Merge branch 'main' into WDAC-Docs

windows/client-management/mdm/windowsdefenderapplicationguard-csp.md

@@ -334,7 +334,7 @@ Value type is integer.
 
 Supported operation is Get.
 
-- Bit 0 - Set to 1 when Application Guard is enabled into enterprise manage mode.
+- Bit 0 - Set to 1 when Application Guard is enabled into Windows Isolated environment mode.
 - Bit 1 - Set to 1 when the client machine is Hyper-V capable.
 - Bit 2 - Reserved for Microsoft.
 - Bit 3 - Set to 1 when Application Guard is installed on the client machine.

windows/configuration/find-the-application-user-model-id-of-an-installed-app.md

@@ -111,3 +111,41 @@ listAumids("CustomerAccount")
 # Get a list of AUMIDs for all accounts on the device:
 listAumids("allusers")
 ```
+
+## Example
+
+The following code sample creates a function in Windows PowerShell that returns the AUMID of any application currently listed in the Start menu.
+
+```powershell
+function Get-AppAUMID {
+param (
+[string]$AppName
+)
+$Apps = (New-Object -ComObject Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items()
+if ($AppName){
+    $Result = $Apps | Where-Object { $_.name -like "*$AppName*" } | Select-Object name,@{n="AUMID";e={$_.path}}
+        if ($Result){
+            Return $Result
+        }
+    else {"Unable to locate {0}" -f $AppName}
+}
+else {
+    $Result = $Apps | Select-Object name,@{n="AUMID";e={$_.path}}
+    Return $Result
+}
+}
+```
+
+The following Windows PowerShell commands demonstrate how you can call the Get-AppAUMID function after you've created it.
+
+```powershell
+# Get the AUMID for OneDrive
+Get-AppAUMID -AppName OneDrive
+
+# Get the AUMID for Microsoft Word
+Get-AppAUMID -AppName Word
+
+# List all apps and their AUMID in the Start menu
+Get-AppAUMID
+```
+

windows/deployment/windows-10-subscription-activation.md

@@ -40,7 +40,7 @@ This article covers the following information:
 For more information on how to deploy Enterprise licenses, see [Deploy Windows Enterprise licenses](deploy-enterprise-licenses.md).
 
 > [!NOTE]
-> Organizations that use the Subscription Activation feature to enable users to upgrade from one version of Windows to another and use Conditional Access policies to control access need to exclude the Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f, from their device compliance policy using **Select Excluded Cloud Apps**.
+> Organizations that use the Subscription Activation feature to enable users to upgrade from one version of Windows to another and use Conditional Access policies to control access need to exclude the [Universal Store Service APIs and Web Application, AppID 45a330b1-b1ec-4cc1-9161-9f03992aa49f](/troubleshoot/azure/active-directory/verify-first-party-apps-sign-in#application-ids-of-commonly-used-microsoft-applications), from their device compliance policy using **Select Excluded Cloud Apps**. For more information about configuring exclusions in Conditional Access policies, see [Application exclusions](/azure/active-directory/conditional-access/howto-conditional-access-policy-all-users-mfa#application-exclusions).
 
 ## Subscription activation for Enterprise
 

windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md

@@ -30,8 +30,8 @@ For a device to be eligible for Windows feature updates as a part of Windows Aut
 | Deployed | Windows Autopatch doesn't update devices that haven't yet been deployed. |
 | Internet connectivity | Devices must have a steady internet connection, and access to Windows [update endpoints](../prepare/windows-autopatch-configure-network.md). |
 | Windows edition | Devices must be on a Windows edition supported by Windows Autopatch. For more information, see [Prerequisites](../prepare/windows-autopatch-prerequisites.md). |
-| Mobile device management (MDM) policy conflict | Devices must not have deployed any policies that would prevent device management. For more information, see [Conflicting and unsupported policies](../operate/windows-autopatch-wqu-unsupported-policies.md). |
+| Mobile device management (MDM) policy conflict | Devices must not have deployed any policies that would prevent device management. For more information, see [Conflicting and unsupported policies](../references/windows-autopatch-wqu-unsupported-policies.md). |
-| Group policy conflict | Devices must not have group policies deployed which would prevent device management. For more information, see [Group policy](windows-autopatch-wqu-unsupported-policies.md#group-policy-and-other-policy-managers). |
+| Group policy conflict | Devices must not have group policies deployed which would prevent device management. For more information, see [Group policy](../references/windows-autopatch-wqu-unsupported-policies.md#group-policy-and-other-policy-managers). |
 
 ## Windows feature update releases
 

windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-signals.md

@@ -1,7 +1,7 @@
 ---
 title: Windows quality update signals
 description: This article explains the Windows quality update signals
-ms.date: 05/30/2022
+ms.date: 01/24/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: conceptual
@@ -57,5 +57,3 @@ Autopatch monitors the following reliability signals:
 | Microsoft Teams reliability | Tracks the number of Microsoft Teams crashes and freezes per device. |
 
 When the update is released to the First ring, the service crosses the 500 device threshold. Therefore, Autopatch can to detect regressions, which are common to all customers. At this point in the release, we'll decide if we need to change the release schedule or pause for all customers.
-
-Once your tenant reaches 500 devices, Windows Autopatch starts generating recommendations specific to your devices. Based on this information, the service starts developing insights specific to your tenant allowing a customized response to what's happening in your environment.

windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md

@@ -1,7 +1,7 @@
 ---
 title: Changes made at tenant enrollment
 description: This reference article details the changes made to your tenant when enrolling into Windows Autopatch
-ms.date: 12/01/2022
+ms.date: 01/24/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: reference
@@ -56,13 +56,11 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 
 - Windows Autopatch - Set MDM to Win Over GPO
 - Windows Autopatch - Data Collection
-- Windows Autopatch-Window Update Detection Frequency
 
 | Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
 | Windows Autopatch - Set MDM to Win Over GPO | Sets mobile device management (MDM) to win over GPO<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [MDM Wins Over GP](/windows/client-management/mdm/policy-csp-controlpolicyconflict#controlpolicyconflict-MDMWinsOverGP) | The MDM policy is used and the GP policy is blocked |
 | Windows Autopatch - Data Collection | Allows diagnostic data from this device to be processed by Microsoft Managed Desktop and Telemetry settings for Windows devices.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ol><li>[Configure Telemetry Opt In Change Notification](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinchangenotification)</li><li>[Configure Telemetry Opt In Settings Ux](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux)</li><li>[Allow Telemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[Limit Enhanced Diagnostic Data Windows Analytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[Limit Dump Collection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[Limit Diagnostic Log Collection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ol>|<ol><li>Enable telemetry change notifications</li><li>Enable Telemetry opt-in Settings</li><li>Full</li><li>Enabled</li><li>Enabled</li><li>Enabled</li></ol> |
-| Windows Autopatch - Windows Update Detection Frequency | Sets Windows update detection frequency<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [./Vendor/MSFT/Policy/Config/Update/DetectionFrequency](/windows/client-management/mdm/policy-csp-update#update-detectionfrequency)| 4 |
 
 ## Deployment rings for Windows 10 and later
 

windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md

@@ -31,4 +31,5 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 
 | Message center post number | Description |
 | ----- | ----- |
+| [MC500889](https://admin.microsoft.com/adminportal/home#/MessageCenter) | January 2023 Windows Autopatch baseline configuration update |
 | [MC494386](https://admin.microsoft.com/adminportal/home#/MessageCenter) | January 2023 (2023.01 B) Windows quality update deployment |

windows/security/threat-protection/auditing/audit-audit-policy-change.md

@@ -49,13 +49,13 @@ Changes to audit policy that are audited include:
 
 The following events will be enabled with Success auditing in this subcategory:
 
--   4902(S): The Per-user audit policy table was created.
+-   [4902](event-4902.md)(S): The Per-user audit policy table was created.
 
--   4907(S): Auditing settings on object were changed.
+-   [4907](event-4907.md)(S): Auditing settings on object were changed.
 
--   4904(S): An attempt was made to register a security event source.
+-   [4904](event-4904.md)(S): An attempt was made to register a security event source.
 
--   4905(S): An attempt was made to unregister a security event source.
+-   [4905](event-4905.md)(S): An attempt was made to unregister a security event source.
 
 All other events in this subcategory will be logged regardless of the "Audit Policy Change" setting.
 

windows/security/threat-protection/auditing/audit-authorization-policy-change.md

@@ -20,6 +20,8 @@ ms.topic: reference
 
 Audit Authorization Policy Change allows you to audit assignment and removal of user rights in user right policies, changes in security token object permission, resource attributes changes and Central Access Policy changes for file system objects.
 
+**Event volume**: Medium to High.
+
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                                            |
 |-------------------|-----------------|-----------------|------------------|------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | Domain Controller | IF             | No              | IF              | No               | IF – With Success auditing for this subcategory, you can get information related to changes in user rights policies, or changes of resource attributes or Central Access Policy applied to file system objects.<br>However, if you are using an application or system service that makes changes to system privileges through the AdjustPrivilegesToken API, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
@@ -40,5 +42,3 @@ Audit Authorization Policy Change allows you to audit assignment and removal of
 
 -   [4913](event-4913.md)(S): Central Access Policy on the object was changed.
 
-**Event volume**: Medium to High.
-