) - [Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2118804) -> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) +Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) ## 1.1.15010101 From fcea645a233693d727a651e69aa323e67af9df67 Mon Sep 17 00:00:00 2001 From: jcaparas Date: Wed, 3 Mar 2021 10:02:11 -0800 Subject: [PATCH 110/111] Update windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../threat-protection/microsoft-defender-atp/ios-whatsnew.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md index 1d3adbc525..b8d75b40e7 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md +++ b/windows/security/threat-protection/microsoft-defender-atp/ios-whatsnew.md @@ -32,5 +32,5 @@ Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.]( ## 1.1.15010101 -- With this version, we are announcing support for iPadOS / iPad devices. +- With this version, we are announcing support for iPadOS/iPad devices. - Bug fixes. From df186586e441228c2c74a3901e962b885d463fb8 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 4 Mar 2021 16:04:52 -0800 Subject: [PATCH 111/111] add specific role --- .../threat-protection/microsoft-defender-atp/live-response.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/live-response.md b/windows/security/threat-protection/microsoft-defender-atp/live-response.md index 0a9a064d62..4d25ed5831 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/live-response.md +++ b/windows/security/threat-protection/microsoft-defender-atp/live-response.md @@ -89,7 +89,7 @@ You'll need to enable, at least, the minimum Remediation Level for a given Devic Only users who have been provisioned with the appropriate permissions can initiate a session. For more information on role assignments, see [Create and manage roles](user-roles.md). > [!IMPORTANT] - > The option to upload a file to the library is only available to those with the appropriate RBAC permissions. The button is greyed out for users with only delegated permissions. + > The option to upload a file to the library is only available to those with the appropriate RBAC permissions, specifically Manage security settings role. The button is greyed out for users with only delegated permissions.For more information, see [Permission options](user-roles.md#permission-options). Depending on the role that's been granted to you, you can run basic or advanced live response commands. Users permissions are controlled by RBAC custom role.