deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo 2023-08-08 09:34:25 +02:00
parent 4b1d1fb1c6
commit 658c947fe1
14 changed files with 17 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
education/windows/edu-stickers.md
View File

@ -33,14 +33,14 @@ Stickers aren't enabled by default. Follow the instructions below to configure y
#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
[!INCLUDE [intune-custom-settings-1](includes/configure/intune-custom-settings-1.md)]
[!INCLUDE [intune-custom-settings-1](../../includes/configure/intune-custom-settings-1.md)]
| Setting |
|--------|
| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Stickers/EnableStickers`** </li><li>Data type: **Integer** </li><li>Value: **1**</li>|
[!INCLUDE [intune-custom-settings-2](includes/configure/intune-custom-settings-2.md)]
[!INCLUDE [intune-custom-settings-info](includes/configure/intune-custom-settings-info.md)]
[!INCLUDE [intune-custom-settings-2](../../includes/configure/intune-custom-settings-2.md)]
[!INCLUDE [intune-custom-settings-info](../../includes/configure/intune-custom-settings-info.md)]
> [!TIP]
> Use the following Graph call to automatically create the custom policy in your tenant without assignments nor scope tags. <sup>[1](#footnote1)</sup>

6
education/windows/edu-take-a-test-kiosk-mode.md
View File

@ -53,7 +53,7 @@ To configure devices using Intune for Education, follow these steps:
### Configure Take a Test with a custom policy
[!INCLUDE [intune-custom-settings-1](includes/configure/intune-custom-settings-1.md)]
[!INCLUDE [intune-custom-settings-1](../../includes/configure/intune-custom-settings-1.md)]
| Setting |
|--------|
@ -67,8 +67,8 @@ To configure devices using Intune for Education, follow these steps:
:::image type="content" source="./images/takeatest/intune-take-a-test-custom-profile.png" alt-text="Intune portal - creation of a custom policy to configure Take a Test." lightbox="./images/takeatest/intune-take-a-test-custom-profile.png" border="true":::
[!INCLUDE [intune-custom-settings-2](includes/configure/intune-custom-settings-2.md)]
[!INCLUDE [intune-custom-settings-info](includes/configure/intune-custom-settings-info.md)]
[!INCLUDE [intune-custom-settings-2](../../includes/configure/intune-custom-settings-2.md)]
[!INCLUDE [intune-custom-settings-info](../../includes/configure/intune-custom-settings-info.md)]
#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)

6
education/windows/edu-themes.md
View File

@ -23,14 +23,14 @@ Education themes aren't enabled by default. Follow the instructions below to con
#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
[!INCLUDE [intune-custom-settings-1](includes/configure/intune-custom-settings-1.md)]
[!INCLUDE [intune-custom-settings-1](../../includes/configure/intune-custom-settings-1.md)]
| Setting |
|--------|
| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Education/EnableEduThemes`** </li><li>Data type: **Integer** </li><li>Value: **1**</li>|
[!INCLUDE [intune-custom-settings-2](includes/configure/intune-custom-settings-2.md)]
[!INCLUDE [intune-custom-settings-info](includes/configure/intune-custom-settings-info.md)]
[!INCLUDE [intune-custom-settings-2](../../includes/configure/intune-custom-settings-2.md)]
[!INCLUDE [intune-custom-settings-info](../../includes/configure/intune-custom-settings-info.md)]
#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)

4
education/windows/federated-sign-in.md
View File

@ -79,7 +79,7 @@ To use web sign-in with a federated identity provider, your devices must be conf
To configure federated sign-in using Microsoft Intune, [create a custom profile][MEM-1] with the following settings:
[!INCLUDE [intune-custom-settings-1](includes/configure/intune-custom-settings-1.md)]
[!INCLUDE [intune-custom-settings-1](../../includes/configure/intune-custom-settings-1.md)]
| Setting |
|--------|
@ -121,7 +121,7 @@ To use web sign-in with a federated identity provider, your devices must be conf
To configure federated sign-in using Microsoft Intune, [create a custom profile][MEM-1] with the following settings:
[!INCLUDE [intune-custom-settings-1](includes/configure/intune-custom-settings-1.md)]
[!INCLUDE [intune-custom-settings-1](../../includes/configure/intune-custom-settings-1.md)]
| Setting |
|--------|

13
education/windows/includes/intune-custom-settings-1.md
View File

@ -1,13 +0,0 @@
---
ms.date: 02/22/2022
ms.topic: include
---
To configure devices with Microsoft Intune, use a custom policy:
1. Go to the <a href="https://intune.microsoft.com" target="_blank"><b>Microsoft Intune admin center</b></a>
2. Select **Devices > Configuration profiles > Create profile**
3. Select **Platform > Windows 10 and later** and **Profile type > Templates > Custom**
4. Select **Create**
5. Specify a **Name** and, optionally, a **Description > Next**
6. Add the following settings:

9
education/windows/includes/intune-custom-settings-2.md
View File

@ -1,9 +0,0 @@
---
ms.date: 11/08/2022
ms.topic: include
---
7. Select **Next**
8. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**
9. Under **Applicability Rules**, select **Next**
10. Review the policy configuration and select **Create**

6
education/windows/includes/intune-custom-settings-info.md
View File

@ -1,6 +0,0 @@
---
ms.date: 11/08/2022
ms.topic: include
---
For more information about how to create custom settings using Intune, see [Use custom settings for Windows devices in Intune](/mem/intune/configuration/custom-settings-windows-10).

73
education/windows/index.old.yml
View File

@ -1,73 +0,0 @@
- title: Get started
linkLists:
- linkListType: tutorial
links:
- text: Deploy and manage Windows devices in a school
url: tutorial-school-deployment/index.md
- text: Prepare your tenant
url: tutorial-school-deployment/set-up-azure-ad.md
- text: Configure settings and applications with Microsoft Intune
url: tutorial-school-deployment/configure-devices-overview.md
- text: Manage devices with Microsoft Intune
url: tutorial-school-deployment/manage-overview.md
- text: Management functionalities for Surface devices
url: tutorial-school-deployment/manage-surface-devices.md
- title: Learn about Windows 11 SE
linkLists:
- linkListType: concept
links:
- text: What is Windows 11 SE?
url: windows-11-se-overview.md
- text: Windows 11 SE settings
url: windows-11-se-settings-list.md
- linkListType: whats-new
links:
- text: Configure federated sign-in
url: federated-sign-in.md
- text: Configure education themes
url: edu-themes.md
- text: Configure Stickers
url: edu-stickers.md
- linkListType: video
links:
- text: Deploy Windows 11 SE using Set up School PCs
url: https://www.youtube.com/watch?v=Ql2fbiOop7c
- title: Deploy devices with Set up School PCs
linkLists:
- linkListType: concept
links:
- text: What is Set up School PCs?
url: set-up-school-pcs-technical.md
- linkListType: how-to-guide
links:
- text: Use the Set up School PCs app
url: use-set-up-school-pcs-app.md
- linkListType: reference
links:
- text: Provisioning package settings
url: set-up-school-pcs-provisioning-package.md
- linkListType: video
links:
- text: Use the Set up School PCs App
url: https://www.youtube.com/watch?v=2ZLup_-PhkA
- title: Configure devices
linkLists:
- linkListType: concept
links:
- text: Take tests and assessments in Windows
url: take-tests-in-windows.md
- text: Considerations for shared and guest devices
url: /windows/configuration/shared-devices-concepts?context=/education/context/context
- text: Change Windows editions
url: change-home-to-edu.md
- linkListType: how-to-guide
links:
- text: Configure Take a Test in kiosk mode
url: edu-take-a-test-kiosk-mode.md
- text: Configure Shared PC
url: /windows/configuration/set-up-shared-or-guest-pc?context=/education/context/context
- text: Get and deploy Minecraft Education
url: get-minecraft-for-education.md

2
windows/security/hardware-security/system-guard-secure-launch-and-smm-protection.md
View File

@ -61,7 +61,7 @@ To verify that Secure Launch is running, use System Information (MSInfo32). Clic
![Verifying Secure Launch is running in the Windows Security settings.](images/secure-launch-msinfo.png)
> [!NOTE]
> To enable System Guard Secure launch, the platform must meet all the baseline requirements for [System Guard](how-hardware-based-root-of-trust-helps-protect-windows.md), [Device Guard](../application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md), [Credential Guard](../identity-protection/credential-guard/credential-guard-requirements.md), and [Virtualization Based Security](/windows-hardware/design/device-experiences/oem-vbs).
> To enable System Guard Secure launch, the platform must meet all the baseline requirements for [System Guard](how-hardware-based-root-of-trust-helps-protect-windows.md), [Device Guard](../application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md), [Credential Guard](../identity-protection/credential-guard/index.md), and [Virtualization Based Security](/windows-hardware/design/device-experiences/oem-vbs).
> [!NOTE]
> For more information around AMD processors, see [Microsoft Security Blog: Force firmware code to be measured and attested by Secure Launch on Windows 10](https://www.microsoft.com/security/blog/2020/09/01/force-firmware-code-to-be-measured-and-attested-by-secure-launch-on-windows-10/).

2
windows/security/identity-protection/credential-guard/configure.md
View File

@ -398,7 +398,7 @@ bcdedit /set vsmlaunchtype off
## Next steps
- Review the advices and sample code for making your environment more secure and robust with Windows Defender Credential Guard in the [Additional mitigations](additional-mitigations.md) article
- Review [considerations and known issues when using Windows Defender Credential Guard](considerations-known-issues)
- Review [considerations and known issues when using Windows Defender Credential Guard](considerations-known-issues.md)
<!--links-->

2
windows/security/identity-protection/credential-guard/how-it-works.md
View File

@ -57,4 +57,4 @@ don't qualify as credentials because they can't be presented to another computer
- Learn [how to configure Windows Defender Credential Guard](configure.md)
- Review the advices and sample code for making your environment more secure and robust with Windows Defender Credential Guard in the [Additional mitigations](additional-mitigations.md) article
- Review [considerations and known issues when using Windows Defender Credential Guard](considerations-known-issues)
- Review [considerations and known issues when using Windows Defender Credential Guard](considerations-known-issues.md)

2
windows/security/identity-protection/credential-guard/index.md
View File

@ -98,4 +98,4 @@ Services or protocols that rely on Kerberos, such as file shares or remote deskt
- Learn [how Windows Defender Credential Guard works](how-it-works.md)
- Learn [how to configure Windows Defender Credential Guard](configure.md)
- Review the advices and sample code for making your environment more secure and robust with Windows Defender Credential Guard in the [Additional mitigations](additional-mitigations.md) article
- Review [considerations and known issues when using Windows Defender Credential Guard](considerations-known-issues)
- Review [considerations and known issues when using Windows Defender Credential Guard](considerations-known-issues.md)

2
windows/security/includes/sections/identity.md
View File

@ -24,5 +24,5 @@ ms.topic: include
| **[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)** | Account Lockout Policy settings control the response threshold for failed logon attempts and the actions to be taken after the threshold is reached. |
| **[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)** | Users who are still using passwords can benefit from powerful credential protection. Microsoft Defender SmartScreen includes enhanced phishing protection to automatically detect when a user enters their Microsoft password into any app or website. Windows then identifies if the app or site is securely authenticating to Microsoft and warns if the credentials are at risk. Since users are alerted at the moment of potential credential theft, they can take preemptive action before their password is used against them or their organization. |
| **[Access Control (ACL/SACL)](/windows/security/identity-protection/access-control/access-control)** | Access control in Windows ensures that shared resources are available to users and groups other than the resource's owner and are protected from unauthorized use. IT administrators can manage users', groups', and computers' access to objects and assets on a network or computer. After a user is authenticated, the Windows operating system implements the second phase of protecting resources by using built-in authorization and access control technologies to determine if an authenticated user has the correct permissions.<br><br>Access Control Lists (ACL) describe the permissions for a specific object and can also contain System Access Control Lists (SACL). SACLs provide a way to audit specific system level events, such as when a user attempt to access file system objects. These events are essential for tracking activity for objects that are sensitive or valuable and require extra monitoring. Being able to audit when a resource attempts to read or write part of the operating system is critical to understanding a potential attack. |
| **[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)** | Enabled by default in Windows 11 Enterprise, Windows Credential Guard uses hardware-backed, Virtualization-based security (VBS) to protect against credential theft. With Windows Credential Guard, the Local Security Authority (LSA) stores and protects secrets in an isolated environment that isn't accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process. <br><br>By protecting the LSA process with Virtualization-based security, Windows Credential Guard shields systems from credential theft attack techniques like pass-the-hash or pass-the-ticket. It also helps prevent malware from accessing system secrets even if the process is running with admin privileges. |
| **[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard)** | Enabled by default in Windows 11 Enterprise, Windows Credential Guard uses hardware-backed, Virtualization-based security (VBS) to protect against credential theft. With Windows Credential Guard, the Local Security Authority (LSA) stores and protects secrets in an isolated environment that isn't accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process. <br><br>By protecting the LSA process with Virtualization-based security, Windows Credential Guard shields systems from credential theft attack techniques like pass-the-hash or pass-the-ticket. It also helps prevent malware from accessing system secrets even if the process is running with admin privileges. |
| **[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)** | Window Defender Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that is requesting the connection. It also provides single sign-on experiences for Remote Desktop sessions. <br><br>Administrator credentials are highly privileged and must be protected. When you use Windows Defender Remote Credential Guard to connect during Remote Desktop sessions, your credential and credential derivatives are never passed over the network to the target device. If the target device is compromised, your credentials aren't exposed. |

2
windows/security/introduction.md
View File

@ -45,7 +45,7 @@ In Windows 11, [Microsoft Defender Application Guard](/windows-hardware/design/d
### Secured identities
Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as [TPM 2.0](information-protection/tpm/trusted-platform-module-overview.md), [VBS](/windows-hardware/design/device-experiences/oem-vbs), and/or [Windows Defender Credential Guard](identity-protection/credential-guard/credential-guard.md), making it harder for attackers to steal credentials from a device. With [Windows Hello for Business](identity-protection/hello-for-business/index.md), users can quickly sign in with face, fingerprint, or PIN for passwordless protection. Windows 11 also supports [FIDO2 security keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) for passwordless authentication.
Passwords have been an important part of digital security for a long time, and they're also a top target for cybercriminals. Windows 11 provides powerful protection against credential theft with chip-level hardware security. Credentials are protected by layers of hardware and software security such as [TPM 2.0](information-protection/tpm/trusted-platform-module-overview.md), [VBS](/windows-hardware/design/device-experiences/oem-vbs), and/or [Windows Defender Credential Guard](identity-protection/credential-guard/index.md), making it harder for attackers to steal credentials from a device. With [Windows Hello for Business](identity-protection/hello-for-business/index.md), users can quickly sign in with face, fingerprint, or PIN for passwordless protection. Windows 11 also supports [FIDO2 security keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key) for passwordless authentication.
### Connecting to cloud services