deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 11:53:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into HApubpreview3

Browse Source
This commit is contained in:
jaimeo
2017-07-14 11:29:31 -07:00
parent d9bdf943e0 64e7984d67
commit 687d42e857
465 changed files with 933 additions and 842 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
windows/client-management/mdm/enterpriseassignedaccess-csp.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 06/19/2017
ms.date: 07/12/2017
---
# EnterpriseAssignedAccess CSP
@ -26,7 +26,7 @@ The following diagram shows the EnterpriseAssignedAccess configuration service p
The following list shows the characteristics and parameters.
<a href="" id="-vendor-msft-enterpriseassignedaccess-"></a>**.Vendor/MSFT/EnterpriseAssignedAccess/**
<a href="" id="-vendor-msft-enterpriseassignedaccess-"></a>**./Vendor/MSFT/EnterpriseAssignedAccess/**
The root node for the EnterpriseAssignedAccess configuration service provider. Supported operations are Add, Delete, Get and Replace.
<a href="" id="assignedaccess-"></a>**AssignedAccess/**
@ -39,10 +39,10 @@ Supported operations are Add, Delete, Get and Replace.
The Apps and Settings sections of lockdown XML constitute an Allow list. Any app or setting that is not specified in AssignedAccessXML will not be available on the device to users. The following table describes the entries in lockdown XML.
> **Important**  
When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as &lt; instead of &lt; because it is embedded in an XML. The examples provided in the topic are formatted for readability.
> [!Important]   
> When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as \&lt; instead of &lt; because it is embedded in an XML. The examples provided in the topic are formatted for readability.
When using the AssignedAccessXml in a provisioning package using the Windows Imaging and Configuration Designer (ICD) tool, do not use escaped characters.
When using the AssignedAccessXml in a provisioning package using the Windows Configuration Designer tool, do not use escaped characters.
Entry | Description
----------- | ------------
@ -136,10 +136,7 @@ An application that belongs in the folder would add an optional attribute **Pare
Entry | Description
----------- | ------------
Settings | Starting in Windows 10, version 1511, you can specify the following settings pages in the lockdown XML file.
> [!Important]
> Do not specify a group entry without a page entry because it will cause an undefined behavior.
Settings | Starting in Windows 10, version 1511, you can specify the following settings pages in the lockdown XML file. For Windows 10, version 1703, see the instructions below for the new way to specify the settings pages.
<ul>
<li>System (main menu) - SettingsPageGroupPCSystem
@ -245,12 +242,32 @@ Settings | Starting in Windows 10, version 1511, you can specify the following
</ul></li>
</ul>
Entry | Description
----------- | ------------
Settings | Starting in Windows 10, version 1703, you can specify the settings pages using the settings URI.
For example, in place of SettingPageDisplay, you would use ms-settings:display. See [ms-settings: URI scheme reference](https://docs.microsoft.com/en-us/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference) to find the URI for each settings page.
Here is an example for Windows 10, version 1703.
``` syntax
<Settings>
<System name="ms-settings:display"/>
<System name="ms-settings:appsforwebsites"/>
<System name="ms-settings:about"/>
<System name="ms-settings:camera"/>
<System name="ms-settings:nfctransactions"/>
<System name="ms-settings:mousetouchpad"/>
<System name="ms-settings:usb"/>
</Settings>
```
**Quick action settings**
Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page).
> [!Note]
> Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. This statement does not apply to Windows 10, version 1703.
> Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. In Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page.
<ul>
<li><p>SystemSettings_System_Display_QuickAction_Brightness</p>
@ -287,6 +304,25 @@ Starting in Windows 10, version 1511, you can specify the following quick acti
<p>Dependencies - none</p></li>
</ul>
Starting in Windows 10, version 1703, Quick action settings no longer require any dependencis from related group or page. Here is the list:
- QuickActions_Launcher_AllSettings
- QuickActions_Launcher_DeviceDiscovery
- SystemSettings_BatterySaver_LandingPage_OverrideControl
- SystemSettings_Device_BluetoothQuickAction
- SystemSettings_Flashlight_Toggle
- SystemSettings_Launcher_QuickNote
- SystemSettings_Network_VPN_QuickAction
- SystemSettings_Privacy_LocationEnabledUserPhone
- SystemSettings_QuickAction_AirplaneMode
- SystemSettings_QuickAction_Camera
- SystemSettings_QuickAction_CellularData
- SystemSettings_QuickAction_InternetSharing
- SystemSettings_QuickAction_QuietHours
- SystemSettings_QuickAction_WiFi
- SystemSettings_System_Display_Internal_Rotation
- SystemSettings_System_Display_QuickAction_Brightness
In this example, all settings pages and quick action settings are allowed. An empty \<Settings> node indicates that none of the settings are blocked.
``` syntax
@ -294,7 +330,7 @@ In this example, all settings pages and quick action settings are allowed. An em
</Settings>
```
In this example, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names.
In this example for Windows 10, version 1511, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names.
``` syntax
<Settings>
@ -310,6 +346,19 @@ In this example, all System setting pages are enabled. Note that the System page
<System name="SettingsPagePCSystemInfo" />
</Settings>
```
Here is an example for Windows 10, version 1703.
``` syntax
<Settings>
<System name="ms-settings:display"/>
<System name="ms-settings:appsforwebsites"/>
<System name="ms-settings:about"/>
<System name="ms-settings:camera"/>
<System name="ms-settings:nfctransactions"/>
<System name="ms-settings:mousetouchpad"/>
<System name="ms-settings:usb"/>
</Settings>
```
Entry | Description
----------- | ------------

22
windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 06/19/2017
ms.date: 07/11/2017
---
# EnterpriseDesktopAppManagement CSP
@ -48,6 +48,26 @@ Installation date of the application. Value type is string. Supported operation
<a href="" id="msi-productid-downloadinstall"></a>**MSI/*ProductID*/DownloadInstall**
Executes the download and installation of the application. Value type is string. Supported operations are Execute and Get.
In Windows 10, version 1703 service release, a new tag \<DownloadFromAad\> was added to the \<Enforcement\> section of the XML. The default value is 0 (do not send token). This tag is optional and needs to be set to 1 in case the server wants the download URL to get the AADUserToken.
Here is an example:
```syntax
<Enforcement>
<CommandLine>/quiet</CommandLine>
<TimeOut>5</TimeOut>
<RetryCount>3</RetryCount>
<RetryInterval>5</RetryInterval>
<DownloadFromAad>1</DownloadFromAad>
</Enforcement>
```
<a href="" id="msi-productid-status"></a>**MSI/*ProductID*/Status**
Status of the application. Value type is string. Supported operation is Get.

18
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -10,7 +10,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 07/07/2017
ms.date: 07/12/2017
---
# What's new in MDM enrollment and management
@ -1305,6 +1305,22 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<li>WindowsDefenderSecurityCenter/Phone</li>
<li>WindowsDefenderSecurityCenter/URL</li>
</ul>
</td></tr>
<tr class="odd">
<td style="vertical-align:top">[EnterpriseDesktopAppManagement CSP](enterprisedesktopappmanagement-csp.md)</td>
<td style="vertical-align:top">Added the following statement to [MSI/ProductID/DownloadInstall](enterprisedesktopappmanagement-csp.md#msi-productid-downloadinstall):
<ul>
<li>In Windows 10, version 1703 service release, a new tag "DownloadFromAad" was added to the "Enforcement" section of the XML. The default value is 0 (do not send token). This tag is optional and needs to be set to 1 in case the server wants the download URL to get the AADUserToken.</li>
</ul>
</td></tr>
<tr class="even">
<td style="vertical-align:top">[EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md)</td>
<td style="vertical-align:top">Added the following information about the settings pages in AssigneAccessXML:
<ul>
<li>Starting in Windows 10, version 1703, you can specify the settings pages using the settings URI. For example, in place of SettingPageDisplay, you would use ms-settings:display. See [ms-settings: URI scheme reference](https://docs.microsoft.com/en-us/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference) to find the URI for each settings page.</li>
<li>In Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page.</li>
</ul>
</td></tr>
</tbody>
</table>

30
windows/deployment/TOC.md
View File

@ -9,7 +9,6 @@
### [Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
### [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md)
### [Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md)
#### [Upgrade Readiness architecture](upgrade/upgrade-readiness-architecture.md)
#### [Upgrade Readiness requirements](upgrade/upgrade-readiness-requirements.md)
@ -70,9 +69,6 @@
#### [Change history for Plan for Windows 10 deployment](planning/change-history-for-plan-for-windows-10-deployment.md)
### [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
#### [Get started with the Microsoft Deployment Toolkit (MDT)](deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md)
##### [Key features in MDT](deploy-windows-mdt/key-features-in-mdt.md)
@ -94,8 +90,6 @@
##### [Use web services in MDT](deploy-windows-mdt/use-web-services-in-mdt.md)
##### [Use Orchestrator runbooks with MDT](deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md)
### [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md)
#### [Integrate Configuration Manager with MDT](deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
#### [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
@ -111,11 +105,9 @@
#### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
#### [Perform an in-place upgrade to Windows 10 using Configuration Manager](upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md)
### [Windows 10 deployment tools](windows-10-deployment-tools.md)
### [Windows 10 deployment tools](windows-10-deployment-tools-reference.md)
#### [Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md)
#### [Convert MBR partition to GPT](mbr-to-gpt.md)
#### [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md)
#### [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md)
@ -241,22 +233,4 @@
#### [Windows Insider Program for Business Frequently Asked Questions](update/waas-windows-insider-for-business-faq.md)
### [Change history for Update Windows 10](update/change-history-for-update-windows-10.md)
## [Convert MBR partition to GPT](mbr-to-gpt.md)
## [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md)
## [Sideload apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10)
## [Add Microsoft Store for Business applications to a Windows 10 image](add-store-apps-to-image.md)
## [Windows 10 Enterprise E3 in CSP Overview](windows-10-enterprise-e3-overview.md)
## [Volume Activation [client]](volume-activation/volume-activation-windows-10.md)
### [Plan for volume activation [client]](volume-activation/plan-for-volume-activation-client.md)
### [Activate using Key Management Service [client]](volume-activation/activate-using-key-management-service-vamt.md)
### [Activate using Active Directory-based activation [client]](volume-activation/activate-using-active-directory-based-activation-client.md)
### [Activate clients running Windows 10](volume-activation/activate-windows-10-clients-vamt.md)
### [Monitor activation [client]](volume-activation/monitor-activation-client.md)
### [Use the Volume Activation Management Tool [client]](volume-activation/use-the-volume-activation-management-tool-client.md)
### [Appendix: Information sent to Microsoft during activation [client]](volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md)
## [Change history for Deploy and Update Windows 10](change-history-for-deploy-windows-10.md)
## [Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade/upgrade-windows-phone-8-1-to-10.md)

54
windows/deployment/windows-10-deployment-tools-reference.md
View File

@ -10,50 +10,14 @@ author: greg-lindsay
# Windows 10 deployment tools
Learn about the tools available to deploy Windows 10.
## In this section
<table>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Topic</th>
<th align="left">Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>[Windows 10 deployment tools reference](windows-deployment-scenarios-and-tools.md)</p></td>
<td align="left"><p>To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment.</p></td>
</tr>
<tr class="even">
<td align="left"><p>[Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md)</p></td>
<td align="left"><p>The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows.</p></td>
</tr>
<tr class="odd">
<td align="left"><p>[Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md)</p></td>
<td align="left"><p>The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process.</p></td>
</tr>
<tr class="even">
<td align="left"><p>[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md)</p></td>
<td align="left"><p>The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals.</p></td>
</tr>
</tbody>
</table>
 
 
 
|Topic |Description |
|------|------------|
|[Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md) |To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment. |
|[Convert MBR partition to GPT](mbr-to-gpt.md) |This topic provides detailed instructions for using the MBR2GPT partition conversion tool. |
|[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
|[Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) |The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. |
|[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. |
|[Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) |The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process. |
|[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) |The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals |

23
windows/deployment/windows-10-deployment-tools.md Normal file
View File

@ -0,0 +1,23 @@
---
title: Windows 10 deployment tools (Windows 10)
description: Learn about the tools available to deploy Windows 10.
ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
---
# Windows 10 deployment tools
Learn about the tools available to deploy Windows 10.
|Topic |Description |
|------|------------|
|[Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md) |To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment. |
|[Convert MBR partition to GPT](mbr-to-gpt.md) |This topic provides detailed instructions for using the MBR2GPT partition conversion tool. |
|[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
|[Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) |The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. |
|[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. |
|[Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) |The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process. |
|[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) |The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals |

2
windows/deployment/windows-deployment-scenarios-and-tools.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
author: mtniehaus
---
# Windows 10 deployment tools reference
# Windows 10 deployment scenarios and tools
To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment.

20
windows/device-security/applocker/delete-an-applocker-rule.md
View File

@ -32,3 +32,23 @@ AppLocker, see [Administer AppLocker](administer-applocker.md#bkmk-using-snapins
>**Note:**  When using Group Policy, for the rule deletion to take effect on computers within the domain, the GPO must be distributed or refreshed.
When this procedure is performed on the local device, the AppLocker policy takes effect immediately.
**To clear AppLocker policies on a single system or remote systems**
Use the Set-AppLockerPolicy cmdlet with the -XMLPolicy parameter, using an .XML file that contains the following contents:
<AppLockerPolicy Version="1">
  <RuleCollection Type="Exe" EnforcementMode="NotConfigured" />
  <RuleCollection Type="Msi" EnforcementMode="NotConfigured" />
  <RuleCollection Type="Script" EnforcementMode="NotConfigured" />
  <RuleCollection Type="Dll" EnforcementMode="NotConfigured" />
</AppLockerPolicy>
To use the Set-AppLockerPolicy cmdlet, first import the Applocker modules:
PS C:\Users\Administrator> import-module AppLocker
We will create a file (for example, clear.xml), place it in the same directory where we are executing our cmdlet, and add the preceding XML contents. Then run the following command:
C:\Users\Administrator> Set-AppLockerPolicy -XMLPolicy .\clear.xml
This will remove all AppLocker Policies on a machine and could be potentially scripted to use on multiple machines using remote execution tools with accounts with proper access.

13
windows/threat-protection/TOC.md
View File

@ -149,9 +149,12 @@
## [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection\protect-enterprise-data-using-wip.md)
### [Create a Windows Information Protection (WIP) policy](windows-information-protection\overview-create-wip-policy.md)
#### [Create a Windows Information Protection (WIP) policy using Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md)
##### [Deploy your Windows Information Protection (WIP) policy](windows-information-protection\deploy-wip-policy-using-intune.md)
##### [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md)
#### [Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md)
##### [Deploy your Windows Information Protection (WIP) policy using the classic console for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune.md)
##### [Associate and deploy a VPN policy for Windows Information Protection (WIP) using the classic console for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md)
#### [Create a Windows Information Protection (WIP) with enrollment policy using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md)
##### [Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune-azure.md)
##### [Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md)
#### [Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](windows-information-protection\create-wip-policy-using-sccm.md)
#### [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](windows-information-protection\create-and-verify-an-efs-dra-certificate.md)
#### [Determine the Enterprise Context of an app running in Windows Information Protection (WIP)](windows-information-protection\wip-app-enterprise-context.md)
@ -169,6 +172,10 @@
## [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md)
## [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md)
## [Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)
## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)
## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md)

10
windows/threat-protection/change-history-for-threat-protection.md
View File

@ -14,18 +14,18 @@ This topic lists new and updated topics in the [Threat protection](index.md) doc
## June 2017
|New or changed topic |Description |
|---------------------|------------|
| [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md) | New |
|[How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md) | New |
|[Create a Windows Information Protection (WIP) with enrollment policy using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
[Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
[Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
|[Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
|[Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md)|New topic for MDM using the Azure portal.|
|[List of enlightened Microsoft apps for use with Windows Information Protection (WIP)](windows-information-protection\enlightened-microsoft-apps-and-wip.md)|Updated to include newly enlightened and supported apps.|
[Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)| Updated from existing applicable and relevant Windows 8.1 content |
|[Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md)| Updated from existing applicable and relevant Windows 8.1 content |
## March 2017
|New or changed topic |Description |
|---------------------|------------|
||[How to collect Windows Information Protection (WIP) audit event logs](windows-information-protection\collect-wip-audit-event-logs.md) |New |
|[How to collect Windows Information Protection (WIP) audit event logs](windows-information-protection\collect-wip-audit-event-logs.md) |New |
|[Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](windows-information-protection\mandatory-settings-for-wip.md) |Updated based on Windows 10, version 1703. |
|[Limitations while using Windows Information Protection (WIP)](windows-information-protection\limitations-with-wip.md) |Added additional limitations for Windows 10, version 1703.|
|[Windows Defender SmartScreen overview](windows-defender-smartscreen\windows-defender-smartscreen-overview.md)|New |

19
windows/threat-protection/index.md
View File

@ -14,11 +14,14 @@ Learn more about how to help protect against threats in Windows 10 and Windows
| Section | Description |
|-|-|
| [Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md) | Learn more about mitigating threats in Windows 10. |
| [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |Use Group Policy to override individual **Process Mitigation Options** settings and help to enforce specific app-related security policies. |
| [Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md)| Provides information about Windows Defender Advanced Threat Protection (Windows Defender ATP), an out-of-the-box Windows enterprise security service that enables enterprise cybersecurity teams to detect and respond to advanced threats on their networks.|
| [Windows Defender Antivirus](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)| Provides information about Windows Defender, a built-in antimalware solution that helps provide security and antimalware management for desktops, portable computers, and servers. Includes a list of system requirements and new features.|
|[Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection/protect-enterprise-data-using-wip.md)|Learn more about how to help protect against potential corporate data leakage. |
| [Windows Defender SmartScreen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md) | Learn more about Windows Defender SmartScreen. |
| [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md) | Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected. |
| [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md) | To help protect your company from attacks which may originate from untrusted or attacker controlled font files, weve created the Blocking Untrusted Fonts feature. Using this feature, you can turn on a global setting that stops your employees from loading untrusted fonts processed using the Graphics Device Interface (GDI) onto your network. Untrusted fonts are any font installed outside of the %windir%/Fonts directory. Blocking untrusted fonts helps prevent both remote (web-based or email-based) and local EOP attacks that can happen during the font file-parsing process. |
|[Windows Defender Security Center](windows-defender-security-center/windows-defender-security-center.md)|Learn about the easy-to-use app that brings together common Windows security features.|
|[Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md)|Provides info about Windows Defender Advanced Threat Protection (Windows Defender ATP), an out-of-the-box Windows enterprise security service that enables enterprise cybersecurity teams to detect and respond to advanced threats on their networks.|
|[Windows Defender Antivirus in Windows 10](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)|Provides info about Windows Defender, a built-in antimalware solution that helps provide security and antimalware management for desktops, portable computers, and servers. Includes a list of system requirements and new features.|
|[Windows Defender SmartScreen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md) |Learn more about Windows Defender SmartScreen.|
|[Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection/protect-enterprise-data-using-wip.md)|Provides info about how to create a Windows Information Protection policy that can help protect against potential corporate data leakage.|
|[Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md) |Learn more about mitigating threats in Windows 10.|
|[Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |Use Group Policy to override individual **Process Mitigation Options** settings and help to enforce specific app-related security policies.|
|[How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md) |Learn about how hardware-based containers can isolate sensitive system services and data, enabling them to remain secure even when the operating system has been compromised.|
|[Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md) |Learn about the Windows 10 security features that help to protect your PC from malware, including rootkits and other applications.|
|[Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md) |Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected. |
|[Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md) |Provides info about how to help protect your company from attacks which may originate from untrusted or attacker controlled font files. |

4
windows/threat-protection/windows-information-protection/create-wip-policy-using-intune.md
View File

@ -1,5 +1,5 @@
---
title: Create a Windows Information Protection (WIP) with enrollment policy using the classic console for Microsoft Intune (Windows 10)
title: Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune (Windows 10)
description: Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
ms.assetid: 4b307c99-3016-4d6a-9ae7-3bbebd26e721
ms.prod: w10
@ -10,7 +10,7 @@ author: eross-msft
localizationpriority: high
---
# Create a Windows Information Protection (WIP) using the classic console for Microsoft Intune
# Create a Windows Information Protection (WIP) policy using the classic console for Microsoft Intune
**Applies to:**

2
windows/whats-new/contribute-to-a-topic.md
View File

@ -31,7 +31,7 @@ If you've previously contributed to topics in the Microsoft repositories, congra
![GitHub Web, showing the Pencil icon in the red box](images/pencil-icon.png)
5. Using Markdown language, make your changes to the topic. For info about how to edit content using Markdown, see:
- **If you're linked to the Microsoft organization in GitHub:** [Windows Open Publishing Guide Home](http://aka.ms/windows-op-guide)
- **If you're linked to the Microsoft organization in GitHub:** [Windows authoring guide](https://aka.ms/WindowsAuthoring)
- **If you're external to Microsoft:** [Mastering Markdown](https://guides.github.com/features/mastering-markdown/)